Windows PreInstallation Environment (WiNPE) Whitepaper
15
LANDesk ® Management Suite Operating System Deployment Windows PreInstallation Environment Revision 1.1 Mike Gord February 15, 2007
-
Upload
strfericiri -
Category
Documents
-
view
201 -
download
8
Transcript of Windows PreInstallation Environment (WiNPE) Whitepaper
LANDesk® Management Suite Operating System Deployment
Windows PreInstallation Environment
Revision 1.1 Mike Gord
February 15, 2007
2
Information in this document is provided in connection with LANDesk® products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in terms and conditions for such products, LANDesk Software, Ltd. and its affiliated companies (“LANDesk”) assumes no liability whatsoever, and LANDesk disclaims any express or implied warranty, relating to sale and/or use of LANDesk® products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. LANDesk® products are not intended for use in medical, life saving, or life sustaining applications. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of LANDesk. LANDesk retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. LANDesk makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. Copyright © 2007, LANDesk Software, Ltd. All rights reserved. LANDesk, Targeted Multicast, Peer Download, and Trusted Access are registered trademarks or trademarks of LANDesk Software, Ltd. or its affiliated companies in the United States and/or other countries. Avocent is a registered trademark of Avocent Corporation. *Other brands and names may be claimed as the property of others.
3
Table of Contents Introduction ............................................................................... 4
Assumptions ............................................................................... 4
Windows PE overview ................................................................... 4
Architecture .............................................................................. 5
Files modified or added to the WinPE image ...................................... 5
LANDesk WinPE boot process ........................................................ 6
STARTNET.CMD Command Line definitions ........................................ 8
Customization ........................................................................... 11
Build customized Windows PE image ............................................. 11
Add / Specify drivers ................................................................ 13
Additional customization ........................................................... 14
Trim down the image ............................................................... 14
Conclusion ................................................................................ 15
4
Introduction Since the release of LANDesk® Management Suite 8.7, the Microsoft Windows Preinstallation Environment (Windows PE) Operating System (OS) is an additional Operating System the administrator can choose to boot from when deploying hard disk images. The Windows PE Operating System has advantages over the other two boot options offered (DOS and LINUX) that simplify the imaging chores facing the OSD administrator. This white paper will focus on describing the Windows PE architecture, the customizations that LANDesk has made to the OS, and how to accomplish the tasks associated with using this operating system to manage devices within the environment.
Assumptions This paper assumes that the reader has a working knowledge of LANDesk® Management Suite 8.7, its functionality, and deployment.
Windows PE overview Windows PE is a mini-Windows system that provides limited services based on the Windows XP Professional and the Windows Server 2003 kernels. Windows PE is a hardware-independent Windows environment that contains a subset of the Microsoft Win32 application programming interfaces (APIs); a command interpreter capable of running batch files; and support for adding Windows Script Host (WSH), HTML Applications (HTA), and Microsoft ActiveX Data Objects (ADO) to create custom tools or scripts. Windows PE uses TCP/IP to provide network access and supports the same set of networking and mass-storage device drivers that Windows XP supports. Some limitations worth noting is that connectivity is limited to outgoing connections only (resource sharing is disabled), and to prevent client-usage of the OS, a hard-coded reboot will occur after 24 hours of use.
5
Architecture LANDesk has customized the Windows PE Operating System (8.7sp2 is version 5.2.3790) to only include necessary libraries, utilities, and drivers. Additionally, the LANDesk® agent files have been copied to the image to facilitate LANDesk functionality. Also, the command file initially loaded by the PE Operating System has been modified to include the LANDesk staging commands. In Service Pack 2 for LANDesk 8.7, WMI support was added to the image. This section will provide a list of the files that have been either added or modified in the PE image, an overview of the boot process and an explanation of each line in the startup command file.
Files modified or added to the WinPE image
In addition to drivers, the LANDesk Windows PE image includes the following modified or added files.
\winbom.ini (turns off WinPE firewall)
\i386\txtsetup.sif (LANDesk signature)
\i386\system32\winpeshl.ini (defines shell location)
\i386\system32\peshell.exe (shell used)
\i386\system32\setupreg.hiv (LANDesk path included)
\i386\system32\startnet.cmd (command file run at startup)
\i386\system32\all.reg (LANDesk registry modifications)
\i386\system32\winpe.bmp (LANDesk background)
\CBA8 (LANDesk agent)
\LDCLIENT (LANDesk agent)
6
LANDesk WinPE boot process
The WinPE boot process starts like this:
1. Once the boot sector is loaded, SETUPLDR uses NTDETECT.COM to scan the hardware so the correct HAL can be loaded.
2. The WINPEOEM.SIF is used to load boot drivers (administrators can customize this file to control which mass-storage drivers are loaded) and then NTOSKRNL.EXE finishes the environment setup and calls SMSS, which in turn loads the registry and calls Winlogon.
3. Winlogon starts the services, finishes driver loading and starts a user session.
4. CMD.EXE is executed and processes the STARTNET.CMD. This batch file is used to load the networking drivers and any other commands one adds to it. The original Windows PE STARTNET.CMD looks like this:
factory –winpe
The LANDesk modified WinPE image by default includes a varied STARTNET.CMD. In version 8.7sp2, it looks like this:
@echo off
set path=%path%;x:\cba8;x:\ldclient
\ldclient\GetBootOptions
set /a err = %errorlevel%
if %err% gtr 0 goto nofix
\ldclient\Diskinfo fix
:nofix
factory –winpe
reg import all.reg
\ldclient\wait4ip /t 180
if %errorlevel% gtr 0 goto fail
CD \CBA8
RESIDENTAGENT.EXE /register
RESIDENTAGENT.EXE /start
CD \ldclient
winpepds /install
winpepds /start
If %err% gtr 0 goto pxe
7
miniscan /nodeviceid /usemacasname
Goto end
:pxe
if %err% lss 2 goto pxemenu
:pxeboot
miniscan /x /nodeviceid /usemacasname
goto end
:pxemenu
miniscan /nodeviceid /usemacasname
Replcore PxeMenuStart.cmd
call PxeMenuStart.cmd
goto end
:fail
@echo “Failed to get localhost IP address or resolve core server name. Please check your network and try again.”
@pause
:end
8
STARTNET.CMD Command Line definitions
@echo off
This command is used to hide the output of this CMD file. REM this command out when troubleshooting the STARTNET.CMD.
set path=%path%;x:\cba8;x:\ldclient
This line sets the path to include the added LANDesk agent files.
\ldclient\GetBootOptions
This executable sets the errorlevel to 0, 1, or 2. 0 if the machine was virtual booted, 1 if the machine was PXE booted and the PXE menu was chosen, and 2 if the machine was PXE booted and managed boot was chosen.
set /a err = %errorlevel%
Sets the ERR variable to the value derived by GetBootOptions.
if %err% gtr 0 goto nofix
This line essential means, if the machine PXE-booted, skip the next line.
\ldclient\Diskinfo fix
This line is only processed if not PXE booting. Diskinfo.exe used with the „fix‟ switch resets the MBR to boot back into the original active partition. Vbooting had previously set this to boot to the WinPE RAM drive.
factory –winpe
The FACTORY.EXE command is used to load drivers and when called with the –winpe switch it will generate a unique name for the PE session (usually minint-<random suffix>) and then process the WINBOM.INI - where one can configure and add to the PE behavior. For example, since by default FACTORY.EXE is scanning all of the available drivers to find the one that matches the discovered hardware, one could limit the number of drivers scanned (thereby increasing bootup speed) by modifying the NetCards section of the WINBOM.INI file.
reg import all.reg
This command will import the LANDesk environment settings into the WinPE registry. Specifically, the Core Server‟s name and the port used for Inventory are defined in the ALL.REG file. Here is an example ALL.REG:
Windows registry Editor version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\LDWM]
“CoreServer”=”<core_name>”
“InventoryServerPort”=”5007”
9
\ldclient\wait4ip /t 180
The wait4ip executable ensures we have an IP address before gathering inventory for this machine. The /t 180 defines a timeout limit of 3 minutes. A /s can be added to silence the output of this program. Additional information is available by executing with a /?.
if %errorlevel% gtr 0 goto fail
This line skips the rest of the commands in this file if an IP address cannot be obtained.
CD \CBA8
This command changes the directory from X:\i386\system32 to X:\CBA8.
residentagent.exe /register
RESIDENTAGENT.EXE is the service that listens for and accepts connections for remote commands, and then starts the application needed to handle the request (which is how the LANDesk imaging operations are carried out). The /register switch will install and register the RESIDENTAGENT.EXE as a service. This is logged in the CBA8 directory in RESIDENTAGENT.LOG.
residentagent.exe /start
The /start switch will start the RESIDENTAGENT.EXE service, which proceeds to load necessary libraries. This too is logged in the RESIDENTAGENT.LOG.
CD \LDClient
This command changes the directory from X:\CBA8 to X:\LDClient.
winpepds /install
WINPEPDS is the module pinged by the Core Server to discover this machine, verifying this is the correct managed node. The /install switch will install the service.
winpepds /start
The /start switch starts the WINPEPDS service.
if %err% gtr 0 goto pxe
This line means that PXE booted machines will continue the script at the PXE section further below.
10
miniscan /nodeviceid /usemacasname
This line is only executed by virtual booted machines, and is their last command. Miniscan is the utility used to grab minimal information about the system and store it in the LDMS Inventory database. Running miniscan without switches will include a devicename and id in its scan file, and thereby will show up in the console as “minint-<random suffix>”. However, using the /nodeviceid /usemacasname switches removes this information from the scan file and limits the data sent to 3 things: MAC Address, IP Address, and Processor Count. In the console, these devices show up named after their MAC address.
if %err% lss 2 goto pxemenu
This line tells those PXE booted machines that are supposed to get the menu to skip to the PXEmenu section.
miniscan /x /nodeviceid /usemacasname
This line is executed by those PXE booted machines that are a managed boot. If the /x is used when calling miniscan, an extra attribute is sent in the Network portion of the scan file, Pxeboot=Yes.
miniscan /nodeviceid /usemacasname
This line is only executed by PXE booted machines that are to display a menu. Miniscan is the utility used to grab minimal information about the system and store it in the LDMS Inventory database. Running miniscan without switches will include a devicename and id in its scan file, and thereby will show up in the console as “minint-<random suffix>”. However, using the /nodeviceid /usemacasname switches removes this information from the scan file and limits the data sent to 3 things: MAC Address, IP Address, and Processor Count. In the console, these devices show up named after their MAC address.
replCore PxeMenuStart.cmd
REPLCORE.EXE is used to replace the %CoreServer% variable in the file it is pointed to with the value found in the registry String Value HKLM\Software\Intel\LANDesk\LDWM\CoreServer (this was populated with the ALL.REG earlier in the process). In this case, the PxeMenuStart.cmd is about to be called and it uses sdclient to contact the Core Server and therefore must have the correct corename in its command line.
call PxeMenuStart.cmd
If the menu option is chosen by the PXE booted machine, then the PXEMENUSTART.CMD will be executed. Two of the significant lines are:
sdclient /f /o /p=”http://%CoreServer%/landesk/files/dosmenu.cfg”
RunBatch 500 X:\LDClient PxeMenu dosmenu.cfg
First, sdclient is used to retrieve the DOSMENU.CFG from the Core Server. Then RunBatch (a simple utility that calls a process after a defined delay) is used to launch PXEMENU.EXE fed with the parameter of DOSMENU.CFG.
11
@echo "Failed to get localhost IP address or resolve core server name. Please check your network and try again."
If an IP address could not be obtained, this error message appears, indicating that the NIC or NIC drivers should be investigated.
Customization This section explains the steps necessary for the administrator to customize the Windows PE image included with LANDesk® Management Suite OSD. To change anything in the Windows PE image, the administrator must first have an editor, such as WINIMAGE, and then the LDVPE1.IMG can be opened; this is located on the core under the LDMAIN\LANDesk\Vboot directory.
Also, anytime the PE image on the core is customized, any PXE representatives that already exist in the environment should be redeployed in order to receive the updates.
Build customized Windows PE image
The first customization possible is to build a Windows PE image for use with LANDesk OSD. This can be done for a number of reasons, usually to add some extra support to the OS. To create a Windows PE image for LANDesk OSD, the administrator must already have LANDesk installed and they can follow a few sets of steps, here they are:
Get the raw Windows PE files
1. Create a local directory to store build tools, like c:\build_x86.
2. Copy all files in the winpe directory from the Windows PE CD-ROM to c:\build_x86.
3. Copy whole Windows Server 2003 SP1 CD-ROM to a local directory, like c:\ENT_WITH_SP1.
4. Create a local directory to store Windows PE raw files, like c:\winpe.
5. Execute the following from a command prompt:
cd c:\build_x86
mkimg c:\ENT_WITH_SP1 c:\winpe /wmi
NOTE: /wmi is the additional support LANDesk adds to the PE image, however other features (ie, scripting support) can be added to the OS on this mkimg command line. Refer to the Windows PE documentation (winpe.chm) for available options.
12
Add files to the PE image
Now that c:\winpe contains the raw Windows PE files, the next step is to add files from a shipping LDVPE1.IMG to the custom Windows PE.
1. Extract the LDClient and CBA8 files from ldvpe1.img and add them to the root of c:\winpe.
2. Extract the WINBOM.INI from the root of the ldvpe1.img and add it to the root of c:\winpe (delete the winbom.ini from the I386 directory).
3. Extract the TXTSETUP.SIF from the I386 directory in ldvpe1.img and add it to the c:\winpe\I386 directory.
4. Extract the following files from an existing ldvpe1.img and add them to c:\winpe\I386\SYSTEM32:
MFC71.DLL
MSVCR71.DLL
MSVCP71.DLL
WINPESHL.INI
PESHELL.EXE
ALL.REG
STARTNET.CMD
SETUPREG.HIV
WINPE.BMP
Build an IMG file to store the Windows PE files
1. Create one new partition on the hard disk; specify the size of the partition to be X MB, the file system to be FAT32, and bytes per cluster to be 1024.
a. Whatever the size of the c:\winpe directory is + 1MB should be the size of this partition, usually 175 MB unless the image is trimmed down using instructions later in this document.
b. The resulting LDVPE1.IMG will not be resizable through the LDMS console. This feature works on the shipping LDVPE1.IMG only.
2. Run WinImage.exe to read the new partition image and save it to a file named ldvpe1.img.
a. Under the Disk menu, choose to „Use disk <new partition>‟
b. Under the Disk menu, choose to „Read disk‟
c. Under the File menu, choose to „Save As‟
13
d. Save it as LDVPE1.IMA, and then afterwards rename it to LDVPE1.IMG
3. With WinImage, inject all the files (include subfolders) from c:\winpe to ldvpe1.img.
Add / Specify drivers
Although Windows PE has all the drivers included with Windows XP, it is still sometimes necessary to add new or updated drivers to get the OS to function. Starting with LANDesk® Management Suite 8.7 Service Pack 2, administrators can use the toolbar menu item in the OSD administration toolbox to add drivers to the WinPE image. The steps automated by the GUI utility (which can also be done manually) to add mass storage drivers are:
1. Open the LDVPE1.IMG file and under the i386\system32 directory, create a directory (can be named anything)
2. Drop the driver‟s contents into this directory, maintaining the structure so TXTSETUP.OEM resides at the root of the newly created directory.
3. Extract the WINPEOEM.SIF file from i386\system32 and remove the semicolons around the OEMDRIVERPARAMS section.
4. Add the new directory to the (comma-separated) OEMDRIVERDIRS line item.
5. Save the modified WINPEOEM.SIF and insert it back into the image‟s system32 directory.
6. Save the LDVPE1.IMG file.
IMPORTANT: Even though the driver is inserted properly and the WINPEOEM.SIF is updated correctly, the driver can still fail to load if the inserted TXTSETUP.OEM is not configured. The TXTSETUP.OEM has a HWCOMPONENTS section (ie, [scsi]) that can reference multiple device types. Windows PE will attempt to find the first device in this list if there is none referenced in the [Defaults] section. To properly configure the TXTSETUP.OEM prior to inserting it into the image, either edit the [Defaults] section to reference the correct device, or if there are no Defaults configured, ensure that only one device is listed in the HWCOMPONENTS section (ie, the [scsi] section) by remming out the other lines.
To add other drivers, like NIC drivers, the GUI utility automates these steps:
1. Open the LDVPE1.IMG file and put the .INF file(s) under the i386\inf directory.
2. Put the .SYS file(s) under the i386\system32\drivers directory.
3. Put all other files in the i386\system32 directory.
4. Save the LDVPE1.IMG file.
14
To speed up the boot process, the administrator may choose to specify the NIC drivers to load instead of allowing FACTORY.EXE to scan all of them. To do this, modify the WINBOM.INI file (at the root of the PE image) so it looks like this:
[NetCards]
NICPnPID=X:\i386\inf\<driver>.inf
To define multiple NICs, add a line for each INF that should be included.
Additional customization
Depending on the environment‟s needs, an administrator might want to make further customizations to the WinPE image. For example, to modify the background, switch out the WINPE.BMP in the system32 directory of the LDVPE1.IMG image file with one that reflects the corporate branding (starting in 87SP2 this can be done from the OSD toolbar). Also, the TXTSETUP.SIF in the I386 directory can be modified from “Starting Windows PE by LANDesk(R) OSD...” to whatever custom message is desired. To include extra utilities, usually administrators add them to the image and then call them in the STARTNET.CMD file. Starting with version 8.7SP2, the shipping LDVPE1.IMG can be resized up to 264 MB, and this is done by using the toolbar menu item in the OSD console.
Trim down the image
In some environments it will be desired to reduce the size of the Windows PE image in order to save on bandwidth when downloading. Others may have machines with limited amounts of memory and need the RAM drive to be smaller; usually 100 MB more than the size of LDVPE1.IMG is needed on the target machine for the OS to function (for example, an LDVPE1.IMG that is 180MB needs 280+MB RAM on the target machine).
In order to reduce the size of the image, LANDesk removes several unnecessary files from the Windows PE image. Listed below are the files removed by LANDesk, however there may be other files an administrator deems unnecessary and can remove. Open the LDVPE1.IMG with WINIMAGE and delete the following to reduce size:
1. Delete all files under c:\winpe\I386\FONTS\*.* except ARIAL.TTF, MARLETT.TTF, VGA860.FON, VGA863.FON, and VGA865.FON.
2. Delete all files under c:\winpe\I386\HELP.
3. Delete whole c:\winpe\I386\msagent folder.
4. Delete c:\winpe\I386\bootfix.bin.
5. Delete c:\winpe\I386\spcmdcon.sys.
15
6. Search for gdiplus.dll and winhttp.dll under c:\winpe\I386\WinSxS, and delete them.
7. Delete all C_XXX.nls (XXX is a number) except C_1252.nls and C_437.nls.
8. Delete the following files under c:\winpe\I386\SYSTEM32:
eqndiag.exe dbgeng.dll icmp.dll kbdit142.dll mprui.dll nwprovau.dll rasdlg.dll
eqnlogr.exe dbghelp.dll imgutil.dll kbdla.dll msafd.dll nwwks.dll rnr20.dll
eqnloop.exe dciman32.dll initpki.dll kbdmac.dll mscat32.dll oakley.dll scecli.dll
net.hlp ddraw.dll io8ports.dll kbdne.dll mscms.dll odbc16gt.dll security.dll
odbccp32.cpl devmgr.dll iologmsg.dll kbdnec.dll msgsvc.dll odbc32.dll shdocvw.dll
peer.exe dgclass.dll kbdbe.dll kbdno.dll msimg32.dll odbc32gt.dll snmpapi.dll
xlog.exe dgnet.dll kbdbr.dll kbdpo.dll msjet40.dll odbcbcp.dll softpub.dll
alrsvc.dll dgrpsetu.dll kbdca.dll kbdsf.dll msls31.dll odbcconf.dll spdports.dll
avmc20.dll diapi2.dll kbdda.dll kbdsg.dll mssign32.dll odbccp32.dll spoolss.dll
avmcapi.dll diapi232.dll kbddv.dll kbdsp.dll mssip32.dll odbccr32.dll spxcoins.dll
avmenum.dll diapi2nt.dll kbdes.dll kbdsw.dll mswstr10.dll odbccu32.dll spxports.dll
azroles.dll disrvpp.dll kbdfc.dll kbduk.dll netevent.dll odbcint.dll stlnprop.dll
azroleui.dll disrvsu.dll kbdfi.dll kbdusl.dll netui2.dll odbcji32.dll sxports.dll
browser.dll dnsrslvr.dll kbdfr.dll kbdusr.dll ntdsa.dll odbcjt32.dll tsddd.dll
certcli.dll duser.dll kbdgae.dll kbdusx.dll ntdsatq.dll odbcp32r.dll ureg.dll
cnbjmon.dll eqnclass.dll kbdgr.dll linkinfo.dll ntdsetup.dll odbctrac.dll xmlprov.dll
console.dll extmgr.dll kbdgr1.dll Loadperf.dll ntdskcc.dll perfctrs.dll xmlprovi.dll
cryptnet.dll fltlib.dll kbdic.dll localspl.dll nwapi32.dll perfnw.dll
ctmasetp.dll gptext.dll kbdir.dll lz32.dll nwcfg.dll pstorec.dll
ctmrclas.dll hccoin.dll kbdit.dll Mobsync.dll nwevent.dll query.dll
Conclusion
The Windows PE image utilized by LANDesk OSD can be customized to fit the needs of the environment by following the instructions in this document.
