Exam Ref 70-695 Deploying Windows Devices and Enterprise Apps (MCSE): Implement a Lite-Touch Deployment
- 3/16/2015
- Objective 2.1: Install and configure WDS
- Objective 2.2: Configure MDT
- Objective 2.3: Create and manage answer files
- Answers
Objective 2.3: Create and manage answer files
Answer files are a crucial part of implementing an LTI deployment method with the MDT. Answer files are XML files that contain settings and responses to virtually all aspects of the Windows setup process. Answer files can be used with any type of deployment image and can include settings about items such as:
- User accounts
- Display settings
- Product key
- Time zone
Many other settings can also be configured with an answer file.
Identifying the appropriate location for answer files
Before implementing an unattended installation using answer files, you should be familiar with how Windows Setup interprets the files. First, to ensure that an answer file is read and interpreted during the Windows Setup process, it must be stored in the appropriate working directory. In some cases, answer files must also have specific names. The files can be located in a number of locations, and each location has a different precedence. The answer file that has the highest precedence is used for the customization of that installation. Second, the Windows Setup process starts by taking an inventory of all valid answer files based on the order of precedence. The files are validated and cached to the local computer. During the WindowsPE and offlineServicing passes, valid answer files are cached to $Windows.~BT\Sources\Panther. After the image has been extracted to the local disk, answer files are cached to %WINDIR%\panther. The following table lists the valid locations for an answer file.
Identifying the required number of answer files
Theoretically, you could place an answer file in all seven of the locations specified in Table 2-1. However, the installation process will only use answer files that have valid configuration data for the configuration pass it is currently working in. As a good practice, you should use the minimum number of answer files that are needed for your deployment. From an exam perspective, the best way to identify the required number of answer files is to understand the answer files and what they do, where they are stored, and how they are processed. You might be presented with an exam scenario to meet a specified set of deployment requirements and then be asked to figure out which answer file(s) are required. The following sections in this chapter discuss the details of answer files and their role in automated deployments.
TABLE 2-1 Answer file precedence table
Precedence |
Location |
Notes |
1 |
Registry: HKLM\System\Setup!UnattendFileThis entry is created inside the registry of the image that you are deploying. |
This registry entry specifies the location of your answer file. Using this option gives you the flexibility to use a preferred path as opposed to the pre-defined locations that Windows Setup references. |
2 |
%WINDIR%\Panther\UnattendThis directory is located in the image that you are deploying. |
This location is used for custom installations only and is not searched for installations that start with Windows PE. The file name of the answer file must be Unattend.xml or Autounattend.xml. |
3 |
%WINDIR%\PantherThis directory is located in the image that you are deploying. Answer files within this directory should not be overwritten. |
This location is used by Windows Setup to cache valid answer files. |
4/5 |
Removable mediaThis refers to the Windows Setup DVD in conjunction with an answer file stored on one of the various types of removable media |
Answer files for removable media must be stored at the root of the media drive. The filename of the answer file must be Unattend.xml or Autounattend.xml. |
6 |
For windowsPE and offlineServicing passes:\Sources of the installation media All other passes:%WINDIR%\System32\Sysprep within the image you are deploying. |
For the windowsPE and offlineServicing passes, discussed in detail in the upcoming “Identifying the appropriate setup phase for answer files” section, the answer file must be named Autounattend.xml. For all other passes, the file name must be Unattend.xml. |
7 |
%SYSTEMDRIVE%This directory path is located within the image you are deploying. |
The file name of the answer file must be Unattend.xml or Autounattend.xml. |
Identifying the appropriate setup phase for answer files
An answer file is composed of seven configuration passes, each representing a different phase within the Windows Setup procedure. Within each configuration pass, you are given a series of components that can be added to your answer file and manipulated to meet the needs of your image deployment. It is important to note that these components are not always unique to a specific configuration pass. In some cases, the same component can be referenced across multiple passes.
You should be familiar with the Windows Setup procedure and how each configuration pass is used. The following are the seven configuration passes:
- windowsPE
- offlineServicing
- generalize
- specialize
- auditSystem
- auditUser
- oobeSystem
Although there are seven configuration passes, only the windowsPE, specialize, and oobeSystem passes are used for every deployment. The other configuration passes are used only as needed. The windowsPE configuration pass, as shown in Figure 2-30, configures settings that are specific to the preinstallation environment as well as to installation settings. The Windows Setup settings that can be configured include:
- Disk drive partitions and formatting
- Windows image location and credentials
- Destination partition
- Windows product key
- Local Administrator account password
Specific commands that must run during setup
FIGURE 2-30 The windowsPE configuration pass logical order
You can use the offlineServicing pass of the configuration to apply Windows Setup settings to an offline Windows image. During this pass, packages can be added to the offline Windows image. The offlineServicing pass uses Package Manager (Pkgmgr.exe) to apply packages.
The generalize pass of the configuration, shown in Figure 2-31, is used to create a custom image of a Windows installation that can then be deployed to multiple computers. Settings defined in the generalize pass can be used to automate aspects of a deployment of the image. During the generalize pass, specific details of the Windows installation are removed from the image, such as the security identifier (SID) and other hardware-specific settings. The generalize pass is only used when the /generalize switch is provided with the Sysprep command. Other answer file settings are applied to the Windows image before the Sysprep generalization occurs.
FIGURE 2-31 The generalize pass logical order
The specialize pass of the installation, shown in Figure 2-32, allows settings to be configured for an individual machine. These settings can include:
- Network settings
- International and language settings
Domain information
FIGURE 2-32 The specialize pass logical order
The specialize pass can be used to enhance or customize settings further that were made in the generalize pass.
The auditSystem pass of the installation is only used if the system has been booted into audit mode. When a computer has been started by using the audit mode, the auditSystem and auditUser passes are processed. The auditSystem pass can be used to add additional drivers to a Windows image.
The auditUser pass of the installation is typically used for RunSynchronous and RunAsynchronous commands that might include scripts, applications, or other executables.
The oobeSystem pass of the installation, as shown in Figure 2-33, configures the settings that are typically used during the first power on for end users, known as Windows Welcome. The oobeSystem settings are applied before the first user logs on to Windows. The out-of-box experience (OOBE) runs the first time an end user powers on a new computer. OOBE runs before the user logs on or runs additional software, and it performs the tasks that are necessary to configure Windows for first use.
FIGURE 2-33 The oobeSystem pass high-level order
Configuring answer file settings
Each of the components you add to your answer file will include a series of settings that can be adjusted. Changing the value of these settings is straightforward. You can edit an answer file by using a text editor or by using Windows System Image Manager (SIM).
One example of a quick edit using a text editor is to include changing the input language from en-US to fr-FR. To do so, open the existing answer file, search for the <InputLocale> tag, and replace en-US with fr-FR. You should also confirm that the <settings pass=””> tag is set to the appropriate pass because <InputLocale> can be modified during pass 4: specialize and pass 7: oobeSystem.
Settings can also be edited in Windows SIM. SIM includes a detailed description of each setting and several examples to work from. The following example demonstrates how to use Windows SIM to make setting changes to your answer file. Refer to Figure 2-34.
FIGURE 2-34 Windows System Image Manager, setting values
- Add the desired component to your answer file. In this example, you work with Microsoft-Windows-International-Core.
- Select the component within your answer file. The available settings appear in the right pane.
- Click in the field to the right of the setting label and enter your desired value. For a better understanding of the setting, right-click the setting label and select Help.
Creating Autounattend.xml answer files
You can create answer files manually or by using the Windows SIM, as shown in Figure 2-35.
FIGURE 2-35 Windows System Image Manager with a validated answer file
As part of creating an answer file in Windows SIM, you must specify the Windows image file and a catalog file. A catalog file is a binary file that is associated to a specific Windows image file and contains the packages and settings in that WIM file. Often, the WIM file and the catalog file (.clg) are stored in the same folder. Windows SIM prompts you if it cannot locate a catalog file for a specified WIM file. In such a scenario, Windows SIM can create a catalog file. Alternatively, you can create an answer file in advance in Windows SIM. By using Windows SIM, you can verify that the configuration settings within an answer file are valid for the installation. Figure 2-36 shows an answer file that has a validation error.
FIGURE 2-36 Windows System Image Manager with a validation error
Answer files can also be created or modified manually. As mentioned earlier, the answer file is an XML file that can be edited by using a text editor. Here is a sample answer file:
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www .w3.org/2001/XMLSchema-instance"> <OOBE> <HideEULAPage>true</HideEULAPage> <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> </OOBE> <UserAccounts> <AdministratorPassword> <Value>UABAACQAJAB3ADAAcgBkAAUAMAcwB3AG8AcgBkAA==</Value> <PlainText>false</PlainText> </AdministratorPassword> </UserAccounts> </component> </settings> <cpi:offlineImage cpi:source="wim://client01/deploymentshare$/operating%20 systems/windows%208%20enterprise%20x64/sources/install.wim#Windows 8 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>
When you create answer files, avoid adding settings that you don’t need. Windows SIM will not create empty settings in an answer file, but you can manually introduce empty strings in an answer file. Your goal should be to reduce answer file bloat such as empty strings, which can increase deployment times.
Answer files often contain sensitive data such as the password of the local Administrator account. Windows SIM enables you to obfuscate local computer passwords in answer files. To obfuscate a password in an answer file with Windows SIM, perform the following steps:
- In Windows SIM, open an answer file that contains a password you want to obfuscate.
- Click the Tools menu and then click Hide Sensitive Data.
- Save the answer file and then validate that the password is obfuscated.
Note that you cannot obfuscate domain-based passwords or other sensitive data such as product keys. By default in Windows SIM 6.3, Hide Sensitive Data is enabled by default when you create new answer files.
When you are finished creating an answer file, use Windows SIM to validate the answer file. Validating an answer file is an important step to ensure that everything is in order. If you have a validation error, such as the one displayed in Figure 2-36, you can double-click the validation error to find the exact setting causing the validation error.
Objective summary
- An answer file may be stored in one of several locations. Each answer file location has a precedence value, which determines the answer file that is used.
An installation might go through seven customization passes when using an answer file:
- windowsPE
- offlineServicing
- generalize
- specialize
- auditSystem
- auditUser
- oobeSystem
- Windows SIM can be used to create and validate answer files.
Objective review
Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter.
Which tool can you use to create an answer file?
- DISM
- Windows SIM
- Sysprep
- Setup.exe
Which pass of the Windows Setup process removes the security identifier from a reference computer?
- generalize
- oobeSystem
- specialize
- offlineServicing
Which pass of the Windows Setup process configures unique settings for different departments?
- generalize
- oobeSystem
- specialize
- offlineServicing
You are planning to use removable media to store answer files for automating Windows 8.1 deployments. You need to store an answer file to a removable media drive with a drive letter of F:\. What should you name the file and where you should save it?
- Name the file Unattend.xml and save it in the F:\Sysprep folder.
- Name the file Unattend.xml and save it in the root of the F:\ drive.
- Name the file Autounattend.xml and save it in the F:\Panther folder.
- Name the file Unattended.xml and save it in the root of the F:\ drive.
You are planning to add packages to an offline Windows 8.1 image. Which tool should you use?
- Setup.exe
- LoadState
- Windows SIM
- DISM