Windows 7 / Getting Started

Managing access and prestaging Computers

You can manage images using DISM and the techniques discussed previously. To prevent unauthorized users from installing images, you can:

  • Prestage computers and allow only known computers to be deployed
  • Modify the security settings of image files so that only appropriate personnel can access them
  • Enable administrator approval for client installation

Prestaging Computers

Prestaging computers involves creating computer accounts in Active Directory prior to their use. By prestaging a computer, you control exactly which clients and servers can communicate with each other. Before you prestage computers, you should be sure that Windows Deployment Services is configured to accept requests only from known computers. To do this, follow these steps:

  1. In the Windows Deployment Services console, expand the Servers node. Right-click the server you want to work with, and then select Properties.
  2. On the PXE Response Settings tab, click Respond Only To Known Client Computers, and then click OK.

To prestage a computer, you need to know the computer's globally unique identifier (GUID). A computer's GUID comes from the active network adapter on the computer and must be entered in the format {dddddddddddd- dddd-dddd-dddddddddddd}, where d is a hexadecimal digit, such as {AEFED345-BC13-22CD-ABCD-11BB11342112}.

You can obtain the required identifier in several ways. In some cases, manufacturers print a label with the GUID and attach the label to the computer. However, don't forget that the GUID is valid only for the network adapter that shipped with the computer. If you replace the adapter, the new adapter will have a new GUID.

To obtain the GUID for the installed network adapter, you can check the computer's firmware. If a remote computer is started, you can enter the following command at a Windows PowerShell prompt:

get-wmiobject win32_networkadapter | format-list guid

Write down or copy the GUID associated with the network adapter connected to the local area network.

To prestage computers, follow these steps:

  1. In Active Directory Users And Computers, right-click the OU or container where the computer will be staged, click New, and then click Computer.
  2. Type a name for the computer, and then click Next. Alternatively, click Change to choose the user or group with permission to join this computer to the domain, and then click Next.
  3. On the Managed page, select This Is A Managed Computer, type the computer's GUID, and then click Next. The GUID can be found in the system firmware or it might be posted on the computer case.
  4. On the Host Server page, choose the Windows Deployment Services server that will service this client. Click Next, and then click Finish.
[Previous] [Contents] [Next]

In this tutorial:

  1. Deploying Windows 7
  2. Working with Windows PE
  3. Understanding Windows pe
  4. Configuring Windows PE
  5. Preparing a Build environment
  6. Creating a Build: the essentials
  7. Mounting a Windows pe Image
  8. Customizing a Windows PE Image
  9. Capturing and Optimizing a Build
  10. Creating a Bootable ISO Image and Bootable Media
  11. Creating a Bootable USB Flash Drive
  12. Booting to an Image from a hard Disk
  13. Adding Windows pe Images to Windows Deployment Services
  14. Working with Windows RE
  15. Creating a Customized Windows RE Image
  16. Creating Windows re recovery Media
  17. Adding Windows RE Images to Windows Deployment Services
  18. Deploying Windows with a Customized Windows RE
  19. Creating Windows Images for Deployment
  20. Understanding Windows Imaging
  21. Creating a Windows Install Image
  22. Configuring and Using Windows Deployment Services
  23. Setting Up Windows Deployment Services
  24. Importing Images
  25. Installing Windows from an Image
  26. Capturing Images
  27. Managing access and prestaging Computers
  28. Modifying Image File Security
  29. Customizing Windows Images