Windows Provisioning made Easy!
- Installation Media for windows server (can be downloaded from my.visualstudio.com if you have the right subscription)
- A utility computer to prepare the WIM files
- At least 30 GB of available diskspace, more depending on additional update packages etc.
- A webserver that you have control over (and legally: isn’t exposed to the rest of the internet as you may not distribute images on the open internet!)
- Foreman adjusted to support iPXE booting
NOTE: if you only have an actual installation DVD, convert it to an ISO before continuing
Preparing the “Installation Media”
A lot of effort has been invested in the creation of an easy to use script for installation media generation. Although (currently) limited in customizability, it is a solid foundation to continue from. The key-requirement was and will always be: easy to use!
Withouth further ado, let’s get started!
Open a command line interface, navigate to wherever you store your GIT projects (for me that’s C:\GIT) and execute the following command:
git clone https://github.com/UXabre/WIMan.git
Navigate to the root folder of this project and observe the folder structure. The most important files & folders are:
- Sources : This is where the ISO eventually will wind up in
- WinPE : This is the place where the WinPE adjustments can be made, or original WinPE boot.wims can be stored
- GenerateWIM.ps1 : this is, ofcourse, where the magic happens!
Let’s begin by creating a folder amd64 under the Sources directory; if you checked out from GIT, this should be already there! This is an arbitrary foldername to indicate the system architecture used. Based on your own preference, you might as well fill in x64; as long as it matches the architecture naming used in foreman (later in this tutorial). Anyway, In this amd64 folder, create a new folder named 2016 (or 2019, depending on your source material). Again, this foldername is arbitrarily chosen and is only really of importance to you and how it matches your foreman configuration.
Inside this newly created folder you should store your ISO-file, containing the original installation media. No worries regarding the filename, as long as it has an ISO extension, you’re good to go!
Optionally you can create 2 additional folders:
- Drivers : here you can place all additional drivers (in the form of INF files etc. no installation packages)
- Updates : here you can place either CAB files or MSU files
And that’s it! That’s really it for preparation steps.
Open a new powershell CLI with administrative rights, navigate to the root folder of the WIMan project and execute the following command:
As soon as you run this script, it will tell you:
No dedicated winpe.wim file found, we can fetch this automatically for you but this takes a few minutes.
Do you want to continue? (Y/N):
This is probably the only real choice you need to make; do I use the embedded WinPE shipped with my installation media (might be bigger then the clean WinPE, but it saves installation time as WAIK does not need to be downloaded and installed.
Depending on your choice it will install WAIK or immediately continue with the following steps:
- Copying relevant files from the installation media
- Detecting windows version on media
- Removing all possible packages on the WinPE image. (for embedded WinPE images, chances are this will result in a lot of failures, this is normal as these images are already optimized and thus cannot uninstall packages beyond that point)
- Adding drivers for WinPE to work correctly, for instance disk controllers should be included here; otherwise WinPE won’t find any disk drives and thus won’t be able to install!
- Optimizing WinPE
- Then similar steps for each windows image!
Depending on the additional driver and update packages, the creation can take a few minutes or even an hour on slower systems.
After the script is done, you’ll see a newly created folder in the root directory, called Finalized this folder contains another folder, named amd64 (or any arbitrary name you might have choosen for the architecture) , last but not least, this folder will contain a folder called 2016 (or whatever you named it in the sources directory).
You’ll notice this folder is populated with a few files and folder. You don’t really need to worry too much about this structure.
Copy the entire content from within finalized to your webserver and that’s it!
The last parts are no black magic and involve the same steps as you would for any other OS you add in foreman.
- Create Operating System, let’s call it “WindowsServer2016”
- As description set: “Windows Server 2016”
- Major version should be 2016
- Family should be windows
- For root password hash, be sure to select: “Base64-Windows”
- Select the “Partition Table”: Windows default partition table
- Add a parameter “wimImageName” and fill in: “Windows Server 2016 SERVERSTANDARD”. These values are not invented or arbitrare, these can actually be seen when executing the script. So, choose the correct value if you wanted anything else
- Click submit
- Go to “Host > Provisioning Tables”
- Look for “Windows”
- For each of the following templates, edit the association in the association tab and add “Windows Server 2016” as your applicable operating system and click submit:
- PXELinux chain iPXE
- Windows default finish
- Windows default provision
- Windows default PXELinux
- Windows default iPXE
- Windows peSetup.cmd
- Go to “Host > Installation Media”
- Click “Create Medium”
- Name it “Windows Images”
- As path select “https:///$arch/$major/
- As “Operating System Family” select Windows
- Go back to “Host > Operating Systems”
- Edit “Windows Server 2016”
- For Installation Media select “Windows Images”
- For Templates, select the correct template for each part (there will probably be only one template to choose from, so should be okay)
Create a new VM and select windows as the operating system and start your provisioning engines! In the first steps you’ll see WinPE popping up:
If you see this, chances are that you’ll have smooth sailing ahead of you. Otherwise: check if your webserver was accessible (by observing the Smart-Proxy logs) and also verify that ipxe.krn is available in your /var/lib/tftboot/ folder