System Administration and Maintenance

Level 4 (IT)

Prepared By:
Eng. Rasha A. Al-Arasi
***************************
****
Lecture 6 : - Creating and managing deployment images
 Overview of images
• .wim files contain all of the files and
information for one or more disk images
• WIMBoot files allow a computer to run
directly from a .wim file and reduce the
space requirements for Windows installations
 Types of images
• Thin image:
– Contains only the operating system and possibly a
few agents, such as Configuration Manager 2012
agent
• Thick image:
– Contains every application required by an end-user
• Hybrid image:
– Contains some of the applications required by most
users
 Overview of images
Boot image:
You can build boot images from:
•Windows Preinstallation Environment(Windows PE)
•On install media, boot.wim

Install image:
•The operating system
•On install media, install.wim
•Generally based on a captured reference computer
 Overview of image-based installation tools
Tools for image-based installations include:
– Setup.exe. Performs Windows installations by using interactive
or unattended installation methods. Can be used with answer
files and catalog with Windows SIM
– Windows Deployment Services(WDS). A role service on
Windows Server 2016
– Windows ADK. New upgraded version of Windows AIK that
contains Windows PE images
– DISM. Command-line and Windows PowerShell tool for
servicing Windows operating system images
– System Center Configuration Manager(SCCM). Comprehensive,
enterprise-level suite for deployment and management
 Creating, updating, and maintaining images

The process of creating an install image can be

summarized as follows:
– Create a capture image
– Install Windows on a reference computer
– Customize settings on the reference computer
– Generalize the reference computer
– Capture the reference image
 Creating, updating, and maintaining images

Use DISM to manage and maintain images

including:
– Apply updates, drivers, and language packages
– Add, remove, or enumerate packages and drivers
– Enable or disable Windows features
– Configure locale settings
– Upgrade an image to a different edition of
Windows
 Windows Deployment Services
Windows Deployment Services is a server role
that is provided with Windows Server 2016
•Windows Deployment Services:
– Enables you to perform network-based installations
– Simplifies the deployment process
– Supports deployment to computers with no
operating system
– Uses existing technologies, such as Windows
PE, .wim, .vhd and .vhdx files, and image-based
deployment
 What is WSUS?
• Windows Server Update Services
(WSUS) improves security by
applying updates to Microsoft
products and third-party products in
a timely way. It provides the
infrastructure to download, test, and
approve security updates.
• Applying security updates quickly
helps prevent security incidents
resulting from known vulnerabilities.
 What is WSUS?
Microsof
Automat t Update
ic website
updates

Server
running
Test clients Windows
Server Update
Services
LAN

Internet

Automat
ic
updates
 WSUS server deployment options
WSUS implementation:
– Single server
– Multiple servers
– Disconnected servers
 WSUS server deployment options
 WSUS server hierarchies allow you to:
• Download updates to servers that are closer to clients, such as servers in
branch offices.
• Download updates once, to a single server, and then replicate the updates
over your network to other servers.
• Separate WSUS servers based on the language their clients use.
• Scale WSUS for a large organization that has more client computers than a
single WSUS server can manage.
 In a WSUS server hierarchy, there are two types of servers:
• Upstream servers. Upstream servers connect directly to Microsoft Update to
retrieve updates, or are disconnected and receive updates by using portable
media.
• Downstream servers. Downstream servers receive updates from a WSUS
upstream server.
 WSUS server deployment options
Downstream servers can be configured in two
modes:
• Autonomous mode. Autonomous mode, or distributed
administration, allows a downstream server to retrieve
updates from an upstream server, but maintain
administration of the updates locally.
• Replica mode. Replica mode, or centralized
administration, allows a downstream server to receive
updates, computer group membership information,
and approvals from an upstream server.
 WSUS database
• WSUS stores information about updates,
computer groups, and approvals in a
database. WSUS can use two types of
databases:
– Windows Internal Database (WID).
This is the default setting for a WSUS database. When you deploy
WSUS by using a WID, a file named SUSDB.mdf
– SQL Server database
If SQL Server is available in your environment, you can use it to
store the data used by WSUS
 The WSUS update management process
Phase 1: Assess
• Set up
production
environment
Assess

Phase 4: Deploy Phase 2: Identify

Update
• Approve and Management Identif • Discover new
Deploy updates
schedule updates y
• Review process • Determine if

updates are
Evaluat relevant
e and
Plan
Phase 3: Evaluate and Plan
• Test updates
• Determine how to update production

environment
 Approving updates
• Updates can be:
– Approved automatically, but it is not
recommended
– Declined if they are not needed
– Removed if they cause problems
• Updates should be tested before they are
approved for production.
 Assignment 8
• What are computer groups?
• WSUS reporting.
• Windows PowerShell DSC (Desired State
Configuration.
 Lab 8
Windows Deployment Services(WDS).
System Center Configuration Manager(SCCM).
WSUS.