When Enterprise Isn’t Enterprise: The Homelab, Part 2

by ·0 Comments

It works! It really works!  I’ve finally implemented something that works!

A few weeks ago I wrote up a post about my experiments with Domains and homelab and WDS.  I’m pleased to report today that it worked!  It worked perfectly.

My poor desktop chokes when running the three VMs (DC, WDSS, and Deployed Desktop) but it works (though this may be changing since Nick and I decided to invest in a Homelab setup for the apartment; a Dell R710 with 2 Xeon E5645 Processors, 72GB RAM, and 4TB storage).  The Deployed Desktop boots off PXE from WDSS via DHCP from the DC, and boom.  Boots into WDS and receives and image.  No interaction required (unless I require it).  A lot of this is going to be a link repository for my own use.

It was super thrilling to get the thing working.  There are a bunch of caveats and I’m going to try and outline them here.

  • Get your unattended Windows 10 device prepped using a guide.  Save yourself the hassle of trying to figure out all the individual components (there are literally thousands) by hand.  Here’s a generator I used.
  • If you make customizations to the admin profile in the pre-collect phase they won’t copy over to your master image unless you toggle the master copy flag.
  • Don’t leave any files on the desktop in the pre-collect phase if you plan on toggling the master copy flag.  Those files will show up on the desktop of ALL people who login to the computer.  All of them.  Seriously.
  • Read up on drive partitions and setup with the unattended mode.  A good guide is here. I spent an hour trying to figure out why it “could not find target disk” until my roommate showed me this.
  • If you want to skip the login portion of WDSS (to ensure that the device is ALLOWED to imaged and contact the image host) you need to do NoCredential mode.  A sample of it is here.
  • Speaking of reading, read this for more info about the unattended mode here.
  • Remember, your imaging environment is different from your image server and the imaged device. That is to say, you need 64 and 32-bit configurations to cover all the range of devices you have.  If you have a 32-Bit device and your image environment is only configured for 64-Bit, you’re going to have a bad time.  This holds for variables in the SysPrep environment too.  You need to define things for both 64 and 32-Bit.

Here are some bits of my config files, mostly for my own sake and so others can see what things tripped me up.

Here is my WDS Unattended file.  I will explain some of the key sections.  This is the one that makes your deployment server sing.

  • <Login> with <Credentials> sections
    • If you don’t include domain, username, and password in this config section, then you will ALWAYS be prompted to login to the domain as part of the WDS deployment process.  I wanted this to be completely automatic, so I included it. The devices in question and the domain have been modified, obviously.  You’ll need to set them to be what your environment is.  As always I’d recommend a service account be used for the domain bind.
  • <ImageSelection> section
    • ImageName, ImageGroup, and Filename are all things you can set manually when you’re importing the image as per some of the previously linked guides.  It’s important to get them right.  Case mattered when I did it, but I’ve heard reports of it not mattering elsewhere.  YMMV.  It’s good practice to make things as precise as possible.
  • <InstallTo> section
    • Dictates where the image in ImageSelection section will go.  This is important to get right because of the next section…
  • <DiskConfiguration>
    • You need to create the partitions here and set one of them as primary.  You can also set the label.  We don’t wipe disks in our district, but if you do (or you’re deploying to a VM, or you bought a raw drive, or you [any other list of reasons that would result in you having a blank disk] you’ll need to at least have one <CreatePartition> line.  You can experiment with sizes with these flags here.  The <Size> parameter is what you’ll need.

Here is my ImageUnattend file.  Again, I’ll explain the important sections.  A lot of this comes from the generator though.  This is the one that makes your image YOUR image.  Customizations and everything.  Keep in mind that I don’t have a lot in this file because it’s all part of the pre-setup account fixes that I implemented.

  • <CopyProfile>true</CopyProfile>
    • Any and all profile changes you made to the pre-setup  account will be copied to ALL user profiles that use the computer.
  • <OOBE>
    <HideEULAPage>true</HideEULAPage>
    <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
    <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
    <NetworkLocation>Work</NetworkLocation>
    <SkipUserOOBE>true</SkipUserOOBE>
    <SkipMachineOOBE>true</SkipMachineOOBE>
    <ProtectYourPC>3</ProtectYourPC>
    </OOBE>
    • Hides all the extra startup info like signing in, authorizing Cortana, etc, etc.

So there you have it.  My Homelab has a DC, a WDS box and working desktops on the domain.

Next step: WSUS.

-M, out

Apologies: This post was delayed because of weekend shenanigans.  It was originally slated for release 7/17 – 7/23.  I obviously missed that mark.  I’ll be making a double post in 7/24 – 7/30, starting with this one!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.