1. From Manual to Automatic
For those that have managed to read the Art of OEM
) guide, an obvious question that rises at this point would be: "this is all very neat, but how do I actually spare myself the trouble of doing this over and over again each time I need my OS customized?".
This topic is intended to be a proof-of-concept for some not so obvious issues, as well as a help for me in making my application compliant to everybody's needs.1.1. Limitations in today's windows customization technology
- Windows "Embedded"
A great concept when it comes to minimizing disk and memory footprint for Windows XP, and probably the most efficient solution in doing this, as it has a very long tradition.
1) only works on XP Embedded, making it pretty much useless for anything else but a minimal workstation environment.
2) no actual installation method for the customized OS; SDI disks and/or dual boot are techniques quite hard to handle even by trained personnel.
3) FBA (First Boot Agent) and the way drivers are added are sluggish and quite inefficient.
4) requires custom-made packages for adding stuff
Windows XP Fundamentals for Legacy PCs, in which problem 2 is solved using WIM technology
- Business Desktop Deployment
Can install and service any version of windows, makes full use of WIM technology. Has the best driver database management caps available today
1) the "offline servicing" concept is very complex and, in fact, quite limited
2) the process is very lenghty and hard to debug
3) you can't remove anything, just add stuff
None for end-users
Can improve speed and reduce size of setup. Has good driver and removal options.
1) adding stuff makes the windows setup routine more and more inefficient, due to limitations in the unattended concept.
2) the process is one-way, offline servicing is permanent when making changes.
3) requires custom-made packages for adding stuff
smaller windows setup, very appropriate for end-users
And as for storage:
- Norton Ghost suite
Very suitable for backup, either complete or differential. Can handle moving/cloning of OSes. Good storage format.
1) too expensive
2) it involves manual modifications of the installed OS
3) does not generate a standalone ISO installation
Norton Ghost 8.2
- Microsoft WIM format
Very efficient at installation and offline servicing. Single instance storage.
1) difficult to use
2) Only used internally in other products.
Windows Vista Setup
- Text-mode Windows Setup
It was good 10 years ago when it was the only option
1) very slow, archived files on removable media
2) registry has to be dynamically reconstructed at runtime, extra 10 minutes
3) no support whatsoever for offline servicing
the old windows setup1.2. General functionality layout for Designer Studio
Preview of Designer Console (Vista Ready), from build 34, revision 2
The app I am making is roughly divided into 4 areas of functionality:1) Panther SDK Setup Engine
As described in Parts 3 and 4 of my guide, the now defunct setup logic for the Longhorn project, capable of installing any version of Windows NT: either 4.0/2000/XP/2003, Embedded and/or Vista/Server 2008. Mainly following today's Vista setup logic, with the installation media consisting of :
- a \SOURCES folder, with the sysprepped image of your customized OS (install.wim). WIM Beta 1 can be read and unpacked by the original 4074 Panther setup engine, also located in this folder. As a long term goal, my application would use its own windows setup routine, also based on WIM, in order to make the setup independent from Longhorn files. As a short term goal, based on the Longhorn 4033 SDK / WAIK, which has always been freeware.
- a Windows PE bootable image (boot.wim), preferably v2.0+, to boot the preinstallation environment.
- optionally a \I386 folder structure, containing installation cache for windows components, for pre-Vista OSes. Needed by the "Add/Remove Windows Components" and "Manage my Server" wizards, as they can't read from a WIM file.
Main benefits: Windows Setup time is reduced significantly, becoming the sum of time needed for unpacking a WIM to a partition and the time needed to install drivers for hardware. For a standard installation of Windows XP, that would mean ~10-12 minutes on modern computers.2) VKEY Explorer
Preview of how VKEY Explorer should look like, from build 38, revision 7
Basically a concept derived from Registry Editor, it allows you to freely view / modify the registry of the OS you are going to install. A main advantage would be the diff engine, similar to Microsoft's image difference engine for Windows XP Embedded. It will allow you to author your own packages to add/remove applications and windows components, by comparing your current project to the standard master images (sysprepped XP, 2003 or Vista) and presenting the differences. A package consists in file names and registry settings for the component you are making, and not the actual files.3) Package Designer
Conceptually similar to the XP Embedded package designer, it allows you to define your own packages for adding / removing / installing. Lightweight because it only contains metadata, it spares you the trouble of using a large SQL Server to store files.
By defining only what files are needed and what registry options those files employ, you can package according to this schema a large variety of things like:
- a windows service, allowing you to remove or add back windows services whenever you see fit
- a windows component, like IIS 6, allowing you to rapidly deploy not only the web server, but also a prepopulated set of websites to a server farm, or for website backup purposes
- a set of windows components, like removing all the unnecessary drivers in a system after setup finishes, to reduce boot time and memory footprint, in this case, a package of 2 or more packages.
- a third party app, like Diskeeper or NOD32, allowing you to have them up and ready even when windows is installing, and also to remove them if and when you see fit, by circumventing MSIEXEC.
The Package Designer should be roughly the equivalent for windows of what RPM does for linux (except the files). The actual files for a package can be acquired from any source, like a existing windows installation, windows setup or unpacked MSI / InstallShield project and added / removed at discretion from the windows you are designing at a certain moment.4) VM Workbench
A extension for the free VMware product, VMware Player, it would allow the developer to test the customized OS before finalizing the project and building installation media. Windows Designer Studio makes use of the VMware VMDK disk format as well as Microsoft WIM format and will be able to build a test lab just like Windows Embedded Designer. VMware Player would just boot off that partition and you will be able to see what kind of problems are there in your project. A closely coupled design-to-virtualization procedure would allow even unexperienced users to discover problems in the OS they are customizing and fix them without having to waste time for building ISOs and installing windows over and over again. Thanks to the new innovations in VMware "Workstation 6" and "ESX 3" products, such a procedure has become possible today to programatically handle from a high-level language like C#.1.3. Compatibility with existing technology
- feature tour1) Microsoft Volume Activation 2.0 for Vista
The feasible method for Windows Designer Studio is MAK. Multiple Activation Key (MAK)
for activating machines against Microsoft one time, once the machines are activated they require no further communication with Microsoft. MAK keys have predetermined numbers of activations depending on the agreement type which can be increased at request.
A package containing all the sensitive data can be stored locally to be used for Vista installations on same hardware prefix and driver configuration, preserving your OEM license for backup purposes. This way you can customize your installation safely knowing that once activated, your activation state is preserved. Of course, you have to run this on a physical machine and not in a virtual environment. 2) Application Compatibility
Microsoft Operating System Deployment (OSD) Feature Pack for Systems Management Server (SMS) 2003
may have proven to you the value of testing applications in a corporate network. BDD 2007 handles well this tasks when concerned with application compatiblity for standard windows deployments. But, as users experienced with nLite installations have pointed out, there is a great need of a common standard of reporting what applications won't work with a certain package combination removed.
The packaging solution must be as light as possible (a very good reason for not including actual files in it) so that they can be interchanged through a simple web interface in Windows Designer Studio.
This way, as somebody tests a certain configuration, after studying the inpact of removed components in VM Workbench could provide others with a "validation report" - 3rd party apps requirements for certain packages.
All these reports can be centralized in a simple SVN server and the Package Designer can download them automatically and warn other users about dependencies. As more and more users can validate that validation report themselves, it gains more trust points and after some time it can be thought as generally reliable. This approach would encourage users with a passion for testing to contribute to the project. After all, the application itself is as good as what can do for you. I may not know at this time if I can remove a file from my customized OS, but surely at some point somebody would test to find out what happens if it's removed and provide us with a report.
Thus, the strain of beta testing the actual functionality is divided among all users, and it won't require any coding skills at all. No SQL, no code debugging, no large downloads for custom made packages about you have no idea if they work or not.
Microsoft introduced a lot of great concepts like these that are little known to public due to the level of complexity of their corresponding products. Open source is the best solution to make such concepts free, practical and available to everyone.3) Vista Hardware Assesment Tool
You can benefit from Vista Hardware Assesment
to find out what drivers you must package for each machine on your network, thus ensuring you won't encounter missing drivers without actually touching those computers. One customized OS prepopulated with all the proper driver packages will be enough.4) User State Migration
User State Migration in Designer Studio is as simple as it can get: create a package with all your settings, wallpapers, shortcuts and screensavers, personalized settings for apps, like Mozilla, bookmarks or whatever.
Acquire the files in this package to have them in your repository and you can add it in every windows build you make. You can even share the package with your friends; to get your documents and settings to somebody else you just need to export your package from the repository and send it, while publishing your personal package online through the Package Designer.
Very useful for end-users and tweaking enthusiasts, as all your favourite registry tweaks will work for everyone exactely the same like you see them in VM Workbench. This way you can set up the Administrator account on XP / 2003 in a breeze. And also a great way of enforcing changes derived from Microsoft Security Baseline Analyser (MSBA)
to an entire server farm. I'd say it's a much better tactic than using the default Internet Explorer Enhanced Security Configuration (IE_HARDEN_ADMIN), because it saves your global policy and internet options and gets them in a OS-independent form of storage. And all these with zero extra installation time, as the files and settings are already there in the WIM at setup time.5) Security
Gotten your NOD32 or Kaspersky running just the way you want on your XP ? Gotten your global policy on the domain controller just the way you want? Using BitLocker and not wanting to ruin encryption by reinstallation?
Simple - make a package for each, like one for your antivirus and one for firewall, and include them together in a common Personal Security package. Or get one from your friends; you would require only the license and the files, they provide you with all the nasty configurations tested on their systems. Thus, the great security provided by professionals can be only clicks away from your project.
For more advanced users, create aliases to data in registry using friendly labels and add them as customizable data in the package using VKEY Explorer; it will spare everybody the trouble of doing this again as they will be prompted to input that information when acquiring the package.6) nLite/vLite
Nuhi's creation made our lives easier when it comes to saving performance and space with our installations. This application is not intended in duplicating that functionality, but to work together with your proven nLite/vLite installations. Less size means more speed in processing the project, and less files to search in when creating a new package. Thus, if you already have a tested and reliable nLited/vLited image, use it to create a master installation, sysprep it and import it in the repository. It will save you countless hours of testing, decisions on what to remove and application compatibility reports, because nuhi already done that for you. Even more, this way you will be able to add back removed functionality in your nLited/vLited installations, as I will add "nLite/vLite readiness" for packages in my Package Designer. Let's not reinvent the wheel, shall we? Even more, resulting ISOs made by Designer Studio should be fully compatible with vLite.7) Business Desktop Deployment 2007
Microsoft's own vision on this delicate subject: great for large OEMs, not so great for small OEMs (like yours truly) and certainly not great for users. Let's face it, I know quite a lot of IT Professionals that earn a living by maintaining networks and windows installations and can't even do a basic Zero Touch / Lite Touch of a stock RTM image. As the new 7-stage setup process for installing Vista from Windows PE 2.0 may be useful for offline servicing Windows Server 2008, it's certainly not justified for Vista, far less for older NT distributions. So I intend to reduce the process to 3 steps: acquisition
(packages are chosen and data added or extracted from the Designer repository), testing
(a VMDK disk is populated with the package contents, like in Embedded Designer, and VMware Player used to test it), and deployment
(a WIM is created along with a setup wrapper). Simple, possible for any kind of NT-based windows ever made, and efficient as concerning setup.8) Windows Deployment Services
A great feature and that says it all. Just install it on your server, add in the WIM you made and deploy it the the corporate network. For those that are familiar with the Woodgrove and/or Comtoso scenarios from Microsoft, it's as clear as daylight.
Job done, and you never left your chair.9) Windows XP Embedded
Last but not least, the Embedded side of XP. Good idea, great implementation, bad advertising, worse compatiblity. Why not componentize every windows out there? Same stuff, same OEM licensing, the difference is that you actually would get what you want this way. Why make Windows Server 2008 "Core" instead of extending the concept on Vista? Simple... it's cheaper this way.
By diffing between Windows PE 2.0 and Server 2008 Core you'd get all the server components, and a simple matter of splitting the results in packages, would open up posibilities like...say... running Windows Server 2008 Core on your phone?
now that's what I would call a "cool" embedded device. And it's only a matter of making the tool general enough and the package beta testing rigurous enough. Thank you, Microsoft Connect, for teaching me that experience.
Edited by dexter.inside, 08 July 2007 - 09:20 PM.