How to deploy custom windows 7 using windows deployment services (WDS) 2008

Prerequisite:

1. Windows 2008 Active Directory, DNS and DHCP
2. Download Windows Automated Installation Kit (WAIK) and installed in WDS server.
3. Windows 7 DVD

Step1 Install WDS in Windows 2008 Server. Navigate to Start > All Programs > Administrative Tools >Manage Server>Expand Roles>add new role

Follow screen shot

Step2 Install WAIK in WDS server, In windows 2008, you don’t need to install .net framework 2.0. Its inbuilt. Insert WAIK DVD in WDS server and install WAIK. nothing special, install as you install an ordinary application. 

Step3 Configure WDS Server. Navigate to Start > All Programs > Administrative Tools > Windows Deployment Services. Expand Server and right click [sever name] and click Configure Server. Click Next to start the Wizard. Check the Path (I used e:\Remoteinstall, avoid boot partition if possible). For DHCP Options 60 Check both “Do not listen on Port 67″ and “Configure DHCP option 60 to “PXE Client” and Click Next. For PXE Server Initial Settings select “Respond to all (known and unknown) client computers” and click Finish

Check both “Do not listen to port 67” and “Configure DHCP option 60 to PXE Client” option if DHCP and WDS has been configured in same Server

on WDS console expand Servers, right click on WDS server, navigate to property. Click network settings>check obtain IP address from DHCP

 

Now add winpe.wim image in WDS. WDS>right click on boot image>Add boot image>Browse and navigate to C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE.WIM  Name this image as “Capture Image”

 

add boot.wim image in WDS. Now insert windows 7 DVD in WDS server’s dvd rom.  WDS>right click on boot image>Add boot image>Browse and navigate to D:\sources\boot.WIM  (d:\ is dvd rom drive) Name this image as “Deploy Image”

 

to add x64 bit winpe.wim in boot image, WDS>right click on boot image>Add boot image>Browse and navigate to C:\Program Files\Windows AIK\Tools\PETools\amd64\WinPE.WIM and add this image. 

  

Now make image group in WDS.

 

 Step4 Install Windows 7, prepare it by installing desired application. Log on to Windows 7 computer as an administrator. Navigate to c:\windows\system32\sysprep and Run sysprep.exe /oobe /generalize /reboot  from command prompt. be careful of this reboot to capture the image, if not you will need to re-do Sysprep. Press F12 to initiate a session the WDS Server. Select capture Image option.

    

On command prompt as shown above screen, type WDSCapture and hit enter key.

Upload image to WDS server, click on connect, provide credentials if required, select Image group and name it.

Once image capture is done. navigate to WDS console>Image group>right click on windows7 image>property>check allow image to install in unattended mode>select file> browse and navigate to unattended xml file prepared using WAIK.

 

Step5  to deploy this image boot similar workstation and press F12 to PXE boot. Select deploy image option>select group>select image.

Choose right fibre optic for IT network

 

A reliable network is the basic requirement by entire computer systems. It come first in every layer of communication starting from core, distribution and access networks. If this is done done properly, later on you will get lots hassle maintaining and upgrading these glass fibre. 

Selecting the right type of fibre depends on individual need.  It is necessary to evaluate the current needs of the network and then look down the road to how it will be used in the future. The cable used to upgrade an existing backbone, for example, may be different from the cable used to connect directly to core switch modular. Future bandwidth requirements, transmission distances and network architecture influence fibre selection just as much as current needs. Therefore, a careful assessment of potential network usage will help avoid the costs of preventable upgrades.

Multimode OR single mode

Multi-mode (MM) optical fibre is a type of  fibre optic mostly used as backbone communication over shorter distances, such as within a building/campus. Typical multimode links have data rates of 10 megabit/second to 10 Gigabit/second over link lengths of up to 600 meters. multi-mode fibre are described using OM1, OM2, and OM3 which is based on the bandwidth of the multi-mode fibre. Among these three OM3 got higher network speed.

single-mode optical fibre is an optical fibre designed to carry only a single ray of light. In a single mode fibre data can travel up to 10 gigabits/second at a distances of over 60 km with commercially available transceivers and several hundred kilometres at 40 Gbit/second.

Duplex cable consists of two fibres, usually in a zip cord style. Use duplex multimode or single-mode fibre optic cable for applications that require simultaneous, bi-directional data transfer. Network Equipment require duplex cable. Duplex fibre is available in single-mode and multimode.

Simplex fibre optic cable consists of a single fibre and is used in applications that only require one-way data transfer. Simplex fibre is available in single-mode and multimode.

Connectors and modular

Connectors keep the information flowing from cable to cable or cable to device (switch/router/server/storage). Traditionally, networks have relied on ST connectors. Over time, they have moved to SC connectors, which provide slightly better performance against loss, more efficient installation, and easier maintenance. user embrace LC connector as data centre grows up. These connectors offer lower loss in a smaller form factor and provide higher performance and greater fibre density. Most network equipment can rely on modular Gigabit fibre-optic interfaces, called GBIC and SFP transceivers.

In practice, you have to study your needs and justify your investment for present and future. Choosing right fibre optic will help you to avoid any upgrade hassle and future cost of maintenance.

IP address and subnet

An IP address is an address used to uniquely identify a devices such as computer,server and printers on an IP network. The address is made up of 32 binary bits which can be divisible into a network portion and host portion with the help of a subnet mask. The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period (dot). IP address divided into different classes. Class A (1.0.0.0-127.255.255.255), Class B (128.0.0.0-191.255.255.255), Class C (192.0.0.0-223.255.255.255), Class D (224.0.0.0-239.255.255.255), class D, Class E and Classless Inter-domain Routing (CIDR). 

• Class A—The first octet (8bits) denotes the network address, and the last three octets (24bits) are the host portion. Any IP address whose first octet is between 1 and 126 is a Class A address. Note that 0 is reserved as a part of the default address, and 127 is reserved for loopback.
• Class B—The first two octets (16 bits) denote the network address, and the last two octets (16 bits) are the host portion. Any address whose first octet is in the range 128 to 191 is a Class B address.
• Class C—The first three octets (24bits) denote the network address, and the last octet (8bits) is the host portion. The first octet range of 192 to 223 is a Class C address.
• Class D—Used for multicast. Multicast IP addresses have their first octets in the range 224 to 239.
• Class E—Reserved for future use and includes the range of addresses with a first octet from 240 to 255.

Network Masks 

A network mask identify which portion of the address is network and which portion is the node. Class A, B, and C networks have default masks, also known as natural masks, as shown here:

Class A: 255.0.0.0

Class B: 255.255.0.0

Class C: 255.255.255.0

Subnetting

By subnetting you will be able to create multiple logical networks in a single physically connected networks (a single Class A, B, or C network). If you do not have subnet, you are only able to use one network from your desired Class A, B, or C network, which is crap.  for example

10.143.8.1 – 00001010.10001111.00001000.00000001

255.255.255.128- 11111111.11111111.11111111.10000000

If you count number of 1 in the bitmask you will get total 25. So the mask of 255.255.255.128 can also be denoted as /25 as there are 25 bits that are set in the mask.                 

There is another method called CIDR. Classless Interdomain Routing (CIDR) was introduced to improve both address space utilization and routing scalability in the Internet. CIDR moves way from the traditional IP classes (Class A, Class B, Class C, and so on). In CIDR , an IP network is represented by a prefix, which is an IP address and some indication of the length of the mask. one of these networks can be described with the notation prefix/length. For example, 10.0.0.0/25 denotes the network 10.0.0.0 255.255.255.128

CIDR also depicts a more hierarchical Internet architecture, where each domain takes its IP addresses from a higher level. This allows for the summarization of the domains to be done at the higher level. For example, if an ISP owns network 203.17.0.0/16, then the ISP can offer 203.17.1.0/24, 203.17.2.0/24, and so on to their clients.

Class A subnet table and no of hosts/subnet

 

Source: Cisco

Class B subnet table and no of hosts/subnet

Source: Cisco

Class C subnet table and no of hosts/subnet

Source: Cisco

Real life implication

It is required to perform these sort of task as a network/systems administrator in any organisation. Consider, you work in a mid size organisation and you want to deploy 1500 desktop and 100 servers in an organisation. You have 80 network printers and iSCSI will be in operations. In this situation, I prefer to have 5 VLANs configured in core switch, distribution and access networks. why 5 because you need management vlan for all the switches you will be installing and rest four vlans. It is always good idea to get more IP then you need that will help you in future if your company expand.

Desktop:

Subnet	Mask	Subnet Size	Host Range	Broadcast
10.10.8.0	255.255.248.0	2046	10.10.8.1  to  10.10.15.254	10.10.15.255

Server:

Subnet	Mask	Subnet Size	Host Range	Broadcast
10.10.2.0	255.255.255.0	254	10.10.2.1  to  10.10.2.254	10.10.2.255

Printers:

Subnet	Mask	Subnet Size	Host Range	Broadcast
10.10.3.0	255.255.255.128	126	10.10.3.1  to  10.10.3.126	10.10.3.127

iSCSI:

Subnet	Mask	Subnet Size	Host Range	Broadcast
10.10.4.0	255.255.255.192	62	10.10.4.1  to  10.10.4.62	10.10.4.63

Management vlan

Subnet	Mask	Subnet Size	Host Range	Broadcast
10.10.0.0	255.255.254.0	510	10.10.0.1  to  10.10.1.254	10.10.1.255

This is just an example and passing my time. It will definitely be different in your circumstances. Don’t worry about this binary and decimal calculation. Download solarwinds subnet calculator free tool and do it smooth as silk.

How to migrate Windows 2003 Active Directory to Windows 2008 Active Directory—–Step by Step guide

Microsoft’s new baby in their server family is Windows Server 2008. The Windows Server® 2008 operating system ease operation of IT administrator and enterprise IT planner and designer. Windows 2008 Active Directory got improved roles, AD domain services, federation services, AD rights management services, compliances and BPA. Its time to shift to Windows 2008 Active Directory. In this article, I will show how to migrate from windows 2003 AD to windows 2008 AD.

On Windows Server 2003 DC, insert the Windows Server 2008 DVD, then open command prompt and change directory to  d:\sources\adprerp directory. Here D:\ is my dvd rom drive. In your case do as appropriate. note: you need to log on to windows 2003 domain controller as enterprise admin to run these command.

Now run following command   adprep/ forestprep 

After finishing forestprep run adprep/ domainprep

  

adprep/ rodcprep (Optional)

Install windows 2008 server and promote windows 2008 server as additional domain controller in windows 2003 forest

This is a trial version of windows 2008, I do not find any necessity to mention any cd key for this article. If you have proper cd key, you can mention here.

Windows 2008 will ask you to reset password for the first time. note: password complexity is enabled by default.

Now you have completed installing Windows 2008 machine. Log on as an administrator. Add active directory role in windows 2008 server. follow the screenshot as shown below

Mention your existing domain name, provide domain admin credentials to add this server to domain.

A restore password is required in case you need to restore AD.

Now restart windows 2008 server. It takes few minutes to replicate all AD container, AD object and DNS records. I would prefer to wait more then hours and see all the records are available in windows 2008 active directory. or you can force replicate all record if necessary.

Now transfer all the FSMO roles from windows 2003 AD domain controller to windows 2008 AD domain controller. Log on to windows 2003 domain controller as enterprise admin. open command prompt type as follows:

ntdsutil

roles

connections

connect to server WIN2008SERVERNAME

q

Transfer domain naming master

Transfer PDC

Transfer Schema Master

Transfer RID master

Transfer infrastructure master

 

Now you are ready to demod windows 2003 domain controller. log on to windows 2003 domain controller as domain admin . Open AD sites and services from administrative tools, expand default first site name, expand windows 2003 domain controller, right click on NTDS settings and go to properties. uncheck global catalog, click ok.

open run from start menu type dcpromo

 

LEAVE THIS ABOVE BOX UNCHECKED, this will enable windows 2003 domain controller transfer all AD database to windows 2008 domain controller.

 

Click next, provide password and follow next prompt, wait until demotion completed. Restart…. That’s all.

Backup, restore or migrate Print server in easy steps

Have you added a print server to your DRP work sheet? It is absolutely necessary when you have hundreds of printers in your print server/servers. Here is a solution for backup/restore/migrate print server.

Print migration 3.1 has been replaced with printbrm.exe i.e. print management in Vista. It easy to migrate print server whether it is x64 or x86 bit print server. It is very handy tool for system admin to backup print server after adding new printers in print servers or modifying network config in printers. Vista print management will save lots of time if disaster knocks on the door. If you don’t have Windows Server 2003 R2 (inbuilt print management) and you are in catastrophe then you can restore printers in few steps and all in GUI mode if you backed up printer drivers and config.

Backup printer drivers and config

From windows vista machine, open the Administrative Tools , and then click Print Management

Right click on print management, Click Export printer queues and printer drivers to a file, and then click Next

 

Type name of the print server on the network then click next

You will be presented with all the available printers in print server, click next

Type the location where backup will be saved, click next

Wait until export/backup complete, click finish. Now a complete backup has been performed and saved in preferred location. Make sure you got a backup file name.printerexport

Restore /Import printer drivers and config

to restore print server to different server, open print management from administrative tools in vista machine, right click print management, select import, click next

type source of backup file i.e. name.printerexport file, click next

You will see a list of printer, you backed up, click next

Write destination print server name (netbios name) on the network, click next

Command line help for Printbrm.exe

Open command prompt, go to c:\windows\system32\spool\tools

To backup type

Printbrm.exe –B –S \\SourceServerName –F \\UNCPath\name.printerexport

To restore

Printbrm.exe -R -S \\DestinationServerName –F \\UNCPatch\name.printerExport

Printbrm.exe /?

Note: Vista print migration tool compitable with windows 2003 print server and windows 2008 print server.

How to configure Microsoft Radius Server (IAS) for Macintosh OSX 10.5, Windows 7 and windows XP Pro client

Internet Authentication Service (IAS) is the Remote Authentication Dial-in User Service (RADIUS) server in Windows Server 2003 family. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, IAS forwards authentication and accounting messages to other RADIUS servers. A RADIUS client (typically an access server such as a dial-up server, VPN server, or wireless access point) sends user credentials and connection parameter information in the form of a RADIUS message to a RADIUS server. Microsoft Radius supports Windows 7, Windows XP SP2 and Mac OSX clients. This article provided an overview of Microsoft RADIUS and PEAP security and described how RADIUS security are implemented and deployed in IT infrastructure.

Prerequisite : Microsoft Active Directory, DNS, DHCP and Certificate Server, Cisco 1200 series wireless AP, MAC OSX 10.5, Windows XP Pro/Windows 7.

AAA Infrastructure:

Aunthentication: Microsoft Active Directory, Authorization: Microsoft Radius (IAS), Accounting: Microsoft Radius (IAS)

Security Measures: PEAP and Shared Secret

Encryption: MSCHAPv2 

Configure IAS

Make sure all prerequisites mentioned above are ready and working. Install windows server and make it a member of Microsoft Active Directory domain.

Install machine certificate i.e. computer certificate in this server

Click on add/remove snap in

 

Click add

Select Certificates, click add

Check computer account radio button, click next

Select local computer, click finish

Right mouse click on personal and click on request certificate, follow screen shot

Click next, then click ok.

Install IAS as follows

Go to Add remove windows component, select internet Authentication Service, click ok.

Open IAS console from administrative tools, right click on IAS as above, click register service in Active Directory

Add RADIUS Client, mention Cisco access point name and IP of Cisco Access Point, click next

Select Radius standard and provide shared secret and confirm, click finish. Shared secret must be same as you mentioned in Cisco wireless access point

Create Wireless access group in windows Active Directory and Add desired members in that group

go to administrative tools in IAS server, open IAS console, Add wireless access policy in Radius server

right click in wireless access policy and create new access policy

Select as above

Check Wireless and click next

Add wireless access group from active directory by click add button

Select PEAP, click on configure

Click ok

Click finish

Now go to property of newly created access policy, click edit profile, click authentication tab, check EAP  methods as follows.

Check  encryption and authentication method. Use MSCHAP v2. Encryption 128 bits.

Configure Wireless access point as shown in the link

http://araihan.wordpress.com/2009/08/02/how-to-configure-cisco-1242-ap-to-get-authentication-from-ms-ias/

Now infrastructure is ready to authenticate iMac OSX 10.5, Windows 7 and XP via wireless.

Log on to an XP machine using user credentials who is a member of wireless access group. Go to run, type mmc and press ok. follow the steps mentioned above on top to install machine certificate but this time install user certificate i.e. check user account instead of computer account.

Once user certificate installed, right click on user certificate, click All task, click export follow screen shot

Save certificate in usb stick.

Configure Mac OSX 10.5

Now open iMac/Mac book pro. Go to utility, open Key Chain, select login, drag certificate from USB stick and drop it in key chain login, click ok

Type the password used while exporting certificate

go to system preference, open network, select AirPort, click on advance, click on +

Click on show all, select desired Mac wireless SSID, follow screen shot

type AD user name and password who is a member of wireless access group, select certificate, click  add

Now authenticated as above. all done.

It is not necessary to bind Mac OSX 10.5 to AD to get wireless authentication via RADIUS. PEAP and certificate will do. now you can add user home drive, printer from print server. 

On Windows XP or Windows 7 machine, log on using domain user credential who is a member wireless access group, install user certificate and machine/computer certificate as mentioned above. Turn on wireless, select SSID, click on connect, in few seconds it will be connected.

Move RIS from old server to new

Scenario: Consider present infrastructure got AD, DNS, DHCP and RIS. DHCP and RIS installed in old server. You bought new server that required to move RIS and DHCP. This is how, you can accomplish your objective. Consider ServerA will be decommissioned as RIS and ServerB will be commissioned as RIS.

Step1 Backup DHCP

Step2 Copy all RIS images from ServerA  from separate storage \\ServerA\REMINST\Setup\English\Images

you can use XCOPY Source destination /Y /X /O /E /H /K /C from command prompt.

Step3 Stop DHCP and RIS services in ServerA

Step4 Install new server i.e. ServerB and Patch up

Step5 install DHCP in ServerB, restore DHCP from backup and start DHCP service

Step6 install RIS from add/remove windows component and run RIS setup

Step 7 delete *.pnf files from \\ServerB\REMINST\Setup\Images folder

Step 8 Copy all previous image using XCOPY command to new server i.e. \\ServerB\REMINST\Setup\Images folder

Step9 restart RIS service or reboot new RIS server

You are ready to go.