The last couple of months have been quite amazing for us, we introduced boards to our platform and in addition, we launched STYLIGHT in four more countries (France, Italy, Sweden and the UK). This expansion also caused our team to grow quite a bit, since we have dedicated positions for business development, content & community, as well as SEO and SEM for each country. And we are continuously looking for more awesome people to join us!
Of course, all these new people need a working and fully configured computer in order to start being awesome here at STYLIGHT. Every once in a while existing machines break down and need to be re-installed or get exchanged by new and speedy laptops. Up until recently, we used to install and configure all our computers manually. While most of our configuration is pushed via the group policy in our domain, software such as the Microsoft Office suite or the most up-to-date Chrome and Firefox browsers, as well as other tools particular to each department, had to be installed by hand. This worked quite well so far, but we have grown to a size where it would be nice to automate the process more (or even fully), so we in the engineering department can focus on coding new and exiting stuff instead of installing computers.
Slipstreaming & Customizations
We wanted to start out with a small automation and gradually build up. One thing that always eats up time when setting up a new PC is making sure that all the drivers are installed correctly. Hence, we first integrated drivers into a custom Windows® 7 installation DVD. Microsoft provides its own tool set for this purpose: the Windows Automated Installation Kit (AIK). The kit supports the configuration and deployment of Windows 7 and Windows Server 2008 R2. It also supports a variety of different other tasks, including volume activation management , user state migration and the likes which are not particularly interesting for us.
Unfortunately the kit relies on ImageX, a command line tool for capturing, creating, modifying and applying Windows images, which is not really handy. There is however a variety of programs available that offer you a more intuitive GUI and utilize ImageX under the hood. We settled on RT Se7en Lite, a nice freeware tool which lets you integrate drivers, Windows updates and hotfixes, language packs and 3rd party applications with silent installers. It also allows you to remove unwanted components from Windows, tweak various system settings, customize Windows and create unattended installations. While we were at it, in addition to slipstreaming drivers, we also included the latest updates and hotfixes and customized the standard logon screen to be a little bit more STYLIGHTish.
Basically all you need for an unattended installation is an XML file that tells the Windows setup what to use as an input for the various information it requires. The XML file must be called “
Autounattend.xml” and has to be in the root of the installation medium for the Windows setup to pick it up. As already mentioned, you can create unattended installations with RT Se7en Lite and also using Windows AIK. We actually found the Windows tool more comfortable this time. However, without a tutorial or the reference you are basically left alone in the dark.
I’ll just cover some of the more interesting sections of the XML file in the following, but will link to some good resources down in the bottom. You can control every single step of the installation, including the formatting and partitioning of the hard drive, which can be quite dangerous. Since we store all our important files on servers, including the Windows user profiles, it is not a problem in our case if the unattended setup wipes the disk and creates a fresh partition for the installation. This can be achieved with the
<DiskConfiguration> section. It is part of the
Microsoft-Windows-Setup component and looks like this in our case:
<CreatePartitions> block, two partitions are created. The first is a small 100MB system partition required by Windows 7 for storing boot and recovery info. It’s size is limited to 100MB by the
<Size> tag. The second partition fills the remaining space on the HDD, which is achieved by setting the
<Extend> tag to true. In the
<ModifyPartitions> block we just format the previously generated partitions and label them. The partitions are referenced by the number assigned in the
<Order> tag. and obtain a
<PartitionID> tag, which is later used to tell the Windows setup on which partition to perform the installation.
Since we don’t have a volume licence activation key, we also provide a trial licence key in the XML file in order for the setup to run fully unattended and later only have to activate the computer using the appropriate licence key. In addition, we set the regional settings, setup the administrator account and silence all setup dialogs. Microsoft provides two sample XMLs, one for a minimum and one a maximum unattended install here.
Put the Autounattend.xml file in the root of the DVD generated by RT Se7en Lite et voilà, you have a fully unattended and slightly customized Windows 7 installation medium. This is already quite nice and time saving, since all you have to do is put in the DVD, boot from it and continue hacking on more awesome stuff while the computer installs itself. Once the setup is finished, you log on using the administrator account set up in the XML file and can activate the installation using a real licence key and add the computer to the domain.
So far so good, but still we need to install Microsoft Office, our corporate identity fonts and templates and a bunch of other software. Of course we didn’t settle for doing this manually after we had fully automated the OS installation. Again, if you are a hardcore Microsoft admin, you would probably use just Sysprep and ImageX to automate the software installation as well. This seemed a bit of an overkill for us and we also wanted more flexibility. Luckily we stumbled across the Windows Post-Install Wizard (WPI)
Automated Software Installation
The Windows Post-Install Wizard is a nifty little tool that allows you to configure different commands to be executed. This allows you to copy files, change registry entries, execute batch scripts and run setups with the appropriate silent flags. When you run the wizard, you can both setup different configurations or choose one to be executed. Each configuration can contain different tasks, which in turn consist of one or more commands. Tasks can be grouped together in categories (e.g. Applications, Drivers, etc.). This is helpful, as it allows you to later exclude all tasks of one or more categories in a configuration to be executed. WIP is much more powerful, as it allows you to use conditionals when executing commands, but also define dependencies between different tasks and much more.As you can see in the pictures we easily integrated several silent setups. We currently install the Adobe Reader, Adobe Flash plug-ins, as well as the Google Chrome Browser, Mozilla Firefox, Skype and our Anti-Virus client. In addition, we perform a silent installation of Office (which uses a config.xml file similar to the Autounattend.xml for managing the setup) and several Proofkits and copy our office corporate identity theme from the server over and apply it. Since we also don’t have a volume activation key for the MS Office suite, we again use a trail key for the setup and have to activate it later on using a regular licence. Recently, we got a big batch of brand new speedy Lenovo laptops with SSDs. Since we didn’t have any of the drivers in the driver packs that we slipstreamed into our OS installation medium, we just integrated them via WPI. Since we host the WPI executable on one of our intranet servers, we can just connect to the network after the OS has been set up and have it install all the software and drivers with a single click. It even joins the computer to the domain for us.
So to recap our process for setting up a new pc so far: Insert and boot from DVD and let Windows 7 install itself. Log on as the administrator, connect to the network share where WPI is located and execute it. Automagically, the most common software is installed and the computer auto-joins the domain and reboots. Log on again and activate Windows 7 and Office. Done. Easy as pie. However, there is one caveat: the installation DVD. Us techies tend to be a bit messy at times and easily loose stuff, especially shiny DVDs that might not have been labeled properly. No need to fret though, there is of course also a solution for this problem: network installations.
As you would expect, there are again several ways to install an OS via the network. There is of course the solution by Microsoft themselves via the Windows Deployment Services (WDS), which allows you to deploy Windows operating systems over the network either as .WIM files or image-based setups. It also allows you to distribute driver packages and other software to clients. A free and open-source alternative is OPSI, which is short for “Open Pc Server Integration”. Both seemed to be a little bit of an overkill for our purpose. Especially, since we had already made use of the other tools to automate our deployment. Luckily, we again found a smart little tool, that does all the things we need (and way more!) and does them great: SERVA.
SERVA is an all-in-one portable multi-server. It’s just one executable that let’s you launch
SYSLOG servers. For our purpose of setting up a
PXE network installation, we only configured a
TFTP server and a
DHCP proxy (since we already have a
DHCP server in the network). For the
TFTP server, a root directory needs to be configured that holds the files it should serve, basically the location where we put our previously customized Windows 7 installation files. The requests of PXE clients need to be routed to the machine hosting the installation files, we make use of SERVA’s proxyDHCP setting and enable the
BINL (Boot Information Negotiation Layer) option. Setting this option will cause SERVA to create some specific folders in the TFTP root folder the next time it is restarted. More specifically, it will create a WIA_RIS and a WIA_WDS sub-folder. These folders have to be shared on the network and populated with the OS installation files. In our case, we had to copy the previously generated Windows 7 installation files into a separate folder inside the WIA_WDS folder. Since these two folders are the locations that will be passed to the PXE client, they need to be made accessible from the network. In order for SERVA to automatically provide the right information to the PXE client, it expects the network shares to be named “WIA_RIS_SHARE” and “WIA_WDS_SHARE” respectively. That’s basically it! After another restart of SERVA, it will automatically creates a preinstallation-environment and boot images for each installation-folder in the WIA_RIS and WIA_WDS folders. In the newest version (v.2.1) SERVA will also integrate the Autounattend.xml file into the boot image and it provides several options on how to include the network share credentials, which allows for a fully automated network installation!
Now our deployment for client PCs boils down to: boot the pc into PXE, execute WPI to install additional software, drivers and customizations once the OS has been installed and finally activate both Windows and MS Office using regular licence keys. Done! And what is great about this setup is that it gives us so much flexibility! We don’t need to burn multiple DVDs just to install multiple PCs in parallel, we just have to restart SERVA and let it regenerate the boot images whenever we make changes on either the installation files or the Autounattend.xml file and we can easily add/modify programs being installed via WPI!
If you are passionate about DevOps and PC administration or even better, if you think we could totally make our client management more awesome, feel free to drop us a line or maybe even apply for a job here at STYLIGHT!
Guides and references:
- http://www.win-lite.de (German)