Prepare for Zero Touch Installation of Windows 8.1 with Configuration Manager

Applies To: Windows 8.1

This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager with Microsoft Deployment Toolkit (MDT) 2013, as well as the other preparations needed to deploying Windows 8.1 via Zero Touch Installation.

In this topic

• Create the Configuration Manager service accounts

• Configure Active Directory permissions

• Review the Sources folder structure

• Integrate Configuration Manager with MDT 2013

• Create a new Configuration Manager client package (optional)

• Configure the client settings

• Configure the Network Access account

• Enable PXE on the CM01 distribution point

Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).

See also

• Integrate Configuration Manager with MDT 2013

• Create a Custom Windows PE 5.0 Boot Image with Configuration Manager

• Add a Windows 8.1 Operating System Image Using Configuration Manager

• Create an Application to Deploy with Windows 8.1 Using Configuration Manager

• Add Drivers to a Windows 8.1 Deployment with Windows PE Using Configuration Manager

• Create a Task Sequence with Configuration Manager and MDT

• Finalize the Operating System Configuration for Windows 8.1 Deployment with Configuration Manager

• Deploy Windows 8.1 Using PXE and Configuration Manager

• Monitor the Windows 8.1 Deployment with Configuration Manager

• Refresh a Windows 7 SP1 Client with Windows 8.1 Using Configuration Manager

• Replace a Windows 7 SP1 Client with Windows 8.1 Using Configuration Manager

Prerequisites

In this topic, you will use an existing Configuration Manager server structure to prepare for operating system deployment. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:

• Active Directory Schema has been extended and System Management container created.

• Active Directory Forest Discovery and Active Directory System Discovery have been enabled.

• IP range boundaries and a boundary group for content and site assignment have been created.

• The Configuration Manager reporting services point role has been added and configured

• A file system folder structure for packages has been created.

• A Configuration Manager console folder structure for packages has been created.

• The KB2910552 hotfix has been installed.

For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. DC01 and CM01 are both members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see Proof-Of-Concept Environment.

Create the Configuration Manager service accounts

To configure permissions for the various service accounts needed for operating system deployment in Configuration Manager, you use a role-based model. To create the Configuration Manager Join Domain account as well as the Configuration Manager Network Access account, follow these steps:

1. On DC01, using Active Directory User and Computers, browse to contoso.com / Contoso / Service Accounts.

2. Select the Service Accounts OU and create the CM_JD account using the following settings:

   1. Name: CM_JD

   2. User logon name: CM_JD

   3. Password: P@ssw0rd

   4. User must change password at next logon: Clear

   5. User cannot change password: Select

   6. Password never expires: Select

3. Repeat the step, but for the CM_NAA account.

4. After creating the accounts, assign the following descriptions:

   1. CM_JD: Configuration Manager Join Domain Account

   2. CM_NAA: Configuration Manager Network Access Account

Figure 6. The Configuration Manager service accounts used for operating system deployment.

Configure Active Directory permissions

In order for the Configuration Manager Join Domain Account (CM_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample Set-OUPermissions.ps1 script and copied it to C:\Setup\Scripts on DC01.

1. On DC01, log on as Administrator in the CONTOSO domain using the password P@ssw0rd.

2. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands, pressing Enter after each command:

   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned –Force
   
   Set-Location C:\Setup\Scripts
   
   .\Set-OUPermissions.ps1 -Account CM_JD 
   -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
   

3. The Set-OUPermissions.ps1 script allows the CM_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted:

   1. Scope: This object and all descendant objects

   2. Create Computer objects

   3. Delete Computer objects

   4. Scope: Descendant Computer objects

   5. Read All Properties

   6. Write All Properties

   7. Read Permissions

   8. Modify Permissions

   9. Change Password

   10. Reset Password

   11. Validated write to DNS host name

   12. Validated write to service principal name

Review the Sources folder structure

To support the packages you create in this section, the following folder structure should be created on the Configuration Manager primary site server (CM01):

Note

In most production environments, the packages are stored on a Distributed File System (DFS) share or a “normal” server share, but in a lab environment you can store them on the site server.

• E:\Sources

• E:\Sources\OSD

• E:\Sources\OSD\Boot

• E:\Sources\OSD\DriverPackages

• E:\Sources\OSD\DriverSources

• E:\Sources\OSD\MDT

• E:\Sources\OSD\OS

• E:\Sources\OSD\Settings

• E:\Sources\Software

• E:\Sources\Software\Adobe

• E:\Sources\Software\Microsoft

Figure 7. The E:\Sources\OSD folder structure.

Integrate Configuration Manager with MDT 2013

To extend the Configuration Manager console with MDT 2013 wizards and templates, you install MDT 2013 in the default location and run the integration setup. In these steps, we assume you have downloaded MDT 2013 to the C:\Setup\MDT2013 folder on CM01.

1. On CM01, log on as Administrator in the CONTOSO domain using the password P@ssw0rd.

2. Make sure the Configuration Manager Console is closed before continuing.

3. Using File Explorer, navigate to the C:\Setup\MDT 2013 folder.

4. Run the MDT 2013 setup (MicrosoftDeploymentToolkit2013_x64.msi), and use the default options in the setup wizard.

5. From the Start screen, run Configure ConfigManager Integration with the following settings:

   1. Site Server Name: CM01.contoso.com

   2. Site code: PS1

Figure 8. Set up the MDT 2013 integration with Configuration Manager.

Create a new Configuration Manager client package (optional)

Creating a new client package is not required for operating system deployment with Configuration Manager, but it can be useful, for example, when testing new client updates without changing existing packages. In this section, you create a new Configuration Manager client package that includes the client hotfixes from KB2910552.

1. On CM01, in the E:\Sources folder, create a subfolder named ConfigMgr Client with Hotfixes.

2. Using File Explorer, copy the contents of E:\Program Files\Microsoft Configuration Manager\Client to the newly created folder (E:\Sources\ConfigMgr Client with Hotfixes).

3. In E:\Sources\ConfigMgr Client with Hotfixes, create a folder named Hotfix.

   Figure 9. The folder for the Configuration Manager client with hotfixes package.

4. Using File Explorer, navigate to the E:\Program Files\Microsoft Configuration Manager\hotfix\KB2910552\Client folder and copy the i386 and x64 subfolders to E:\Sources\ConfigMgr Client with Hotfixes\Hotfix.

5. Using the Configuration Manager Console in the Software Library workspace in the Application Management / Packages node, create a new package with the following settings:

   1. Name: Configuration Manager Client with Hotfixes

   2. Source folder: \\CM01\Sources$\Configuration Manager Client with Hotfixes

   3. Select Do not create a program

6. Make a note of the new package ID. In this example, it is PS10000A.

7. Distribute the new ConfigMgr Client with Hotfixes package to the CM01 distribution point.

8. Move the ConfigMgr Client with Hotfixes package to the OSD folder in the console.

Configure the client settings

Most organizations want to display their name during deployment. In this section, you configure the default Configuration Manager client settings with the Contoso organization name.

1. On CM01, using the Configuration Manager Console, in the Administration workspace, select Client Settings.

2. In the right pane, right-click Default Client Settings, and select Properties.

3. In the Computer Agent node, in the Organization name displayed in Software Center text box, type in Contoso and click OK.

Figure 10. Configuring the organization name in client settings.

Figure 11. The Contoso organization name being displayed during deployment.

Configure the Network Access account

Configuration Manager uses the Network Access account during the Windows 8.1 deployment process to access content on the distribution point(s). In this section, you configure the Network Access account.

1. Using the Configuration Manager Console, in the Administration workspace, expand Site Configuration and select Sites.

2. Right-click PS1 – Primary Site 1, select Configure Site Components, and then select Software Distribution.

3. In the Network Access Account tab, configure the CONTOSO\CM_NAA user account (select New Account) as the Network Access account. Use the new Verify option to verify that the account can connect to the \\DC01\sysvol network share.

Figure 12. Testing the connection for the Network Access account.

Enable PXE on the CM01 distribution point

Configuration Manager has many options for starting a deployment, but starting via PXE is certainly the most flexible in a large environment. In this section, you enable PXE on the CM01 distribution point.

1. Using File Explorer, verify that the KB2910552 hotfix is installed by navigating to the E:\Program Files\Microsoft Configuration Manager\Hotfix folder and looking for a folder named KB2910552.

Note

The KB 2910552 hotfix is required to enable PXE on distribution points that are running on the Configuration Manager primary site server.

2. In the Configuration Manager Console, in the Administration workspace, select Distribution Points.

3. Right-click the \\CM01.CONTOSO.COM distribution point and select Properties.

4. In the PXE tab, select the following settings:

   1. Enable PXE support for clients

   2. Allow this distribution point to respond to incoming PXE requests

   3. Enable unknown computer support

   4. Require a password when computers use PXE

   5. Password and Confirm password: Passw0rd!

   Figure 13. Configuring the CM01 distribution point for PXE.

5. Using the Configuration Manager Trace Log Tool, review the E:\Program Files\Microsoft Configuration Manager\Logs\distmgr.log file. Look for ConfigurePXE and CcmInstallPXE lines.

   Figure 14. The distmgr.log showing a success configuration of PXE on the distribution point.

6. Verify that you have seven files in each of the folders E:\RemoteInstall\SMSBoot\x86 and E:\RemoteInstall\SMSBoot\x64.

Figure 15. The content of the E:\RemoteInstall\SMSBoot\x64 folder after enabling PXE.