Setting up and Configuring WDS and Windows Images

Windows Deployment Services (WDS) is a Windows Server role which allows administrators to configure and deploy Windows images over the network. In order for WDS to work the client computers must have a PXE bootable network card installed. Also DHCP must be enabled on the network so that clients can acquire a valid IP address. The DHCP server may need to have options 66 and 67 configured.

  • Option 60 needs to be set to “PXEClient” if WDS is installed on the same server as DHCP or when using PXE with UEFI clients
  • Option 66 points to the FQDN (Fully Qualified Domain Name) or IP of the PXE server (in the case WDS) e.g. “wds.example.com”
  • Option 67 contains the boot file name on the boot server e.g. “boot\x64\wdsnbp.com” for BIOS and “boot\x64\wdsmgfw.efi” for UEFI

DNS is also required to resolve the FQDN of the boot server specified in option 66.

For Active Directory integrated WDS servers, the WDS server will need to be a domain controller or member of the desired domain.

WDS uses TFTP (Trivial File Transfer Protocol) to transfer files to PXE Clients, the download phase can get quite intensive and can fail if sufficient resources are not available. Ensure the “Remote Installation” folder is on a separate drive to the OS.

WDS is not cluster-aware, however fault tolerance can be achieved using multiple servers on the same network.

1.1.1WDS networking considerations

Both DHCP and WDS listen on UDP port 67. When the PXE client boots it uses the DHCP DORA (Discover, Offer, Request and Acknowledgement) process to acquire an IP address. As this process uses broadcasts, DHCP only works on the same subnet on which it is configured unless a DHCP agent is installed on a router on the subnet of the client.

Understanding this can help to determine how WDS should be configured in a particular environment.

WDS has a few scenarios where problems can occur if not configured correctly:

1.1.1.1Same network with WDS and DHCP on one server

In this scenario both services will be trying to bind to UDP port 67 on the same server. In order to get around this problem WDS needs to be configured to listen on a different port and set DHCP option 60 to “PXEClient”.

By default if WDS is configured after DHCP, the setup will do this for you without the need for any manual intervention.

To manually configure WDS to work on a server which also runs DHCP:

  1. Open Server Manager, go to Tools and choose Windows Deployment Services.
  2. In the left navigation pane, expand Servers, right click on the WDS server and click Properties.
  3. Select the DHCP tab and check the Do not listen on DHCP ports checkbox.
  4. If the servers runs Microsoft DHCP then also check Configure DHCP options to indicate that this is also a PXE server, otherwise you will need to leave it unchecked and manually set option 60 to “PXEClient” on the third-party DHCP software.
  5. Click OK to apply the settings.

1.1.1.2WDS is located on a different server to DHCP

In this instance DHCP option 60 isn’t needed unless you are using UEFI, however for WDS to work options 66 and 67 need to be configured.

1.1.2Install Windows Deployment Services role

The WDS role relies on the Transport Server feature. The Transport Server feature can be installed on its own and used to build custom PXE deployments. For more information about how this can be utilised see this Technet example.

WDS can run on the same server as DHCP or on a separate server, however the configuration is slightly different. This guide assumes that DHCP and DNS have already been configured using Windows server on your network.

1.1.2.1Installing the role

As of Windows Server 2012 R2, WDS is not yet supported on Core installations. Also to perform the installation you must be a member of the Local Administrators group.

Using Server Manager
  1. Open Server Manager on the server you want to install the role on, go to Manage and click Add Roles and Features
  2. Click Next three times, check Windows Deployment Services, click Add Features and then click Next four times.
  3. Click Install to start the installation and click Close to exit the wizard.
Using Windows PowerShell
  1. Open Windows PowerShell
  2. Issue the following command:

Install-WindowsFeature WDS -IncludeManagementTools

1.1.2.2Configuring WDS

To initialise an AD integrated WDS server you need to be a member of the Domain Admins and Local Administrators group. For a standalone install just the Local Administrators group.

Configuring using the GUI
  1. In Server Manager click on Tools and then Windows Deployment Services to open the WDS management console.
  2. In the left pane, expand Servers and right click on the WDS server and select Configure Server.
  3. Click Next, choose if this will be Active Directory integrated or standalone configuration and click Next.
  4. Click Browse to choose the location to store the images and boot files and click Next. Note that this should be located on a separate drive to the operating system for performance and must be formatted with NTFS.
  5. If this server is already or will be a DHCP server, both check boxes should be checked so that the two roles don’t interfere (see section 1.1.1.1) and click Next.
  6. Choose which clients to respond to and click Next. Normally during the configuration stage of WDS Do not respond to any client computers is checked so not to interfere with the production network. The responding option is then later changed in properties.
  7. Wait for the wizard to complete and click Finish.
Configuring using WDSUtil.exe

This WDSUtil appears to only initialise if the WDS server is domain joined.

  1. Run Command Prompt as an Administrator
  2. Run the following command:

WdsUtil /initialize-server /reminst:”C:\RemoteInstall

You should change the /reminst path to the location where the remote installation files and images will be stored on the server.

This command will initialise the WDS server with defaults and that means that until told to do so, it will not respond to any PXE Clients.

1.1.3Configure and manage boot

So that WDS is able to deploy and installation image (i.e the operating system image) to the client computer, it needs to load to Windows PE (Preinstallation Environment). To do this once the PXE client has downloaded the initial boot software for BIOS or UEFI, the software will connect to the WDS server and using TFTP, download a boot image. The boot image contains a version of Windows PE which is loaded into RAM.

WDS doesn’t contain a copy of Windows PE by default, instead you can load a number of different versions into WDS and choose which one to boot. It is recommended that they should be sourced from Windows installation media and is included with Windows Vista/2008 and onwards. Windows PE is located in the “sources” folder of the media in a file called boot.wim.

Older versions of Windows PE may not allow for all of the features to be used in news versions of WDS. For example x86 UEFI booting requires Windows PE4.0 or above shipped with Windows Server 2012.

1.1.3.1Adding boot images using the GUI

  1. Insert a Windows Vista or onwards installation media – Server 2012 R2 is recommended
  2. Open Server Manager, go to Tools and click Windows Deployment Services.
  3. In the left pane expand Servers, expand your WDS server, right click on Boot Images and choose Add Boot Image…
  4. Browse to the media, open the sources folder and open boot.wim.
  5. Click Next, and on the next screen it is often advisable to provide a more meaningful Image Name and Image Description.
  6. Click Next twice and wait for the boot image to be added.
  7. Click Finish

An image can be removed by right clicking on it and choosing Delete. It is also possible to disable the image if you don’t want to remove it all together.

1.1.3.2Adding images using PowerShell

New to Windows Server 2012 is PowerShell support for some of WDS.

  1. Open Windows PowerShell
  2. Issue the following command:

Import-WDSBootImage -Path D:\sources\boot.wim -NewImageName “Boot Image Name”

The path should be replaced with the path of the installation media (typically drive D) and optionally a new image name can be set.

To verify the boot image has been imported run in PowerShell:

Get-WDSBootImage

1.1.3.3Adding images using WDSUtil

  1. Open Command Prompt
  2. Issue the following command replacing the ImageFile parameter with the path to your image:

WDSUtil /add-image /imagetype:boot /imagefile:D:\sources\boot.wim

1.1.4Install and discover images

Install images contain the operating system, complete with any desired patches, applications and custom configuration settings. WDS deploys these images to the client computers.

Install images can be found in the “sources” folder of the Windows installation media for Windows Vista/Server 2008 onwards in a file called “install.wim”. Typically “install.wim” will contain a number of different images with in which can be selected at setup. WDS allows us to import all or just some from this file.

Images can be added from other sources, for instance customised images and captured images. It is also possible to to deploy VHD files as installation images. When deploying VHDs, WDS will copy the VHD to the client computer as a VHD. This is so that VHD deployment can take place, however you will need a client OS with a licence to boot from a VHD such as Windows 8 Enterprise edition.

WDS puts images into separate groups, when adding images you need to specify or create a group to add the image in.

1.1.4.1Adding an installation image using the GUI

  1. Open the WDS MMC.
  2. Expand Servers, expand the WDS server, right click on Install Images and choose Add Image Group…
  3. Enter a group name and click OK
  4. Right click on the new group and choose Add Install Image…
  5. Click browse and find the installation image to add, click Open and then Next
  6. Select which images to add to the group and click Next (optionally uncheck Use the default name and description for each of the selected images if you want to change them)
  7. If you chose to rename, follow the steps to change them, click Next and wait for the image to be added.

1.1.4.2Adding an installation image using PowerShell

  1. Open Windows PowerShell
  2. Run the following command replacing the appropriate parameters to match your scenario:

Import-WDSInstallationImage -Path “D:\sources\install.wim” -ImageGroup “Desktop Images” -ImageName “Windows 10 Enterprise 2016 LTSB Evaluation”

The “ImageName” parameter is optional and is used to choose which images to import when the WIM file has multiple images within it. You can use the following command to list the images held within a WIM file:

Get-WindowsImage -ImagePath “D:\sources\install.wim”

1.1.4.3Adding an installation image using WDSUtil

  1. Open Command Prompt
  2. Run the following command replacing the appropriate parameters to match your scenario:

WDSUtil /Add-Image /ImageFile:D:\sources\install.wim /ImageType:Install /ImageGroup:”Desktop Images” /SingleImage:”Windows 10 Enterprise 2016 LTSB Evaluation”

The “SingleImage” switch is optional and performs the same function as the “ImageName” parameter as the PowerShell commandlet equivalent.

Not all NICs (Network Interface Cards) support PXE and therefore cannot PXE boot to contact a WDS server. In some instances these computers may need to acquire an image from a WDS server. To allow these computers to discover a WDS server a boot up, an alternative boot device such as an optical or USB device can have a special boot image call a discover image on them. This is a modified Windows PE image, which when booted will find the WDS server and allow the setup to deploy images located a deployment server.

Discover images are created by copying and adapting a boot image in WDS, consequently before attempting to create a discover image, first make sure there is a boot image loaded into WDS.

1.1.4.4Creating a discover image using the GUI

  1. Open the WDS MMC and navigate to the boot images folder.
  2. Right click on a boot image and select Create Discover Image…
  3. Enter a Name, Description, choose a location to save the discover image to and optionally specify the WDS server to contact.
  4. Click Next and wait for the image to be created

1.1.4.5Creating a discover image using WDSUtil

  1. Open Command Prompt
  2. Run the following command replacing the appropriate parameters to match your scenario:

WDSUtil /New-DiscoverImage /Image:”Windows 7 x64 Boot” /Architecture:x64 /DestinationImage /FilePath:C:\discover.wim

The “Image” switch indicates the image of the boot image to use to create the discover image from.

1.1.4.6Deploying a discover image to bootable media

For this exercise ensure you are logged in as a local administrator.

  1. Download and Install the Windows Assessment and Deployment Kit for Windows 8
  2. Run Deployment and Imaging Tools Environment from Start
  3. Run the following commands:
  4. CopyPE amd64 C:\WinPE
  5. Copy /y C:\Discover.wim C:\WinPE\media\sources\boot.wim
  6. Oscdimg -n -b”C:\WinPE\Fwfiles\etfsboot.com” C:\WinPE\Media C:\Discover.iso

1.1.5Update images with patches and hotfixes

Images can be serviced offline using a program called DISM (Deployment Imaging Servicing and Management). DISM is a command line tool accessible with Command Prompt and PowerShell. DISM can apply Windows updates from CAB and MSU files, which can be downloaded from the Windows Update Catalogue.

DISM can be pointed at a folder of patches to apply or a specific patch. The following example points to a specific update, to update using a folder set the package path to the folder instead.

To service an image it must be mounted to folder, changes can then be made then when it is unmounted the changes can be committed.

1.1.5.1Applying patches using DISM Command Prompt

Before continuing use the following command to determine which images are in the WIM file so that you know which one to select and service:

DISM /Get-WimInfo:C:\Install.wim

  1. Open Command Prompt and run the following commands:
  2. MKDIR C:\mount
  3. DISM /Mount-WIM /WIMFile:C:\install.wim /Index:2 /MountDIR:C:\mount
  4. DISM /Image:C:\Mount /Add-Package /PackagePath:C:\Updates\windows8.1-kb4052978-x64.msu
  5. DISM /Unmount-WIM /MountDIR:C:\mount /Commit

1.1.5.2Applying patches using DISM PowerShell Commandlets

Before continuing use the following commandlet to determine which images are in the WIM file so that you know which one to select and service:

Get-WindowsImage -ImagePath C:\install.wim

  1. Open Windows PowerShell and run the following commands:
  2. Mount-WindowsImage -ImagePath C:\install.wim -Index 2 -Path C:\mount
  3. Add-WindowsPackage -Path C:\mount -PackagePath C:\Updates\windows8.1-kb4052978-x64.msu
  4. Dismount-WindowsImage -Path C:\mount -Save

1.1.6Adding and deploying drivers

Drivers can be applied to images, both boot and install as well as to WDS for images to query and install as required.

1.1.6.1Applying drivers to images

Divers can be added and removed from images using DISM, using a similar process to managing patches. You should note that system drivers cannot be removed. DISM will only accept drivers in their basic form (inf style drivers), that is the inf file and some associated files. DISM can install either one driver at a time or it can load a folder of drivers using the “Recurse” switch.

To modify the drivers in an image file it must first be mounted, the driver changes then made and the changes saved on dismount of the image. The mounting and dismounting commands are the same as those used for modifying any offline image, see the patching example for details.

To get a list of the current drivers the following commands can be used:

Using Windows PowerShell

Get-WindowsDriver -Path C:\ImageMountPath

Using DISM with Command Prompt

DISM /Image:C:\ImageMountPath /Get-Driver

Drivers can be added by referencing the INF file or the folder containing the INF files. The “recurse” switch can be added to search the folders within the specified directory. The “ForceUnsigned” switch can be used to force unsigned drivers to be added.

Adding a driver using Windows PowerShell

Install a specific driver:

Add-WindowsDriver -Path C:\ImageMountPath -Driver C:\drivers\mydriver\driver.inf

Install add driver in specified folder:

Add-WindowsDriver -Path C:\ImageMountPath -Driver C:\drivers\mydriver

Install all drivers in a set of folders:

Add-WindowsDriver -Path C:\ImageMountPath -Driver C:\drivers\ -Recurse

Adding a driver using DISM with Command Prompt

Install a specific driver:

DISM /Image:C:\ImageMountPath /Add-Driver:C:\drivers\mydriver\driver.inf

Install add driver in specified folder:

DISM /Image:C:\ImageMountPath /Add-Driver:C:\drivers\mydriver

Install all drivers in a set of folders:

DISM /Image:C:\ImageMountPath /Add-Driver:C:\drivers\ /Recurse

Although the drivers initially provided from Microsoft on an image cannot be removed, it is possible to remove any additional drivers when they are no longer required. To do this it is best to list the drivers and find the oem*.inf reference for the driver e.g. oem1.inf. This reference is required to specify the driver to remove.

Removing a driver using Windows PowerShell

Remove-WindowsDriver -Path C:\ImageMountPath -Driver oem1.inf

Removing a driver using DISM with Command Prompt

Removing a single driver:

DISM /Image:C:\ImageMountPath /Remove-Driver /Driver:oem1.inf

Removing multiple drivers:

DISM /Image:C:\ImageMountPath /Remove-Driver /Driver:oem1.inf /Driver:oem2.inf

1.1.6.2Adding drivers to WDS, configure driver groups and packages

WDS can store reservoirs of drivers in driver groups, these groups can have filters applied to them to target specific computer groups. If no filters are set, any computer can check the group for drivers. By default WDS creates a “DriverGroup1” driver group.

Driver groups can be disabled if required so that they aren’t applied to any hardware without having to delete them and enabled again later.

Adding a driver group:

Currently there isn’t a PowerShell command to create driver groups, therefore they must be created using the MMC or WDSUTUL.

Creating a driver group using the WDS MMC

  1. Open the WDS MMC, navigate and expand the WDS server
  2. Right-click on Drivers and select Add Driver Group…
  3. Type in the group name and click Next
  4. You can then set some hardware filters for the group by clicking Add…
    1. Choose a filter type, operator type, enter a value, click Add and then OK
  5. Click Next and then Add if you want to specify some image filters
    1. Choose a filter type, operator type, enter a value, click Add and then OK
  6. Click Next and choose if you want any hardware which matches the criteria to install all of the drivers in the group or just those that match its hardware
  7. Click Next and Finish

Creating a driver group using WDSUTIL

WDSUTIL /Add-DriverGroup /DriverGroup:NewGroupName /Enabled:Yes

You can also apply filters and applicability settings in this command with the “Filter” and “Applicability” switches.

Delete a driver group using WDSUTIL

WDSUTIL /Remove-DriverGroup /DriverGroup:DriverGroupName

Add a driver to WDS using the MMC

  1. Open the WDS MMC
  2. Expand the WDS server which drivers will be added, right-click on Drivers and select Add Driver Package…
  3. Browse to and select the driver to add and click Next
  4. Wait for the drivers to populate and check the ones to add and click Next twice
  5. Wait for the driver to be imported and click Next
  6. Choose to add the driver to an existing group, create a new group or don’t assign at this time and click Next and Finish

Adding a driver to WDS using Windows PowerShell

Import-WindowsDriverPackage -Path “Driver Path” -Architecture X64 -DisplayName “Driver Display Name” -GroupName “DriverGroup1”

The minimum requirement:

Import-WindowsDriverPackage -Path “Driver Path”

Adding a driver to WDS using WDSUTIL

WDSUTIL /Add-DriverPackage /InfFile:”Path to driver file” /Name:”Driver Display Name” /DriverGroup:”Group Name”

The minimum requirement:

WDSUTIL /Add-DriverPackage /InfFile:”Path to driver file”

Once a driver has been added to WDS it can be referenced using its unique name or id.

Adding an existing driver to a group using the WDS MMC

From All Packages:

  1. Go to the “All Packages” folder and right click on the driver you want to assign/remove from a group.
  2. Select Add or Remove from Groups and use the arrow buttons to choose which groups the driver should apply to.

From the driver group:

  1. Right click on the driver group to add the driver to and select Add Driver Packages to this Group.
  2. Add any driver filters to narrow the search and click Search for Packages.
  3. Select the packages to assign and click Add.

Adding an existing driver to a group using Windows PowerShell

Referencing driver name:

Add-WdsDriverPackage -Name “DriverName” -DriverGroupName “Driver Group Name”

Referencing driver id:

Add-WdsDriverPackage -id driver-id -DriverGroup “Driver Group Name”

Adding an existing driver to a group using WDSUTIL

Referencing driver name:

WDSUTL /Add-DriverGroupPackage /DriverGroup:“Driver Group Name” /DriverPackage:”Driver Name”

Referencing driver id:

WDSUTL /Add-DriverGroupPackage /DriverGroup:“Driver Group Name” /PackageID:driver-id

Removing a driver using the WDS MMC

  1. Open the drive group and select the driver to remove from the group.
  2. Right-click on the driver and choose Remove from this group to just remove from the group or Delete to remove it entirely.

Drivers can be removed on the command line either by referencing their name or ID. The following examples for the name only, however the syntax for ID is similar to that of adding to a group.

Removing a driver using Windows PowerShell

Remove driver from a group:

Remove-WdsDriverPackage -Name “Driver Name” -GroupName “Driver Group Name”

Remove driver entirely:

Remove-WdsDriverPackage -Name “Driver Name” -RemoveFiles

Removing a driver using WDSUTIL

Remove driver from a group:

WDSUTIL /Remove-DriverGroupPackage /DriverPackage:”Driver Name”

Remove driver entirely:

WDSUTIL /Remove-DriverPackage /DriverGroup:”Driver Group Name” /DriverPackage:”Driver Name”

1.1.6.3Adding drivers to boot images using WDS

WDS makes adding drivers to boot images easier by allowing administrators to do a “point and click” injecting of drivers. Note that it is not possible to remove drivers using WDS. To remove the driver after, the image would have to be exported, then the driver removed using DISM and added back into WDS.

To do this the driver must first be added to WDS. To add a driver to a boot image using the WDS MMC follow these steps:

  1. Navigate to the boot images folder and right-click on the boot image to add the driver.
  2. Select Add Driver Packages to Image… and click Next.
  3. Modify the filters if required and click Search for Packages.
  4. Choose the driver to add and click Next.
  5. Wait for it to be applied to the image and click Finish.

1.1.7Install features for offline images

Like updates and drivers, features are turned on and off using DISM, either via Windows PowerShell or the DISM in the command prompt. The following sections will explain the commands for each method. As discussed in the previous sections images must be mounted first, before DISM can manipulate them.

1.1.7.1Managing Windows Features using PowerShell

List features:

Get-WindowsOptionalFeature -Path C:\MountDirectory

Enabling a feature:

Enable-WindowsOptionalFeature -Path C:\MountDirectory -FeatureName NameOfFeature

Disable a feature:

Disable-WindowsOptionalFeature -Path C:\MountDirectory -FeatureName NameOfFeature

1.1.7.2Managing Windows Features using DISM Command Prompt

List features as a table – table is optional:

DISM /Image:C:\MountDirectory /Get-Features /Format:Table

Enable feature:

DISM /Image:C:\MountDirectory /Enable-WindowsFeature /FeatureName:NameOfFeature

Disable feature:

DISM /Image:C:\MountDirectory /Disable-WindowsFeature /FeatureName:NameOfFeature

1.1.8Further reading

http://www.itprotoday.com/management-mobility/configuring-dhcp-and-wds

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj648426(v%3dws.11)

https://www.youtube.com/watch?v=k5E97ndlRog

http://henkhoogendoorn.blogspot.co.uk/2012/02/pxe-boot-files-in-remoteinstall-folder.html

http://henkhoogendoorn.blogspot.co.uk/2014/03/pxe-boot-files-in-remoteinstall-folder.html

https://www.experts-exchange.com/articles/2978/PXEClient-dhcp-options-60-66-and-67-what-are-they-for-Can-I-use-PXE-without-it.html

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-driver-servicing-command-line-options-s14

Leave a Reply

Your email address will not be published. Required fields are marked *

one × one =