1.1.

WDS
The Windows Deployment Services (WDS) server role enables the deployment of
Windows operating systems to client and server computers. Using WDS,
computers without an operating system installed boot from the network, contact
the WDS server, and download and install the operating system.

 WDS is an update to Remote Installation Services (RIS) that was available

with Windows 2003 and earlier operating systems.
 You can use WDS to deploy Windows Server 2008/2012/2016, Windows
Vista/7/8/10, and earlier versions of Microsoft operating systems.
 WDS is available with Standard, Enterprise, and DataCenter editions of
Windows Server 2008/2012/2016.

WDS uses disk images for the installation. An image is a single file containing the
contents of an operating system installation. Image files have the .wim extension.
There are four types of WDS images.

Image
Description
Type
An install image is an image of the operating system that will be
installed on client computers.

 A default install image (Install.wim) is included on the

operating system DVD in the <DVDroot>\Sources folder.
 Install.wim includes all editions of Windows Server
2008/2012/2016 within the single image file, including the
Install
Enterprise and Datacenter editions and the Server Core
image installations.
 When you add the install image in WDS, you identify the
editions within the install image that are available for clients
to install.
 When a client computer connects to the WDS server, and if
there are multiple install images available or multiple editions
within a single install image made available, a menu will be
 shown allowing the user to select the version and edition to
install.
 Each install image is architecture specific. For example, you
must have either the 32‐bit, 64‐bit, or 64‐bit Itanium version.

A boot image is a minimal operating system (Windows PE) that is

sent to the client when it first connects to the WDS server. Boot
images are used as follows:

1. During the boot process, the client computer locates the WDS
server.
2. The WDS server sends a boot image file to the client. The boot
image file contains the Windows PE operating system and the
WDS client software.
3. The client installs the Windows PE operating system in the
boot image and starts the WDS client.
4. The WDS client retrieves a list of available full operating
systems to install.
Boot 5. The client computer downloads the appropriate install image
image and installs the full operating system.

When working with boot image files:

 A default boot image file (Boot.wim) is included on the

operating system DVD in the <DVDroot>\Sources folder.
 You can use multiple boot image files. If the WDS server has
multiple boot image files, the client computer will display a
menu of boot images to use.

Note: Client computers must support PXE boot (network boot) to use
boot image files. PXE boot allows a computer without an operating
system installed to locate and download the operating system
through a network connection.
Capture
A capture boot image is an image that you use to create custom
boot
install images. To create a custom install image you do the following:
image
 1. Create the capture boot image from a regular boot image. The
capture image includes Windows PE and the WDS Image
Capture Wizard.
2. Install the operating system on a reference computer. Once
the operating system is installed, you can customize the
installation as desired.
3. On the reference computer, run the SysPrep utility. SysPrep
prepares the computer so that an image can be created from
the installation.
4. Boot the reference computer from the network. When the
computer connects to the WDS server, select the capture boot
image you created earlier.
5. After the computer boots, it runs the WDS Image Capture
Wizard. Use the wizard to select the disk partition containing
the operating system installation you want to capture, and a
location to save the resulting image file.
6. When the wizard completes, the resulting install image file is
uploaded to the WDS server.

A discover image is a boot image that is placed on removable media

(such as a CD, DVD, or USB drive) that can be used by non‐PXE clients
to boot and locate a WDS server. To use a discover image:

1. Create the discover image from an existing boot image.

2. Use the Microsoft Windows AIK tools to create an ISO image
that contains the discover boot image.
Discover
3. Burn the ISO image to disc. You must use a tool capable of
boot
creating a disc from an ISO image; simply copying the image to
image
the disc will not work.
4. Insert the media in the client computer. Boot the computer
from the media.
5. The computer installs the Windows PE operating system and
connects to the WDS server. Select a desired install image to
install the full operating system and complete the process.
1.2. WDS Installation
Following are the server and networking requirements for Windows Deployment
Services:

 The WDS server role can only be installed on a Windows Server

2008/2012/2016 server. You cannot install WDS on a Server Core
installation.
 Use Server Manager to add the Windows Deployment Services role. Add
both the Deployment Server and Transport Server role services.
 Images on the WDS server must be stored on an NTFS partition.
 The WDS server must be a member of an Active Directory domain. DNS
name resolution for the domain must be configured.
 You must have a DHCP server on the network. The DHCP service can run on
the WDS server or on another server.
o To deploy WDS and the DCHP server role on the same server, disable
port 67 in the WDS server properties and configure DHCP option 60.
You can perform both of these tasks during installation or using the
WDS console.
o If the DHCP service is on a server in a different subnet from the WDS
server, do one of the following:
 Configure IP helper tables on the router. Forward UDP port 67
to both the DHCP server and the WDS server. Forward UDP
port 4011 from client computers to the WDS server.
 Add DHCP option 66 to point to the WDS server, and configure
option 67 with a value of boot\x86\wdsnbp.com
 You can manage and maintain WDS from a command line using the
WDSUtil command line utility.

Clients that will use WDS for installing the operating system have the following
requirements:

 To boot from the network, the client must be PXE boot capable, and the
BIOS must be configured to boot from network. If the client is not PXE
capable, plan on using discover images.
 The workstation requires a minimum of 512 MB of RAM to load the boot
image.
  Additional RAM and hardware to meet the operating system requirements
of the install image is required.
 The user account that will be used during the installation must be a
member of the Domain Users group.
 WDS does not support the use of IPv6. Clients must use IPv4 to connect to
the WDS server and download images.

Prestaging a computer account allows you to control various WDS options

available to the client. Be aware of the following when managing computer
accounts used by WDS.

 Prestage accounts to:

o Control the computer name that gets assigned to the computer.
o Assign the computer to use a specific PXE server.
o Assign the computer a specific boot menu or configure which boot
image is used.
o Identify which unattend file will be used during the install.
 The PXE response setting for the WDS server identifies which computers
the WDS server will respond to. The following table lists the various
response methods:

Response Action
Do not respond
The WDS server is enabled and configured but not
to any client
responding to any clients.
computer
The WDS server sends a response and starts to copy an
Respond only to image to computers that have a computer account in
known client Active Directory. This method prevents unknown
computers computers or untrusted computers from accessing
your network.
Any computer that requests an image from WDS will
Respond to all
receive the image and start the installation process.
(known and
When you select this option, you can require approval
unknown) client
for all unknown clients (a response will only be sent
computers
after an administrator manually approves the client).
 By default, when a client completes the operating system installation using
a WDS server, a computer account is automatically created in the domain if
one does not already exist. Use the following methods to control how
computer accounts are created:
o Run Wdsutil /add‐device /device:name /ID:idnumber or use Active
Directory Users and Computers to create (prestage) a computer
account before it attempts a network boot.
o To prevent a computer account from being created, take one of the
following actions:
 Configure the WDS server to respond only to known
computers. This means that only computers with an existing
computer account can use the WDS server. The account will
not be created because it already exists.
 If the WDS server is configured to respond to unknown
computers, select the Do not create account in the domain
after running WDS Client option on the Client tab of the WDS
server properties to disable creating computer accounts for
successful installations.
o On the WDS server properties, use the Directory Services settings to
configure the location for computer accounts created by WDS and
the naming format for those accounts. Use variables to customize the
computer name:
 Use %Username, %First, and %Last to create the computer
name from the user logon or user name.
 Use %MAC to use the MAC address as part of the computer
name.
 Use the format %[0][n]# to use a variable number. For
example, the variable %02# adds numbers 01, 02, 03, etc. to
the computer name.

Note: Computer names are limited to 15 characters. If the resulting

name is longer than 15 characters, the name will be truncated to only
15 characters.

 Use the Wdsutil /set‐server /PrestageUsingMAC:Yes command to keep

track of computers using the MAC address instead of the computer GUID.
1.3. Image Management
In addition to the WDS console, use the following tools as you manage WDS
images:

Tool Description
WinPE is a minimal installation of Windows that controls the
early boot process and starts a limited operating system.

 WinPE is used with WDS to boot the computer and

Windows Pre‐ select the installation image to install on the
installation computer.
Environment  WinPE includes necessary drivers to connect to a
(WinPE) network share, as well as tools to format and partition
hard disks.
 You use WinPE to boot a reference computer when
capturing an image to use with WDS.

Use SysPrep to prepare a Windows installation for imaging

System
by removing machine‐specific information. When creating a
Preparation Tool
custom install image, you run SysPrep on the reference
(SysPrep)
computer before capturing the operating system image.
ImageX is a command‐line tool used to create and modify
operating system images. Use ImageX to:

 Capture an installation to make a WDS install image.

 Modify an existing image by adding drivers without
recapturing the entire image.
 Compress images.
ImageX
 Copy images to network distribution points.

Note: You can create an install image using the WDS Image
Capture Wizard. Use ImageX for access to more features
including the ability to capture to a network location,
additional compression options, and the ability to capture
partial volumes.
 Use Windows SIM to create and manage response files used
for unattended installations. An unattended installation uses
an answer file (also called a response file) that identifies the
responses to installation questions. The installation starts
automatically and completes without user intervention. For
an unattended installation with WDS, you use two different
response files:
Windows System
Image Manager  The WDS client answer file controls the WinPE boot
(Windows SIM) and the selection of the operating system installation
image.
 The operating system installation answer file contains
the responses required to install the operating
system.

Windows SIM is included in the Windows Automated

Installation Kit (Windows AIK).

For a large‐scale WDS deployment, you will work with multiple images of each
type. The following table lists considerations for managing each image type:

Image Consideration
The install image is the operating system image that will be configured
on the WDS client.

 Install images are architecture dependent. There are separate

images for x86 (32‐bit) systems and for x64 (64‐bit) systems.
 Install images include all versions of the respective operating
system. For example, the x86 install image for Windows Server
Install 2008 includes the 32‐bit Standard, Enterprise, and Datacenter
editions, along with the Server Core installations of each.
 When you add an install image to WDS, you select the versions
that will be available to clients. For example, you can deselect
the Datacenter edition or the Server Core installations to
prevent those versions from being selected and installed. You
might do this to prevent users from installing versions for which
you do not have the necessary licenses.
  Install images for Vista/7/8/10 and Windows Server
2008/2012/2016 are hardware abstraction layer (HAL)
independent. This means that a single image can be used for
systems with varying hardware, as long as the architecture type
matches.
 Install images for earlier operating systems (such as Windows
XP) are HAL dependent. You will need to create an install image
for each HAL type needed.

The boot image is the image that contains WinPE and the WDS client
software and is used to boot the client and select the install image to
use.

 Boot images are architecture dependent. There are separate

images for x86 (32‐bit) systems and for x64 (64‐bit) systems.
 An x64 computer can boot using either an x64 or x86 boot
image. An x86 computer can only use an x86 boot or install
image.
Boot
 If you have multiple boot images on the WDS server, the boot
menu will show both the x64 and x86 boot images. Only x86
boot images will be shown for x86 computers.
 If the computer boots using an x86 boot image, both x64 and x86
install images will be shown on the install menu for x64
computers; only x86 images will be shown for x86 computers.
 If the computer boots using an x64 boot image, only x64 install
images will be shown on the install menu.

If the client computer is not PXE‐enabled, you must boot the computer
using a discover image. When you create a discover image, you specify
how the computer finds the WDS server:

Discover  With static discovery, you manually identify the WDS server that
will be used.
 With dynamic discovery, the client uses a PXE‐emulated request
to locate a WDS server on the network.
 A capture image is a special boot image that contains WinPE and the
WDS Image Capture Wizard. You boot the computer using the capture
image to create an install image based on the reference computer.

 After creating the capture image, add the capture image back
into the WDS console.
 Install the operating system on a reference computer and
customize it to meet your requirements.
 Before booting the reference computer with the capture image,
Capture
run SysPrep on the computer to prepare if for imaging. Choose
the Enter System Out‐of‐Box Experience (OOBE) and the
Generalize options to prepare the system for imaging.
 When the reference computer reboots, it connects to the WDS
server. Select the capture image to start the Capture Image
Wizard.
 You can also reboot the computer into WinPE and use ImageX to
take advantage of features available with ImageX.

If you have an existing install image, you can use ImageX to add drivers or
operating system updates without recapturing the install image. Use the following
process:

1. Create an empty directory that will be used for mounting the install image.
2. Run the ImageX command with the /mountrw command. This mounts the
image in a read/write state so that changes can be made. (Using the
/mount command mounts the image as a read‐only image.)
3. Run the Peimg /inf command to add drivers to the image.
4. Run the ImageX /unmount command with the /commit switch to save the
changes to the image.

Be aware of the following additional points about managing WDS images:

 A shared folder is created on the WDS server called RemoteInstall that

clients connect to in order to download images.
o The Images folder stores install images, and the Boot folder stores
boot images.
 o When you create an image group, a subfolder is created inside the
Images folder. Any image you add to the image group is copied to
this subfolder.
o When you add the same image to different image groups, the image
is copied to each image group. When you use multiple image groups,
you will have multiple copies of the image file on the WDS server.
o When you add an image to an image group, two files are created:
 The .rwm file is the .wim file from the installation medium.
This file includes all install images included on the installation
medium. This file is only copied once to the image group
folder. This file is large because it contains everything
necessary to install Windows.
 The .wim file contains metadata for the specific operating
system installation you have made available. For example, if
you chose to make the Standard and Standard Core editions
available, you will have two .wim files, one for each edition.
The size of these files is small because they only contain
metadata about a specific installation option.
 You can configure permissions to control which images a specific user can
access.
o Configure permissions on an image group to allow or prevent users
from accessing all images within the group. Setting permissions on
the image group modifies the permissions set on the parent image
group directory, and affects all .rwm files and .wim files within the
image group directory.
o Configure permissions on a specific image to prevent users from
accessing specific images. Users will only see the images they have
permissions to see. Setting permissions on the image file modifies
permissions on the .wim file, but not the .rwm file.
 You can store install images on a server that is not a WDS server, and then
use DFS to replicate images between multiple servers. Use this method to
load balance the downloading of install images and for centralized
administration of install images on multiple servers.
 To configure an unattended installation:
o Save the WDS client answer file to the
<drive>:\RemoteInstall\WdsClientUnattend folder. Edit the server
properties to enable unattended installations and point to this file.
 o Save the operating system answer file to a network share. Edit the
image properties to enable unattended installation for the operating
system and point to the operating system answer file.

© Sergey Gorokhod
MCT/MCSE/MCITP/MCTS/MCSA/CCSE/CCSA/CCNA/A+®
E‐mail: [email protected]
Mob: (+972) 526848757
1.4. WDS Multicast
New with Windows Server 2008/2012/2016, WDS multicasting allows multiple
computers to receive an image simultaneously, reducing the amount of network
traffic required for sending images. Without multicasting, when a client connects
to the WDS server, the requested image is sent directly to the client as it is
requested. When multiple clients connect multiple copies of the same image
could be sent on the network.

To configure multicasting with WDS:

 Each client computer has its own unique unicast IP address. Each client
listens to the same multicast IP address.
 IGMP snooping must be enabled on routers. If IGMP snooping is turned off
or not supported on your devices, multicast traffic may be treated like
broadcast traffic and sent to every device in the subnet.
 Use the Boot.wim image from the Windows Server 2008/2012/2016 or
Vista SP1/7/8/10 DVD. The Boot.wim file from the Vista DVD does not
support multicasting for clients.
 In the WDS server console, configure the server properties and configure
the multicast address. Make sure that the multicast IP address used by the
server does not overlap with other multicast addresses used on the
network.
 In the WDS server console, create a multicast transmission. There are two
types of multicast configurations:
o With auto‐cast, the transmission starts as soon as one client requests
it. Subsequent clients join the transmission that has already started.
o With scheduled‐cast, the transmission starts based on the number of
clients waiting and/or on the specific day and time.
 On the WDS server, you can customize how the server uses the network
bandwidth for multicasting by configuring the network profile. The profile
identifies the network bandwidth (10, 100, or 1,000 Mbps). For each
profile, default properties control how much bandwidth the server uses for
WDS multicasting. To use a custom profile, select the Custom option and
edit the registry to configure the profile settings. The following table lists
some profile settings you should know.
 Setting Description
Identifies how much data is transmitted in each packet.
ApBlockSize The block size should match the maximum block size
supported by the networking architecture.
Specifies the maximum bandwidth percentage used by
WDS. A setting of 100 decimal (or 64 hex) means the
TpMaxBandwidth server will use up to 100% of the available bandwidth.
Configure a lower value to ensure that WDS does not
consume all of the network bandwidth for multicasting.
Configures the maximum number of network hops for
which a multicast packet is valid. This value should be
greater than the number of routers between the WDS
server and the farthest WDS client. Normally, the
TpMulticastTTL default value will be sufficient because routers will only
forward multicast traffic to networks that include a
host for that multicast transmission. If routers do not
support IGMP snooping, you can decrease this value so
that multicast packets are not forwarded unnecessarily.

Note: You can configure a stand‐alone server with the Transport server role to
support multicast transmissions. However, this configuration requires additional
configuration steps beyond the scope of the course.

Use the WDS console to view and manage multicast transmissions that are in
progress.

 If you enable scheduled‐casting but do not specify a condition for when the
transmission starts, images are not sent until you manually start the
transmission.
 If you delete an existing transmission, current clients will continue the
installation using unicasting.
 If you deactivate an existing transmission, current clients will finish using
multicasting, but no new ones will be allowed to connect. After the
transmission is finished, the transmission will be deleted.
 Disconnect a client to stop the installation on a client. This stops the
installation immediately, and could leave the client in an unstable state.
  To disconnect a client from multicast but allow it to continue installation
using unicast, right‐click the client and select Bypass multicast.
 To modify the settings for a transmission (such as editing the start time or
the threshold value), delete the transmission and create a new one.
 With multiple clients connected to a multicast transmission, the
transmission will proceed at a rate that matches the slowest network client.

© Sergey Gorokhod
MCT/MCSE/MCITP/MCTS/MCSA/CCSE/CCSA/CCNA/A+®
E‐mail: [email protected]
Mob: (+972) 526848757