Installing applications silently (or at least quietly)

Posted on By Mark Wilson
This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As part of the ongoing development of my unattended Windows XP build, I need to install core applications without any user intervention. Anybody who has attempted any form of application packaging will know that it is something of a black art and whilst many applications install with standard InstallShield/MSIExec command line switches, quite a few do not. So far, with my limited set of applications, I haven’t had to resort to using the Windows Scripting Host SendKeys method but I’m sure its just a matter of time.

The developers of Unattended, a Windows deployment system have written an excellent summary of performing unattended/silent installations using the many popular application installers.

Other references that have been useful are the AppDeploy.com Package Knowledge Base and the Microsoft Software Forum Network (MSFN) application switches forum (although that can take some time to navigate to find the latest information for a given application).

The Microsoft Solution Accelerator for Business Desktop Deployment, the Microsoft Solutions Framework and the Microsoft Operations Framework

Posted on By Mark Wilson
This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week, I spent three days learning about the Microsoft Solution Accelerator for Business Desktop Deployment (BDD).

According to Microsoft:

    “The Microsoft Solution Accelerator for Business Desktop Deployment delivers end-to-end guidance for efficient planning, building, testing, and deploying Microsoft Windows XP Professional, Windows XP Tablet PC Edition, and Office Professional 2003 Editions. It helps IT professionals realize a quick return on investment while also setting new standards for reliability, performance, security, and ease of use.”

Basically, BDD is a framework for successful Windows XP desktop deployment. A collection of guidance, sample templates, tools and scripts, wrapped around a Windows XP and Office 2003 installation source, BDD version 1 has been around for some time now, and version 2 has two variant editions:

  • BDD Standard Edition is intended for medium sized organisations, enabling a highly automated (light touch) desktop deployment, requiring a LAN infrastructure with at least one server and sufficient space to store all of the working files and images (although Microsoft do recommend the use of Active Directory and Remote Installation Services) as well as either PowerQuest DeployCenter 5.5 or Symantec Ghost 8.0 and Windows PE 2004.
  • BDD Enterprise Edition is intended for large enterprises, utilising Active Directory, Remote Installation Services, Microsoft SQL Server 2000 and Microsoft System Management Server (SMS) 2003 (with the Operating System Deployment Feature Pack) to deliver a zero touch deployment. To use all of the features in BDD enterprise Edition, including provisioning, Microsoft BizTalk Server 2004, Microsoft Exchange Server 2003 and Microsoft Operations Manager (MOM) Server 2005 are also required. In short, BDD Enterprise can use just about every element of the Windows Server System.

Both editions additionally rely on the Microsoft User State Migration Toolkit (USMT) 2.6, Microsoft Application Compatibility Toolkit 3.0, Microsoft Office Access 2003 Conversion Toolkit, Windows XP Professional with Service Pack 2, and Office Professional 2003 Edition Service Pack 1.

The crossover between the two BDD variants (in terms of the cost of development vs. the number of desktops) is somewhere between 500 and 2000 desktops and the BDD framework scales up to a deployment of many thousands of PCs.

I’ve been working with unattended operating system builds for many years, and the consultancy that I work for (Conchango) already has a highly automated standard operating environment (SOE) process, built around the same technologies. BDD is a formalisation of existing best practices, packaged in a manner that allows an organisation to:

  • Create a software and hardware inventory to assist in deployment planning.
  • Test applications for compatibility with Windows XP Professional and mitigate the compatibility issues discovered during the process.
  • Set up an initial lab environment with deployment and imaging servers.
  • Customise and package core and supplemental applications.
  • Automate desktop image creation and deployment.
  • Ensure that the desktop is hardened to improve security within the environment.
  • Manage processes and technologies to produce a comprehensive and integrated deployment.

Even with BDD in place, rolling out a new standard desktop to hundreds or even thousands of computers, possibly spread across the globe, is not a trivial task and is likely to include a large team of people. In fact BDD is based around the idea of feature teams, each of which is responsible for one area of the solution.

BDD Standard and Enterprise Editions

As can be seen from the diagram above (which relates to BDD Enterprise Edition – BDD Standard Edition does not include provisioning), at the heart of BDD is the business case, and project management. Surrounding this function are the feature teams:

  • Application compatibility remediation – discovering which applications are in use, which are to be migrated, and investigating application compatibility.
  • Infrastructure compatibility remediation – analysing the current state of the infrastructure, to determine whether it is suitable to support the implementation of the new business desktop, then implementing new infrastructure as required. For example, does the network have sufficient bandwidth? Where are the bottlenecks? Are all of the PCs of a suitable specification to run Windows XP? How many will need to be replaced? etc.
  • Computer imaging system – which technologies will be used for deployment? Will this be zero touch or light touch? How many images will there be and what is the basis for creating a separate image? (e.g. functional images, or hardware variations). Functional images can be difficult to manage because of the number of images to keep up to date and in general the number of images should be minimised (in my last company we had just two, hardware-based, images for the various PC models across Europe). Where there are specific hardware concerns, it may be more cost-effective to replace some PCs than to develop an separate image for a particular computer type.
  • Core and supplemental application packaging – packaging those applications which will be included within the image (generally just Microsoft Office, Adobe Reader and some system software), and those supplemental applications that need to be deployed on a per user or per group basis.
  • User state migration – to be avoided wherever possible, user state migration is problematic and time consuming – therefore expensive; however, it is very rare that a deployment will not require the transfer of files and settings.
  • Securing the desktop – security should be included in every area of the design, but it is still necessary for someone to take control of the overall security for the desktop.
  • Deployment process – the process of actually getting the software into PCs throughout the organisation.
  • Preparing for operations – involving operations staff in the project, to ensure that the new platform is taken on board and managed well by the people who are often under-appreciated and over-utilised, and whose buy-in can ensure the success or failure of the entire project.
  • Upgrading Office – ensuring that Microsoft Office functionality is unaffected by the upgrade, paying attention to file versions, macros, file locations, etc.
  • Provisioning – allowing staff to help themselves – provisioning may be as simple as providing a website for users to reset their password after answering a few security questions, or it may be a process to request a new application, with full workflow throughout the approval process right up to the automatic deployment of the application to the desktop.

Of course some roles may be combined, depending on the size of the organisation. In fact the whole point about BDD is that it is designed to scale.

Fundamental to the whole process is the Microsoft Solutions Framework (MSF). MSF provides people and process guidance to help teams and organisations become more successful in delivering business-driven technology solutions to their customers. It is a deliberate and disciplined approach to technology projects based on a defined set of principles, models, disciplines, concepts, guidelines, and proven practices from Microsoft.

MSF Process Model and BDD

At the heart of MSF is the process model, which includes a five stage lifecycle for the solution. Based on phases and milestones, at each stage there are clear requirements in order to justify the ongoing cost of development. For example, there is no value in spending time, effort and money on planning the solution until the vision and scope for the project has been agreed.

The vision may be a single global desktop but the scope may impose restraints on this. In my opinion, envisioning is one of the most important areas of any desktop deployment and is also one of the most overlooked, generally because a customer can’t see the value in up-front planning and needs to be seen to deliver something to the business as soon as possible.

As the solution is deployed (and during preparation for operations), the Microsoft Operations Framework (MOF) is employed to provide operational guidance for the management of the solution. MOF is based on the UK government IT Infrastructure Library (ITIL) – the most widely accepted approach to IT Service Management in the world – and is fundamentally split into a set of models: a process model, a team model and a risk management discipline, as well as a set of service management functions.

MOF Team Model

The MOF team model organises the IT operations group into several role clusters – individuals or groups who perform related activities to accomplish a particular component of an IT service, based on industry best practices for structuring operations teams. MOF then provides additional guidance that applies collectively and individually to the role clusters.

MOF Process Model

The MOF process model assumes that the main responsibility of the IT operations groupÂ’ is managing change in the IT environment. The most effective way to deal with change throughout the lifespan of a service is to group related changes together into a package called a release, so that the changes can be planned and managed as a unit. The MOF process model describes a life cycle that can be applied to any release and the processes and activities that make up each part of that life cycle and groups similar service management functions (SMFs) into each of four quadrants relating to a specific mission of service.

MOF Risk Management Discipline

The MOF risk management discipline applies proven risk management techniques to the daily problems faced by operations staff. Many models, frameworks, and processes exist for managing risks and all share similarities in how they identify and manage risk. MOF applies key principles, along with customised terminology, structured and repeatable risk analysis and evaluation process, integrated within a larger operations framework.

All of the above is just an overview – I recommend that anyone looking to manage a major desktop deployment considers using the BDD framework, and that any organisation running on a primarily Microsoft desktop and server platform takes a serious look at MSF and MOF.

Preselecting English (United Kingdom) settings during Windows XP setup

Posted on By Mark Wilson
This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

By default, Windows XP installs English (United States) as the input language. It is possible to add other languages, for example English (United Kingdom), but if you try to remove English (United States) you are prompted that it is in use and will be removed after the next reboot. This may only be a minor inconvenience, but can be circumvented using an unattended setup file, either for a fully- or partially-unattended build.

Within the [Unattended] section of the answer file, a KeyboardLayout= entry may be specified. The Microsoft Windows Preinstallation Reference states that this entry is used to specify the type of keyboard layout to install during text-mode setup and I have found that by using a United Kingdom keyboard for text-mode setup, no United States entries are created during GUI-mode setup.

The KeyboardLayout= entry must match one of the strings (in quotation marks after the =) in the [Keyboard Layout] section of txtsetup.sif (which is found in the Windows XP installation source).

For reference, my RIS-based unattended installation uses the following entries to specify UK-only regional settings and location:

[Unattended]
KeyboardLayout="United Kingdom"

[RegionalSettings]
Language=00000809
SystemLocale=00000809
UserLocale=00000809
InputLocale=0809:00000809
UserLocale_DefaultUser=00000809
InputLocale_DefaultUser=00000809

Further information on the available regional settings may be found in Microsoft knowledge base article 289125 and the Microsoft global development website has a full list of the available National Language Support (NLS) code pages.

Problems with certain NICs and a RIS-based Windows XP installation

Posted on By Mark Wilson
This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

After my hard disk failure last month, I decided to resurrect a project that I had shelved some time ago – implementing an unattended setup for my PCs at home. I have a variety of computers from HP (Compaq), IBM and Dell, which makes things slightly more complicated than it might otherwise be (although not impossible), so this was an opportunity to implement some of the business desktop deployment (BDD) technologies that I practise at work to implement a standard operating environment (SOE) and allow me to rebuild PCs at will.

My previous experience with unattended installations has largely been on the server side, basically amending and appending OEM installation scripts (e.g. Compaq/HP SmartStart or the HP ProLiant Essentials Rapid Deployment Pack (RDP)). This time I had a plethora of drivers to consider, and a limited (zero) budget. To allow for a repeatable, customisable, build I decided not to use any imaging technologies but instead to create a standard unattended setup, including all the drivers needed for the various PCs and a common set of applications. One thing I could rely on the presence of was Pre-boot eXecution Environment (PXE)-enabled workstations, so I set up and configured Microsoft Remote Installation Services (RIS) to serve my Windows XP + SP2 installation “image” (not really an image, but that’s the RIS terminology).

Incidentally, the most complete resource for information on creating unattended builds that I am aware of is the Microsoft Software Forum Network’s “Creating the Ultimate Unattended XP CD”. Although CD based, this gives much of the information needed for a successful RIS-based installation.

Everything was looking good until I tried to perform a PXE network service boot and connect to the RIS server. I could see that my DHCP server was issuing IP addresses to clients but they received an error:

PXE-E53: No Boot Filename Received

Basically, the PXE clients couldn’t find the RIS server. DHCP was being served from an ADSL router and I couldn’t find any way to configure the router to redirect PXE clients. Logically, interaction between the PXE client, the DHCP server and the RIS server should not have been affected by the router because PXE uses DHCP broadcast requests and all the computers were all on the same subnet but once DHCP was migrated to the RIS server, the error disappeared and the RIS Client Installation Wizard ran as expected. Since then, I’ve found Microsoft PSS’ Technical Guide to Remote Installation Services, which suggests various troubleshooting actions but for now it works, so maybe I’ll investigate further some other time.

The next issue was that Windows XP setup failed as the network drivers for the Broadcom BC570x NIC in my Dell Latitude D600 were not available from the Windows XP installation source:

The operating system image you selected does not contain the necessary drivers for your network adapter. Try selecting a different operating system image. If the problem persists, contact your administrator. Setup cannot continue. Press any key to exit.

Microsoft state that a hot fix is required to resolve this issue; however the Broadcom driver FAQ gives an alternative resolution which involves editing the B57WIN32.INF setup information file. I didn’t want to do this as it would break the digital signature and I would prefer to construct the build using signed drivers only. Instead, I used the latest drivers (v7.86) from Broadcom rather than the Dell-packaged version and once I had integrated the network drivers with the RIS installation source, deleted any instances of precompiled setup information (.PNF) files and restarted the Boot Information Negotiation Layer service, I was able to commence my unattended Windows setup.

This time, a new error halted text-mode setup:

File b57w2k.sys caused an unexpected error (21) at line 3788 in d:\xpsprtm\base\boot\setup\setup.c. Press any key to continue.

Some posts in the Bink.nu and MSFN forums led me to a solution for this by copying the Windows 2000 version of the drivers (B57W2K.SYS) to the Windows XP installation source \i386 folder alongside the Windows XP driver (B57XP32.SYS) and the setup information file (B57WIN32.INF).

Once the Dell PC was working, I had the same issue with an IBM ThinkPad T40 with an Intel PRO/100 VE card and so it seems logical to assume that this issue may apply to a variety of NICs.

For the BC570x, a Windows User Group (Nordic) article which discusses integration of Intel and Broadcom drivers with RIS images suggests rewriting the B57WIN32.INF file to replace all references to B57W2K.SYS with B57XP32.SYS, but again, I avoided this to prevent issues with unsigned drivers. Intel’s solution to installing PRO/100 or PRO/1000 NICs via RIS requires a further download but I got it working by applying the same resolution as for the Broadcom drivers – i.e. using IBM’s distribution of the Intel drivers (v7.0.28.0) and including the Windows 2000 E100BNT5.SYS driver in the Windows XP installation source \i386 folder for text-mode setup.

I should point out that it was only necessary to add these network drivers to the \i386 folder on the Windows XP installation source in order to use the NIC to copy files during setup and it is still necessary to add OEM device drivers to the Windows XP installation source for all undetected devices in order to allow the drivers to be used during the plug and play (PnP) section of setup.

After a couple of days downloading, integrating and testing drivers, my RIS-based Windows XP installation works for all of my computers and now I can focus on the finer points of the build, tuning the Windows XP installation and adding applications to my SOE.

Unattended IIS installation after the operating system has been installed

Posted on By Mark Wilson
This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One of my clients needed to provide an FTP server service on some of its XP PCs, but as an addition to the existing standard operating environment (i.e without altering the core build). Of course, Internet Information Services (including the FTP Publishing service) may be installed as part of an unattended Windows installation, but the problem here was installing IIS after the operating system had been installed and configured.I did some research, and discovered the system standalone optional component manager (sysocmgr.exe). This is effectively what sits behind the Add or Remove Programs Control Panel applet (appwiz.cpl), to provide the Add/Remove Windows Components functionality. Microsoft’s IIS 6.0 technical reference provided the appropriate information to write an answer file and this command file demonstrates the process, taking input from a text file.

Once IIS was installed, the next stage was to configure the FTP Publishing service (create virtual directories, set permissions, etc.). Scripting support varies across the different IIS versions with, not surprisingly, IIS 6.0 providing the most complete support for what I wanted to do (there are a number of IIS-related scripts in the %systemroot%\system32 directory). Unfortunately the IIS 6.0 scripts do not work with previous versions of IIS, the IIS 5.x administration scripts, installed by default in c:\inetpub\adminscripts) did not seem to offer what I needed, and the IIS 4.0 Resource Kit scripts do not work with IIS 5.0 or 5.1.

I was stumped until a contact at Microsoft pointed me in the direction of adsutil.vbs. This is one of the IIS 5.x administration scripts that I had overlooked because of the filename (which does not imply that it will allow you to create virtual directories etc.). In fact, adsutil.vbs is pretty comprehensive in its capabilities and allowed me to configure all the FTP site settings I wanted, as demonstrated in this command file.

The main issue (not immediately apparent from the adsutil.vbs help text) was to create the virtual directory object and then to set the path for the virtual directory as two separate commands. This wasn’t easy to track down (but can be found in a Google Groups thread) and was the final step needed to get everything working.

Unable to join domain during unattended Windows installation

Posted on By Mark Wilson
This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve come across a scenario on a couple of client sites whereby new PCs are staged in a separate VLAN (away from the main network) and fail to join the domain. It is usually a name resolution issue and is resolved by changing the domain name in the unattend.txt file from DNS format to the NetBIOS format (or vice versa).

On a related note, Microsoft knowledge base article 299969 gives advice and guidance on creating a non-administrative account to join the domain as the username and password are stored in clear text in the Windows XP unattend.txt file and cannot be encrypted.

Undocumented entries for unattend.txt

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Johan Arwidmark has published some undocumented unattend.txt entries for unattended Windows installations.

Disabling the Configure Your Server Wizard

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As useful as it may be for some administrators, I don’t want the Configure Your Server Wizard to appear each time I log on to one of my servers. Microsoft knowledge base article 289080 details a quick registry change to prevent the wizard from starting automatically when new users log on to the computer. Of course, it is also possible to select the checkbox not to display the page at logon, but this registry key is useful for setting via a group policy, or as part of an unattended build process.

Configuring DHCP option 60 for PXE clients

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’m currently working to implement a standard operating environment (SOE) for a client’s server infrastructure, using their preferred deployment platform – the HP ProLiant Essentials Rapid Deployment Pack (RDP), which is based on software provided by Altiris and is effectively a wrapper around the standard unattended build process, but uses the Altiris server instead of Microsoft’s Remote Installation Services (RIS).

According to HP’s implementing RDP and PXE in an enterprise network environment technology brief, when DHCP and Altiris Express are installed on the same server, DHCP will automatically be configured with option 60, which tells the client to make a boot information negotiation layer (BINL) request to the same server to retrieve boot information; however we were placed in a situation where DHCP option 60 needed to be configured manually.

I found the instructions for configuring advanced DHCP options on the website for a competitive product, Rembo Auto-Deploy. For NT DHCP servers, the new client class string option with an identifier of 60 can be added through the normal DHCP server user interface and then configured as a scope option with a value of PXEClient; however for Windows 2000 servers, the option is not present in the graphical user interface and consequently it is necessary to use the netsh command to enter the following commands:

dhcp server \\servername
add optiondef 60 PXEClient STRING 0 comment="Option added for PXE support"
set optionvalue 60 STRING PXEClient
show optionvalue all
exit

(dhcp server \\servername can be replaced with dhcp server serveripaddress).