Embedded OS Deployment with System Center Configuration Manager (SCCM)
**Updated 3/26/09 with preface
[The following article is authored by one of the Windows Embedded MVPs (Most Valuable Professionals). Our MVPs have a heavy background in Embedded systems and are a great repository of information on Windows Embedded products. We’re providing this space on our team blog as a service to our readers by allowing MVPs to share some of their knowledge with the rest of the community.]
One of the new features in Windows Embedded Standard 2009 is the support of SCCM operating system deployment. This means, any Standard image can be deployed the same way images for desktop or server machines are deployed within an SCCM infrastructure. Previously, it was not possible to deploy XP embedded images, because XPe did not support the Sysprep utility.
Unique System Identifiers (SID) required
Sysprep is the desktop equivalent of the System Cloning Tool in Windows Embedded. Both tools change the SID of a system after the image is deployed and the target system starts for the first time in factory or field. This process is required, because all Windows systems are identified via a unique SID in a network. A lot of functionalities e.g. Active Directory or creating a network share rely on the uniqueness of this ID. To enable Sysprep support the Windows Embedded Standard team has created a dedicated component for the utility.
It is important to include only the Sysprep component, if the images are targeted to be deployed via SCCM OSD. The System Cloning Tool still is not intended to work with SCCM.
Sysprep settings
In contrast to the absolutely silent System Cloning Tool, Sysprep offers a user interface, which is shown during the first boot of the target machine after the image has been deployed. Embedded developers are able to leverage this UI called Mini-Setup to provide manual configuration options of device settings regarding network, domain participation or the installation of additional drivers to field personnel. Other important Sysprep settings are controlled via a configuration file called Sysprep.inf, which is located in the Sysprep folder. Please refer to the Windows Embedded Standard help to get a complete overview on the available, supported features.
The Sysprep process can also be run completely unattended, but it still shows Mini-Setup screens while executing the different tasks. All of the artwork, etc. in Mini-Setup can be replaced with custom images (branded), for example showing the logo of the device or the manufacturer.
There are some additional settings that can be configured in Target Designer, as well. The settings dialog specifies optional dependencies, for example scripting engine, command processor, languages that can be included depending on the settings you need to configure in Sysprep, as well as the use of Mini-Setup.
Sealing Images
There is no automatic sealing available for Sysprep as there is for System Cloning. But do not worry, in most cases the manual way is the better way to handle additional image configurations before sealing the image, anyway.
To seal the image, all custom configuration has been done and the system is ready for cloning, manually call
C:\Sysprep\Sysprep.exe –mini –reseal
Microsoft recommends you seal only once for each image, because repeating this step may lead to misconfigurations. Iit is considered a best practice to keep an unsealed version of the image as backup if changes to an image are required at a later stage. The sealed image is called a “Golden Master”, which can be used for deployment onto target devices.
Image capturing
The easiest way to integrate the sealed image into the SCCM process is to boot the system with an image capture disk that can be generated using the SCCM management console.
The image capture disk stores the Windows Embedded Standard image in a .wim file that is imported afterwards into SCCM as an operating system package.
SCCM OSD process
There are a few different ways to distribute an OS image in SCCM, ranging from creating a standalone distribution CD/DVD to sophisticated network deployments. All ways offer different security, bandwidth optimization, authentication and a lot of other options to create robust and secure deployments.
The general procedure is that all image tasks that need to be carried out during the installation of the new image are specified with the help of the Task editor in the SCCM MMC. There are pre- as well as post-deployment operations e.g. configuring disk layout, addition of users or joining to a domain. Additionally, there is a User State Migration Tool, which comes in handy if specific settings should be retained during the OS change, e.g. on a network share, and then reapplied to the freshly installed image.
Global maintenance platform in the OSD scenario is the Windows Preinstallation Environment (WinPE) 2.1, in SCCM 2007 R2. This is the PE version that came out for Vista SP1 as well as Server 2008 and, be aware that it is the only PE version that works with the current SCCM release!
WinPE is used as boot OS, regardless whether the systems boot from CD/DVD, USB Stick or via PXE boot on a network. It boots the systems and triggers the configured task sequence. All the partitioning, formatting, user state migration, etc., takes place and then the new image gets applied from the previously captured .wim file onto the target device. The system then is restarted and Sysprep kicks in running through Mini-Setup. This runs either unattended or with the manual interaction of field personnel. After this, all SIDs entries are changed and tasks configured in Sysprep.inf are executed. During the last step the system is rebooted for the final time and after this it is in a productive state.
Alexander Wechsler
Wechsler Consulting