Mass Deploy Images that Contain Write Filters (Standard 7 SP1)
7/8/2014
This topic explains some special considerations you must consider when you deploy images that contain write filters.
Mass Deployment Scenario
A typical mass-deployment scenario involves a developer creating a master image by adding the components necessary to meet their device requirements. The developer then deploys the master image to a single computer. After deploying the image to a single computer, the developer can customize the run time image by modifying the settings for write filters or other components.
When ready to deploy the run time to multiple computers, the developer must prepare the image for mass-deployment by removing system-specific settings such as the computer security identifier (SID). By definition, system-specific settings like the SID are incompatible from one computer to the next. You can use the Sysprep tool to remove system-specific settings. With the image now ready to be mass deployed, you can capture the image as a WIM file by using the ImageX utility. When you deploy the WIM to a different computer, the computer-specific settings removed by Sysprep are regenerated and customizations to write filters or other components are retained.
Note
Each deployment process performs several verifications, which rely on the target device's date and time settings. For optimal performance, confirm before deployment that each target device is set to the correct date and time.
Additional Support for Write Filters During Mass Deployment
During configuration using Image Configuration Editor or manually at runtime, volumes that need protection are specified by using drive letters (For example C: for FBWF) or {disk number, partition number} pairs (for example disk number 0, partition number 1, for EWF). Both write filters will translate these non-persistent volume identifiers to persistent identifiers. FBWF uses volume GUIDs in the form of \\?\Volume{GUID}\ where GUID is a globally unique identifier (GUID) that identifies the volume (for example, \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\). EWF uses the unique integer signature assigned by the OS to identify the physical disk and then uses a byte offset to identify the partition associated with the volume (for example, DiskSignature=dword:61e10f39 and PartitionOffset=hex(b):00,00,a0,c0,22,00,00). Both are persistent identifiers for volumes that do not change across computer restarts or when additional disks/volumes are added or removed. This ensures that the write filters always protect the correct volume (as identified by the user during initial setup).
The persistent-volume identifiers used by the write filters are specific to each computer and they will not match any volumes on any other computers. This means all write filter settings would be lost after mass deployment onto a different computer. To change this behavior, you must perform additional actions during the generalize and specialize configuration passes to maintain and reapply the write filter settings to provide users with a seamless experience during mass deployment. For more information about the generalize and specialize configuration passes, see How Configuration Passes Work. The developer must disable write filters before mass deployment of the image begins.
Providing Additional Settings During Generalization
Sysprep lets users provide additional settings in an answer file to be applied onto the master image. These settings can be related to any component including write filters. These additional settings are optional and will be merged with the current settings for write filters. For example, if the current configuration for FBWF protects the C drive alone, you can specify settings for additional volumes in the answer file during generalization; for example, D and E. When the WIM is deployed, FBWF will have three protected volumes: C, D, and E.
Executing Sysprep
With Windows Embedded Standard 7 (as with Windows 7) installed images, Sysprep.exe is provided as a preinstalled component that can be found in the %WINDIR%\System32\Sysprep directory. This utility is the main program that orchestrates execution of all other executable files that help in preparing the system for deployment. Sysprep.exe must be run in the context of the installed directory, and administrator rights will be required to correctly generalize/specialize the image for later deployment.
Preconditions on Reference Image Before Sysprep Generalization
It is usually necessary to test an initial installation and provide additional adjustment before redeployment. This usually includes adding custom applications to the image and testing the system in field conditions.
Special consideration is required before you use Sysprep on an image to make sure that EWF or FBWF are not protecting the operating system volume. To ensure that Sysprep is successful, write filter protection must be temporarily disabled. Sysprep makes special demands that are incompatible with operation of a protected system because several core components will be invoked to modify the system in preparing for a generalized image. This is also the case on image deployment during later specialization. Execution of Sysprep while the system volume has a write filter enabled is not supported and will likely put the system into an unstable intermediate state.
We recommend that you deploy the image with system volume protection disabled and then re-enable protection after Windows Welcome, or the oobeSystem phase is complete (For more information, see How Configuration Passes Work and Customize Windows Welcome). Or you could have Sysprep install and configure EWF/FBWF during mass-deployment as specified in a supplied answer file. For more information, see Sysprep Command-Line Settings.
Mass-deployment Logs
Sysprep uses the Panther logging engine to capture useful debugging information that you can use to help resolve installation or deployment-related issues. For more information about Windows Setup Log files, see the following Microsoft Web site.
To configure and mass deploy an image
Create an image using Image Configuration Editor or Image Builder Wizard.
Deploy the reference image.
Start Standard 7 in audit mode.
If you use Image Builder Wizard with an answer file, change the settings within Deployment_<Architecture> for either Phase 5 (Audit System), or Phase 6 (Audit User). For the Deployment component, change the Mode setting under Reseal to Audit. Make sure that the ForceShutdownNow setting is set to false.
Note
Changing these settings will let the user interact with Windows Audit Mode. When using the Audit Mode, the user has full control over using the desktop, command prompt, and other features. For more information, see Customize in Audit Mode.
If you are using Image Builder Wizard without an answer file, once the Windows Welcome screen is on the screen, press SHIFT+CTRL+F3 to enter Audit Mode.
Configure and customize the reference image
(Optional) Enable and configure any embedded enabling features. This state may require several restarts.
If you use a write filter (EWF or FBWF), disable it.
Restart the system.
Generalize the image using Sysprep.
Use ImageX to capture the image from Windows PE.
Mass deploy the image using one of the following technologies:
- ImageX and BCDBoot Command-Line Options.
- Windows Deployment Services
- Create a custom Image Builder Wizard disk.
- System Center Configuration Manager (ConfigMGR).
Additional Reading for Image Setup and Mass Deployment
- For more information about Sysprep, see Sysprep Technical Reference.
- For more information about Windows PE, see Windows PE Technical Reference.
- For more information about automated installation, see Unattend Windows Setup Reference.
- For more information about ImageX, see ImageX Technical Reference.