.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: Deploying a Windows OS via WADS :keywords: Documentation, Deployment, WAPT, Windows .. |date| date:: .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 3% :alt: WAPT Enterprise feature only .. _wapt_wads_windows: ############################### Deploying a Windows OS via WADS ############################### |enterprise_feature| Deployment process ****************** 1. **Using BIOS/UEFI**: * the host makes a *DHCP* request to obtain an *IP* and the *PXE configuration* (TFTP server IP & iPXE file name), or * the host boots from a USB stick which embeds the *PXE configuration* 2. **Using BIOS/UEFI**: * the host makes a *TFTP* request to get *iPXE* and her configuration, or * the host runs the *iPXE configuration* from the USB stick. 3. Then, using **iPXE**, the host makes a *HTTPS* request to the WADS Server to obtain the :abbr:`BCD (Boot Configuration Data)` and the :file:`WinPE` file. 4. Finally, using **WinPE**, the host contacts the WADS Server via *HTTP* to obtain the OS iso file and its associated configuration files. Requirements before starting **************************** 1. To use WADS on your WAPT Console, you need to install a specific package on your management station. Two packages are available, only one is needed. Choose according to your needs: * `This package `_ integrates the **minimal requirements** for creating a WinPE file. * `This package `__ installs **Windows ADK**, all the tools to create and modify WinPE. 2. As of |date|, the user account using the WADS Console **MUST** have Local Administrator rights in the :ref:`WAPT Access Control Lists `. 3. Signing WADS with your certificate: * Go to the :menuselection:`Tools --> Sign Deploy Exe`. .. image:: wapt-resources/wapt_console_tools-menu_dialog-box.png :align: center :alt: Tools menu in the WAPT Console * Click on the :guilabel:`Sign` button: .. figure:: wapt-resources/wapt_console_sign-exe_container-window.png :align: center :alt: Window for signing binaries in the WAPT Console Window for signing binaries in the WAPT Console 4. Go to the :guilabel:`OS Deploy` tab: .. figure:: wapt-resources/wapt_wads_main_container-window.png :align: center :alt: Main window of the WADS Console Main window of the WADS Console .. _add_winpe: Adding the WinPE files ********************** `WinPE `_ is a minimal operating system used to install, deploy, and repair Windows. On WADS, WinPE is used to bootstrap the deployment of Windows. * If no WinPE file exists, then this pop-up will appear. .. image:: wapt-resources/wapt_wads_winpe-add_dialog-box.png :align: center :alt: Dialog box informing to upload a WinPE file in the WADS Console * Then click on :guilabel:`Upload WinPE`. * Choose the keyboard layout. **This step is important because you will type in the hostname in WinPE using the keyboard layout chosen with this step**. .. figure:: wapt-resources/wapt_wads-select-keyboard_dialog-box.png :align: center :alt: Dialog box for selecting the keyboard in the WADS Console Dialog box for selecting the keyboard in the WADS Console * Select the certificate with which to sign the USB stick files: .. figure:: wapt-resources/wapt_wads_crt-select_container-window.png :align: center :alt: Dailog box for selecting the certificate in the WADS Console Dailog box for selecting the certificate in the WADS Console * Wait while the :file:`WinPE` file uploads onto the WAPT administration computer: .. image:: wapt-resources/wapt_wads_winpe_upload_information-box.png :align: center :alt: Loading the WinPE file in the WADS Console * Wait while the :file:`WinPE` file uploads to the WADS Server: .. note:: The :file:`WinPE` file has been successfully uploaded to the WADS Server. Adding the Operating System ISO ******************************* The next step is to add the Operating System :mimetype:`.iso` file to use for deploying Windows. * Use the latest official Windows release from `Microsoft `_ as the :mimetype:`.iso` file. .. figure:: wapt-resources/wapt_wads_iso-select_container-window.png :align: center :alt: ISO section of the WADS Console ISO section of the WADS Console * In the :guilabel:`Install ISO` section in the main WADS Console, click on the :guilabel:`+` button to upload the selected :mimetype:`.iso` file. * Select the :mimetype:`.iso` file and give it a name. .. figure:: wapt-resources/wapt_wads_iso_select_dialog-box.png :align: center :alt: Dialog box for selecting the ISO file to upload to the WADS Server Dialog box for selecting the ISO file to upload to the WADS Server * When uploaded, the :mimetype:`.iso` file is signed with the selected certificate: .. figure:: wapt-resources/wapt_wads_iso_signing_dialog-box.png :align: center :alt: Dialog box informing of the signing progression of the ISO file in the WADS Console Dialog box informing of the signing progression of the ISO file in the WADS Console * After the signing step has successfully completed, the :mimetype:`.iso` file is uploaded to the WADS Server: .. figure:: wapt-resources/wapt_wads_iso_uploading_dialog-box.png :align: center :alt: Dialog box informing of the uploading progession of the ISO file in the WADS Console Dialog box informing of the uploading progession of the ISO file in the WADS Console * After the uploading step has successfully completed, the :mimetype:`.iso` file appears in the :guilabel:`Install iso` section in the main WADS Console: .. image:: wapt-resources/wapt_wads_iso-uploaded_screen-item.png :align: center :alt: The ISO file has been successfully added to the WADS repository .. hint:: It is possible to upload several :mimetype:`.iso` versions of Windows for different use cases. .. _wads_xml_config: Adding the XML configuration answer file **************************************** The next step is to add the XML answer file that will be used to configure the deployment of the Windows Operating System. .. figure:: wapt-resources/wapt_wads_xml-select_container-window.png :align: center :alt: XML answer file section of the WADS Console XML answer file section of the WADS Console * In the :guilabel:`Configuration` section click on the :guilabel:`+` button to configure the XML answer file. .. figure:: wapt-resources/wapt_wads_xml-create_container-window.png :align: center :alt: Window for creating the XML answer configuration file in the WADS Console Window for creating the XML answer configuration file in the WADS Console .. list-table:: Options for the XML answer file in the WADS Console :header-rows: 1 :widths: auto :align: center * - Options - Description * - :guilabel:`Config Name` - Defines the name of the XML answer file. * - :guilabel:`ISO Name` - Defines the :mimetype:`.iso` file to associate to the XML answer file. * - :guilabel:`Install Wapt` - Defines whether to install the **WAPT agent** after the installation of the Operating System. * - :guilabel:`Choose XML File` - Defines the `XML answer files `_ template to use. * - :guilabel:`Choose Script` - Defines a :mimetype:`.bat` post-install script to be run after the installation of the Operating System. * Insert into the :guilabel:`Config Name` field the name of the XML answer file. * Select with the :guilabel:`Iso Name` dropdown the ISO file to association to the deployment configuration. * Check or uncheck the :guilabel:`Install WAPT` checkbox to install the WAPT Agent by default. * Select the XML answer file template to associate to the deployment configuration with the :guilabel:`Choose XML File` field. .. note:: By default, WADS integrate *2* type of answer files: * **Offline** to join a computer with the `DirectAccess Offline Domain Join (Djoin) `_ method * **Online** to join a computer on the AD * Update this part with your **join service account**: .. code-block:: xml mydomain.lan password wadsjoin mydomain.lan .. hint:: You can use your own answer file with WADS. * If necessary, set the post-install script in :guilabel:`Choose Script`, for example: .. code-block:: bat "C:\Program Files (x86)\wapt\wapt-get.exe" install tis-firefox-esr * Click on the :guilabel:`Create` button to create the XML answer file. * When done, the configuration appears in the :guilabel:`Configuration` section. .. image:: wapt-resources/wapt_wads_xml-uploaded_screen-item.png :align: center :alt: XML answer file configuration added to the WADS Server in the WADS Console .. hint:: It is possible to create several XML answer file configurations for different versions of Windows and for different use cases. Adding drivers ************** The next step is to add driver bundles that will be used during the deployment of the Windows Operating System. .. figure:: wapt-resources/wapt_wads_drivers_container-window.png :align: center :alt: Drivers section of the WADS Console Drivers section of the WADS Console * In the :guilabel:`Drivers` section click on the :guilabel:`+` button to add a driver pack to the WADS Server. This window allows you to upload the driver bundles to associate to the Windows deployment. .. figure:: wapt-resources/wapt_wads_drivers-select_container-window.png :align: center :alt: Window for creating the driver bundles in the WADS Console Window for creating the driver bundles in the WADS Console .. list-table:: Options for the driver bundles in the WADS Console :header-rows: 1 :widths: auto :align: center * - Options - Description * - :guilabel:`Choose Dir` - Defines the path to the folder containing the driver bundles. * - :guilabel:`Name` - Defines the name of the driver bundle. * Click on the :guilabel:`Save` button, the uploading of the driver bundles starts. .. figure:: wapt-resources/wapt_wads_drivers-uploading_dialog-box.png :align: center :alt: Dialog box informing the uploading progression of the driver bundles in the WAPT Console Dialog box informing the uploading progression of the driver bundles in the WAPT Console * When uploaded, the drivers pack appears in the :guilabel:`Drivers` section of the WADS Console. .. image:: wapt-resources/wapt_wads_drivers-uploaded_screen-item.png :align: center :alt: The drivers pack has been uploaded to the WADS Server .. hint:: It is possible to create several driver packs for different versions of Windows and for different use cases. .. note:: * It is possible to use the :mimetype:`.cab` files from :abbr:`OEM (Original Equipement Manufacturers)`. * It is also possibe to export the drivers from an existing well functioning host using a :program:`Powershell` command. .. code-block:: ps1 Export-WindowsDriver -Online -Destination D:\Drivers Booting the host to re-image with WADS ************************************** WADS allows **2** methods boot the host to re-image: * :ref:`Locally with a USB key `. * :ref:`Via LAN with a TFTP server ` .. _wads_usb_boot: Booting the host with a USB stick ================================= .. note:: The USB key used **MUST** be FAT32 formatted and empty. * Insert the USB stick in the WAPT adminsitration workstation and click on the :guilabel:`Create WinPE USB Key` button to start the process. * Choose the keyboard layout. **This step is important because you will type in the hostname in WinPE using the keyboard layout chosen with this step**. .. figure:: wapt-resources/wapt_wads-select-keyboard_dialog-box.png :align: center :alt: Dialog box for selecting the keyboard in the WADS Console Dialog box for selecting the keyboard in the WADS Console * Select the certificate with which to sign the USB stick files: .. figure:: wapt-resources/wapt_wads_crt-select_container-window.png :align: center :alt: Dailog box for selecting the certificate in the WADS Console Dailog box for selecting the certificate in the WADS Console * Click on the :guilabel:`Upload WinPE` to format the USB stick and copy the WinPE file. * Boot to the computer's boot menu using the USB stick option and go to the :ref:`run the deployment ` step. .. _wads_lan_boot: Booting the host with the network ================================= .. note:: Booting from the :abbr:`LAN (Local Area Network)` requires: * A properly working :ref:`TFTP server `; * A properly working :ref:`DHCP server `; * Having port 69 open on the WAPT Server for inbound traffic, and having tftp conntrack enabled on intermediate firewalls if you have firewalls between the server and the client computer. * Boot to the computer's boot menu using the LAN option and go to the :ref:`run the deployment ` step. .. _wads_run_deployment: Deploying the Windows image *************************** There are **3** choices when booting with iPXE: .. figure:: wapt-resources/wapt_wads_ipxe-boot-menu_text-terminal-window.png :align: center :alt: iPXE boot menu window iPXE boot menu window * :guilabel:`Boot Local disk` for starting normally from local storage; * :guilabel:`Register host (ipxe)` to register the host with the WADS Server using the :ref:`iPXE method `; * :guilabel:`Register host (winpe)` to register the host with the WADS Server using the :ref:`WinPE method `. .. tabs:: .. _ipxe_boot: .. tab:: iPXE boot * If choosing :guilabel:`Register host (ipxe)`, define a hostname: .. figure:: wapt-resources/wapt_wads_ipxe-set-hostname_text-terminal-window.png :align: center :alt: Text terminal window requesting a hostname when registering using the iPXE method Text terminal window requesting a hostname when registering using the iPXE method .. warning:: The keybord is qwerty * Refresh the WADS Console with :kbd:`F5`, the host appears in the :guilabel:`OS Deploy` tab. .. figure:: wapt-resources/wapt_wads_deploy-wait_screen-item.png :align: center :alt: Host waiting to be deployed Host waiting to be deployed At this time, the :guilabel:`Waiting to Deploy` status of the host is ``False``. * Right click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list * Go to :menuselection:`Change Config` and select :ref:`a XML answer file `. * Click on :guilabel:`Start Deploy`, the :guilabel:`Waiting to Deploy` status of the host switches to ``True``. .. image:: wapt-resources/wapt_wads_deploy-start_screen-item.png :align: center :alt: The host is ready to be re-imaged .. warning:: If the host is to be a member of the Active Directory domain, set information either using: * :ref:`an answer file `; * :ref:`the Djoin method `. * Reboot the host to the same boot option as before (USB or LAN), Windows will start to install. * When the installation has completed, the :guilabel:`OS Deploy` tab, the status switches to ``Done``. .. _winpe_boot: .. tab:: WinPE * If choosing :guilabel:`Register host (winpe)`, define a hostname: .. figure:: wapt-resources/wapt_wads_ipxe-set-hostname_text-terminal-window.png :align: center :alt: Text terminal window requesting a hostname when registering using the WinPE method Text terminal window requesting a hostname when registering using the WinPE method .. note:: The keybord is in the same layout as the one set during the :ref:`WinPE ` step of this documentation. * Refresh the WADS Console with :kbd:`F5`, the host appears in the :guilabel:`OS Deploy` tab. .. figure:: wapt-resources/wapt_wads_deploy-wait_screen-item.png :align: center :alt: Host waiting to be deployed Host waiting to be deployed At this time, the :guilabel:`Waiting to Deploy` status of the host is ``False``. * Right click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list * Go to :menuselection:`Change Config` and select :ref:`a XML answer file `. * Click on :guilabel:`Start Deploy`, the :guilabel:`Waiting to Deploy` status of the host switches to ``True``. .. image:: wapt-resources/wapt_wads_deploy-start_screen-item.png :align: center :alt: The host is ready to be re-imaged .. warning:: If the host is to be a member of the Active Directory domain, set information either using: * :ref:`an answer file `; * :ref:`the Djoin method `. * Reboot the host to the same boot option as before (USB or LAN), Windows will start to install. * When the installation has completed, the :guilabel:`OS Deploy` tab, the status switches to ``Done``. Joining the host to an Active Directory domain ============================================== .. tabs:: .. _wads_join_online: .. tab:: Online method .. TODO .. _wads_join_offline: .. tab:: Offline method The offline method uses the `Djoin `_ method. * Right-click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list * Click on :guilabel:`Prepare Djoin`. * Select the :abbr:`OU (Organizational Unit)` to which to attach the host (or define it manually) and click on :guilabel:`Save`. .. figure:: wapt-resources/wapt_console_wads-djoin-select-ou_dialog-box.png :align: center :alt: Selecting the Organizational Unit to which to automatically attach the re-imaged host Selecting the Organizational Unit to which to automatically attach the re-imaged host * The :file:`Djoin` file is ready to be used to join the host as a member to the Active Directory domain. .. a faire Additional information ====================== Ajouter paquet laps WAPT pour le compte tisadmin créé automatiquement Pas de secure boot expliquer différence winpe (téléchargement de l'image) et ipxe (image déjà téléchargée) * Right click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list Envoyer un message (status) à la console via script post install : wads.exe --server-url=http://192.168.56.100 --send-status="coucou" parler des logs de déploiement comme MDT Indiquer site pour créer XML Errors ====== Erreur si wads non signé : waptwads-deploy-error-no-sign.png erreur offilineServicing : waptwads-deploy-error-no-djoin.png https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/offlineservicing Attention ordre wondows ISO dans unattend Astuce téléchargement iso avec User-Agent Switcher erreur join si le compte existe déjà : waptwads-join-error-exist.png