Imaging is a network management task which refers to the rapid deployment of operating systems, software, and configuration to numerous computers at once.


Updating Windows Deployment Services Images From WSUS

Sometimes you’ll run into a situation where two pieces of Microsoft software don’t play well together, or in a way that would be convenient from the user’s perspective.  Such is the case with Windows Deployment Services and Windows Server Update Services.  One piece of technology stores and deploys operating system images.  The other piece of technology updates Windows operating systems.  It seems like there ought to be some glue that brings the two together because, otherwise, you need to deploy the OS image, update it manually, then recreate it.

The bad news is, no such glue exists out of the box. The good news is, it’s not difficult to create it with PowerShell (provided WDS is running on Server 2012).  Below is my project, hosted on GitHub. It’s a single, short PowerShell script which, when run on a Server 2012 WDS server, will cycle through all of your Install Images and update them using your WSUS Repository from the WsusContent share. All you need to do is run the script from the WDS server. It will ask for a scratch location where it can extract the WIM images from Windows Deployment Services, and the location of your WSUS Repository.  I recommend running it over a weekend, because, depending on the number of images stored in WDS and the number of updates in WSUS, it can take a day or longer.

The script requires interactive input, but with just a little modification you can easily hard-code the information it needs about your environment, and run it as a scheduled task on your WDS Server.

First Impressions of Windows Deployment Service

A few months ago we decided to deploy Windows Vista in two recently renovated labs at SUN Tech. Originally I used Symantec Ghost Solution Suite to image the labs.  If you’ve ever done imaging, you’ll know what a “bad image” looks like: sometimes they don’t boot at all, other times they seem stable until weeks later they begin to blue screen for no rhyme nor reason. This was my experience with Symantec Ghost and Vista and the reason I forced myself to learn Windows Deployment Services. I may later chronicle my entire journey, but here are a few quick observations.

1. Windows Deployment Services Setup is More Complicated than Ghost.

While I applaud Microsoft for releasing a lot of wonderful deployment tools free with  (or at least bundled into the price of) Windows Vista and Server 2008, as always they provide very little free assistance with those tools.  You will not be off the ground running with WDS as fast as you can be with Symantec Ghost. Though installing WDS is simple (add the Deployment Services server role, configure the Boot Server Host Name option #066 on your DHCP server), making it useful takes some time.

You need to add boot images by locating the boot.wim file on your Vista or Server 2008 installation media. You need to add installation images using the source.wim from the same disks.  You then have to assign the appropriate boot files and images for each architecture (x86, x64, and Itanium). At this point you can network boot to deployment services and run the installation over the network, but you can’t do “ghosting” in the classic sense of the word. You still have to create a “capture image” from the boot image you loaded previously and then use it to capture your customized installation.
[ad name=”rc_article_content”]
Ghost installation is significantly less complicated. You install the software from a wizard. You create a floppy, CD, or network boot image using the Ghost Boot Disk Wizard, then you use it to boot to the machine you want to ghost or use to create a ghost image. You set up a session on the server, type the session name on the client, and off you go. Getting up and running with PXE booting in Symantec Ghost can get a bit tricky, but you can literally start creating ghost images within five minutes of inserting the installation disk.

2. Image Creation is Slower in WDS than Symantec Ghost.

When I was creating my images with Symantec Ghost, I was always pleased with the time it took to create a ghost image. After creating my reference machine (and running Sysprep) I would boot into the DOS boot client and it would upload 15GB drive image in about 15 minutes. This includes a full install of Windows Vista Business Edition, Microsoft Office 2007, Adobe Creative Suite CS3, and a few other applications critical to our organization.

Windows Deployment Services, on the other hand, takes about an hour to create the same image. This gets aggravating when the upload completes and you realize that you forgot to include an application, or find some other issues with the image that requires you to recreate it. Nothing is more aggravating than recreating an image because you forgot some critical tweak needed by your end users.

I don’t know for sure, but I think the difference in image creation speeds lies in the difference between Symantec and Microsoft’s imaging formats. Symantec’s images are an entity unto themselves. That is, they are a byte-for-byte clone of a hard disk.  Because they work on a byte level, they can often be difficult to work with when you need to add something to an image.

Microsoft’s WIM (Windows Imaging Format) is an altogether different beast. A WIM file can contain multiple Windows installations. In fact Windows Deployment Services stores all of it’s installation images in a single WIM. WIM is a file-base image format which remains aware of the files that it contains. It will never store the same file twice.  So if you have twenty images hosted on WDS, all with Windows Vista Business and Office 2007 installed, you will save significant amounts of space because the redundant files will not be stored multiple times. While this conserves a lot of space, I tend to think that the checks necessary to search a monolithic WIM file for matches may cause the considerable slow down in ghosting speed.

3. Image Deployment is Slower on WDS than Symantec Ghost.

The same criticisms of the WIM format apply during image deployment as well. While Symantec Ghost simply dumps bytes directly back to the hard disk, Windows Deployment Services formats, expands the image, installs the image’s files, and even goes out to Windows Update to download and install system updates before rebooting.
[ad name=”rc_article_content”]
I also noticed that after the reboot into the new operating system that the Vista version of Sysprep takes significantly longer to complete than on Windows XP.  However this can’t really be blamed on Windows Deployment Server, but on some of the structural changes and improvements Microsoft made with the Vista Architecture. Which leads me to my next point…

4. Sysprep is a Whore, but She is my Mother.

The above quote, adapted from the words of St. Augustine, perfectly reflects my feelings on Sysprep.  This tool, provided by Microsoft as a way to make a Windows image “generic” and thus usable on multiple computers, has caused me seemingly infinite amounts of pain and frustration, yet its the best tool that I’ve got.

On Windows XP you could avoid dealing with the quirks of Microsoft’s Sysprep utility by running Symantec’s Ghost Walker utility after deploying an image. This would recreate the security identifiers on each destination machine. When I moved to Vista I found that I couldn’t work around Sysprep because there are other processes that must be run and other identifiers that need to be recreated, such as those generated by Microsoft Key Management Services and Windows Server Update Services. With Vista, I haven’t been able to avoid Sysprep on Ghost or Windows Deployment Services.

Having said that, Sysprep on Windows XP was a cinch. You used the Setup Manager to create an unattend.ini file, you ran sysprep, and you rebooted. The Vista version of Sysprep provides a level of customization long sought after by IT workers like me, but while the platform has grown more powerful one’s chances of screwing something up have grown exponentially. The unattended.ini file has turned into unattended.xml, and while you could edit it by hand you certainly wouldn’t want to.

Instead of the user-friendly, wizard-based Setup Manager that we once used to use to create our unattended setup configurations Microsoft now provides a tool available for download called the Windows Automated Installation Kit (WAIK) as a paltry 180MB download. At least the tool provides a “Check for Errors” option, because you’re going to need it. Unattended Vista installations are complicated, error-prone, and problems are difficult to diagnose when you inevitably run into them.

4. Windows Deployment Services Finally MultiCasts.

I avoided WDS and it’s previous incarnation known as RIS mostly because it has never supported multicasting, which is critical when you are ghosting more than just a handful of machines. When you install the Deployment Services Role on Server 2008 it also installs the Transport Server supporting role, which allows you to select an image for multicasting within Windows Deployment Services. You can configure the multicast session to begin at a certain time, after a specific number of clients connect, or when you explicitly press the button to start it. The multicasting feature is what made me finally consider WDS as an alternative to Symantec Ghost.

5. Windows Deployment Services Delivers on the Promise of “One Image to Rule Them All.”

More a feature of the WIM imaging format than Windows Deployment services, you really can deploy the same images to a variety of hardware. Though often promised and long sought-after by IT professionals, deploying an image to hardware different than that which it was created on has never worked particularly well; and using the same image on a desktop and portable was simply unheard of.  However the new version of Sysprep and the WIM format finally make this dream a realty. Vista’s version of Sysprep removes the HAL (Hardware Abstraction Layer) which prevented images from working on both desktops and laptops.  The WIM format makes it simple to add drivers to an installation image using the commands “Imagex” and “Peimg” provided by the WAIK.

Sysprep also makes it simple to store all your drivers in a single location which can be searched during the hardware detection phase.  You can even provide a UNC path to a network share and credentials for access.

6. Windows Deployment Services Updates Your Computers Before Booting Them.

Though this feature can be turned off in your Sysprep configuration, Windows Deployment Services will actually go out to the Internet and install available updates to your PC before it reboots into the downloaded image.  It ads a few minutes to deployment time, but saves you the bother of updating your images when a new patch is released by Microsoft.

7. Windows Deployment Services Just Works Better with Vista

Maybe this isn’t a selling point for the Vista-haters out there, but I’m a fan of the operating system. The fact I couldn’t create a single Windows Vista image in Symantec Ghost that didn’t blue screen or have other unexplainable issues really hurt my confidence in their product and convinced me to research and consider Windows Deployment Services.

8. Symantec Ghost is Expensive.

I’m not sure what the price is today, but I know we were paying several thousand dollars annually to keep our version of Symantec Ghost current and legal for our 300 computer network. If you have a license for Server 2008, you already own Windows Deployment Services, and all of it’s supporting tools are available as free downloads from Microsoft.


In a perfect world there would exist a program that acted much like a hybrid of Ghost and WDS. Ghost wins hands down in the speed department, both for ease of installation and speed of imaging operations. Ghost has, however, always been lacking in the realm of image customization. The WIM image format used by WDS gets a gold star for its extensive configurability, and for the tools that Microsoft has made available to make this possible. Symantec needs to play catch-up and make their software work better with Windows Vista.  They might even consider using the WIM format if they can do that and still keep their edge on speed. All things considered, the prices and feature set of WDS is what I need right now, and I won’t be switching back to Symantec Ghost any time soon.

Adding Drivers to a BDD LiteTouch Image

Since Vista’s release Microsoft has provided a variety of tools for deploying their operating systems. One such tool is Business Deployment Desktop which Microsoft describes as “the best-practice set of comprehensive guidance and tools from Microsoft to optimally deploy Windows Vista and the 2007 Office system.” Though BDD certainly makes OS and application deployment to a variety of hardware platforms simpler than ghosting, eventually you’ll run into a problem: some critical hardware may not be natively supported by WinPE, the preinstallation environment used to load the OS onto a new system. This article will explain how to inject LAN drivers into WinPE, allowing you to deploy installations to a larger variety of hardware. Read more