While designing a Microsoft Windows Deployment Services (WDS) and Microsoft Deployment Toolkit (MDT) architecture, I ran into the challenge to keep the load on the WAN connections between sites to a minimum. One of the first issues I ran into was on how to replace the WDS boot image on the remote sites. Because Windows Server 2012 R2 is manged using PowerShell these days, and so is WDS, I wanted to see how this could be done. Off course without compromising my goal of keeping the network traffic to a minimum!
The architecture spanned multiple sites in multiple countries which are connected through one central site (Hub – spoke model). The WAN-lines connecting the sites are tightly dimension-ed and should not be used when not needed. Both components in the design have data that should be available on the remote site. MDT delivers the boot image, drivers and the install image for the target devices. WDS needs a boot image created by MDT to be able to deliver a WinPE environment to the endpoint.
I decided to use the widely supported Distributed File System Replication (DFSR) solution. DFSR will take care of distributing the ‘deployment share’ created by MDT to the remote sites. This ‘deployment share’ also contains the WinPE boot image that WDS needs. Next step would be that on every deployment site we need to tell WDS which boot image to use (preferably using PowerShell).
Although automatically updating a WDS boot image is a well documented feature, it did not fit the needs of my design – Minimize network traffic. Most documented solutions rely on the userexit script in the MDT solution to automatically update the boot image. By adding the ‘/server:’ parameter to the WDSutil command it is possible to remotely update the deployment servers. And adding all servers to the userexit script will update the boot image. Every time the deployment share is updated, the entire boot image will be copied over the WAN connection. And thus causing the boot image going over the wan again next to the DFSR sync.
Extra unnecessary wan traffic!
The solution to my problem was found in using PowerShell and the trusted WDSutil program. By executing the script remotely on the remote deployment server, the DFSR sync is in the lead for distributing the boot image. A big advantage for this approach is that replacing the boot image does not cause extra load on the wan connections.
So how to use PowerShell to replace WDS boot image
The script is used is depicted below:
# Sync script to attach the correct bootimage to the remote deployment servers # Deployment Server list is located in D:\Software\UpdateBootImage\serverlist.txt # Author: Martijn Hulsman-Sebastian, $Serverlist = Get-Content D:\Software\UpdateBootImage\ServerList.txt Foreach ($server in $serverlist) { Enter-PSSession -ComputerName $server Write-Host $server Remove-WdsBootImage -Architecture x64 -ImageName 'Lite Touch Windows PE (x64)' import-wdsbootimage -NewImageName 'Lite Touch Windows PE (x64)' -path D:\DeploymentShare\Boot\LiteTouchPE_x64.wim -skipverify Exit-PSSession }
Please note that in order to execute this PowerShell script remotely it is necessary to prepare the server for the script to succeed! To accomplish this I found the following scripts:
First we need to prepare the server from which the commands are run. I used the hub server in my WDS/MDT design.
# Prepare hub deployment server or remote executing server # Prepare for remote execution of cmds # http://www.roelvanlisdonk.nl/?p=3162 enable-psremoting Set-ExecutionPolicy Unrestricted Set-Item wsman:\localhost\client\trustedhosts * Restart-Service WinRM
Secondly every spoke member in the WDS/MDT design needs the following script:
# Prepare deployment server spoke member # Prepare for remote execution of cmds # http://www.roelvanlisdonk.nl/?p=3162 Set-ExecutionPolicy Unrestricted Set-Item wsman:\localhost\client\trustedhosts * Restart-Service WinRM
Scheduling the first script every night after the DFSR sync ends results in an automated solution without the extra load on the WAN. So this is how to use PowerShell to replace WDS boot image in a distributed environment.
Resources used: