Windows Deployment, Part 12: Further Reading
My initial install of WDS was damaged (PXE clients were not receiving a response). I cured this problem by removing and reinstalling the WDS role / feature and unchecking the “Configure DHCP options to indicate that this is also a PXE server”. This is in WDS, right click on dc.demo.local and select properties, then select the DHCP tab.
Also, you need to see if anything else (ie a router) is giving out DHCP addresses. If so, either turn off DHCP on that device, or edit the DNS address it gives out to match your server.
Multicasting – this much slower when deploying only a few clients at once. This should be used when deploying to several tens or hundreds of clients at once.
Potential performance improvements:
If you have a busy WinPE environment (lots of apps / drivers that you are injecting), you may wish to up the scratch space from the default 32mb.
Bear in mind that choosing a higher number may cause problems with low memory clients (However, any machine you are trying to install Windows 8 on should be fine).
You would typically consider upping the scratch space when trying to inject large drivers such as those from Nvidia.
Screenshot: Altered the scratch space from 32mb to 128mb. This changes the RAM disk size.
You can monitor the progress of your deployment – open mdt and select monitoring.
Delegating ‘Joining Computers to the domain’ -permissions
By default, the ‘authenticated users’ group can join up to 10 workstations to the domain. This can be a security risk and you should think about deactivating this!
- Open the ADUC console as domain administrator.
- Create a new group ‘supporters’ and add user accounts to it, who should later be able to join machines to the domain.
- Right-click to CN=Computers and click ‘Delegate control’ to open the delegation wizzard.
- Click ‘Next’.
- Click ‘Add’ and add the group ‘supporters’. Click ‘Next’.
- Choose ‘Create a custom task to delegate’ on the ‘Tasks to delegate’ window.
- In the ‘Active Directory Object Type’ window, select ‘Only the following objects in the folder’ and check ‘Computer objects’ out of the list. Also check the two options ‘Create selected objects in this folder’ and ‘Delete selected objects in this folder’. Click ‘Next’.
- In the ‘Permissions’ window, check ‘General’ and ‘Property-specific’. Also select the following permissions from the list:
- Reset password
- Read and write account restrictions
- Read and write DNS host name attributes
- Validated write to DNS host name
- Validated write to service principal name
- Write servicePrincipalName
- Click ‘Next’.
- Click ‘Finish’.
After you finished these steps, members of the ‘supporter’ group will be able to join computers to the domain.
Here’s a list of useful websites I’ve found along the way.