OS Deployments useing WinPE + PowerShell and WindowsImageTools by David Jones

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
you I'm David Jones I'm gonna be going over some PowerShell with when PE and does anyone know what Polaris is yeah I expect you guys do the PowerShell team Polaris is a fairly lightweight PowerShell based how is it rest method the ability to create those so I have that in here because I ran into a problem I wasn't expecting while trying to get this initial set up so the problem that initiated that this whole thing was you know we have for our server deployments we didn't have MDT the system they did have for deploying did not support UEFI natively and so we couldn't use it for imaging and so for the longest time everyone's still been using you know stick the CD and the Machine and load the windows so I also wanted to make sure I had a PE image where I did not have to reimage it with the process changed I didn't want to just create create the ISO and be done with it so the goal here for this presentation is to take a while this was intended for both virtual or or something where you can't lay down the OS from outside the machine kind of like VMware I'm still going to be doing it all in with hyper-v VMs but the goal here was to build a hyper-v server that's got a boot drive and a data drive join it to the domain and have it kick off a boot strap so it's going to actually if we get that far it'll actually go ahead and build another VM so oops that was that alright next time so here's the setup I've got alright so i got a domain controller this is a certificate authority a program server where I can upload my my scripts and in modules that's running under iis and so I'm using the certificate authority so that's going to be HTTP so I've got to have my PE be able to trust the certificate and then I've got my Polaris server and it is running it's there because PE while it has the module in place for the power shall get it doesn't actually have everything that's needed to make it work so I needed a way to be able to find the location of my build script and the modules ago that I need without having to hard code that my PE boot script I also didn't want to have to at one point I was actually using a redirector off of an i is spot saying okay you hit this redirect and point to it but every time I version the thing I had to keep updating it so I ended up creating a small of Polaris thing to handle that so let's go ahead and get started so first I needed to build that when the wind PE so I'm gonna create I knew that was gonna happen I always work when you're first getting set up okay is that readable so I need to be bigger okay yeah okay so now normally most people they're gonna go through and they're gonna highlight and run a line in because of some certain issues here it actually works more often when you do it that way but there's a certain curve at I wanted to cover so I'm gonna run this as a separate script so we're gonna go through some of the code here so basically I'm going to create this Tempe folder I'm going to be copying in the files here from the assessment and deployment kit that are needed for the winpe darn hover and we're gonna get the boot win now if you're not familiar with the PE the boot limb is basically the windows images Globes into the RAM Drive that you're actually running under that comes up is your X Drive and I also I'm not too fond of happened to press a key to get it to boot from the media so I'm gonna be using the know prompt you the EF Isis okay from there we're just going to do a mount on the on the boot and then we're gonna add WMI dotnet the scripting host powershell and says we're gonna be dealing with images we've had the disome and some storage one I'm not too sure if those bottom two are actually required for this alright then to actually to get it so the wimpy image will trust the certificate when it goes to talk to the web server I have to include the certificate into the image so here I've got this this huge byte array and the thumbprint of it and I'm going to mount the registry off of the out of the mounted wim and then I'm going to add these two registry keys now this is where I got stuck this worked perfectly for dismounting and saving out the wim after and when I ran it one line by line but as soon as I ran it as a script it blew up every time and left me with an orphaned mount point it turns out the inside of a script the new item when dealing with the registry PS Drive doesn't close its file handle properly until the script ends so I had to run the forcefully call that the close method and then run the garbage collector before I could unload the registry and then part of 1pe is it runs a batch file called start net so I'm gonna add an additional line in there to start a PowerShell and to run my my ps1 file here it has a couple of functions like the right color here just because I want to highlight certain commands cuz the technician running it might not always know or might not just read everything frankly alright so here I've got the get build script we'll come back to that one that's gonna actually download and you talk to Polaris and download the file so I'm gonna ask it so I need just make sure my path includes the scripts location so if you ever done the install script it usually the first time on a machine is going to ask you to make sure it update the path so I'm gonna handle that and then I'm gonna get the this new branch server script off of my internal gallery and as long as that works from there I'm just going to so if you notice instead of using like a hair string I see a lot of people do that in the scripts they post online I used a script blocked for the the function I'm going to write to a file because the set content thanks to the way they are always changing how files work it'll take a script block for the content and it gives me that highlighting and whatnot that doesn't run so I had an unmount it and then will create an image so right now I do not have that folder here at all thank you it takes a little bit so while that's running okay so they get billed script what I'm gonna do with this one is I need to be able to put together the requests I'm going to send to the REST API and I probably could have done it with invoke rest method but you know the URI I'm familiar with so that's what I did with so basically I'm just going to take the output I've got the output path here from the script name and if they don't supply the path I'm going to put that one together and then the default URI is just going to be you know this get package download the script name and if it's repository is supplied then I'll add that into that into it so if you're familiar with the packages the new get packages are just a zip file with a certain file structure so I'm going to unzip that put it where it needs to go and and then we're will be able to run that so let's see how this is coming along yeah talking it always takes the longest to install I sure hope it didn't hang yeah there she goes with all the packages or the all the cab files added here and then certificate done he's got a mountain save it and we're done so end result I've got this folder and I've got an ISO so it's actually attached that our you know this is probably gonna fail it's real like I didn't start the the Polaris yet thought I'd save some time by going so there download failed because the Polaris service wasn't actually running so let's get to that come on type mr. Hoover all right so here's my script for setting up Polaris so it's going to well transcript log so I can help with debugging there but we got to register the the gallery that I'm going to be using you know you know galleries are per user configuration so it doesn't though the service is going to be running under needs to have that preset up so I'm going to import the Polaris module I've got my new Polaris route where so the path is get packaged download like we saw before and I'm going to set the my default responses of nothing found and grab these different query parameters so I've got the repository name throw an error if you're trying to give it both a script name and a module because you can't do both the same time then I'm going to take from my PS repository configuration based on what repository name was handled to it and get it's either the script source or just a source location for my URL and I'm going to do a find modular script and grab the version number and from there I'm able to do a status code 303 and give it a location that is just the source location slash package less package name version and below that it's going to create a scheduled task that runs his system at the start up of the system so anytime this server gets rebooted it'll just automatically restart the Polaris sir now I had to add just because I'm on a laptop they allow on battery is that totally screwed up my thing as soon as I unplugged the power everything broke so so there is our task I didn't get it started so we're better okay so I'm just gonna reboot this okay so this time it worked tells you how to start the new branch server actually before I do that I should just show you what I got here I've got two disks they're online the only volume is the disk I'm on so they're empty all right so it goes out and it's going to go get some additional functions and then it's going to ask me some stuff I'm gonna get this kicked off and then we're going to go back and look at the code on it so I've got a thing in here for standardizing the computer names so they have to put in some information this is kind of made-up so this would be the sales at branch 120 the local admin password and password to a network account I can join it to the domain and then off she goes all right so here's my net my new branch server script I've got a get required modules looks a lot like the function the one for function is just is going to query Polaris it gets the redirect downloads and extracts it to the correct location I'm going to import those that's where I'm querying the data it checked the drive you know is the boot disk empty if so we're gonna need this information it collected then it's gonna go in and is that just is the data drive empty so it looks for the largest disk says you know there's nothing on it so doing it this is where the windows image tools comes in this module is something I built a couple years ago it was intended really for handling the fact that Server 2012 core didn't have it most of the content in it and if you apply to any patches you then couldn't use the the ISO or the other wim to reload any of the different features into the system so that's kind of what got me started on messing with images and so I ended up rewriting it to not just work with the whims and virtual drives to actually work with physical drives here so it's going to initialize the part the disk partition I'm telling you I want to data data layout which just means one big partition and I'm going to format it NTFS and now that I've got someplace I can write files I'm going to grab off of the Polaris server using the credentials I had previously given it I'm gonna grab my wim file let's just copy it off with a CD at this point I could just as easily use a custom image and then again it's gonna look you know is the boot disk empty then I'm gonna create a nun attend so for that I need the local parameters just some basic stuff the account to join where I want to put it and here's where the interesting part is the first boot script is during when Windows first goes and starts up that first time it's checking all the hardware figuring out what drivers and stuff it needs to do you can run commands at that point I think they call them synchronous commands and the XML and from that I'm gonna put in a simple script that is going to create a scheduled task to run every time the machine boots up and that's what I'm gonna use to bootstrap so that script can then check the status of each thing restart it if necessary and start back up go back down its checklist when it's done remove the scheduled tasks so from there I've created just for kicks I'm kicking out a couple of different unattended I've got the parameters I'm going to use to actually populate the disk so I got at my source disk the disk number I'm targeting which will be you know the boot disk of the drive and then using the UEFI layout because if you're familiar with disk imaging you know there's the Master Boot Record and the GPT partition and when you're booting with UEFI you've got to have some funky different partitions and stuff on it so I'm gonna have to have it automatically add the these features so I got hyper-v power cell management and SNMP and remove the SMB one protocol which I'm not entirely sure is in the image that I'm using by default but just want to make sure it's gone and because those features are all present on the image I'm pulling it's going to I'm not gonna give it a feature source to add anything else I would have to do that if I was trying to add like dotnet 3:5 from the beginning and because I didn't specify its gonna grab index number one the one file so I've got the I've also got a function here because in our environment if we were doing this on a physical machine we might be using a lifecycle controller that provides a virtual disk that has all the drivers needed so this is gonna find those and if they're there it's going to include them as part of the installation so and then it blasts all that to the install from limb and that is that is the huge center of a lot of of the windows image tools so we'll see that some of the verbose output of that in a minute that create the file structure I'm going to copy a few files I've got my first boot script and the the boot strap I'm going to inject in those that I've got this other script that's actually gonna create them so that first boot script all it's really doing is because it's during that initial boot the specialization phase none of the services have started up so I've got to start up the scheduling service and then again do the fact I'm on a laptop I had to do this with XML just so that I could turn on the battery function so the thing would actually start and then because PowerShell functions don't work at this point in Windows lifespan the I'm just going to use the sched test it to load that I'm also doing a quick diskpart script to take the disk on line because the data disk because it was built by another operating system than the one I'm just laying down it's gonna come up as a foreign desk and be offline all right so then it's gonna do another one we're good some build scripts I'm gonna go back out to Polaris and then over to the the new get server and download that bootstrap file so let's see where this is that it's done there we go so here's where the windows image tools loaded it detected it's on a PE and that the VHD commandments weren't available so it's going to use a dotnet class to handle some functionality we're not really using the VHDs at this point so that doesn't really matter so it's going to create here's the end of ten die created for this OS and then I threw a couple other ones out there for a file and print server and a client and so here is it showing the parameters that were passed in to set the set this partition up everything we're gonna put in there and so it's going to initialize it as a GPT create the efi partition it's fat32 that's where the the boot from file goes the microsoft reserved and then of course the windows partition with all the space now is there anything missing from that list it's recognized a lot of Microsoft documentation for formatting the drives includes like recovery tools and recover image those partitions they're not required and my function this function could do that if I specifically told it I wanted the the recovery image done on my physical list so I can at least get to that half the time if the machines that poached you're starting over anyway so I chosen not to include those on this so it's gonna show me here's my he drive a system and after I've with basic that's the windows and this is going to go ahead and lay it all down with the applying the image here all right it's gonna skip the source pass because I told it none no source and here's where it's removing the feature and then it's gonna apply BCD boot and give me yet you know the that's gonna set up the UEFI boot space so just so I don't mess with Drive letters here I'm gonna go ahead and remove this now in our environment if we're doing this is the physical machine we don't have a physical CD in it anymore so the virtual thing that's mounted through like the lights out or the idrac it's gonna be disabled before we reboot so I just don't want to confuse any of my scripts here any questions so far I know there's little bits and pieces I have two problems I've ran into you before like I know Microsoft has their script for converting a whim into VHD that they'd put out there for for Nano and stuff which is all it was all in a script and I was like this would look a lot better if I ma as a module well it turns out in the module scope if you change drive letters or do anything like that it's not visible to anything that it outside of it unless you run a couple of things that it's actually a bug that's been it was reported on connect and then not to use your voice I don't know if there's one out there yet on github but I don't know if this is a design that way or what but it's one problem I ran into so once this VM comes up is going to run this bootstrap the first thing I'm going to do is I'm going to make sure that I've got a new get installed so I'm going to look for the actual DLL because if I try running the of the provider function is going to try to go out to the Internet and reach for it so I want to avoid that so I'm going to check for the actual file creates and from that register and you get and of course the the gallery for this domain and update the scripts path and so it's gonna go through a lot of the same things here it's gonna look at now first we gotta take that disk while the other things should have brought it online it didn't flag it for writable so I have to make sure that that gets handled too so that the foreign disk it now becomes writable here normally I would have so have it doing Windows updates and also it could do a driver package there if the drivers haven't been done so it's also going to check do I have you know the wim file on my day to drive this I don't have that these other a lot of these functions on here are part of a another module I had put together just for our environment so I most of it's been sanitized so I can publish it so actually all the source code here I will get uploaded as soon as I've made sure I've removed anything that shouldn't be in there so that you guys could take a look I'm gonna set some basic hyper-v settings and create a script and from there hopefully create a VHD and another VM so this thing is definitely restarted okay so where's that see where it's at yep no machine jet all right so let's see words that a lot of the same stuff going through clearing the desk setting the partitions and it looks like it is still on applying the web images for that VM this was a little different because it's applying it into a VHD so some of that sub functions from what we're called are actually gonna they build the VA build the VHD set its partitions and then lay down the OS based on that so we're waiting on that all right is everyone familiar with the N attend yeah XML is not fun so yeah one of the in Windows image tools function is a new accent on the tend XML and that will it doesn't do everything because there's a million things you can do in the end of 10 but it takes a lot of the basics in this particular case we wanted to join the domain so it leaves my super secret password out there so not only the best but I haven't had much experience or luck with the whole you know creating an offline join and using that which probably would be a little more secure in this but it also requires you to have other stuff done in advance that maybe the technician doing it doesn't but in in our environment if an unintended found on a machine is immediately deleted by group policy anyway so so I've seen a lot of people with their examples for unattended say I take this and they do a fine and replace if you're 32-bit or 64-bit well it turns out they can live side by side so in this case it's a complete duplicate one is the eighty x86 and the other ones the 64 and the OS will just run whichever one it's going it needs except when you're dealing with tasks so if I'm gonna run a synchronous command it will 32-bit will run the 32-bit section the 64-bit will run both the 32 and the 64-bit section so everything wrong more than twice so since it doesn't actually trigger a 32 versus 64-bit process it just runs whatever command it is I only have to include those ones so here's where that first boot script is handled I've since I only asked for the path for that particular function i've repopulated that the rest of this with the starting of powershell and i also there's some also parameters to set your own stuff if you wanted to create anything specific it's different you know it's just mostly right now it's just the basics and put locale all the items to make it so that it doesn't ask you for anything keep it pretty clean here's where I set the password for the admin so and that's still going well anyway so I'm hoping some of these things are the little gems in here that you guys might find useful for stuff that you might do with either imaging or just handling that first boot I mean I'm being able to have something boot strapping kick off right as the OS is coming up I found fairly good now in other words to boot strap DSC I never had very much luck with it a script usually works better so this is a great way to have that boot strap kick off a DSC config or some other automated process you guys want to just you know not have to have someone do manually I suckers just churning along isn't it doesn't look very busy all right well does anyone got any questions or anything else yes oh yeah yeah the the reason for the power fell one was just so that I could script the process you know you can't script a website as easily if they've got a nice rest method that's great but yeah if you're trying to do something really complicated something like that's probably covered every possible option I don't see this going there this is primarily just for getting the basics up and then handling a lot of the other settings can be done after the fact so yeah on the boot the bootstrap could kick off anything from that so after the the that scheduled task I'm building during the initial specialization phase that could start anything so that scheduled tasks then kicks off a PowerShell script and anything I need to do beyond that I mean this is the demo so I was just doing something simple I mean it could do all sorts of stuff from software installations to no I don't know configuration registering it with your config stuff getting its certificate or anything like that so you know it's power schulz anything PowerShell can touch you know we can manage it somehow and while I did this with a hyper-v I could do the same thing with VMware hypervisor mist I used what I'm doing here inside this host I would just go ahead and write out the VHD directly yes almost every script has a start transcript at the top and in this case just to be standardized the I've created this folder under the program data and inside I've got one where I store my scripts and where I store my logs so I just have a standardized way which we have these are where we're going to write put any scripts that aren't grabbed off of our internal gallery or here's a spot for the logs I was actually looking at having certain steps in this is going to kick off an email over to our team's channel so that's working in that direction to have some sort of notification but we don't really have a lot of sophistication in certain parts of our environment so it would be not it would be possible to put whatever you want to have a check in let you know how things are going I could just as easily do that with a polaris thing where I have it right to a log just to go and hit that end point have it either shoot out an email update its database something so that I can see the status of what things are at how far they are well once this is on a domain you know group policy is gonna set off on that first boot up and it's gonna set our transcript log location and their log forwarding and everything so we we capture all the stuff that I'm pretty sure Lee talked about this morning I didn't see his talk but I seen plenty of his other ones so yeah we're trying to capture everything we can oh the scheduled tasks during the during the winpe portion something's not there I can start the scheduled service but the new scheduled tasks PowerShell functions just don't work at that point but that's just because we're in that initialization phase who knows what's available you have to cut yeah I'm a lot of things are missing in PE but this is at the point it's the full OS its booting up but it's doing the specialization phase most of the services are not running so I know the schedule task was needed I don't know why the other part is it's probably tough um I might not be running I don't know don't know this is the one I downloaded last month so I suppose we can do that we'll just bail this oh come on of course that way it'll actually have newer stuff at least having something is a lot better because otherwise you're stuck with whatever a vendor of your imaging tool or whatever you can manage to do with batch files it's so so that's the version I don't know when you start the ADK and then inside that it's gonna download the wim and everything else and you just go with whatever's there and honestly I'm not entirely sure how to tell it to refresh and get the new one I just ended up ripping the thing out resetting it up so I mean most the time it works I mean like the Windows Update function I had in there it was working great till November and then something changed and the image that is online now it was using the same code you use for like Oh Nano and those don't work anymore they do not work in Windows 10 in 2016 it's like why did they have to break that so I gotta get a lot more creative with Windows Update anyway that's all the time I've got so thank you guys for coming [Applause] you
Info
Channel: PowerShell.org
Views: 2,068
Rating: 4.7142859 out of 5
Keywords: powershell, windows powershell, techsession, powershell summit
Id: Rrk2j0QNKt0
Channel Id: undefined
Length: 46min 37sec (2797 seconds)
Published: Thu May 03 2018
Related Videos
13 Years in a Shell: Lessons, Practices, and Achievements in PowerShell
Jane Street
3.9K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.1M
PSPowerHour Episode 7 - Ansible and containers
PowerShell.org
735
Docker Tutorial for Beginners [FULL COURSE in 3 Hours]
TechWorld with Nana
1.1M
Windows PE USB & Standalone MDT Server - Video#30
cloudtechnexus
595
I ain’t a Data Scientist – Why do I need Jupyter Notebooks?
PowerShell.org
1.1K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Installing Windows 10 from IP SAN (using SMB/iPXE)
Paul Josh Tom Group
3.1K
Imagine 2021: Innovation Keynotes
Edge Impulse
4.3K
System administration complete course from beginner to advanced | IT administrator full course
Geek's Lesson
3M
Acrobat Pro DC Tutorial
Learnit Training
79K
How To Create a Minimal Bootable WinPE Media (on USB Flash Drive)
Nehal J Wani
17K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.