.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: Deploying a Windows OS via WADS :keywords: Documentation, Deployment, WAPT, Windows .. |date| date:: .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 3% :alt: WAPT Enterprise feature only .. _wapt_wads_windows: ############################### Deploying a Windows OS via WADS ############################### |enterprise_feature| Deployment process ****************** 1. **Using BIOS/UEFI**: * the host makes a *DHCP* request to obtain an *IP* and the *PXE configuration* (TFTP server IP & iPXE file name), or * the host boots from a USB stick which embeds the *PXE configuration* 2. **Using BIOS/UEFI**: * the host makes a *TFTP* request to get *iPXE* and her configuration, or * the host runs the *iPXE configuration* from the USB stick. 3. Then, using **iPXE**, the host makes a *HTTPS* request to the WADS Server to obtain the :abbr:`BCD (Boot Configuration Data)` and the :file:`WinPE` file. 4. Finally, using **WinPE**, the host contacts the WADS Server via *HTTP* to obtain the OS iso file and its associated configuration files. Requirements before starting **************************** 1. To use WADS on your WAPT Console, you need to install a specific package on your management station. Two packages are available, only one is needed. Choose according to your needs: * `This package `_ integrates the **minimal requirements** for creating a WinPE file. * `This package `__ installs **Windows ADK**, all the tools to create and modify WinPE. 2. As of |date|, the user account using the WADS Console **MUST** have Local Administrator rights in the :ref:`WAPT Access Control Lists `. 3. Signing WADS with your certificate: * Go to the :menuselection:`Tools --> Sign Deploy Exe`. .. image:: wapt-resources/wapt_console_tools-menu_dialog-box.png :align: center :alt: Tools menu in the WAPT Console * Click on the :guilabel:`Sign` button: .. figure:: wapt-resources/wapt_console_sign-exe_container-window.png :align: center :alt: Window for signing binaries in the WAPT Console 4. Go to the :guilabel:`OS Deploy` tab: .. figure:: wapt-resources/wapt_wads_main_container-window.png :align: center :alt: Main window of the WADS Console Main window of the WADS Console .. _add_winpe: Adding the WinPE files ********************** `WinPE `_ is a minimal operating system used to install, deploy, and repair Windows. On WADS, WinPE is used to bootstrap the deployment of Windows. * If no WinPE file exists, then this pop-up will appear. .. image:: wapt-resources/wapt_wads_winpe-add_dialog-box.png :align: center :alt: Dialog box informing to upload a WinPE file in the WADS Console * Then click on :guilabel:`Upload WinPE`. * Choose the keyboard layout. **This step is important because you will type in the hostname in WinPE using the keyboard layout chosen with this step**. * Select the certificate with which to sign the USB stick files .. figure:: wapt-resources/wapt_wads-create-winpe_dialog-box.png :align: center :alt: Dialog box for selecting the keyboard in the WADS Console, certificates and drivers * Wait while the :file:`WinPE` file uploads onto the WAPT administration computer: .. image:: wapt-resources/wapt_wads_winpe_upload_information-box.png :align: center :alt: Loading the WinPE file in the WADS Console * Wait while the :file:`WinPE` file uploads to the WADS Server: If The :file:`WinPE` file has been successfully uploaded to the WADS Server. Adding the Operating System ISO ******************************* The next step is to add the Operating System :mimetype:`.iso` file to use for deploying Windows. * Use the latest official Windows release from `Microsoft `_ as the :mimetype:`.iso` file. .. figure:: wapt-resources/wapt_wads_iso-select_container-window.png :align: center :alt: ISO section of the WADS Console ISO section of the WADS Console * In the :guilabel:`Install ISO` section in the main WADS Console, click on the :guilabel:`+` button to upload the selected :mimetype:`.iso` file. * Select the :mimetype:`.iso` file and give it a name. .. figure:: wapt-resources/wapt_wads_iso_select_dialog-box.png :align: center :alt: Dialog box for selecting the ISO file to upload to the WADS Server Dialog box for selecting the ISO file to upload to the WADS Server * When uploaded, the :mimetype:`.iso` file is signed with the selected certificate: .. figure:: wapt-resources/wapt_wads_iso_signing_dialog-box.png :align: center :alt: Dialog box informing of the signing progression of the ISO file in the WADS Console Dialog box informing of the signing progression of the ISO file in the WADS Console * After the signing step has successfully completed, the :mimetype:`.iso` file is uploaded to the WADS Server: .. figure:: wapt-resources/wapt_wads_iso_uploading_dialog-box.png :align: center :alt: Dialog box informing of the uploading progession of the ISO file in the WADS Console Dialog box informing of the uploading progession of the ISO file in the WADS Console * After the uploading step has successfully completed, the :mimetype:`.iso` file appears in the :guilabel:`Install iso` section in the main WADS Console: .. image:: wapt-resources/wapt_wads_iso-uploaded_screen-item.png :align: center :alt: The ISO file has been successfully added to the WADS repository .. hint:: It is possible to upload several :mimetype:`.iso` versions of Windows for different use cases. .. _wads_xml_config: Adding the Configuration answer file ************************************ The next step is to add the Configuration answer file that will be used to configure the deployment of the Windows Operating System. .. figure:: wapt-resources/wapt_wads_xml-select_container-window.png :align: center :alt: Answer file section of the WADS Console Answer file section of the WADS Console * In the :guilabel:`Configuration` section click on the :guilabel:`+` button to configure the answer file. .. figure:: wapt-resources/wapt_wads_xml-create_container-window.png :align: center :alt: Window for creating the answer configuration file in the WADS Console Window for creating the answer configuration file in the WADS Console .. list-table:: Options for the answer file in the WADS Console :header-rows: 1 :widths: auto :align: center * - Options - Description * - :guilabel:`Config Name` - Defines the name of the XML answer file. * - :guilabel:`ISO Name` - Defines the :mimetype:`.iso` file to associate to the XML answer file. * - :guilabel:`For Windows` - Defines whether you install a Windows OS or Linux if unchecked. * - :guilabel:`Install Wapt` - Defines whether to install the **WAPT agent** after the installation of the Operating System. * - :guilabel:`Configuration file` - Defines the `XML answer files `_ template to use for Windows or the configuration file for Linux. * - :guilabel:`Post install Script` - Defines a :mimetype:`.bat` post-install script to be run after the installation of the Operating System. * Insert into the :guilabel:`Config Name` field the name of the answer file. * Select with the :guilabel:`Iso Name` dropdown the ISO file to association to the deployment configuration. * Check or uncheck the :guilabel:`Install WAPT` checkbox to install the WAPT Agent by default. * Check or uncheck the :guilabel:`For Windows` checkbox to install a Windows OS. * Select the answer file template to associate to the deployment configuration with the :guilabel:`Configuration File` field if it's OS Windows else, select the configuration file for Linux. * If necessary, set the post-install script in :guilabel:`Post install Script`, for example: .. code-block:: bat "C:\Program Files (x86)\wapt\wapt-get.exe" install tis-firefox-esr * Click on the :guilabel:`Save` button to create the answer file. * When done, the configuration appears in the :guilabel:`Configuration` section. .. figure:: wapt-resources/wapt_wads_xml-uploaded_screen-item.png :align: center :alt: Answer file added to the WADS Server in the WADS Console Answer file added to the WADS Server in the WADS Console .. hint:: It is possible to create several answer file configurations for different versions of Windows / Linux and for different use cases. Joining the host to an Active Directory domain ============================================== You can use your own answer file with WADS but by default, WADS integrate *2* types of answer files for Windows: * **Offline** to join a computer with the `DirectAccess Offline Domain Join (Djoin) `_ method * **Online** to join a computer on the AD .. tabs:: .. _wads_join_online: .. tab:: Online method Update this part with your **join service account**, you can give a specific :abbr:`OU (Organizational Unit)` if you want. If not, just delete the line :guilabel:`MachineObjectOU`. .. code-block:: xml mydomain.lan password wadsjoin mydomain.lan OU=MyOu,OU=MyParentOu,DC=MyDomain,DC=lan .. _wads_join_offline: .. tab:: Offline method The offline method uses the `Djoin `_ method. * Right-click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list * Click on :guilabel:`Prepare Djoin`. * Select the :abbr:`OU (Organizational Unit)` to which to attach the host (or define it manually) and click on :guilabel:`Save`. .. figure:: wapt-resources/wapt_console_wads-djoin-select-ou_dialog-box.png :align: center :alt: Selecting the Organizational Unit to which to automatically attach the re-imaged host Selecting the Organizational Unit to which to automatically attach the re-imaged host You can check :guilabel:`Do not use current user` if your current user can not or must not join a computer to the domain. If checked, you have to give manually **Domain**, **Host OU**, **User** (just the sAMAccountName, not the UPN nor the DOMAIN\user) and **password**. You can check :guilabel:`Overwrite the existing machine` in order to join anew a computer. * The :file:`Djoin` file is ready to be used to join the host as a member to the Active Directory domain. Adding drivers ************** The next step is to add driver bundles that will be used during the deployment of the Windows Operating System. .. figure:: wapt-resources/wapt_wads_drivers_container-window.png :align: center :alt: Drivers section of the WADS Console Drivers section of the WADS Console * In the :guilabel:`Drivers` section click on the :guilabel:`+` button to add a driver pack to the WADS Server. This window allows you to upload the driver bundles to associate to the Windows deployment. .. figure:: wapt-resources/wapt_wads_drivers-select_container-window.png :align: center :alt: Window for creating the driver bundles in the WADS Console Window for creating the driver bundles in the WADS Console .. list-table:: Options for the driver bundles in the WADS Console :header-rows: 1 :widths: auto :align: center * - Options - Description * - :guilabel:`Choose Dir` - Defines the path to the folder containing the driver bundles. * - :guilabel:`Name` - Defines the name of the driver bundle. * Click on the :guilabel:`Save` button, the uploading of the driver bundles starts. .. figure:: wapt-resources/wapt_wads_drivers-uploading_dialog-box.png :align: center :alt: Dialog box informing the uploading progression of the driver bundles in the WAPT Console Dialog box informing the uploading progression of the driver bundles in the WAPT Console * When uploaded, the drivers pack appears in the :guilabel:`Drivers` section of the WADS Console. .. figure:: wapt-resources/wapt_wads_drivers-uploaded_screen-item.png :align: center :alt: The drivers pack has been uploaded to the WADS Server The drivers pack has been uploaded to the WADS Server It is possible to create several driver packs for different versions of Windows and for different use cases. It is possible to use the :mimetype:`.cab` files from :abbr:`OEM (Original Equipement Manufacturers)`. It is also possibe to export the drivers from an existing well functioning host using a :program:`Powershell` command. .. code-block:: ps1 Export-WindowsDriver -Online -Destination D:\Drivers Booting the host to re-image with WADS ************************************** WADS allows **2** methods boot the host to re-image: * :ref:`Locally with a USB key `. * :ref:`Via LAN with a TFTP server ` .. _wads_usb_boot: Booting the host with a USB stick ================================= .. note:: The USB key used **MUST** be FAT32 formatted and empty. * Insert the USB stick in the WAPT adminsitration workstation and click on the :guilabel:`Create WinPE USB Key` button to start the process. * Choose the keyboard layout. **This step is important because you will type in the hostname in WinPE using the keyboard layout chosen with this step**. * Select the certificate with which to sign the USB stick files .. figure:: wapt-resources/wapt_wads-create-winpe_dialog-box.png :align: center :alt: Dialog box for selecting the keyboard in the WADS Console, certificates and drivers * Click on the :guilabel:`Upload WinPE` to format the USB stick and copy the WinPE file. * Boot to the computer's boot menu using the USB stick option and go to the :ref:`run the deployment ` step. .. note:: You can :guilabel:`Export to zip` when you create a WinPE USB Key if you can not use a USB key and then burn it onto a CD / DVD instead. .. figure:: wapt-resources/wapt_wads-create-winpe_to-zip.png :align: center :alt: WADS button to select export to zip .. _wads_lan_boot: Booting the host with the network ================================= Booting from the :abbr:`LAN (Local Area Network)` requires: * A properly working :ref:`TFTP server `; * A properly working :ref:`DHCP server `; * Having port 69 open on the WAPT Server for inbound traffic, and having tftp conntrack enabled on intermediate firewalls if you have firewalls between the server and the client computer. * Boot to the computer's boot menu using the LAN option and go to the :ref:`run the deployment ` step. .. _wads_run_deployment: Deploying the Windows image *************************** There are **3** choices when booting with iPXE: .. figure:: wapt-resources/wapt_wads_ipxe-boot-menu_text-terminal-window.png :align: center :alt: iPXE boot menu window iPXE boot menu window * :guilabel:`Boot Local disk` for starting normally from local storage; * :guilabel:`Register host (ipxe)` to register the host with the WADS Server using the :ref:`iPXE method `; * :guilabel:`Register host (winpe)` to register the host with the WADS Server using the :ref:`WinPE method `. .. tabs:: .. _ipxe_boot: .. tab:: iPXE boot * If choosing :guilabel:`Register host (ipxe)`, define a hostname: .. figure:: wapt-resources/wapt_wads_ipxe-set-hostname_text-terminal-window.png :align: center :alt: Text terminal window requesting a hostname when registering using the iPXE method Text terminal window requesting a hostname when registering using the iPXE method .. warning:: The keybord is qwerty * Refresh the WADS Console with :kbd:`F5`, the host appears in the :guilabel:`OS Deploy` tab. .. figure:: wapt-resources/wapt_wads_deploy-wait_screen-item.png :align: center :alt: Host waiting to be deployed Host waiting to be deployed At this time, the :guilabel:`Waiting to Deploy` status of the host is ``False``. * Right click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list * Go to :menuselection:`Change Config` and select :ref:`a XML answer file `. * Click on :guilabel:`Start Deploy`, the :guilabel:`Waiting to Deploy` status of the host switches to ``True``. .. image:: wapt-resources/wapt_wads_deploy-start_screen-item.png :align: center :alt: The host is ready to be re-imaged * Reboot the host to the same boot option as before (USB or LAN), Windows will start to install. * When the installation has completed, the :guilabel:`OS Deploy` tab, the status switches to ``Done``. .. _winpe_boot: .. tab:: WinPE * If choosing :guilabel:`Register host (winpe)`, define a hostname: .. figure:: wapt-resources/wapt_wads_ipxe-set-hostname_text-terminal-window.png :align: center :alt: Text terminal window requesting a hostname when registering using the WinPE method Text terminal window requesting a hostname when registering using the WinPE method The keybord is in the same layout as the one set during the :ref:`WinPE ` step of this documentation. * Refresh the WADS Console with :kbd:`F5`, the host appears in the :guilabel:`OS Deploy` tab. .. figure:: wapt-resources/wapt_wads_deploy-wait_screen-item.png :align: center :alt: Host waiting to be deployed Host waiting to be deployed At this time, the :guilabel:`Waiting to Deploy` status of the host is ``False``. * Right click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list * Go to :menuselection:`Change Config` and select :ref:`a XML answer file `. * Click on :guilabel:`Start Deploy`, the :guilabel:`Waiting to Deploy` status of the host switches to ``True``. .. image:: wapt-resources/wapt_wads_deploy-start_screen-item.png :align: center :alt: The host is ready to be re-imaged * Reboot the host to the same boot option as before (USB or LAN), Windows will start to install. * When the installation has completed, the :guilabel:`OS Deploy` tab, the status switches to ``Done``. Format host disk **************** When your host is ready to be redeployed, if necessary, you can format its disk using the UEFI or the Legacy method. To do so, right-click on host then :guilabel:`Edit Format Disk Config`. .. image:: wapt-resources/wapt_wads_deploy-rigth-click-menu.png :align: center :alt: Right-click menu on host Then you can choose either the UEFI or the Legacy script and customize the disk format configuration. Here is an example with the Legacy script: .. image:: wapt-resources/wapt_wads_deploy-disk-part.png :align: center :alt: Create Format Configuration for the hard disk .. a faire Additional information ====================== Ajouter paquet laps WAPT pour le compte tisadmin créé automatiquement Pas de secure boot expliquer différence winpe (téléchargement de l'image) et ipxe (image déjà téléchargée) * Right click on the host to open the menu list. .. image:: wapt-resources/wapt_wads_menu-list.png :align: center :alt: WADS menu list Envoyer un message (status) à la console via script post install : wads.exe --server-url=http://192.168.56.100 --send-status="coucou" parler des logs de déploiement comme MDT Indiquer site pour créer XML Errors ====== Erreur si wads non signé : waptwads-deploy-error-no-sign.png erreur offilineServicing : waptwads-deploy-error-no-djoin.png https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/offlineservicing Attention ordre wondows ISO dans unattend Astuce téléchargement iso avec User-Agent Switcher erreur join si le compte existe déjà : waptwads-join-error-exist.png