At an educational non-profit, I've inherited a previously set-up Windows domain that, after the first reinstall of the machines, we ended up not using by simply not joining machines back into the domain.
Over last summer, before the annual reinstall for shipping machines to the summer school, I toyed with the idea of installing Windows 7 over network, instead of just imaging the machines. It took a bit longer than I expected to figure out the basics; honestly, I expected that Windows would be more friendly for PXE installation out of the box.
What I'm interested in is best practices for installing Windows 7 over PXE with domain autojoin. I'd love it if the whole setup could optionally be hosted on a UNIX based system as well.
I've had some success by preparing an ISO using Windows AIK, and loading the ISO into memory. This was needed since I wanted a menu, and I think I couldn't get PXELINUX to chainload into Windows' bootloader. Unfortunately, I couldn't figure out much about customization of the Windows setup in that timeframe nor could I get Samba to work properly; studying the stuff ended up being too lengthy, especially the portion where I edited a disk image on Windows and copied it outside. AIK didn't make things easier by mounting the disk image into RAM, and writing it in its entirety when done with it, making me a very sad boy.
I've recently found a different approach, too, that appears to be closer to Microsoft's original idea for netboot deployment and does not involve ISOs.
So my question boils down to the following.
- What exact approach do you use for netbooting Windows 7 setup?
- How can Windows 7 setup be best customized to be completely unattended, including installation on specific system partition and not destroying the data partition, creation of passworded admin and default user, choice of MAC-address-based hostname, and joining a domain?
As much details as possible for everyone's future reference would be appreciated. WDS isn't a bad choice, but if a Linux-based install can be used, that'd be better.
WDS is the canonical answer for this. It's free with Windows Server and can be paired with the Microsoft Deployment Toolkit for complex installs, or can be used by itself for more straightforward deployments.
Of course, things like Ghost still exist, but WDS really seems to have a stranglehold on PXE deployment of Windows nowadays.
You would use an answer file with this. You can use the Windows Automated Installation Kit, which is freely available. From that kit, install the Windows System Image Manager and it will give you a GUI and some samples for this. You can do everything you want there, including running commands on first bootup to customize whatever you want.
The Microsoft Deployment Toolkit is also a way to handle all of these things. Either one is a good choice with MDT being much more in-depth but more powerful.
I've used WinPE from the WAIK toolkit to get a boot image that I've then distribured via tftpd + pxelinux to PXE clients. From that WinPE image, you can call an unattended file made with WSIM and you just need the install image and all other resources to sit on an SMB share, which can be a SAMBA server for all it matters.
This way takes a lot more poking and prodding, but it is certainly do-able.
It sounds like you were headed in the right direction for a Linux-based deployment, but it's really a tricky thing. You need to know the ins-and-outs of the boot process, which I why I always recommend WDS when I can. It comes with a nice pretty bow on it and takes that headache away.
Unfortunately for you, Windows imaging can be as complicated as you want to make it, and you have a couple of more advanced requirements. They're all completely do-able, but you need to invest some real time into learning how everything works.
Microsoft deployment resources are available on the Deliver and Deploy Windows 7 Springboard page. Many videos and Articles are there to help you with Microsoft solutions.
Question #2 is actually many questions.
How can Windows 7 setup be best customized to be completely unattended, including:
a. Installation on a specific system partition (while not affecting the data partition)
b. Creation of a passworded admin and default user
c. Choice of a MAC-address-based hostname
d. Joining a domain
(1. Zero Touch Installation (ZTI) is a feature of SCCM, however you can come very close to that with a Lite Touch Installation (LTI). This can be accomplished best with the Microsoft Deployment Toolkit (MDT) and WDS. Basically, you have to start the network boot process manually and choose the image you are going to deploy. Then it is hands off until complete. The unattend.xml file can contain many settings that will apply automatically during the install, including the ability to call scripts and programs with Synchronus and Asynchronus commands. There is also a ‘Setupcomplete.cmd’ file that you can use to run scripts or commands after setup is complete. MDT also has tasks that allow these same scripts etc. to run, both during the install and after the install. Post-installation tasks can install software after Windows is installed and since the software is packaged separately from the Windows Image, you don’t have to load the image to upgrade or replace that software. Just make the changes in MDT and the next deployment will be updated. There are also tasks that will check Windows Update to make sure all the latest patches are installed at the same time, or you can pull updates from WSUS, or you can import the updates as packages.
a)Formatting and partitioning the hard drive and which partition to install to can be accomplished in both the unattend file and in MDT.
b)You can set the administrator password and add users in the unattend file, or in MDT. By ‘default user’, are you referring to setting up the default user profile? That can be done in Audit Mode and then having the ‘CopyProfile’ setting in your unattend file.
c)The best way to achieve the hostname is to pre-stage the computer in Active Directory prior to imaging. During deployment, this information can be retrieved to name the computer by using the %machinename% variable.
d)Joining the domain. This can be done either in the unattend or in MDT, either in a task or by setting the deployment share rules (customsettings.ini).
My apologies for being very general, these are large topics. If you have more questions, just ask.