Jason Cross
Systems Management
Zero Touch
Installation:
Automating
Operating System
Migrations
Historically, desktop OS migration has been a very labour intensive
project. The number of obstacles and questions to consider can be
intimidating. Will all the targeted machines support the new
operating system? Will your organisation’s
applications work after migration? How will
the data on systems be preserved? How do
you save money if specialists have to visit ev-
ery computer? How do you prepare for and
minimise the barrage of help desk calls that
will ensue? And once deployed, how will you
manage the new operating system?
During the typical roll-out, a herd of IT
staffers descend upon a workgroup of com-
puters during off hours and do the heavy
lifting. They manually save user data to a
file share (or even take an entire snapshot
of the PC), pull down the master image,
configure the system (manually join the
domain, let policies flow down, reinstall
applications, and so on), manually restore
user data, and then pray that the desktop
is functioning properly and hope that the
user won’t be too upset when he discovers
his previous settings have been lost. It’s not
a pretty process.
But I did start this article by saying “his-
torically”. These deployment blockers and
resource intensive processes have been ad-
dressed, and now you can automate the work
with the Systems Management Server (SMS)
2003 Operating System Deployment (OSD)
Feature Pack and the Solution Accelerator
for Business Desktop Deployment (BDD).
The OSD adds support for operating sys-
tem deployment to SMS, offering a similar
paradigm for deploying OS images as used
to deploy applications. If you are accus-
tomed to creating software packages with
SMS, you’ll find image packages are just as
easy since you use the same SMS adminis-
trator console (see Figure 1).
BDD provides end-to-end guidance
on desktop deployments for moving to
Windows XP and Microsoft Office 2003.
It’s very comprehensive, offering more than
two dozen documents covering the key top-
• Three types of deployment
AT A GLANCE
scenarios
• Key components needed for
automated deployment
• A walk through the three main
scenarios
Jason Cross is a Senior Consultant with Microsoft. He
has been involved in Zero Touch Technologies from its in-
ception.
TechNet Magazine October 2006 55
 Systems Management
Figure 1 Using SMS to Create an OS Image Package
Using the Zero Touch
Installation files
included in Business
Desktop Deployment
can reduce the time
and resources needed
to migrate a desktop.
ics of desktop deployment from soup to
nuts. Included in BDD are the Zero Touch
Installation (ZTI) files that are used to aug-
ment the capabilities of the SMS OSD for
the following scenarios.
Bare-Metal This involves a new, fresh in-
stallation. In this case, a new image is de-
ployed to a computer that does not have
any operating system installed on disk. A
variation on this theme is when an operat-
ing system is already installed on the com-
puter, but you are performing a fresh install
and do not need to save and restore any data
56 To get your FREE copy of TechNet Magazine subscribe at: www.microsoft.com/uk/technetmagazine
or settings.
Replacement In this scenario, a user is
moving from a legacy computer to a new
system. This means the user’s data and set-
tings must be moved to the new computer
and operating system.
Refresh In this situation the user retains
the same hardware, but is migrating over
to a new operating system. Once again, the
user’s data and settings must be moved to
the new operating system.
The remainder of this article focuses on
these scenarios and how ZTI can greatly
reduce the time and resources needed to
migrate a desktop.
What You Need
If you plan on using ZTI, there are some
prerequisites. The primary products, tech-
nologies, and components you’ll need are:
SMS OSD Feature Pack, BDD Enterprise
Edition, Remote Installation Services (RIS)
and User State Migration Toolkit (USMT).
Let’s take a closer look at each of these, ex-
ploring how they are used in ZTI deploy-
ments. For details on where you can get
these tools, see the sidebar “Get the Core
Components”.
The SMS OSD Feature Pack is a publicly
available download that you install (very
quickly) on your SMS primary site server.
The OSD includes a version of the Windows
Preinstallation Environment (Windows
PE) and features for capturing your master
image. Out of the box, the OSD supports
bare-metal and refresh scenarios. For a bare-
metal build, a CD is used to boot the tar-
geted machine. This is called the Operating
System Installation CD and is created using
the SMS Administrator Console. When you
use ZTI, however, the functionality of this
CD is replaced by RIS, which I will cover
in a moment.
BDD Enterprise Edition is also a publicly
available download. It includes all the docu-
mentation and scripts needed to implement
ZTI, as well as complete coverage of desktop
deployment guidance for Office Professional
2003 and Windows XP Professional (in-
cluding the Windows XP Professional x64
and Windows XP Tablet PC editions). The
Enterprise Edition of BDD is geared for
organisations with 500 or more PCs. But
if you have the necessary infrastructure in
place, BDD Enterprise Edition can assist
any size company.
 Systems Management

Remote Installation Services ships with Windows Server 2003,

and has been greatly enhanced since Windows 2000. In particu-
lar, it delivers better performance and lets you automatically by-
pass configuration screens during OS deployment. This is a key
feature essential for ZTI. RIS provides PXE (Pre-Boot Execution
Environment) capabilities and is used to stream Windows PE over
the network.
Finally, the User State Migration Toolkit (USMT) is a publicly
available download that you can use for migrating user data and
settings. The latest release has been significantly upgraded—it now
supports migration of multiple profiles at once and can run unat-
tended (meaning the user does not need to be logged on). USMT
is governed by .inf files so you can explicitly control what is saved.
For example, you can ignore a user’s vast library of MP3 files, re-
ducing the amount of time and storage space used during the mi-
gration process.

Putting the Pieces Together

To implement ZTI, you’ll need a stable infrastructure that con-
tains Active Directory, DNS, DHCP and SMS 2003 (with SP1 or
higher). The basic components for this solution are highlighted in
the “How It Works” section of this article, though your environ-
ment may have a different mix of servers and services.
There are two excellent guides that provide information and step-
by-step instructions on how to configure the OSD and set up ZTI:
the Users Guide that is included as part of the OSD download and
the Zero Touch Installation Deployment Feature Team Guide that
is part of the BDD Enterprise Edition download. Here’s a quick
overview of the key steps involved in setting up a ZTI solution.
First you need to install the OSD on your SMS primary site
server. Once this is installed, you can use the SMS Administrator
Console to create an Operating System Image Capture CD and an
Operating System Image Installation CD. The Image Capture CD
is used to capture your master image into a single file. This file con-
forms to the Windows Imaging Format (WIM), which is the new
Figure 2 Update Custom Actions of the Image Program Microsoft file-based imaging technology that was introduced with
the OSD. WIM offers modern capabilities, such as enhanced com-
Remote pression that allows for smaller image sizes and the ability to retain
user data and settings on the local disk during the image process
Installation (this saves space on your file servers). The Image Installation CD
enables the installation of the image package and is used to con-
Services figure the RIS server for ZTI.
Then you can create a master image. This is the baseline image
delivers better that will be distributed to all the computers receiving the OS de-
ployment. To do this, you should use a fresh reference computer
performance that has Windows XP SP2 and all the related updates installed.
You may want to include other core enterprise applications, such
and lets you as virus protection and the Microsoft Office System, on the refer-
ence computer as well. (For more information on setting a ZTI
automatically bypass baseline, see “Design More Secure Desktop Deployments”, at mi-
crosoft.com/technet/technetmag/issues/2006/03/SecureDeployments). The com-
configuration screens puter should be part of a workgroup, but not joined to an Active
Directory domain.
during OS deployment. Install the SMS Advanced Client on the reference computer. You
TechNet Magazine October 2006 57
 Systems Management

must run ccmdelcert.exe—a utility in the SMS Toolkit—after you

install the SMS Advanced Client. The sysprep directory and related
files must be on the system drive as well. For more instruction on
creating your master image, review the documentation and check
out the Computer Imaging System (CIS) utility in the BDD. CIS
will help you quickly generate a master image that can be used
with the OSD and ZTI.
Once the image has been created, you use the OSD Image Capture
CD to grab the master image and save it to a file server. This process
is as easy as placing the CD in the player and following the prompts.
Then using the SMS Administrator Console, create an image pack-
age and program. You then update the custom actions of the image
program to run the ZTI script, ZeroTouchInstallation.vbs, as seen
in Figure 2, and update accordingly for the State Capture, Preinstall,
Postinstall and State Restore phases.
Now create a standard SMS software package and include the
files from USMT and ZTI. This package will be used to capture the
user state in the Replacement Scenario. The ZeroTouchInstallation
.vbs script is used to drive the state capture in the Replacement
Scenario so you will need to use the following command line for
the package, which is shown in Figure 3:
wscript //b ZeroTouchInstallation.vbs /phase:OldComputer.

On a machine running SQL Server, create the ZTI Administration

Database (AdminDB) with the supplied SQL scripts. If at all pos-
sible, create this on the SMS primary server so you can take ad-
vantage of the existing instance of SQL Server. The ZTI AdminDB
is not large in regard to the number of tables and the amount of
data it stores.
The ZTI AdminDB is queried by ZeroTouchInstallation.vbs to
retrieve configuration information about the computers that are
going to be migrated. Therefore, the database needs to be popu-
lated with information about the systems being updated—infor-
mation like the time zone, Active Directory domain to join, Active
Directory Organizational Unit to be used to create the computer
account, MAC address of the target desktop and so on.
RIS must be installed and configured. Keep in mind you’ll need
two partitions on the server since the RIS files need to be stored on
a different partition than the operating system. You use the SMS
Operating System Installation CD to create the RIS boot image.
This CD includes the necessary files to stream Windows PE over
the network. Then you create a ZTI share. This, for example, can
be a file share on the SMS server. This share is where all the related
files for ZTI (ZeroTouchInstallation.vbs, CustomSettings.ini, and
USMT) are stored.
This is just a general guide to the essential steps in setting up
and preparing for a ZTI deployment. For the most part, you will
follow these steps, though the order can vary somewhat depend-
ing on your scenario.
Advanced Features
Beyond these basic features offered by BDD and the SMS OSD,
there is additional functionality that may be useful in your envi-
ronment. (These advanced features are further described in the
Zero Touch Installation Deployment Feature Team Guide.) You
58 To get your FREE copy of TechNet Magazine subscribe at: www.microsoft.com/uk/technetmagazine
Figure 3 Specifying the ZTI Script
can create a custom version of Windows PE so that it uses WMI
during the migration process. By using WMI you can determine
the make and model of the machine from the local computer BIOS.
The ZeroTouchInstallation.vbs script does this automatically. With
this information, you can further refine which SMS image package
and program to use as well as define any pertinent drivers you need
for a particular model. This avoids having to include all drivers for
all your computer models in the golden image, thus saving valu-
able space. Application reinstallation is a key part of any migra-
tion. Most often the golden image will not contain all applications
needed by everyone, therefore targeting these workgroup needs is
very important. BDD can assist by defining a computer to a certain
role which in turn can determine the applications to install. This
information can be stored in the CustomSettings.ini file or the ZTI
AdminDB. By using this functionality, for example, the Accounting
Group can receive the applications it needs, but not those needed
by the Sales Group. l
Get the Core Components
SMS OSD Feature Pack
microsoft.com/smserver/downloads/2003/osdfp.mspx
BDD Enterprise Edition
microsoft.com/technet/desktopdeployment/bddoverview.mspx
Remote Installation Services (RIS)
Included with Windows Server 2003
User State Migration Toolkit (USMT)
microsoft.com/technet/desktopdeployment/userstate/userstateusmt.mspx
 HOW IT WORKS
Systems Management

To understand how these pieces interact, it’s important to understand that the focal point is SMS and the image
package. ZTI works within the framework of the OSD to extend or enhance its core capabilities.
There are a lot of moving parts in any desktop migration. The upfront work needed to configure the
infrastructure for the OSD and ZTI is well worth the effort. The time-consuming tasks of a desktop migration
project become automated with only a relatively small number of backend systems. Meanwhile, BDD provides
guidance for the entire process.
For the IT staff, this translates into greater consistency, fewer help desk calls, and personnel are freed up to
focus on real issues. For the end user, this translates into reduced downtime and increased satisfaction. The
automation allows for more desktops to be upgraded in less time, making for a more efficient project.

Bare-Metal Scenario
This process involves deploying a new operat-
ing system to machines without the need to
preserve any applications, data or user settings.
1 The New Computer is powered on and the F12 key is pressed to initi-
ate a PXE or network boot. An IP address is acquired and interaction
begins with the RIS server to obtain the proper boot files.

2 Windows PE is streamed from the RIS server to the New Computer

and loaded into memory. Windows PE provides the core pieces of
functionality needed to perform networking, scripting, and so on. This
enables the VBScript and ADO queries that happen next.

RIS/File Server
3 ZeroTouchInstallation.vbs is executed. This is the heart of ZTI and uses
CustomSettings.ini to determine what values to set and where to find
the data. In this example, the data is retrieved using an ADO query from
2 the database BDDAdminDB. This data can include the SMS package and
Active Directory SMS Server
DNS Services
DHCP Services 4 program to use as well as other settings such as time zone, computer
1 name, Active Directory domain, and so on. All or part of this data can
reside in CustomSettings.ini, allowing you to avoid the BDDAdminDB
3
database altogether.

New Computer
4 The image is brought down and applied to the New Computer. After
the image is on the disk, sysprep.inf is updated with the particular
settings. The machine is then rebooted and mini-setup configures net-
working, joins the domain, and performs the other steps needed to make
the machine ready for use.

Replacement Old Computer

Scenario
In this scenario, you save user data and settings from the Old Computer, de-
3

2
1
ploy the new OS image to the New Computer, and then migrate the preexist-
ing user data and settings to the new system. Note that steps 4 to 7 for this
scenario are identical to steps 1 to 4 of the Bare-Metal Scenario.

1 This step involves the standard SMS way of delivering a package to a Active Directory
DNS Services
DHCP Services SMS Server
RIS/File Server
desktop. The USMT package is advertised to an SMS collection in which 4 5 8 7
6
the Old Computer is a member and then it is executed.

2 ZeroTouchInstallation.vbs is used to drive USMT so it needs some basic

information, such as where to save the data and what profiles to capture.
This data can be stored in BDDAdminDB or in CustomSettings.ini. In this
New Computer

example, an ADO query is used to obtain that information.

60
 Systems Management

Refresh Scenario
This process involves deploying a new OS image to existing computers, while maintaining
user settings and data.
Old Computer

1 This step involves the standard SMS way of delivering a package to a desktop. However, the
advertisement is for an OSD Image Package based upon the SMS Collection membership of
the computer.

2 The OSD Image Package captures the user state with USMT. Note that in this step the user
data and settings are stored locally. The information is copied to a reserved directory under
c:\minint. ZeroTouchInstallation.vbs checks to ensure sufficient disk space prior to saving locally
2 6
and performs an ADO query to BDDAdminDB.
5
3 The files for Windows PE are installed on the Old Computer. Windows PE is not streamed via
RIS, but is actually copied to disk. The computer is rebooted to Windows PE and continues
with the imaging process.
4
3
4 ZeroTouchInstallation.vbs is executed and performs an ADO query to obtain the pertinent
OSD data from BDDAdminDB. 1
5 The OSD image is brought down and applied to the disk. Sysprep.inf is updated with the
particular settings and the machine is rebooted. Mini-setup
then prepares the system for use by configuring networking,
joining the domain, and so on.

6 User data and settings are restored prior to the user logging
on. In this scenario, user state is reinstated from the information
stored locally. After the OSD imaging process is completed, the
reserved directory is deleted. An important design-time decision
is whether you want to save user state on a file server (and delete
it at your discretion) or store the user state locally and have it Active Directory RIS/File
DNS Services Server
automatically deleted after the imaging process is completed. DHCP Services
SMS Server

3 USMT is run, saving user data and settings out to a file server. This information can be saved to any file server—not just
the RIS server.

4 The New Computer is powered on and the F12 key is pressed to initiate a PXE or network boot. An IP address is acquired
and interaction begins with the RIS server to obtain the proper boot files.

5 Windows PE is streamed from the RIS server to the New Computer and loaded into memory. Windows PE provides the
core pieces of functionality needed to perform networking, scripting, and so on. This enables the VBScript and ADO
queries that happen next.

6 ZeroTouchInstallation.vbs is executed. This is the heart of ZTI and uses CustomSettings.ini to determine what values to set
and where to find the data. In this example, the data is retrieved using an ADO query from the database BDDAdminDB.
This data can include the SMS package and program to use as well as other settings such as time zone, computer name,
Active Directory domain, and so on. All or part of this data can reside in CustomSettings.ini, allowing you to avoid the
BDDAdminDB database altogether.

7 The image is brought down and applied to the New Computer. After the image is on the disk, sysprep.inf is updated
with the particular settings. The machine is then rebooted and mini-setup configures networking, joins the domain, and
performs the other steps needed to make the machine ready for use.

8 User data and settings are restored before the user logs on. ZeroTouchInstallation.vbs is used to drive USMT and access
the saved data on the file server that is applied to the New Computer.
www.technetmagazine.com September 2006 61