Windows Setup (Setup.exe) is the program that installs Windows 7. It uses image-based setup (IBS) to provide a single, unified process with which all customers can install Windows. IBS performs clean installations and upgrades of Windows. Windows Setup and IBS allow you to deploy Windows 7 in your organization easily and cost effectively.
Windows Setup includes several new features that facilitate installations that are faster and more consistent than Windows XP, including the following:
• Improved image management. Windows 7 images are stored in a single .wim file. A .wim file can store multiple instances of the operating system in a single, highly compressed file. The install file, Install.wim, is located in the Sources folder on the Windows 7 media.
• Streamlined installation. Windows Setup is optimized to enable the deployment scenarios used by most organizations. Installation takes less time and provides a more consistent configuration and deployment process, resulting in lower deployment costs.
• Faster installations and upgrades. Because Windows Setup is now image based, installing and upgrading Windows 7 is faster and easier. You can perform clean installations of Windows 7 by deploying the Windows image to destination computers; you perform upgrades by installing a new image onto an existing installation of Windows. Windows Setup protects the previous Windows settings during the installation.
Windows Setup improves the installation experience over Windows Vista. For example, Windows Setup moves the license key to the Windows Welcome page, allowing users to type a product key after completing installation. Windows Setup also automatically creates a small, hidden partition for BitLocker Drive Encryption. This makes it easier to enable BitLocker Drive Encryption later, because users don’t have to prepare the drive. Additionally, the last phase of Windows Setup, Windows Welcome, is faster and gives more feedback on the progress of the setup process.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Windows Deployment Platform Components - Windows SIM
Windows SIM is the tool you use to create and configure Windows 7 answer files. You can configure features, packages, and answer file settings. Windows Setup uses Unattend.xml to configure and customize the default Windows 7 installation for all configuration passes. For instance, you can customize Internet Explorer, configure Windows Firewall, and specify the hard drive configuration. You can use Windows SIM to customize Windows 7 in many ways, including the following:
• Install third-party applications during installation.
• Customize Windows 7 by creating answer files (Unattend.xml).
• Apply language packs, service packs, and updates to an image during installation.
• Add device drivers to an image during installation.
With versions of Windows earlier than Windows Vista, you had to edit answer file settings manually using a text editor, even after initially creating an answer file by using Windows Setup Manager. The Windows 7 answer file (Unattend.xml) is based on XML and is far too complex to edit manually, however. So you must use Windows SIM to edit Windows 7 answer files.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
• Install third-party applications during installation.
• Customize Windows 7 by creating answer files (Unattend.xml).
• Apply language packs, service packs, and updates to an image during installation.
• Add device drivers to an image during installation.
With versions of Windows earlier than Windows Vista, you had to edit answer file settings manually using a text editor, even after initially creating an answer file by using Windows Setup Manager. The Windows 7 answer file (Unattend.xml) is based on XML and is far too complex to edit manually, however. So you must use Windows SIM to edit Windows 7 answer files.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Windows Deployment Platform Components - Answer Files
An answer file is an XML-based file that contains settings to use during a Windows 7 installation. An answer file can fully automate all or part of the installation process. In an answer file, you provide settings such as how to partition disks, the location of the Windows 7 image to install, and the product key to apply. You can also customize the Windows 7 installation, including adding user accounts, changing display settings, and updating Windows Internet Explorer favorites. Windows 7 answer files are commonly called Unattend.xml.
You use Windows SIM (see the section titled “Windows SIM” later in this chapter) to create an answer file and associate it with a particular Windows 7 image. This association allows you to validate the settings in the answer file against the settings available in the Windows 7 image. However, because you can use any answer file to install any Windows 7 image, Windows Setup ignores settings in the answer file for features that do not exist in the Windows image.
The features section of an answer file contains all the feature settings that Windows
Setup applies. Answer files organize features into different configuration passes: windowsPE, offlineServicing, generalize, specialize, auditSystem, auditUser, and oobeSystem. Each configuration pass represents a different installation phase, and not all passes run during the normal Windows 7 setup process. You can apply settings during one or more passes. If a setting is available in more than one configuration pass, you can choose the pass in which to apply the setting.
Microsoft uses packages to distribute software updates, service packs, and language packs. Packages can also contain Windows features. By using Windows SIM, you can add packages to a Windows 7 image, remove them from a Windows 7 image, or change the settings for features within a package.
The Windows Foundation Package, included in all Windows 7 images, includes all core
Windows 7 features such as Media Player, Games, and Windows Backup. Features are either enabled or disabled in Windows 7. If a Windows 7 feature is enabled, the resources, executable files, and settings for that feature are available to users on the system. If a Windows 7 feature is disabled, the package resources are not available, but the resources are not removed from the system.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
You use Windows SIM (see the section titled “Windows SIM” later in this chapter) to create an answer file and associate it with a particular Windows 7 image. This association allows you to validate the settings in the answer file against the settings available in the Windows 7 image. However, because you can use any answer file to install any Windows 7 image, Windows Setup ignores settings in the answer file for features that do not exist in the Windows image.
The features section of an answer file contains all the feature settings that Windows
Setup applies. Answer files organize features into different configuration passes: windowsPE, offlineServicing, generalize, specialize, auditSystem, auditUser, and oobeSystem. Each configuration pass represents a different installation phase, and not all passes run during the normal Windows 7 setup process. You can apply settings during one or more passes. If a setting is available in more than one configuration pass, you can choose the pass in which to apply the setting.
Microsoft uses packages to distribute software updates, service packs, and language packs. Packages can also contain Windows features. By using Windows SIM, you can add packages to a Windows 7 image, remove them from a Windows 7 image, or change the settings for features within a package.
The Windows Foundation Package, included in all Windows 7 images, includes all core
Windows 7 features such as Media Player, Games, and Windows Backup. Features are either enabled or disabled in Windows 7. If a Windows 7 feature is enabled, the resources, executable files, and settings for that feature are available to users on the system. If a Windows 7 feature is disabled, the package resources are not available, but the resources are not removed from the system.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Windows Deployment Platform Components
Understanding the new deployment tools and how they interconnect is the first step in beginning a Windows 7 deployment project. At the lowest tier are Windows Imaging (.wim) files, which are highly compressed, file-based operating system images.
At the second tier are answer files. Versions of Windows earlier than Windows Vista had numerous answer files, including Unattend.txt and Sysprep.inf, to drive the deployment process. Windows 7 uses a single XML-based answer file, Unattend.xml, to drive all its configuration passes. (A configuration pass is an installation phase.) This improvement makes configuration more consistent and simplifies engineering.
At the third tier are the various deployment tools for Windows 7. The Windows 7 distribution media includes some of these tools, including Sysprep, DISM, and other command-line tools—they aren’t on the media in a separate file such as Deploy.cab. The Windows AIK 2.0 includes the bigger tools, such as Windows SIM, Windows PE, and ImageX. These are the basic tools necessary to create, customize, and deploy Windows 7 images. They are standalone tools that don’t provide a deployment framework or add business intelligence and best practice to the process.
The fourth tier, MDT 2010, provides the framework, business intelligence, and best practices. MDT 2010 is a process and technology framework that uses all the tools in the third tier, potentially saving your organization hundreds of hours of planning, developing, testing, and deployment. MDT 2010 is based on best practices developed by Microsoft, its customers, and its partners. It includes time-proven management and technology guidance as well as thousands of lines of thoroughly tested script code that you can use as is or customize to suit your organization’s requirements.
Using MDT 2010, you can perform both Lite Touch Installation (LTI) and Zero Touch Installation (ZTI) deployment. LTI requires very little infrastructure and is suitable for most small and medium businesses. ZTI requires a System Center Configuration Manager 2007 R2 infrastructure and is suitable for organizations that already have the infrastructure in place.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
At the second tier are answer files. Versions of Windows earlier than Windows Vista had numerous answer files, including Unattend.txt and Sysprep.inf, to drive the deployment process. Windows 7 uses a single XML-based answer file, Unattend.xml, to drive all its configuration passes. (A configuration pass is an installation phase.) This improvement makes configuration more consistent and simplifies engineering.
At the third tier are the various deployment tools for Windows 7. The Windows 7 distribution media includes some of these tools, including Sysprep, DISM, and other command-line tools—they aren’t on the media in a separate file such as Deploy.cab. The Windows AIK 2.0 includes the bigger tools, such as Windows SIM, Windows PE, and ImageX. These are the basic tools necessary to create, customize, and deploy Windows 7 images. They are standalone tools that don’t provide a deployment framework or add business intelligence and best practice to the process.
The fourth tier, MDT 2010, provides the framework, business intelligence, and best practices. MDT 2010 is a process and technology framework that uses all the tools in the third tier, potentially saving your organization hundreds of hours of planning, developing, testing, and deployment. MDT 2010 is based on best practices developed by Microsoft, its customers, and its partners. It includes time-proven management and technology guidance as well as thousands of lines of thoroughly tested script code that you can use as is or customize to suit your organization’s requirements.
Using MDT 2010, you can perform both Lite Touch Installation (LTI) and Zero Touch Installation (ZTI) deployment. LTI requires very little infrastructure and is suitable for most small and medium businesses. ZTI requires a System Center Configuration Manager 2007 R2 infrastructure and is suitable for organizations that already have the infrastructure in place.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Windows 7 Deployment Terminology
The following terms are unique to Windows 7 deployment and MDT 2010. Understanding this terminology will help you better understand the deployment content.
• Answer file. An XML file that scripts the setup experience and installation settings for Windows 7. The answer file for Windows Setup is usually Unattend.xml or Autounattend.xml. You can use Windows SIM to create and modify this answer file. MDT 2010 builds answer files automatically, which you can customize if necessary.
• Catalog file. A binary file that contains the state of all the settings and packages in a Windows 7 image. When you use Windows SIM to create a catalog file, it enumerates the Windows 7 image for a list of all settings in that image as well as the current list of features and their current states. Because the contents of a Windows 7 image can change over time, it is important that you re-create the catalog file whenever you update an image.
• Feature. A part of the Windows 7 operating system that specifies the files, resources, and settings for a specific Windows 7 feature or part of a Windows 7 feature. Some features include unattended installation settings, which you can customize by using Windows SIM.
• Configuration pass. A phase of Windows 7 installation. Windows Setup installs and configures different parts of the operating system in different configuration passes. You can apply Windows 7 unattended installation settings in one or more configuration passes. For more information about configuration passes, see the Windows Automated Installation Kit User’s Guide in the Windows AIK 2.0.
• Configuration set. A file and folder structure that contains files that control the preinstallation process and define customizations for the Windows 7 installation.
• Destination computer. The computer on which you install Windows 7 during deployment. You can either run Windows Setup on the destination computer or copy a master installation onto a destination computer. The term target computer is also commonly used to refer to this.
• Deployment share. A folder that contains the source files for Windows products that you install. It may also contain additional device drivers and application files. You can create this folder manually or by using Windows SIM. In MDT 2010, the deployment share, called a distribution share in previous versions of MDT, contains operating system, device driver, application, and other source files that you configure with task sequences.
• Image-based setup. A setup process based on applying an image of an operating system to the computer.
• Master computer. A fully assembled computer containing a master installation of Windows 7 that you capture to a master image and deploy to destination computers. The term source computer is also commonly used to refer to this.
• Master image. A collection of files and folders (usually compressed into one file) captured from a master installation. This image contains the base operating system as well as additional applications, configurations, and files.
• Master installation. A Windows 7 installation on a master computer that you can capture as a master image. You can create the master installation using automation to ensure a consistent and repeatable configuration each time.
• Package. A group of files that Microsoft provides to modify Windows 7 features. Package types include service packs, security updates, language packs, and hotfixes.
• Task sequence. A sequence of tasks that runs on a destination computer to install Windows 7 and applications and then configures the destination computer. In MDT 2010, task sequences drive the installation routine.
• Task Sequencer. The MDT 2010 component that runs the task sequence when installing a build.
• Technician computer. The computer on which you install and use MDT 2010 or
Windows AIK 2.0. This computer is typically located in a lab environment, separate from the production network. It can be a workstation- or a server-class computer.
• Unattend.xml. The generic name for the Windows 7 answer file. Unattend.xml replaces all the answer files in earlier versions of Windows, including Unattend.txt, Winbom.ini, and others.
• .wim. A file name extension that identifies Windows image files created by ImageX.
• Windows 7 feature. An optional feature of Windows 7 that you can enable or disable by using Unattend.xml or DISM.
• Windows image file. A single compressed file containing a collection of files and folders that duplicate a Windows installation on a disk volume. Windows image files have the .wim file extension.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
• Answer file. An XML file that scripts the setup experience and installation settings for Windows 7. The answer file for Windows Setup is usually Unattend.xml or Autounattend.xml. You can use Windows SIM to create and modify this answer file. MDT 2010 builds answer files automatically, which you can customize if necessary.
• Catalog file. A binary file that contains the state of all the settings and packages in a Windows 7 image. When you use Windows SIM to create a catalog file, it enumerates the Windows 7 image for a list of all settings in that image as well as the current list of features and their current states. Because the contents of a Windows 7 image can change over time, it is important that you re-create the catalog file whenever you update an image.
• Feature. A part of the Windows 7 operating system that specifies the files, resources, and settings for a specific Windows 7 feature or part of a Windows 7 feature. Some features include unattended installation settings, which you can customize by using Windows SIM.
• Configuration pass. A phase of Windows 7 installation. Windows Setup installs and configures different parts of the operating system in different configuration passes. You can apply Windows 7 unattended installation settings in one or more configuration passes. For more information about configuration passes, see the Windows Automated Installation Kit User’s Guide in the Windows AIK 2.0.
• Configuration set. A file and folder structure that contains files that control the preinstallation process and define customizations for the Windows 7 installation.
• Destination computer. The computer on which you install Windows 7 during deployment. You can either run Windows Setup on the destination computer or copy a master installation onto a destination computer. The term target computer is also commonly used to refer to this.
• Deployment share. A folder that contains the source files for Windows products that you install. It may also contain additional device drivers and application files. You can create this folder manually or by using Windows SIM. In MDT 2010, the deployment share, called a distribution share in previous versions of MDT, contains operating system, device driver, application, and other source files that you configure with task sequences.
• Image-based setup. A setup process based on applying an image of an operating system to the computer.
• Master computer. A fully assembled computer containing a master installation of Windows 7 that you capture to a master image and deploy to destination computers. The term source computer is also commonly used to refer to this.
• Master image. A collection of files and folders (usually compressed into one file) captured from a master installation. This image contains the base operating system as well as additional applications, configurations, and files.
• Master installation. A Windows 7 installation on a master computer that you can capture as a master image. You can create the master installation using automation to ensure a consistent and repeatable configuration each time.
• Package. A group of files that Microsoft provides to modify Windows 7 features. Package types include service packs, security updates, language packs, and hotfixes.
• Task sequence. A sequence of tasks that runs on a destination computer to install Windows 7 and applications and then configures the destination computer. In MDT 2010, task sequences drive the installation routine.
• Task Sequencer. The MDT 2010 component that runs the task sequence when installing a build.
• Technician computer. The computer on which you install and use MDT 2010 or
Windows AIK 2.0. This computer is typically located in a lab environment, separate from the production network. It can be a workstation- or a server-class computer.
• Unattend.xml. The generic name for the Windows 7 answer file. Unattend.xml replaces all the answer files in earlier versions of Windows, including Unattend.txt, Winbom.ini, and others.
• .wim. A file name extension that identifies Windows image files created by ImageX.
• Windows 7 feature. An optional feature of Windows 7 that you can enable or disable by using Unattend.xml or DISM.
• Windows image file. A single compressed file containing a collection of files and folders that duplicate a Windows installation on a disk volume. Windows image files have the .wim file extension.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Windows 7 deployment
Compared to Windows XP, Windows 7 introduces numerous changes to the technology you use for deployment. Additionally, Windows 7 improves and consolidates many of the tools you used for Windows Vista deployment. The Windows AIK 2.0 includes most of these tools. Others are built into the operating system. The Windows AIK 2.0 fully documents all of the tools this chapter describes, including command-line options for using them, how they work on a detailed level, and so on.
The Windows AIK 2.0 is not included in the Windows 7 media. (By comparison, Windows XP has a file called Deploy.cab that includes its deployment tools.) Instead, the Windows AIK 2.0 is a free download from the Microsoft Download Center at
http://www.microsoft.com/downloads.
The following features are new for Windows 7 deployment:
• Windows System Image Manager. Windows System Image Manager (Windows SIM) is a tool for creating distribution shares and editing answer files (Unattend.xml). It exposes all configurable settings in Windows 7; you use it to save customizations in Unattend.xml. The Windows AIK 2.0 includes the Windows SIM.
• Windows Setup. Setup for Windows 7 installs the Windows image (.wim) file and uses the new Unattend.xml answer file to automate installation. Unattend.xml replaces the set of answer files used in earlier versions of Windows (Unattend.txt, Sysprep.inf, and so on). Because image-based setup (IBS) is faster, you can use it in high-volume deployments and for automating image maintenance. Microsoft made numerous improvements to Windows Setup (now called Setup.exe instead of Winnt.exe or Winnt32.exe), such as a completely graphical user interface, use of a single answer file (Unattend.xml) for configuration, and support for configuration passes (phases).
• Sysprep. The System Preparation (Sysprep) tool prepares an installation of Windows 7 for imaging, auditing, and deployment. You use imaging to capture a customized Windows 7 image that you can deploy throughout your organization. You use audit mode to add additional device drivers and applications to a Windows 7 installation and test the integrity of the installation before handing off the computer to the end user. You can also use Sysprep to prepare an image for deployment. When the end user starts Windows 7, Windows Welcome starts. Unlike earlier versions of Windows, Windows 7 includes Sysprep natively—you no longer have to download the current version.
• Windows Preinstallation Environment. Windows Preinstallation Environment 3.0 (Windows PE 3.0) provides operating system features for installing, troubleshooting, and recovering Windows 7. Windows PE 3.0 is the latest release of Windows PE based on Windows 7. With Windows PE, you can start a computer from a network or removable media. Windows PE provides the network and other resources necessary to install and troubleshoot Windows 7. Windows Setup, Windows Deployment Services, Microsoft System Center Configuration Manager 2007 R2, and Microsoft Deployment Toolkit 2010 (MDT 2010) all use Windows PE to start computers. The Windows AIK 2.0 includes Windows PE 3.0.
• Deployment Image Servicing and Management. Deployment Image Servicing and Management (DISM) is a new command-line tool that you can use to service a Windows 7 image or prepare a Windows PE image. DISM consolidates the functionality of the Package Manager (Pkgmgr.exe), PEImg, and Intlcfg tools from Windows Vista. You can use DISM to service packages, device drivers, Windows 7 features, and international settings in Windows 7 images. Additionally, DISM provides rich enumeration features that you can use to determine the contents of Windows 7 images.
• ImageX. ImageX is a command-line tool that you can use to capture, modify, and apply file-based images for deployment. Windows Setup, Windows Deployment Services, System Center Configuration Manager 2007, and MDT 2010 all use ImageX to capture, edit, and deploy Windows 7 images. Windows 7 improves ImageX over Windows Vista by enabling it to mount multiple images simultaneously and support interim saves (you must still service each mounted image individually by using DISM). Additionally, the Windows 7 version of ImageX has a new architecture for mounting and servicing images that is more robust than in Windows Vista. The Windows AIK 2.0 includes ImageX. You can also mount images in Windows PE, and Windows 7 includes the device driver inbox.
• Windows Imaging. Microsoft delivers Windows 7 on product media as a highly compressed Windows Imaging (.wim) file. You can install Windows 7 directly from the Windows 7 media or customize the image for deployment. Windows 7 images are file based, allowing you to edit them nondestructively. You can also store multiple operating system images in a single .wim file.
• DiskPart. Using DiskPart, you can mount a virtual hard disk (.vhd) file offline and service it just like a Windows image file.
• User State Migration Tool. You can use the User State Migration Tool 4.0 (USMT 4.0) to migrate user settings from the previous operating system to Windows 7. Preserving user settings helps ensure that users can get back to work quickly after deployment. USMT 4.0 provides new features that improve its flexibility and performance over USMT 3.0. Hard-link migration improves performance in refresh scenarios, offline migration enables you to capture user state from within Windows PE, and the document finder reduces the need for you to create custom migration Extensible Markup Language (XML) files when capturing all user documents. The Windows AIK 2.0 includes USMT 4.0.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
The Windows AIK 2.0 is not included in the Windows 7 media. (By comparison, Windows XP has a file called Deploy.cab that includes its deployment tools.) Instead, the Windows AIK 2.0 is a free download from the Microsoft Download Center at
http://www.microsoft.com/downloads.
The following features are new for Windows 7 deployment:
• Windows System Image Manager. Windows System Image Manager (Windows SIM) is a tool for creating distribution shares and editing answer files (Unattend.xml). It exposes all configurable settings in Windows 7; you use it to save customizations in Unattend.xml. The Windows AIK 2.0 includes the Windows SIM.
• Windows Setup. Setup for Windows 7 installs the Windows image (.wim) file and uses the new Unattend.xml answer file to automate installation. Unattend.xml replaces the set of answer files used in earlier versions of Windows (Unattend.txt, Sysprep.inf, and so on). Because image-based setup (IBS) is faster, you can use it in high-volume deployments and for automating image maintenance. Microsoft made numerous improvements to Windows Setup (now called Setup.exe instead of Winnt.exe or Winnt32.exe), such as a completely graphical user interface, use of a single answer file (Unattend.xml) for configuration, and support for configuration passes (phases).
• Sysprep. The System Preparation (Sysprep) tool prepares an installation of Windows 7 for imaging, auditing, and deployment. You use imaging to capture a customized Windows 7 image that you can deploy throughout your organization. You use audit mode to add additional device drivers and applications to a Windows 7 installation and test the integrity of the installation before handing off the computer to the end user. You can also use Sysprep to prepare an image for deployment. When the end user starts Windows 7, Windows Welcome starts. Unlike earlier versions of Windows, Windows 7 includes Sysprep natively—you no longer have to download the current version.
• Windows Preinstallation Environment. Windows Preinstallation Environment 3.0 (Windows PE 3.0) provides operating system features for installing, troubleshooting, and recovering Windows 7. Windows PE 3.0 is the latest release of Windows PE based on Windows 7. With Windows PE, you can start a computer from a network or removable media. Windows PE provides the network and other resources necessary to install and troubleshoot Windows 7. Windows Setup, Windows Deployment Services, Microsoft System Center Configuration Manager 2007 R2, and Microsoft Deployment Toolkit 2010 (MDT 2010) all use Windows PE to start computers. The Windows AIK 2.0 includes Windows PE 3.0.
• Deployment Image Servicing and Management. Deployment Image Servicing and Management (DISM) is a new command-line tool that you can use to service a Windows 7 image or prepare a Windows PE image. DISM consolidates the functionality of the Package Manager (Pkgmgr.exe), PEImg, and Intlcfg tools from Windows Vista. You can use DISM to service packages, device drivers, Windows 7 features, and international settings in Windows 7 images. Additionally, DISM provides rich enumeration features that you can use to determine the contents of Windows 7 images.
• ImageX. ImageX is a command-line tool that you can use to capture, modify, and apply file-based images for deployment. Windows Setup, Windows Deployment Services, System Center Configuration Manager 2007, and MDT 2010 all use ImageX to capture, edit, and deploy Windows 7 images. Windows 7 improves ImageX over Windows Vista by enabling it to mount multiple images simultaneously and support interim saves (you must still service each mounted image individually by using DISM). Additionally, the Windows 7 version of ImageX has a new architecture for mounting and servicing images that is more robust than in Windows Vista. The Windows AIK 2.0 includes ImageX. You can also mount images in Windows PE, and Windows 7 includes the device driver inbox.
• Windows Imaging. Microsoft delivers Windows 7 on product media as a highly compressed Windows Imaging (.wim) file. You can install Windows 7 directly from the Windows 7 media or customize the image for deployment. Windows 7 images are file based, allowing you to edit them nondestructively. You can also store multiple operating system images in a single .wim file.
• DiskPart. Using DiskPart, you can mount a virtual hard disk (.vhd) file offline and service it just like a Windows image file.
• User State Migration Tool. You can use the User State Migration Tool 4.0 (USMT 4.0) to migrate user settings from the previous operating system to Windows 7. Preserving user settings helps ensure that users can get back to work quickly after deployment. USMT 4.0 provides new features that improve its flexibility and performance over USMT 3.0. Hard-link migration improves performance in refresh scenarios, offline migration enables you to capture user state from within Windows PE, and the document finder reduces the need for you to create custom migration Extensible Markup Language (XML) files when capturing all user documents. The Windows AIK 2.0 includes USMT 4.0.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Service Accounts
Services are background processes. For example, the Server service accepts incoming filesharing connections, and the Workstation service manages outgoing file-sharing connections.
Each service must run in the context of a service account. The permissions of the service account largely define what the service can and cannot do, just like a user account defines what a user can do. In early versions of Windows, security vulnerabilities in services were often exploited to make changes to the computer. To minimize this risk, service accounts should have the most restrictive permissions possible.
Windows Vista provided three types of service accounts: Local Service, Network Service, and Local System. These accounts were simple for administrators to configure, but they were often shared between multiple services and could not be managed at the domain level. Administrators can also create domain user accounts and configure them to act as a service account. This gives administrators complete control over the permissions assigned to the service, but it requires administrators to manually manage passwords and service principal names (SPNs). This management overhead can become very time consuming in an enterprise environment.
Windows 7 introduces two new types of service accounts:
• Managed service accounts provide services with the isolation of a domain account while eliminating the need for administrators to manage the account credentials.
• Virtual service accounts act like managed service accounts, but they operate at the local computer level rather than at the domain level. Virtual service accounts can use a computer’s credentials to access network resources.
Both types of accounts have passwords that reset automatically so that administrators do not need to manually reset the passwords. Either type of account can be used for multiple services on a single computer. However, they cannot be used for services on different computers, including computers in a cluster.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Each service must run in the context of a service account. The permissions of the service account largely define what the service can and cannot do, just like a user account defines what a user can do. In early versions of Windows, security vulnerabilities in services were often exploited to make changes to the computer. To minimize this risk, service accounts should have the most restrictive permissions possible.
Windows Vista provided three types of service accounts: Local Service, Network Service, and Local System. These accounts were simple for administrators to configure, but they were often shared between multiple services and could not be managed at the domain level. Administrators can also create domain user accounts and configure them to act as a service account. This gives administrators complete control over the permissions assigned to the service, but it requires administrators to manually manage passwords and service principal names (SPNs). This management overhead can become very time consuming in an enterprise environment.
Windows 7 introduces two new types of service accounts:
• Managed service accounts provide services with the isolation of a domain account while eliminating the need for administrators to manage the account credentials.
• Virtual service accounts act like managed service accounts, but they operate at the local computer level rather than at the domain level. Virtual service accounts can use a computer’s credentials to access network resources.
Both types of accounts have passwords that reset automatically so that administrators do not need to manually reset the passwords. Either type of account can be used for multiple services on a single computer. However, they cannot be used for services on different computers, including computers in a cluster.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Subscribe to:
Posts (Atom)
Cloud storage is for blocks too, not just files
One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...
-
Many of the virus, adware, security, and crash problems with Windows occu when someone installs a driver of dubious origin. The driver suppo...
-
The Berkeley motes are a family of embedded sensor nodes sharing roughly the same architecture. Let us take the MICA mote as an example. T...
-
A breakthrough in virtual tape technology came when dedupe technology was integrated with VTLs. Like previous-generation VTLs, dedupe VTLs r...