Deploying and Administering Windows Vista Bible potx

1Chapter 1: Planning the Deployment ...3 Chapter 2: Creating Basic Windows Images ...43 Chapter 3: Managing Windows Licensing and Activation ...81 Part II: Customizing the Deployment Pro

Deploying and Administering

Bible

Bob Kelly Danielle Ruest Nelson Ruest

Administering

Bible

Deploying and Administering

Bible

Bob Kelly Danielle Ruest Nelson Ruest

Wiley Publishing, Inc

10475 Crosspoint Boulevard

Indianapolis, IN 46256

www.wiley.com

Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana

Published by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-0-470-18021-1

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,

electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of

the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization

through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA

01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Legal

Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317)

572-4355, or online at http://www.wiley.com/go/permissions.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO

REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE

CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT

LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE NO WARRANTY MAY BE CREATED

OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS THE ADVICE AND STRATEGIES CONTAINED

HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION THIS WORK IS SOLD WITH THE UNDERSTANDING

THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL

SERVICES IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL

PERSON SHOULD BE SOUGHT NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR

DAMAGES ARISING HEREFROM THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN

THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN

THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE

MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE FURTHER, READERS SHOULD BE AWARE THAT

INTERNET WEBSITES LISTED IN THIS WORK MIGHT HAVE CHANGED OR DISAPPEARED BETWEEN WHEN

THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services or to obtain technical support, please contact our Customer

Care Department within the U.S at (800) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002.

Library of Congress Control Number: 2008934806

Trademarks: Wiley and related trade dress are registered trademarks of Wiley Publishing, Inc., in the United States and

other countries, and may not be used without written permission Windows Vista is a trademark of Microsoft Corporation

in the U.S and/or other countries All other trademarks are the property of their respective owners Wiley Publishing, Inc

is not associated with any product or vendor mentioned in this book.

We dedicate this book to you, the reader, who has to work with computers every day and want to get it right We hope you find it useful and that it saves you time and effort every day.

—DR and NR

Bob Kelly has been working in the IT field for 18 years with a focus on application deployment,

script-ing, and the automated distribution of Windows systems and is a Microsoft MVP for Setup and Deployment Bob served in the U.S Navy for eight years, ending his service as Systems Administrator for the White House Communications Agency He spent the next several years as a consultant support-ing various commercial and government agencies in the Washington DC area as a systems architect Bob currently works as Senior Product manager for KACE (www.kace.com) where his primary focus is support of the AppDeploy.com online community and its integration with the KBOX Systems Management Appliance

Bob founded AppDeploy.com (www.appdeploy.com) in September of 1999 as the premier tion for administrators seeking application and systems deployment expertise and has been writing for the website ever since He has produced several hours of free videos on deployment related topics as

destina-well as several product reviews Bob is author of The Definitive Guide to Desktop Administration as destina-well as

Start to Finish Guide to Scripting with KiXtart He has gone on to speak at events like the Microsoft

Management Summit and has written several articles, white papers, and books on the topics of scripting and desktop management For more on Bob, visit www.bkelly.com

Danielle Ruest and Nelson Ruest are both enterprise IT architects with over 20 years of experience in

migration planning and network, PC, change management projects, and server infrastructure design

Danielle is a Microsoft MVP for Virtual Machines Nelson is an MCSE, Microsoft Certified Trainer, and Microsoft MVP in Failover Clustering Both are very familiar with all versions of Microsoft Windows as well as security, Active Directory, systems management, intra- and extranet configurations, collaboration

technologies, office automation, and virtualization solutions Together they have co-authored The

Complete Reference for Windows Server 2008 (Server-2008-Reference/dp/0072263652), The Definitive Guide to Vista Migration (http://

http://www.amazon.com/Microsoft-Windows-www.realtime-nexus.com/dgvm.htm) which is referenced on the companion CD, Deploying

Messaging Solutions with Microsoft Exchange Server 2007 (http://www.microsoft.com/MSPress/

books/10938.aspx), as well as Configuring Windows Server 2008 Active Directory (http://www

microsoft.com/MSPress/books/11754.aspx), and that was just last year This year they are working on two books on virtualization in the datacenter

Danielle and Nelson work for Resolutions Enterprises Ltd (www.reso-net.com), a consulting firm focused on IT Infrastructure and dynamic datacenter design Resolutions has been offering OS migration solutions for every version of Windows since Windows 2.0 It now has offered virtualization solutions for the past ten years These solutions range from testing and development support environments to the virtualization of enterprise production systems Danielle and Nelson have been instrumental in the development of these offerings to meet customer requirements as well as their promotion through multi-ple articles, presentations, and conferences

Bob Kelly, Danielle Ruest and Nelson Ruest have also participated in the production of the tion for the Microsoft Deployment Toolkit, which was called Business Desktop Deployment (BDD) when Microsoft first prepared it for release in support of Windows Vista deployments Together, they bring this expertise to this Bible

documenta-This book was written in two portions Bob Kelly was responsible for the deployment section and Danielle Ruest and Nelson Ruest were responsible for the administration section Each author then per-formed the technical review for the other’s work: Danielle and Nelson were technical reviewers for Bob’s work, and Bob was technical reviewer for Danielle and Nelson’s work The authors felt this would create the best possible result since all authors would have input in all sections of the book You be the judge.

Senior Acquisitions Editor

Quality Control Technician

Part I: Developing the Deployment Strategy 1

Chapter 1: Planning the Deployment 3

Chapter 2: Creating Basic Windows Images 43

Chapter 3: Managing Windows Licensing and Activation 81

Part II: Customizing the Deployment Process 101

Chapter 4: Working with Windows Installer 103

Chapter 5: Migrating User Data 141

Chapter 6: Managing Windows Images 173

Chapter 7: Using the Microsoft Deployment Toolkit 2008 223

Chapter 8: Windows Deployment Services 263

Part III: Administering Windows Vista 293

Chapter 9: Managing Change in Vista 295

Chapter 10: Administering Workstations 341

Part IV: Protecting and Maintaining the System 397

Chapter 11: Securing the Workstation 399

Chapter 12: Protecting User Data 445

Chapter 13: Recovering Damaged Systems and Lost Data 483

Appendix: What’s on the CD-ROM 519

Index 523

Introduction  . .  xxv

Part I: Developing the Deployment Strategy 1 Chapter 1: Planning the Deployment  . . .3

Selecting Windows Vista Editions 4

Vista Home Basic 6

Vista Home Premium 6

Vista Business 6

Vista Enterprise 7

Vista Ultimate 8

Other options 8

Choosing a Deployment Type 9

Replacing computers 9

Upgrading computers 9

Refreshing computers 10

Deploying new computers 10

Understanding Windows Vista Installation 10

Investigating the Windows Imaging format 10

Leveraging Windows PE 14

Automating the installation of Windows Vista 19

Automating Application Installations 21

Customizing application installation commands 21

Creating transform files 22

Repackaging applications 23

Selecting a Distribution Media 23

DVD 23

USB drives 24

Network 24

Evaluating Hardware Requirements 26

Ensuring Application Compatibility 28

Understanding broken applications 28

Identifying application incompatibilities 29

Documenting the Deployment Plan 41

Summary 42

Chapter 2: Creating Basic Windows Images . . .  43

Building a Deployment Server 44

Introducing the Windows Automated Installation Kit 48

Creating Unattended Answer Files 49

Getting familiar with configuration passes 50

Navigating the Windows System Image Manager 53

Building a Reference Computer 63

Implementing an answer file 64

Walkthrough: Automating Windows Vista installation 65

Customizing the reference computer 66

Preparing the reference computer for imaging 69

Walkthrough: Preparing the computer for imaging 72

Capturing Custom Images 72

Windows PE 72

Walkthrough: Creating Windows PE boot media 73

ImageX 74

Walkthrough: Capturing a WIM file with ImageX 76

Deploying Custom Images 76

Preparing the hard disk 77

Walkthrough: Preparing a hard disk for an image 78

Applying the image 78

Walkthrough: Applying an image with ImageX 79

Automating the deployment 79

Summary 80

Chapter 3: Managing Windows Licensing and Activation  . .  81

Licensing Windows 81

Understanding retail licensing 83

Understanding OEM licensing 83

Understanding volume licensing 84

Understanding virtual machine licensing 85

Managing Volume License Activation 85

Centralizing activation with KMS 86

Leveraging MAK activation 89

Comparing KMS and MAK activation 92

Managing licensing and activation 93

Implementing KMS activation 95

Implementing MAK independent activation 97

Implementing MAK proxy activation 98

Notification Experience and Reduced Functionality Mode (RFM) 98

Introducing the notifications-based experience 98

Experiencing Reduced Functionality Mode 99

Resolving the notification experience and Reduced Functionality Mode 100

Summary 100

Part II: Customizing the Deployment Process 101 Chapter 4: Working with Windows Installer  . .  103

Introducing Windows Installer 103

Integrating installations with the Windows Installer service 105

Examining the Windows Installer service 106

Windows security and software installations 108

Understanding the Capabilities of Windows Installer 110

Understanding the Windows Installer architecture 111

Managing the Windows Installer service 121

Changes to Windows Installer 4.0 132

Changes to Windows Installer 4.5 134

The MSI Package Lifecycle 134

Best Practices for Using Windows Installer 139

Summary 140

Chapter 5: Migrating User Data  . . .  141

Understanding User Data 141

Identifying the migration scenario 142

Determining the data and settings to be managed 144

Determining where to store data during the migration process 145

Choosing migration tools 148

Windows Easy Transfer 149

Running Easy Transfer from DVD 149

Downloading Easy Transfer from Microsoft 149

Understanding the capabilities of Easy Transfer 150

Using Windows Easy Transfer 150

Working with the User State Migration Tool (USMT) 153

Requirements 154

Understanding USMT limitations 154

Customizing migration with USMT 155

Collecting files and settings with ScanState 163

Restoring files and settings with LoadState 166

Reviewing best practices 168

Investigating Third-Party Alternatives 169

CA Desktop Migration Manager 170

Tranxition Migration Studio 170

PC Mover 170

Summary 171

Chapter 6: Managing Windows Images  . . .  173

Introducing Windows Image File (WIM) 174

Exploring the benefits of WIM 174

Exploring the limitations of WIM 175

Introducing Windows PE 175

Understanding the benefits of Windows PE 175

Understanding the limitations of Windows PE 176

Meeting minimum requirements 176

Using the provided Windows PE image 176

Customizing Windows PE Boot Images 177

Working with ImageX 177

Working with an ImageX GUI 188

Working with PEImg 189

Working with OSCDImg 196

Working with vLite 200

Executing Common Tasks 204

Adding packages to a Windows PE image 205

Adding hotfixes to a Windows PE image 207

Adding drivers to a Windows PE image 207

Incorporating service packs 208

Editing the registry of a Windows PE image 208

Incorporating scripts in a Windows PE image 209

Create a bootable ISO from WIM image 211

Configure a UFD to boot to Windows PE 212

Developing Custom Solutions 214

Leveraging scripts for automation 214

Developing solutions with SmartDeploy Imaging Component 215

Investigating Third-Party Alternatives 216

BartPE 216

VistaPE 217

Symantec Ghost 219

KBOX Systems Deployment Appliance 219

Summary 221

Chapter 7: Using the Microsoft Deployment Toolkit 2008  . . .  223

Introducing the Microsoft Deployment Toolkit 223

Going over documentation 225

Getting familiar with the tools of MDT 235

Installing and Configuring MDT 239

Installing components 239

Establishing a distribution share 241

Imaging with MDT 245

Creating task sequences 245

Creating a deployment point 248

Preparing a reference computer 249

Adding the custom image to the distribution share 252

Creating a deployment build for a custom image 252

Creating the MDT database 253

Configuring the MDT database 254

Populating the Microsoft Management database 255

Understanding deployment rules 256

Configuring LTI deployment for full automation 258

Deploying the custom image 259

Investigating MDT Alternatives 260

Client Management Suite 260

ZENworks Suite 261

KBOX Systems Management Appliances 261

LANDesk Management Suite 261

Summary 262

Chapter 8: Windows Deployment Services  . . .  263

Introducing Windows Deployment Services 263

Replacing Remote Installation Services 264

Reviewing components of Windows Deployment Services 266

Installing Windows Deployment Services 269

Satisfying prerequisites 269

Setting up Windows Deployment Services for Server 2003 270

Setting up Windows Deployment Services for Server 2008 272

Configuring Windows Deployment Services 273

Working with Windows Deployment Services 283

Creating a Capture image 283

Creating a Custom Install image 284

Creating a Discover image 286

Preparing media for a Discover image 287

Deploying an Install image 288

Automating the installation of an Install image 290

Leveraging the Windows Deployment Services API 291

Summary 292

Part III: Administering Windows Vista 293 Chapter 9: Managing Change in Vista. . .  295

Managing Change through Group Policy 295

Working with Local Policies 298

Working with central policies 303

Working with GPO tools 310

Working with ADMX/ADML files 318

Assigning PC-Related GPOs 320

Troubleshooting and monitoring Group Policy 322

Tracking Change in Vista 325

Turning on the audit policy 325

Exploring the Vista Event Log 327

Exploring the Vista Task Scheduler 331

Automating Vista Events 334

Collecting Vista Events 336

Summary 340

Chapter 10: Administering Workstations  . . .  341

Performing Local PC Administration 342

Working with workstation administration tools 342

Performing common workstation administration tasks 358

Performing Remote PC Administration 368

Working with the Remote Shell 368

Relying on Telnet 370

Automating Recurrent Tasks 371

Working with the Command Prompt 371

Working with Windows PowerShell 382

Scheduling automated tasks 392

Supporting Users 392

Helping users with Remote Assistance 393

Relying on the Remote Desktop 394

Summary 395

Part IV: Protecting and Maintaining the System 397 Chapter 11: Securing the Workstation . . .  399

Beginning with Basic Security 400

Designing a security policy 402

Using the Castle Defense System 402

Building a security plan 404

Using the Windows Vista Security Guide 407

Learning Windows Vista security features 407

Applying the Castle Defense System 409

Layer 1: Protecting information 412

Layer 2: Working with protection 413

Layer 3: Hardening the system 414

Layer 4: Managing information access 429

Layer 5: Working with external access 431

Chapter 12: Protecting User Data  . .  445

Protecting User Profiles 446

Providing User Data Protection 448

Completing a data protection strategy 450

Putting data protection in place 451

Using the Encrypting File System 461

Understanding EFS 461

Interacting with EFS and PKI 462

Working with EFS 464

Running BitLocker Full Drive Encryption 475

Understanding BitLocker requirements 477

Integrating BitLocker with Active Directory 478

Relying on Group Policy to manage BitLocker 479

Supporting BitLocker 481

Summary 482

Chapter 13: Recovering Damaged Systems and Lost Data  . . .  483

Recovering Systems 484

Level 1: Dealing with system instability 484

Level 2: Dealing with startup instability 495

Level 3: Dealing with total system instability 498

Recovering Data 505

Level 1: Dealing with minor data loss 506

Level 2: Automating data protection 508

Level 3: Protecting a complete PC 514

Summary 517

Appendix: What’s on the CD-ROM  . . .  519

Index  . . .  523

Dand the end users of the hardware as well Change is everywhere and in the business of ware, change comes fast In the operating system deployment space, change has been slower than most other technology areas Until the introduction of the Windows Vista® operating system, the deployment process had been essentially the same since at least the release of Microsoft® Windows NT® With the release of Windows Vista and the Windows Server® 2008 operating system, many changes were made deep in the core yielding several benefits requiring we re-examine our old processes and tools and be willing to unlearn some of them Many of the old tools will not work anymore Some of our reasons why we deployed the way we did until now will have been forgotten, or just no longer applicable

soft-Letting go of old habits and familiar tools is often difficult Hardware standardization should be a goal for most organizations, but is still too often not achieved and like software it also changes fast so we must learn to deal with it efficiently Our job is to manage all this change and look for more efficient ways to do what we do Fortunately, the majority of the change we will manage will be recognized as a definite improvement

The changes to Windows Vista in the administration and deployment areas are mostly invisible to the end user That is a good thing The end user should focus on leveraging productivity improvements and not the nuances of how to install or administer an OS After all the OS is only there to serve the applications that run on it

All OS images require periodic updates We now have methods available to incorporate those updates

in the core image, or apply them just-in-time to an offline OS so that it can always boot up the first time secure and with the right drivers or language The different techniques available allow us to choose how much network bandwidth or media capacity is best for us

The Windows Vista OS core is now language neutral, allowing us to install and uninstall the languages

of our choice Drivers, languages and updates can be applied to OS files (images) that have not yet been deployed to end users These driver, update, and language configuration capabilities allow us to design

a true single image that can be distributed and updated worldwide if need be, and customize it at the final destination, with very high levels of automation We no longer need to maintain multiple images for different HAL types, language types, and rebuild, capture, test and redistribute our images for each change in hardware or security We can now safely choose to update our core images just a few times over the image lifecycle Fewer changes in the core image help reduce changes impacting the adminis-tration cost of those OS configurations

Microsoft has released tools such as the Windows® Automated Installation Kit and solution erators such as the Microsoft Deployment Toolkit 2008, Microsoft Assessment and Planning Toolkit, 2007 Office System Security Guide, Data Encryption Toolkit, Security Compliance Management, and Windows Vista Security Guide to help both do-it-yourself shops and services partners Additional resources like this book summarize and bring to light the various tools and steps to learn how to deploy and administer Windows Vista along with the real world experience

accel-of the authors Armed with these resources your organization can better approach deployment and administration as the continuous process that is

Mike LewisArchitect Client/Server DeploymentMicrosoft Corporation

Tbeen part of it Also thanks to Bob from Danielle and Nelson for his diligent job on the technical edits The reverse is also true from Bob to Danielle and Nelson We’ve wanted to put our combined experience together in a book for quite some time This is the result We hope you enjoy it and find it a useful guide.

We would like to thank everyone at Wiley Publishing who supported us as we researched and wrote, week after week Beth Taylor, our project editor and copy editor, was very helpful throughout the proj-ect Jody Lefevere, our acquisitions editor, proved understanding and resourceful as authors changed and the schedule lengthened Thank you both

Of course, this book would not have been possible without the dedicated work of the Microsoft opers that helped produce Vista Thank you all as well Finally, thank you to the Microsoft team who put together the Microsoft Deployment Toolkit Though it has undergone many changes since the days

devel-of the BDD, they have all been for the better

Here are some things to know so you can get the most out of this book:

First, to indicate that you need to select a command from a menu, the menu and command are rated by an arrow symbol For example, if we tell you to select a tool from the Start menu, the instruc-tions will say to choose Start ➪ Tool

sepa-Parts I and II are entirely dedicated to operating system deployment and getting your Windows Vista infrastructure ready Parts III and IV explain how to manage, administer, secure, and protect the com-puter systems that run Vista once the deployment is complete For information on deployment project

management, look to The Definitive Guide to Vista Migration, a free eBook written by Danielle and

Nelson for which you’ll find a link to on the companion CD-ROM

This is a real-world deployment and administration book: We’ve worked hard to ensure that our sons, examples, and explanations are based on professional conventions We’ve also culled these prac-tices from the myriad deployment projects we’ve all worked on as well as drawn administration techniques from the many support projects of which we have been a part

les-The CD-ROM that accompanies this book contains many of the third-party tools discussed in each chapter

as well as documentation templates that can be used in support of your own deployment project

Icons: What Do They Mean?

Although the icons are pretty standard and self-explanatory (they have their names written on them!), here’s a brief explanation of what they are and what they mean

TIP Tips offer you extra information that further explains a given topic or technique, often suggesting alternatives or workarounds to a listed procedure.

NOTE Notes provide supplementary information to the text, shedding light on background pro- cesses or miscellaneous options that aren’t crucial to the basic understanding of the

material.

CAUTION

CAUTION When you see the Caution icon, make sure you’re following along closely to the tips and techniques being discussed.

CROSS-REF If you want to find related information to a given topic in another chapter, look for the cross-reference icons.

WEB RESOURCE

WEB RESOURCE For related information, resources, or software available online, look for the Web resource icons.

ON the CD-ROM

ON the CD-ROM This icon indicates that the CD-ROM contains a related file and points you to the folder location.

How This Book Is Organized

This book has been written in a format that gives you access to need-to-know information very easily in every section (or Part) of the book These parts make up two major sections of the book

The first section includes Parts I and II, which are aimed at deployment and therefore focus on the tools you use

to implement this powerful new operating system (OS) into your environment The second section includes Parts III and IV, which focus on administration tasks and systems management once the new operating system has been deployed

The second section takes an in-depth look at how you manage Windows Vista systems once they are deployed It is built on the CASPR system, which is made up of five aspects:

n Controlling change in your environment

n Administering your systems

n Securing your infrastructure

n Protecting information your users generate

n Recovering systems or information when issues occurEach of the chapters in this section covers one aspect of the CASPR system

Relying on the CASPR system will ensure that each aspect of system management will be pletely covered and will vastly reduce the efforts required to create a stable and solid Vista PC infrastructure

com-Part I: Developing the Deployment Strategy

The first part of this book explores deployment in depth through a look at deployment planning (Chapter 1), working on your first Vista images (Chapter 2), and learning about Vista licensing as

well as how to manage it in small or large organizations (Chapter 3) Use this part to learn more about the changes Microsoft has brought to both Vista deployment and licensing.

Part II: Customizing the Deployment Process

The second part of the book goes in depth covering the deployment process: working with cation installations through an examination of the Windows Installer service (Chapter 4), working with user data, protecting this most valuable asset to users as you migrate systems (Chapter 5), performing advanced modifications to Windows deployment images (Chapter 6), relying on the Microsoft Deployment Toolkit to improve the results of your deployment project (Chapter 7), and finally, working with Windows Deployment Services in support of this and future deployments (Chapter 8)

appli-Part III: Administering Windows Vista

Part III begins the administration portion of this book by addressing the first two aspects of CASPR: change management (Chapter 9) and administration (Chapter 10) Change management focuses on two core Vista technologies: group policy that lets you manage one or a multitude of computers, and event management — a technology that was completely rewritten for this edition

of Windows — as well as task scheduling, another technology that is completely new in Vista

Part IV: Protecting and Maintaining the System

Finish off with the last three aspects of CASPR: security (Chapter 11), protection (Chapter 12), recovery (Chapter 13), and the What’s on the CD-ROM appendix Microsoft has invested very heavily in Vista security and this section takes you through the paces required to protect all of your systems whether they be in-house or on the road Microsoft has also revamped and updated the components that let you protect intellectual property both inside and outside your firewall The first portion of this book has shown you how to build images and implement deployment strate-gies that can re-image a computer in less than half an hour However, there will be situations where you will need to recover a particular system from a total failure or recover a single lost docu-ment Whether you want to make sure your users can recover their own information on Vista or you need to recover a computer from a total loss, rely on this section to discover the ins and outs

of Vista’s backup and recovery capabilities

Getting in Touch with Us

You can find additional information, resources, and feedback from Bob Kelly at www.bkelly.com You can find additional information, resources, and feedback from Danielle Ruest and Nelson Ruest at www.reso-net.com You can also contact them at infos@reso-net.com for any feedback or additional questions

For quality concerns or issues with the CD-ROM, you can call the Wiley Customer Care phone number: (800) 762-2974 Outside the United States, call 1 (317) 572-3994, or contact Wiley Customer Service by e-mail at techsupdum@wiley.com Wiley Publishing, Inc will provide technical support only for CD-ROM installation and other general-quality control items; for techni-cal support on the applications themselves, consult the program’s vendor

With such a significant task as deploying a new

operat-ing system, it can be difficult to know where to begin

This first portion of the book begins by summarizing some of the new technologies and tools provided to get the job

done Understanding the tools and technologies is important to

making deployment decisions and is critical to a smooth

deploy-ment There are several key questions answered in this section,

including:

n What tools are available?

n How will you determine the contents of your deployment image?

n How will you automate the installation of Windows Vista?

n How will you handle license and activation requirements?

Each of the chapters in this portion of the book help arm you

with the information you need to begin your deployment

proj-ect with key information necessary to do so

Developing the Deployment Strategy

Maintaining computers can be an expensive venture In recent years,

however, the cost of computer hardware has dropped to a drastically low level Organizations have been able to leverage the cost drops and other volume purchasing programs to lower the initial expense of purchasing

computers and Windows licenses However, these initial purchase costs can pale

in comparison to the cost of deploying the new computer systems

Microsoft has provided many tools and capabilities with Windows Vista to

help you reduce those deployment costs Microsoft has redesigned its

deployment process to provide faster and more consistent deployments In

addition, it has provided tools to customize and streamline the deployment

process for your organization

The focus of this chapter is to help you properly plan your deployment

There are many new technologies to master and many choices that must be

made If care is taken when making these choices, deploying Windows Vista

can be an efficient process Diving in without understanding some of these

choices can ultimately lead to slow deployments, inconsistent desktops,

project restarts, and time-consuming manual steps This chapter aims to

offer a starting point by providing an overview of key details and tools you

should be aware of in order to get things off to a solid start including:

n Choosing the right edition of Windows Vista for your organization

n Determining the right method of installation

n Getting familiar with the Windows imaging format

n Choosing what should be included in your deployment image

n Automating the installation of additional applications following

Automating installations Maintaining application compatibility

Selecting Windows Vista Editions

The most logical first choice in planning a Windows Vista deployment is to decide which edition

or editions of Vista are to be used With Windows 2000 and XP there was not much of a decision

to be made — if you wanted to simply operate in a domain environment, Professional was the only choice Vista makes this choice more complicated by offering several editions, but for most envi-ronments the choice will still be very clear The key to making this decision is having a basic understanding of the differences

For most organizations, only the Enterprise and Business editions will be a logical choice That said, it is always good to be familiar with the real differences so you can make meaningful recom-mendations and defend any decisions made as to the edition to be deployed

All editions support a maximum of 4GB of RAM on 32-bit systems On 64-bit systems, Basic offers support for 8GB, Home Premium lets you work with 16GB, and the remaining Business,

Enterprise, and Ultimate editions boast support for 128GB or more With such a larger number of features available in the various editions of Windows Vista, it paints a clearer picture to state what you do not get with each edition The list provides a quick summary of the features not included in each edition of Windows Vista:

n Features not included with Windows Vista Ultimate: None—that’s why it’s the

ultimate

n Features not included with Windows Vista Enterprise:

n Parental controls

n Windows Ultimate Extras

n Themed slide shows

n Windows Media Center (recording television, Xbox extensions, HD movie maker, and DVD Maker)

n Small Business Resources

n Features not included with Windows Vista Business:

n Parental controls

n Windows Ultimate Extras

n Themed slide shows

n Windows Media Center (recording television, Xbox extensions, HD movie maker, and DVD Maker)

n Features not included with the Windows Vista Home Basic and Windows Vista

Home Premium editions:

n Support for two processors

n Backup limitations including support for ShadowCopy or image-based system backup/

n File system encryption

n Desktop deployment tools

n Policy based QoS networking

n Rights Management Services (RMS) Client

n Control over installation of device drivers

n Network Access Protection Client agent

n Pluggable logon authentication architecture

n Integrated smart card management

n BitLocker drive encryption support

n Support for worldwide interface languages or simultaneous installations of multiple user interface languages

n Subsystem for UNIX-based applications

n Virtual PC Express

n Windows Ultimate Extras

n Small Business Resources

n Windows fax and scan

n Wireless network provisioning

n Full support for Windows Mobility Center (thought it does provide partial support)

n Ability to join a network domain

n Remote desktop client support (though it cannot serve as host)

n Group policy support

n Offline files and folders support

n Client-side caching

n Support for roaming user profiles

n Support for folder redirection

n Ability to install IIS

n In addition to the preceding items, the following additional features are also

miss-ing from Windows Vista Home Basic:

n Support for scheduled backups or for the backup of files to a network device

n Aero user interface (glass, live thumbnails, dynamic windows, and so on)

n Themed slide shows

n Windows Media Center (recording television, Xbox extensions, HD Movie Maker, and DVD maker) Note: Home Basic does provide Windows Movie Maker (just not the HD version)

n Premium games

n It is limited to 5 SMB peer network connections (vice the 10 supported by the other editions)

n Tablet PC support

n Windows Slideshow feature

n Windows Meeting space support is limited to “view only”

n PC-to-PC synchronization

n Network projection

n Presentation settings

Vista Home Basic

Windows Vista Home Basic is the base code from which all other editions are built It includes the new Windows Vista kernel and most security enhancements Home Basic does not include the ability to join a domain It also lacks most other features that would be useful mostly in business environments Although this may make a suitable operating system for average home users, it has

no place in a business environment

Vista Home Premium

Windows Vista Home Premium includes all of the features of Home Basic and includes some tional features One additional feature is the Aero interface, which gives us the glass-like interface and Flip 3D On the more useful side, Home Premium includes support for tablet PCs, Windows Meeting Space, Scheduled Backup, DVD Maker, Windows Media Center, and additional games

addi-Although these features make the operating system more fun and a little more useful, Windows Premium still lacks the ability to join a domain and other useful business features In short, the Home editions should be used at home

Vista Business

When using Windows Vista for business use, Windows Vista Business should be the first edition considered Business Edition includes most all of the features of Home Basic but includes many additional features targeted at business customers The following partial list of features that Vista Business contains makes it a more suitable choice in most organizations:

n Ability to join a domain

n Ability to apply Group Policies

n Remote Desktop

n Offline Files and Folders

n Tablet PC support

n Complete and Scheduled Backup

n Windows Meeting Space

n Windows Fax and Scan

n Multiple physical processor support

n Volume, OEM, and Fully Packaged Product licensing options

Windows Vista Business also includes some more nonbusiness features, such as the Aero interface

and additional games In addition a very small number of home features, such as Parental Controls, are not available in Vista Business This edition is targeted at general business use and is the edition

of choice unless additional features of Vista Enterprise or Vista Ultimate are required Though there are some features missing, such as BitLocker Drive Encryption, the features that are included make the Business Edition a good choice for fixed desktops and workstations (particularly since it is not likely that you will need full drive encryption for these systems)

NOTE The features listed in this section simply document what is included in the editions of Windows Vista This does not mean that you must install such features The

Windows Vista installation is customizable at a very granular level so that you may eliminate those elements of the setup you do not wish to include (games, for example).

Vista Enterprise

Windows Vista Enterprise Edition is based on Vista Business, but includes features that some nizations may require or find useful This edition is available exclusively to Microsoft Software Assurance customers, which may eliminate it as an option for some smaller companies The fea-tures included in Enterprise Edition include all of those listed for Business Edition plus the following:

orga-n BitLocker Drive Eorga-ncryptioorga-n

n Subsystem for UNIX-based Applications

n License includes the host and up to four virtual machines

n Ability to support multiple languages

n Volume licensing onlyDepending upon your needs, any of these features may require you to move to the more expensive Enterprise Edition Probably the most compelling feature of Enterprise Edition is the BitLocker Drive Encryption (also available in Vista Ultimate Edition) which makes this edition more suitable for portable systems For test lab environments, the license to run four virtual machines without having to purchase additional licenses can actually lower the licensing costs of Enterprise to below those of Business Before excluding Vista Enterprise from your options, be sure to consider the advantages and potential cost savings associated with the virtual machine licensing

Vista Ultimate

Windows Vista Ultimate is pretty much what it says The Ultimate edition includes all the features from all of the other versions It includes all of the features from the Home editions as well as the features from Business and Enterprise editions Although this may sound like the best option for the organization desiring the best of the best, it has one characteristic that will exclude most orga-nizations from using it Like the Home editions of Vista, it is not available with volume licensing

The result will be that each computer must have a unique product key entered after installation, which somewhat offsets the advantages of automating deployment Also consider that some of the features included in Vista Ultimate are simply unnecessary or undesirable in a business environ-ment, such as Windows Media Center or Parental Controls You could, of course, remove the fea-tures you don’t want from the installation of Windows Vista Ultimate, but for the most part this would mean stripping the most expensive edition down to appear as Business or Enterprise One feature that could be desirable for some organizations is Windows DVD Maker, but it is hard to argue this feature is worth the price and trouble Consider third-party tools, such as offerings from Roxio or Ulead for such features, if desired

Other options

In addition to the major editions above, Microsoft has also provided a few additional options For example, Microsoft has provided a Windows Vista Starter edition for markets that are not classified

Software Assurance

If you are a Software Assurance customer, you may be entitled to some free licenses For each

Windows Client License covered under Software Assurance, you are entitled to one Windows Vista

Enterprise upgrade license The following Volume Licensing programs are eligible for this benefit:

n Open License

n Open Value

n Open Value Company-wide

n Open Value Subscription

The other variant you may encounter are the N editions of Windows Vista Due to legal issues in Europe, Microsoft also offers editions without Media Player included These editions are identical

to the standard editions above except the missing Media Player application and the addition of an

N after the edition name Unless your corporate policy requires an N edition of Windows, it is a simple process to remove Media Player from the installation or even block its use by using Group Policy

Choosing a Deployment Type

The deployment of Windows Vista could be a great opportunity to establish a new and improved desktop Others may feel they have their computers just as they should be Your assessment of your current environment will likely be a key factor in deciding if an upgrade or a replacement is best for your organization Other factors including the receipt of new computer hardware can also have an impact on how you plan your deployment of Windows Vista Key deployment types cov-ered here include:

Upgrading computers

As an alternative to migrating to Windows Vista, computers running Windows XP SP2 (or Windows Vista) may be upgraded to Windows Vista in-place An upgrade retains your applica-tions, files, and settings as they were in Windows XP SP2 Business and Ultimate editions of Windows Vista may only be applied as an update to Windows XP Professional or Windows XP Tablet PC When moving from home editions, Windows 2000 and even Windows XP Professional

Upgrades are typically discouraged as the introduction of a new operating system is an ideal chance to perform clean-up, employ lessons learned, and get a clean start Regardless, applications need to be tested for compatibility Performing an upgrade does not make incompatible software any less likely to exhibit issues.

Deploying new computers

Not so much a type of deployment, this scenario is in fact identical to that of a computer ment However, it is important to mention that new computers are often being shipped with OEM installations of Windows So Windows Vista may well arrive installed and ready to go However, unless you are a large organization with an arrangement with the manufacturer to provide a cus-tom configured image, few corporate networks will accept the OEM installation as is Often extra applications and promotional shortcuts are delivered with such systems Therefore it is recom-mended that new computers arriving with Vista already installed be well scrutinized before accept-ing the provided image for use in your production environment

replace-Understanding Windows Vista Installation

When it comes to designing a deployment plan for Windows Vista, it is a good idea to first lish a basic understanding of its new deployment technologies and tools If you are familiar with the deployment processes from previous Microsoft operating systems, you may be surprised by how many fundamental changes have been introduced with Windows Vista Specifically, Vista now employs an image-based installation and leverages a detailed XML file for automation of the instal-lation (as opposed to the simple INI file format used by previous versions)

estab-Investigating the Windows Imaging format

Microsoft has significantly changed the installation process Previously, numerous configuration screens were presented during installation, prompting for which components to install and other information to customize the installation Using this information, extensive installation scripts were run to set up the initial environment Installation times frequently ranged from 45 minutes to an hour for a standard installation Microsoft has now moved to an image-based setup (IBS) This new