The RSAT (Remote Server Administration Toolkit) for Windows 7 is a great tool for managing all of the services running on our network. One thing that's bugged me for a while, however, is the inability to add a new computer account to the server using a GUID for imaging. By default, the remote install tab is missing when you look at a computer object, and when creating a new object you don't get the opportunity to type one in. So instead of doing my management from my custom mmc, I have to remote connect to the server, fire up the AD mmc there, and add the account - not a huge deal, but just annoying.
I decided to root around for a solution today and found one. I'm assuming you've already installed the RSAT on your machine and have enabled the Deployment Services tools in the Windows Features dialog.
1. Copy the following file from the server to the exact same spot on your machine (the server must have the same architecture (32 or 64 bit) as your machine):
%systemroot%\system32\imadmui.dll
2. From an elevated command prompt on your machine, run the following:
regsvr32 imadmui.dll
That's it! You'll now see the remote install tab in your mmc and be able to create computer accounts with a GUID.
I've begun testing Windows 7 deployment on our network and came across a new setting which effects deploying printers using Group Policy Preferences. The setting is under Computer Configuration --> Policies --> Administrative Templates --> Printers. It is named "Extend Point and Print connection to search Windows update."
If for some reason you don't have a Windows 7 driver on your server or in the image, you can enable this setting to allow the client machine to pull a driver down from Windows Update. This combined with disabling the security prompts under the "Point and Print Restrictions" will allow seamless installation of deployed printers for all users on the network.
In Windows Vista and 7 when doing an unattended installation, there is a bug in the process in which the network location specified in the unattended xml file does not get applied. Here's how to supress that dialog.
The easiest way to do this is by adding a RunSynchronousCommand to RunSynchronous section in the x86_Microsoft-Windows-Deployment_neutral block in the specialize phase of your unattend.xml file.
To stop the Network Locator Prompt from appearing add a fourth RunSynchronous command to RunSynchronous block (specialize) with the following details:
- In the Description field, enter something to identify the task - like "DisableNetworkLocationPrompt".
- In the Order field enter 4 (if you are editing the BDD 2007 created unattend.xml file) or 1 if it is your first RunSynchronous command.
- In the Path field enter the command line (as one complete line) - reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 00000001 /f
- In the WillReboot field enter Never
Edit: After trying a few things on Windows 7, I found that the above didn't work. It may work on Vista, but not 7. Here's the fix that worked for 7:
In the Path field enter this command line instead: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff /f"
A nice tip from the recently released WAIK for Windows 7 RC documentation:
(I used workaround 1)
Help update: Suppressing the user accounts–creation page in Windows Welcome.
The user accounts–creation page in Windows Welcome is suppressed if a user or a group is added to a local security group. Add a user or a group to a local security group by doing one of the following:
* Create a local user.
* Add a domain user to a local security group with the Microsoft-Windows-Shell-Setup | UserAccounts unattended installation setting.
To suppress the user accounts–creation page in Windows Welcome, without creating a local user, use one of the following workarounds:
Workaround 1
If the computer is already joined to a domain, use the following XML example to add the Domain Users security group to the Local Users security group.
<DomainAccounts>
<DomainAccountList wcm:action="add">
<DomainAccount wcm:action="add">
<Group>Users</Group>
<Name>Domain Users</Name>
</DomainAccount>
<Domain>FabrikamDomain</Domain>
</DomainAccountList>
</DomainAccounts>
Because joining a domain automatically adds the Domain Users security group to the Local Users security group, the DomainAccounts command does not affect the membership of the Local Users group. However, using this XML example to join a domain will also suppress the user accounts–creation page in Windows Welcome.
Workaround 2
Use the sysprep /quit command to set the following registry value to 1:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\UnattendCreatedUser
I'm starting to play around with Windows 7 deployment using the WAIK that was just released yesterday for the Windows 7 RC. I hope to post more about deployment in general, but one of the things that changes from Vista to 7 is the introduction of a new tool - DISM. Let's say you've created a Windows 7 boot image from which you want to capture or deploy a reference image. You'll need to add drivers (specifically NIC drivers) to the image for the machines you want to deploy on. Here's how to do it.
First, check the image and make sure you are loading the correct index. (you can find the file name by right clicking on it in the WDS console and going to properties). Next you mount the image to a temporary directory. You then add the driver to the image using the /add-driver command. Finally, you commit the changes to the image. That's it!
dism /get-wiminfo /wimfile:I:\images\boot\x86\images\boot.wim
dism /mount-wim /wimfile:I:\images\boot\x86\images\boot.wim /index:2 /mountdir:"X:\temp\mount"
dism /image:"d:\temp\mount" /add-driver /driver:X:\driverdir\driver.inf
dism /unmount-wim /mountdir:d:\temp\mount /commit
