Provision Windows hosts with Foreman
- Added UEFI suppot for foreman templates - see dedicated upgrade guide
- Updated templates to refelct my currently working versions
wimaging is a set of scripts to prepare WIM images and templates for Foreman to provision Windows hosts.
Most of the time official Microsoft deployment tools are used; mostly dism.exe.
All relevant configuration files like unattend.xml are rendered by Foreman and downloaded at build time.
- Linux style installation using
http://orftp://installation media - No extra servers like WDS needed - all relevant settings can be configured in Foreman directly
- Official Microsoft utilities are used for all relevant setup stages making it easy to add (future) operating systems
- Driver installation during build time
- Support for localization settings (like time zone, locale, UI language)
- Optional domain join including target OU
- Optional local user creation
- Support for Foreman's root password using Base64 Windows encoding
- Correctly report finished host building
- Optional software installation and user tasks at the end of the build (like installing puppet etc)
The list requirements for using Foreman, all of them are not covered by this guide.
- A working Foreman version 1.20+ installation (obviously), capable of net booting clients along with a working DNS / DHCP infrastructure. If you plan on using PXELinux, make sure your Foreman instance runs Syslinux 5+, witch is required for wimboot. PXELinux 5.10 is confirmed to work with wimboot.
- Currently, Safe Mode Render must be disabled in foreman
- A utility Windows VM or physical host to prepare the WIM images (Microsoft likes the term Technician Computer)
- A file server serving http and/or ftp protocols; fast machine recommended for production
- Installation media for each Windows version
- Driver files (
.inf) you want to inject - A VM / bare metal machine to test your setup (start with VMs ;)
The tasks can be broken down in two steps:
An outline of the process to better understand the tasks witch need to be done. Basically, there are three phases:
- Create a new host in Foreman.
Simple as that. For Bare Metal hosts Foreman discovery is recommended.
- (i)PXE / wimboot boots customized boot.wim (winpe)
- Winpe downloads the script
foreman_url('script'); executes it: - Drive 0 is cleaned, partitioned and mounted using foreman partition table (simple
diskpartscript) install.wimis downloaded via http/ftp and applied usingdism.exeunattend.xml(foreman_url('provision')) is download and applied usingdism.exe- Drivers are downloaded and added using
dism.exe - Required tools are added to the new host (most prominently
wget) - Optionally, download extra software (like puppet)
- Optionally, domain join script (
foreman_url('user_data')) - The finish script (
foreman_url('finish')) is download and 'armed' - reboot to new OS
- Windows native finish tasks are done ('starting devices...')
- The finish script gets called by
SetupComplete.cmd - Set the time server; sync time
- Optionally, the local administrator account is activated
- Optionally, join domain
- Optionally, execute extra scripts (eg, install puppet)
- Securely cleanup (sensitive) scripts using
SDelete.exe - Reboot the host; ready for further configuration by Puppet, SCCM ect.
wimaging has a merged a fork of wimaging-ng. Many thanks to Daniel Helgenberger for a large contribution portion.
SDelete and other PStools by SysInternals are the work of Mark Russinovich.
Other licenses: