Различия

Показаны различия между двумя версиями страницы.

--- service:wds [21.12.2023 06:40] – [Установка] viacheslav
+++ service:wds [30.07.2024 19:21] (текущий) – внешнее изменение 127.0.0.1
@@ Строка 1: / Строка 1: @@
+====== WDS ======
+===== Смена каталога установки =====
+<code dos>
+wdsutil /Uninitialize-Server
+robocopy \e \move "C:\RemoteInstall" "F:\RemoteInstall"
+wdsutil /Initialize-Server /REMINST:"F:\RemoteInstall"
+</code>
+https://learn.microsoft.com/en-us/answers/questions/47469/wds-changing-the-default-remote-installation-folde
+===== Альтернативы =====
+https://www.iventoy.com (сырой)\\
+https://fogproject.org\\
+https://www.vercot.com/%7Eserva/an/WindowsPXE1.html
+[[https://www.youtube.com/watch?v=1pa4Y64y2Go&list=PLW4lSQGHMQTQW4Ugy9pzUleLjB4jQ2sY0&pp=iAQB|Heikki Koivisto - PXE boot playlist]] on Youtube
+====== MDT ======
+===== Установка =====
+MDT: https://www.microsoft.com/en-us/download/details.aspx?id=54259\\
+ADK: https://learn.microsoft.com/ru-ru/windows-hardware/get-started/adk-install
+===== Настройка =====
+===== Создать Deployment Share =====
+<code powershell>
+Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
+$shares = Get-MDTPersistentDrive
+### VAR
+# Common
+$mdtServerName = "vmws-wsus1"
+# Share - Create
+$shareName = "Capture Share"
+$shareDisk = 'D:'
+# Share - User for access
+$shareUser = "domain.ru\sa_wds"
+# Create share
+$shareFolder = $shareName -replace '\s'
+$shareNum = "DS" + (((($shares.name |sort |select -last 1) -replace '\D') -as [int]) + 1).tostring("000") # Next free number
+mkdir -Path "$shareDisk\$shareFolder" -Force
+New-SmbShare -Name "$shareFolder`$" -Path "$shareDisk\$shareFolder" -FullAccess Администраторы
+new-PSDrive -Name $shareNum -PSProvider "MDTProvider" -Root "$shareDisk\$shareFolder" -Description "MDT $shareName" -NetworkPath "\\$mdtServerName\$shareFolder$" -Verbose | add-MDTPersistentDrive -Verbose
+# Set permissions to share user
+icacls.exe "$shareDisk\$shareFolder" /grant ""$shareUser":(OI)(CI)(M)"
+Grant-SmbShareAccess -Name "$shareFolder$" -AccountName $shareUser -AccessRight Full -force
+</code>
+===== Добавить приложение =====
+Здесь - в режиме "Application without source or elsewhere on the network", т. к. дистрибутив лежит в общей папке в сети
+<code powershell>
+Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
+function Add-MDTApp ($shareName,$appName,$cmd,$dir) {
+    $share = Get-MDTPersistentDrive |? description -match $shareName
+    New-PSDrive -Name $share.name -PSProvider MDTProvider -Root $share.path
+    Import-MDTApplication -Path "$($share.name):\Applications" -enable "True" -Name $appName -ShortName $appName -Version "" -Publisher "" -Language "" -CommandLine $cmd -WorkingDirectory $dir -NoSource -Verbose
+}
+Add-MDTApp -shareName "Capture Share" -appName "Office 2016 Standard" -cmd "setup.exe" -dir "\\vmws-wsus1\Soft\Office\2016"
+</code>
+===== Добавить/удалить каталог =====
+Добавить
+<code powershell>
+Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
+New-PSDrive -Name "DS002" -PSProvider MDTProvider -Root "D:\CaptureShare"
+new-item -path "DS002:\Applications" -enable "True" -Name "Test" -Comments "Comment" -ItemType "folder" -Verbose
+new-item -path "DS002:\Applications\Test" -enable "True" -Name "Another" -Comments "Comment" -ItemType "folder" -Verbose
+</code>
+Удалить
+<code powershell>
+Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
+New-PSDrive -Name "DS002" -PSProvider MDTProvider -Root "D:\CaptureShare"
+remove-item -path "DS002:\Applications\Test" -verbose -recurse
+</code>
+===== Драйверы =====
+Configure the Inject Drivers task sequence step action with the following settings:\\
+Choose a selection profile: Nothing\\
+Install all drivers from the selection profile
+The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting.
+For more information, please refer to:\\
+[[https://web.sas.upenn.edu/jasonrw/2016/09/25/mdt-and-drivers/comment-page-1/|MDT and Drivers]]\\
+[[https://www.deploymentresearch.com/mdt-2013-lite-touch-driver-management/|MDT Lite Touch Driver Management]]
+===== Задачи =====
+==== Конвертация ESD в WIM ====
+Если в ISO образ install.esd, то его нужно сконвертировать в install.wim для импорта в MDT.
+<code powershell>
+$imgFrom = "E:\sources\install.esd"
+$imgTo = "d:\temp\windows10_22h2_ent.wim"
+# Выяснить, что в образе
+Get-WindowsImage -ImagePath $imgFrom
+# Конвертировать, указав SourceIndex
+$sourceIndex = 2
+Export-WindowsImage -SourceImagePath $imgFrom -DestinationImagePath $imgTo -SourceIndex $sourceIndex -CheckIntegrity -CompressionType max
+</code>
+==== Удаление встроенных приложений ====
+Размещение задачи: После задачи Restore User State task в группе State Restore.\\
+Размещение скрипта в файловой системе: DeploymentShare\Scripts\\
+Добавить задачу Powershell Script и вписать имя скрипта в строку "Powershell Script".
+{{:service:pasted:20231211-102405.jpeg?400}}
+Добавить параметр ''HideShell=YES'' в customsettings.ini в свойствах DeploymentShare.
+https://community.spiceworks.com/topic/2272584-how-to-use-mdt-to-remove-windows-10-apps
+==== Обновление со WSUS из определённой группы ====
+В customsettings.ini объявить свойство в разделе ''[Settings]''.\\
+Затем присвоить ему значение в ''[Default]''.\\
+:!: Группу лучше писать на латинице и без пробелов, потому что группа под названием "Тестовая группа" не работала.
+<code>
+[Settings]
+Priority=Default
+Properties=WSUSGroup
+[Default]
+WSUSGroup=wds
+</code>
+В DeploymentShare, в каталоге Scripts отредактировать файл ''ZTIWindowsUpdate.wsf'', вставив в раздел Configure Windows Update settings строки
+<code vbscript>
+                        If oEnvironment.Item("WSUSGroup") <> "" then
+				oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
+				oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
+			End if
+</code>
+Финальный вид раздела:
+<code vbscript>
+		'//----------------------------------------------------------------------------
+		'//  Configure Windows Update settings
+		'//----------------------------------------------------------------------------
+		If oEnvironment.Item("WsusServer") <> "" then
+			' Configure the WSUS server in the registry.  This needs to be a URL (e.g. http://myserver).
+			oLogging.CreateEntry "Configuring client to use WSUS server " & oEnvironment.Item("WsusServer"), LogTypeInfo
+			oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer", oEnvironment.Item("WsusServer"), "REG_SZ"
+			oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer", oEnvironment.Item("WsusServer"), "REG_SZ"
+			If oEnvironment.Item("WSUSGroup") <> "" then
+				oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
+				oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
+			End if
+		End if
+</code>
+[[https://peppercrew.nl/2015/10/add-wsus-target-group-option-to-mdt-deployments-2/|Add WSUS Target Group option to MDT deployments]]\\
+[[https://learn.microsoft.com/fr-fr/security-updates/windowsupdateservices/21741548|Configure Clients in a Non–Active Directory Environment]]
+После окончания настройки ПКМ на Deployment Share -> Update Deployment Share -> Completely regenerate boot images.\\
+На WDS импортировать wim-файл как загрузочный.
+==== Смена редакции Windows ====
+State Restore -> After Opt In to CEIP and WER
+Convert to Enterprise
+https://winitpro.ru/index.php/2020/10/12/upgrade-redakcii-windows-10/
+===== Литература =====
+Документация по MDT: https://learn.microsoft.com/ru-ru/mem/configmgr/mdt/\\
+Создание эталонного образа: https://learn.microsoft.com/ru-ru/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image\\
+[[https://www.youtube.com/playlist?list=PLNk1_iq1vyJkiduaoV_niMw_kC5J3_M1T|Большая инсталляция с кучей софта]]\\
+Как установить Windows 11 22H2 (WDS + MDT) - [[https://www.youtube.com/watch?v=wIp2YTNVjHk|видео]], [[https://www.dannymoran.com/deploy-windows-11-with-mdt-and-wds/|статья]].\\
+Справка по параметрам MDT (customsettings.ini): https://learn.microsoft.com/en-us/mem/configmgr/mdt/toolkit-reference\\
+===== Проблемы =====
+==== Оснастка Deployment Workbench вылетает при заходе на вкладку Windows PE в свойствах установочной шары ====
+Решение - создать каталог ''x86\WinPE_OCs''.
+<code powershell>
+mkdir 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs'
+</code>
+==== При загрузке образа по сети ошибка The value for the attribute is not valid : language, Code 80040049 ====
+<code>
+Script: X:\Deploy\Scripts\LiteTouch.wsf
+Line: 2
+Char: 13
+Error: The value for the attribute is not valid : language
+Code: 80040049
+Source: Windows Script Host
+</code>
+[[https://learn.microsoft.com/en-us/answers/questions/1374595/i-have-an-error-running-litetouch-wsf|Решение 1]]:
+  - Install the most recent ADK from Microsoft.
+  - For the PE add-on, the most recent one that Microsoft is providing is a faulty one.
+So download this one and it should be working fine: https://go.microsoft.com/fwlink/?linkid=2120253 (10.1.19041.1)
+[[https://learn.microsoft.com/en-us/answers/questions/1374595/i-have-an-error-running-litetouch-wsf?page=2#answers|Решение 2]] (я использовал это):
+  - Go here, follow these instructions: https://www.deploymentresearch.com/fixing-vbscript-support-in-windows-adk-sep-2023-update-build-25398/\\ <WRAP round box 60%>
+This issue is now fixed using the latest LCU KB5031373 or newer for Server Operating Systems. [[https://learn.microsoft.com/en-us/windows-hardware/get-started/what-s-new-in-kits-and-tools?source=recommendations#windows-pe-known-issues
+|More details here]].\\
+[[https://github.com/DeploymentResearch/DRFiles/blob/master/Scripts/Update-ADK25398BootImageWithCU.ps1|Here is a PowerShell script]] that applies the official fix to an MDT Lite Touch boot image.
+</WRAP>
+  - Next, [[https://learn.microsoft.com/en-us/mem/configmgr/mdt/known-issues#hta-applications-report-script-error-after-upgrading-to-adk-for-windows-11-version-22h2|follow these instructions]], just for the section titled "HTA Applications report script error after upgrading to adk for windows 11 22H2"
+  - Go into MDT, right click your Deployment Share, choose Update Deployment Share, and choose to completely regenerate your boot image.
+  - Replace your image in WDS using the new boot image you just generated in Step 3 (it will be in ''<Path to Deployment Share>\Boot'').
+==== Не обновляется установочная шара ====
+<code>
+=== Making sure the deployment share has the latest x86 tools ===
+=== Processing LiteTouchPE (x86) boot image ===
+Building requested boot image profile.
+System.Management.Automation.CmdletInvocationException: Unable to open the specified WIM file. ---> System.Exception: Unable to open the specified WIM file. ---> System.ComponentModel.Win32Exception: Системе не удается найти указанный путь
+   --- Конец трассировки внутреннего стека исключений ---
+   в Microsoft.BDD.Core.BDDWimFile..ctor(String wimPath, Boolean forUpdate)
+   в Microsoft.BDD.PSSnapIn.UpdateDeploymentPoint.UpdateBootImage(String template, String platform, String dpPath, Boolean createISO, String isoName)
+   в Microsoft.BDD.PSSnapIn.UpdateDeploymentPoint.ProcessRecord()
+   в System.Management.Automation.CommandProcessor.ProcessRecord()
+   --- Конец трассировки внутреннего стека исключений ---
+   в System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
+   в Microsoft.BDD.Wizards.UpdateProgress.WizardProcessing()
+   в Microsoft.BDD.Wizards.WizardProgress.InitiateWizardProcessing()
+</code>
+Решение: отключить образ x86.\\
+Обходной путь (не проверял):  ''cp -Recurse 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\' 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\'''
+According to the official article, this is by design. The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004. The 32-bit versions of Windows PE (WinPE) in the WinPE add-ons for Windows 11 and Windows Server 2022 aren't supported.
+https://learn.microsoft.com/en-us/answers/questions/988543/mdt-error-when-updating-ds
+=== Не генерируется Unattend.xml ===
+:!: В целом можно забить, т. к. этот файл устарел и лучше всё настраивать без него.
+<code>
+Выполнение операции "generate" над целевым объектом "Catalog".
+Starting: "C:\Program Files\Microsoft Deployment Toolkit\Bin\Microsoft.BDD.Catalog40.exe" "D:\DeploymentShare\Operating Systems\Windows 11 23H2 x64\Sources\install.wim" 4 > "C:\Users\admin\AppData\Local\Temp\Microsoft.BDD.Catalog.log" 2>&1
+����ࠡ�⠭��� �᪫�祭��: System.IO.FileNotFoundException: �� 㤠���� ����㧨�� 䠩� ��� ᡮ�� "Microsoft.ComponentStudio.ComponentPlatformInterface, Version=6.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" ���� ���� �� �� ����ᨬ��⥩. �� 㤠���� ���� 㪠����� 䠩�.
+   � Microsoft.BDD.Catalog.Program.DoCatalog()
+   � Microsoft.BDD.Catalog.Program.Main(String[] args)
+Non-zero return code from catalog utility, rc = -532462766
+</code>
+=== Failure (5616): 15299: Verify BCDBootEx ===
+Ошибка при разливке образа. Решение:
+Поместить скрипт FixUEFIDetection.wsf в каталог Scripts в DeploymentShare
+++++ FixUEFIDetection.wsf |
+<file vbscript FixUEFIDetection.wsf>
+<job id="FixUEFIDetection">
+   <script language="VBScript" src="ZTIUtility.vbs"/>
+   <script language="VBScript">
+' // ***************************************************************************
+' // File:      FixUEFIDetection.wsf
+' // Version:   1.1
+' // Author:     Johan Arwidmark, @jarwidmark
+' // ***************************************************************************
+oLogging.CreateEntry "Checking if running in WinPE or Full Windows", LogTypeInfo
+oLogging.CreateEntry "OSVersion is: " & oEnvironment.Item("OSVersion"), LogTypeInfo
+If oEnvironment.Item("OSVersion") = "WinPE" Then
+	oLogging.CreateEntry "We are in WinPE, detecting firmware type from registry...", LogTypeInfo
+	' Getting firmware type from WinPE registry
+	PEFirmwareType = oShell.Regread("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PEFirmwareType")
+	oLogging.CreateEntry "Firmware type from WinPE registry is " & PEFirmwareType, LogTypeInfo
+	If PEFirmwareType = "2" Then
+		oLogging.CreateEntry "Machine is configured for UEFI, setting the IsUEFI variable to True", LogTypeInfo
+		oEnvironment.Item("IsUEFI") = "true"
+	Else
+		oLogging.CreateEntry "Machine is configured for BIOS, setting the IsUEFI variable to False", LogTypeInfo
+		oEnvironment.Item("IsUEFI") = "false"
+	End If
+Else
+	oLogging.CreateEntry "Detecting firmware type from Full Windows", LogTypeInfo
+	Set objShell = CreateObject("WScript.Shell")
+	Set objExecObject = objShell.Exec("bcdedit /enum BOOTMGR")
+	Do While Not objExecObject.StdOut.AtEndOfStream
+	    strText = objExecObject.StdOut.ReadLine()
+	    If Instr(strText, "\EFI\Microsoft\Boot\bootmgfw.efi") > 0 Then
+			oLogging.CreateEntry "Machine is configured for UEFI, setting the IsUEFI variable to True", LogTypeInfo
+	        oEnvironment.Item("IsUEFI") = "true"
+	        Exit Do
+	    End If
+	Loop
+	If oEnvironment.Item("IsUEFI") = "true" Then
+		' All good, do nothing
+	Else
+		oEnvironment.Item("IsUEFI") = "false"
+	End If
+End If
+   </script>
+</job>
+</file>
+++++
+Task Sequence -> Preinstall -> New Computer only -> создать задачу "Run Command Line" перед первой задачей Format and Partitions Disk и указать там на скрипт.
+{{:service:pasted:20231219-080156.png}}
+https://www.youtube.com/watch?v=W4Xfen6Slrk