Difference between revisions of "Active Directory/Documentation/WDS/Management/Server Setup"

From WolfTech
Jump to navigation Jump to search
(Tag as migrated)
 
(15 intermediate revisions by 3 users not shown)
Line 1: Line 1:
=WDS Setup=
+
=WDS Setup for Campus Use=
 +
This section documents the steps necessary to set up a system for use in the campus WDS infrastructure.  It is assumed that you begin with a fully-patched Windows Server 2008 R2 x64 system that is domain-joined, with disk space for images and other purposes allocated as drive F:.
 +
 
 +
#Place the server object into the WolfTech-WDS-Servers group located at Servers\WDS in ADUC.
 +
#Verify that the WolfTech-WDS-Admins group is in the Administrators group.
 +
#In Windows Firewall with Advanced Security, enable the following rules:
 +
#*Windows Firewall Remote Management for RPC and RPC-EPMAP connection types.
 +
#*Remote Event Log Management rules for RPC and RPC-EPMAP connection types.
 +
#*Remote Volume Management for all connection types. (Also: ensure that you have this set of rules enabled for your management workstation!)
 +
#*Remote Service Management for RPC and RPC-EPMAP connection types.
 +
#*Windows Management Instrumentation for all connection types.
 +
#Open an elevated (ie, "Run as Administrator") Powershell command prompt and type "Enable-PSRemoting" and answer yes to the prompts it generates.
 +
#Add the File Services role and configure with these role services: File Server, DFS Namespaces, DFS Replication.  Select the "Create a namespace later" option - in reality, a namespace has already been created and we will never create a new namespace via this wizard.
 +
#Create DFS target shares:
 +
#*DriverRepository$
 +
#**Location: F:\DriverRepository
 +
#**Description: DFS share for WDS legacy driver repository
 +
#**Share permissions:
 +
#***Everyone: Read
 +
#***Administrators: Full Control
 +
#**Security:
 +
#***Auth Users: Read & Execute, List folder contents, Read
 +
#***Administrators: Full Control
 +
#**Offline Settings: Only the files and programs that users specify are available offline
 +
#*Staging$
 +
#**Location: F:\Staging
 +
#**Description: DFS share for WDS staging directory
 +
#**Share permissions:
 +
#***Everyone: Full Control
 +
#**Security:
 +
#***Auth Users: Modify, Read & Execute, List folder contents, Read, Write
 +
#***Administrators: Full Control
 +
#**Offline Settings: Only the files and programs that users specify are available offline
 +
#Configure DFS to replicate and point to the new server.
 +
#*Add the new server as a member to the DriverRepository and Staging replication groups.
 +
#**The new server should replicate with all other members in each replication group.
 +
#**The new server should have a staging quota set to match the staging quotas set on the other members of the replication group.
 +
#*Add the new server as a folder target of the DriverRepository and Staging folders.
 +
#**Set the new server as a disabled folder target until you have verified that replication has completed!
 +
#**Once replication has completed, enable the new server as a folder target.
 +
#Add the WDS role to the server, with both Deployment and Transport Server enabled as Role Services.
 +
#Configure the WDS server to use F:\RemoteInstall as the remote installation folder, and respond only to known client computers.
 +
#Create another file share, defined as follows:
 +
#*Share Name: RemoteInstall$
 +
#*Description: DFS share for replication of WDS installation data
 +
#*Security: Auth Users: Read & execute, List folder contents, Read
 +
#*Share Permissions:
 +
#*Location: F:\RemoteInstall
 +
#*Offline Settings: Only the files and programs that users specify are available offline
 +
#Add the new server to the RemoteInstall DFS replication group.
 +
 
 +
 
 +
 
 +
 
 +
=General WDS Server Setup Overview=
 +
Running a WDS server requires either Windows 2003 Server or Windows Server 2008.  If you need to deploy Windows XP clients via RIS, you need to use Windows 2003 Server as your WDS server OS, because Windows Server 2008 WDS cannot run in legacy or hybrid modes.  It is highly recommended that you migrate your RIS images to wim format and start using WDS native mode, however.
 +
 
 +
==Windows Server 2008==
 +
Coming soon!
 +
 
 +
==Windows 2003 Server==
 
# Install Windows 2003 Server R2 SP2
 
# Install Windows 2003 Server R2 SP2
#* Create separate partition for images.
+
#* Create separate partition for images. (Required for RIS; not necessary but recommended for WDS)
 
# Install Windows Deployment Services from Add/Remove Programs/Windows Components
 
# Install Windows Deployment Services from Add/Remove Programs/Windows Components
 
# Reboot
 
# Reboot
 
# Setup Legacy RIS
 
# Setup Legacy RIS
 
## Open Administrative Tools > Windows Deployment Services Legacy
 
## Open Administrative Tools > Windows Deployment Services Legacy
## Reboot
+
## Edit default computer creation location
 +
### In ADUC, open the WDS server's properties
 +
### In the Remote Install tab, Click Advanced Settings
 +
### Choose "The following directory service location," and browse to the desired OU.
 
# Open Administrative Tools > Windows Deployment Services
 
# Open Administrative Tools > Windows Deployment Services
 
## Expand <b>Servers</b>
 
## Expand <b>Servers</b>
Line 14: Line 77:
 
# Install the Windows Automated Installation Kit
 
# Install the Windows Automated Installation Kit
 
# Add boot images
 
# Add boot images
##%program files%\Windows AIK\Tools\PETools
+
##c:\program files\Windows AIK\Tools\PETools\x86\winpe.wim
 +
##c:\program files\Windows AIK\Tools\PETools\amd64\winpe.wim
 +
##boot.wim from the Vista disc
 
# Add an install image.  For more info, see [[../WDS_Images | WDS Images]]
 
# Add an install image.  For more info, see [[../WDS_Images | WDS Images]]
 +
# Set share permissions
 +
##RemoteInstall shared with Everyone RWA access
 +
##Remove Authenticated Users from RemoteInstall.
 +
##Add permissions for Setup for ECE-OU Admins, ECE-Computer Admins, ECE-Allow RIS
 +
##Add permissions for Images for ECE-OU Admins, ECE-Computer Admins
 +
 +
==Authorizing the WDS server==
 +
* If you are using a custom DHCP template that directs PXE clients to your server, you can skip this step.  See [[../../Separating DHCP From WDS|Separating DHCP From WDS]] (also known as Cross-VLAN PXE booting to WDS) for more info.
 +
Have a domain admin login to one of the domain controllers, select the DHCP admin tool, then "authorize servers". Add in the IP address of the new server.
  
 
==Resources==
 
==Resources==
 
*http://technet2.microsoft.com/WindowsVista/en/library/9e197135-6711-4c20-bfad-fc80fc2151301033.mspx?mfr=true
 
*http://technet2.microsoft.com/WindowsVista/en/library/9e197135-6711-4c20-bfad-fc80fc2151301033.mspx?mfr=true
 
*http://technet2.microsoft.com/WindowsVista/en/library/88f80cb7-d44f-47f7-a10d-e23dd53bc3fa1033.mspx?mfr=true
 
*http://technet2.microsoft.com/WindowsVista/en/library/88f80cb7-d44f-47f7-a10d-e23dd53bc3fa1033.mspx?mfr=true
 +
[[Category:Migrated to AD]]
 +
[[Category:WDS Management]]
 +
[[Category:WDS]]

Latest revision as of 16:52, 8 July 2011

WDS Setup for Campus Use

This section documents the steps necessary to set up a system for use in the campus WDS infrastructure. It is assumed that you begin with a fully-patched Windows Server 2008 R2 x64 system that is domain-joined, with disk space for images and other purposes allocated as drive F:.

  1. Place the server object into the WolfTech-WDS-Servers group located at Servers\WDS in ADUC.
  2. Verify that the WolfTech-WDS-Admins group is in the Administrators group.
  3. In Windows Firewall with Advanced Security, enable the following rules:
    • Windows Firewall Remote Management for RPC and RPC-EPMAP connection types.
    • Remote Event Log Management rules for RPC and RPC-EPMAP connection types.
    • Remote Volume Management for all connection types. (Also: ensure that you have this set of rules enabled for your management workstation!)
    • Remote Service Management for RPC and RPC-EPMAP connection types.
    • Windows Management Instrumentation for all connection types.
  4. Open an elevated (ie, "Run as Administrator") Powershell command prompt and type "Enable-PSRemoting" and answer yes to the prompts it generates.
  5. Add the File Services role and configure with these role services: File Server, DFS Namespaces, DFS Replication. Select the "Create a namespace later" option - in reality, a namespace has already been created and we will never create a new namespace via this wizard.
  6. Create DFS target shares:
    • DriverRepository$
      • Location: F:\DriverRepository
      • Description: DFS share for WDS legacy driver repository
      • Share permissions:
        • Everyone: Read
        • Administrators: Full Control
      • Security:
        • Auth Users: Read & Execute, List folder contents, Read
        • Administrators: Full Control
      • Offline Settings: Only the files and programs that users specify are available offline
    • Staging$
      • Location: F:\Staging
      • Description: DFS share for WDS staging directory
      • Share permissions:
        • Everyone: Full Control
      • Security:
        • Auth Users: Modify, Read & Execute, List folder contents, Read, Write
        • Administrators: Full Control
      • Offline Settings: Only the files and programs that users specify are available offline
  7. Configure DFS to replicate and point to the new server.
    • Add the new server as a member to the DriverRepository and Staging replication groups.
      • The new server should replicate with all other members in each replication group.
      • The new server should have a staging quota set to match the staging quotas set on the other members of the replication group.
    • Add the new server as a folder target of the DriverRepository and Staging folders.
      • Set the new server as a disabled folder target until you have verified that replication has completed!
      • Once replication has completed, enable the new server as a folder target.
  8. Add the WDS role to the server, with both Deployment and Transport Server enabled as Role Services.
  9. Configure the WDS server to use F:\RemoteInstall as the remote installation folder, and respond only to known client computers.
  10. Create another file share, defined as follows:
    • Share Name: RemoteInstall$
    • Description: DFS share for replication of WDS installation data
    • Security: Auth Users: Read & execute, List folder contents, Read
    • Share Permissions:
    • Location: F:\RemoteInstall
    • Offline Settings: Only the files and programs that users specify are available offline
  11. Add the new server to the RemoteInstall DFS replication group.



General WDS Server Setup Overview

Running a WDS server requires either Windows 2003 Server or Windows Server 2008. If you need to deploy Windows XP clients via RIS, you need to use Windows 2003 Server as your WDS server OS, because Windows Server 2008 WDS cannot run in legacy or hybrid modes. It is highly recommended that you migrate your RIS images to wim format and start using WDS native mode, however.

Windows Server 2008

Coming soon!

Windows 2003 Server

  1. Install Windows 2003 Server R2 SP2
    • Create separate partition for images. (Required for RIS; not necessary but recommended for WDS)
  2. Install Windows Deployment Services from Add/Remove Programs/Windows Components
  3. Reboot
  4. Setup Legacy RIS
    1. Open Administrative Tools > Windows Deployment Services Legacy
    2. Edit default computer creation location
      1. In ADUC, open the WDS server's properties
      2. In the Remote Install tab, Click Advanced Settings
      3. Choose "The following directory service location," and browse to the desired OU.
  5. Open Administrative Tools > Windows Deployment Services
    1. Expand Servers
    2. Right click on the server and select Configure Server.
      1. Choose a path on the 2nd drive (ie E:\RemoteInstall).
      2. Choose PXE Response policy.
  6. Install the Windows Automated Installation Kit
  7. Add boot images
    1. c:\program files\Windows AIK\Tools\PETools\x86\winpe.wim
    2. c:\program files\Windows AIK\Tools\PETools\amd64\winpe.wim
    3. boot.wim from the Vista disc
  8. Add an install image. For more info, see [[../WDS_Images | WDS Images]]
  9. Set share permissions
    1. RemoteInstall shared with Everyone RWA access
    2. Remove Authenticated Users from RemoteInstall.
    3. Add permissions for Setup for ECE-OU Admins, ECE-Computer Admins, ECE-Allow RIS
    4. Add permissions for Images for ECE-OU Admins, ECE-Computer Admins

Authorizing the WDS server

  • If you are using a custom DHCP template that directs PXE clients to your server, you can skip this step. See [[../../Separating DHCP From WDS|Separating DHCP From WDS]] (also known as Cross-VLAN PXE booting to WDS) for more info.

Have a domain admin login to one of the domain controllers, select the DHCP admin tool, then "authorize servers". Add in the IP address of the new server.

Resources