SolutionBase: Customize a Vista deployment image

To ease the pain of deploying a new operating system across many workstations, Microsoft improved its method of creating desktop images in Windows Vista by creating the Business Desktop Deployment 2007 tool. In this article, Brien Posey shows how to finish creating the deployment image.

Deploying a new operating system like Windows Vista across many workstations in an organization can present challenges. To ease the pain, Microsoft improved its method of creating desktop images in Windows Vista by creating the Business Desktop Deployment 2007 (BDD 2007) tool. In the article "Using the Deployment Workbench to install Windows Vista", I introduced this tool and began showing you how to create a Vista deployment image. So far, we have copied the Vista system files from the installation CD and associated a few applications with the deployment image. In this article, I will continue the discussion by showing you how to finish creating the deployment image.

Adding device drivers

Windows Vista ships with an extensive number of device drivers, so Vista should be able to identify even the most current hardware. When Windows XP was first released, it too had drivers for the vast majority of hardware components that were commonly found on workstations. Over time though, new hardware devices were created, for which Windows XP did not have a built in device driver. Likewise, the drivers that were included with Windows XP quickly became outdated as hardware manufacturers updated their device drivers.

History repeats itself: Although Vista includes a fairly comprehensive set of drivers today, that will not always be the case. Fortunately, you can add device drivers to your deployment image. One of the biggest benefits to BDD 2007 is that it is easy to add device drivers and applications to a deployment image. BDD 2007 doesn't require you to recreate your image from scratch every time your software needs change. Instead, you can simply add the necessary drivers to the deployment image, and those drivers will be included in all subsequent deployments.

In order to demonstrate the technique for adding a device driver to a deployment image, I am going to add a device driver for a Netgear gigabit Ethernet card to my deployment image. All of the computers on my network are equipped with this particular network card, and I'm honestly not sure if Vista comes with a driver for it or not. Rather than take a chance on using a built-in driver that may or may not exist, let's add the Netgear driver to the deployment image.

To do so, open the Deployment Workbench and navigate to Distribution Share | Out of Box Drivers. When you do, the Details pane will display any device drivers that have been associated with the deployment image. As you can see in Figure A, there are no drivers on this list by default.

Figure A

The Deployment Workbench does not list the built-in device drivers.

Now, right-click on the Out of Box Drivers container and select the New command from the resulting shortcut menu. When you do, you will see the screen shown in Figure B, which prompts you to enter the location of the device drivers that you want to include in the deployment image.

Figure B

The New Driver Wizard prompts you for the location of the device drivers that you want to include in the image.

If you look closely at the image, you will notice that the text above the Driver Source Directory input field indicates that all of the subdirectories beneath the location you specified will be scanned for device drivers. Since that's the case, I just entered the path to my Netgear installation CD. This CD contains drivers for network cards other than the model that I use, but device drivers are small, so it doesn't really matter if drivers other than the ones that I need are included in the deployment image. I would rather include unnecessary drivers than to try to look through the CD's directory and hope that I choose the correct subdirectory.

Press the Add button and the Deployment Workbench will begin scanning the specified location and its subdirectories for device drivers. When the process completes, any device drivers that have been detected will be imported into the deployment image and listed in the Out of Box Drivers container, as shown in Figure C.

Figure C

Drivers that have been detected are imported into the deployment image and are listed in the Out of Box Drivers container.

Adding OS packages

As I'm sure you know, the days of deploying an operating system and then never touching it again until the next OS is released are long gone. Windows Vista is a fairly new OS, and yet there are already plenty of patches that have been released.

Patching a newly deployed OS can be somewhat problematic for a couple of different reasons, firstly because the initial patching process can be annoying to the end user. For example, last week I set up a new machine that was running Windows Server 2003. I applied Service Pack 2 immediately after deployment, and a short time later, the machine began receiving updates from my WSUS server. The problem is, not all of the updates can be applied simultaneously. Each time I received a message that updates were available, I would apply the updates and then reboot the machine when prompted. Shortly after the reboot, though, I was prompted to apply more updates. This probably happened about a half-dozen times before the machine was fully up-to-date with the latest patches.

Granted, an end user isn't going to be running Windows Server 2003 on their desktop, but the concept is still the same. As more and more updates become available for Windows Vista, it may eventually get to the point where end users are prompted to reboot new machines multiple times before all of the latest updates are installed.

Having a machine constantly prompt end users to apply updates isn't really as much of a problem as it is an annoyance. What is a problem is that the majority of the released updates are security related. A new machine is left vulnerable to the various security holes until the related patch is applied.

This is where OS packages come into play. OS packages allow you to incorporate patches into the deployment images that you create. Patches are just the beginning; OS packages can consist of patches, service packs, or even language packs.

Before I show you how to apply an OS package, I need to mention one very important detail: The OS packages used by BDD 2007 are different from the packages and OSD feature pack packages used by SMS server. Microsoft refers to the packages used by BDD 2007 as OS packages in an effort to differentiate between BDD 2007 packages and SMS packages.

The process of adding an OS package to a deployment image is very similar to that of adding a device driver. To do so, navigate through BDD 2007's console tree to Distribution Share | OS Packages. The OS Packages container should initially be empty. Now, right-click on the OS Packages container, and select the New command from the resulting shortcut menu. When you do, Windows will launch the New Package Wizard, as shown in Figure D.

Figure D

You must provide the path to your OS package files.

Most importantly, know that you cannot just download a Windows Vista patch from the Microsoft Web site and expect to be able to apply the patch as an OS package. When you manually download a patch from Microsoft, the patch is almost always an EXE or MSI file. The New Package Wizard does not support these file types. You can only use files that are in CAB or MSU format.

The easiest way to get files that are in the correct format is to copy them from your WSUS server. The current version of WSUS stores patch files in the \WSUS\Wsuscontent folder, in a series of subdirectories with hexadecimal names. You can copy the desired folders directly to the machine that is running BDD 2007. Another option is to simply provide a direct path to your WSUS server. For example, the name of my WSUS server is Sentinel, so I entered \\Sentinel\C$ as the path to the OS package files. The server contains OS package files for other operating systems as well, but BDD 2007 ignores the files that it can't use. For example, Figure E shows the results of scanning an entire WSUS server.

Figure E

You can pull OS package files directly from your WSUS server.

Creating builds

Now that you have provided operating system source files, applications, drivers, and OS packages, you have most of the components in place that you will need for deploying Vista. Right now though, all of the files that you have provided to BDD 2007 all exist as separate entities. You must now create a build that will pull these various resources together.

Begin the process by right clicking on the Builds container found in the console tree, and selecting the New command from the resulting shortcut menu. When you do, Windows will display the New Build Wizard, as shown in Figure F.

Figure F

The New Build Wizard allows you to create a Vista build.

As you can see in the figure, the wizard's initial screen just asks you for some basic information that you can use to identify the build. You can enter pretty much anything you want into these fields. Press Next and the wizard will prompt you as to what OS you want to install. Obviously, you will be deploying Windows Vista, but there are many different editions of Windows Vista, as shown in Figure G.

Figure G

You must select the edition of Windows Vista to be included in the build.

Press Next and the wizard will prompt you for a product key, as shown in Figure H. If you will be using Windows Vista volume licensing, or a key management server, you don't have to enter a product key.

Figure H

You are given the option of entering a product key.

Press Next and the wizard will begin prompting you to enter information required by Windows Setup. You are prompted to enter a full name, organization name, and the home page that Internet Explorer should default to.

After entering this information, press Next, and you will be prompted to enter a local administrator's password. Since the password will be stored in an XML file, you have the option of providing the password during the deployment should you choose. Keep in mind that having to manually enter a password partially defeats the purpose of automating the installation process, however.

Finally, press the Create button, and the new build will be created. As you can see in Figure I, the new build is listed in the Details pane when the Builds container is selected.

Figure I

The new build is listed in the Details pane.

If you need to see the particulars of a build, or make changes to the build's settings, you can do so by right-clicking on the build and selecting the Properties command from the resulting shortcut menu. Doing so will cause Windows to display the properties sheet shown in Figure J. You can use this properties sheet and its various tabs to make any necessary changes to the build.

Figure J

You can alter the build's settings from the build's properties sheet.


In this article series, I have shown you how to use the Business Desktop Deployment 2007 tool to create a Windows Vista deployment image. I will be discussing the deployment process in a separate article.