Managing access and prestaging Computers
You can manage images using DISM and the techniques discussed previously. To prevent unauthorized users from installing images, you can:
- Prestage computers and allow only known computers to be deployed
- Modify the security settings of image files so that only appropriate personnel can access them
- Enable administrator approval for client installation
Prestaging Computers
Prestaging computers involves creating computer accounts in Active Directory prior to their use. By prestaging a computer, you control exactly which clients and servers can communicate with each other. Before you prestage computers, you should be sure that Windows Deployment Services is configured to accept requests only from known computers. To do this, follow these steps:
- In the Windows Deployment Services console, expand the Servers node. Right-click the server you want to work with, and then select Properties.
- On the PXE Response Settings tab, click Respond Only To Known Client Computers, and then click OK.
To prestage a computer, you need to know the computer's globally unique identifier (GUID). A computer's GUID comes from the active network adapter on the computer and must be entered in the format {dddddddddddd- dddd-dddd-dddddddddddd}, where d is a hexadecimal digit, such as {AEFED345-BC13-22CD-ABCD-11BB11342112}.
You can obtain the required identifier in several ways. In some cases, manufacturers print a label with the GUID and attach the label to the computer. However, don't forget that the GUID is valid only for the network adapter that shipped with the computer. If you replace the adapter, the new adapter will have a new GUID.
To obtain the GUID for the installed network adapter, you can check the computer's firmware. If a remote computer is started, you can enter the following command at a Windows PowerShell prompt:
get-wmiobject win32_networkadapter | format-list guid
Write down or copy the GUID associated with the network adapter connected to the local area network.
To prestage computers, follow these steps:
- In Active Directory Users And Computers, right-click the OU or container where the computer will be staged, click New, and then click Computer.
- Type a name for the computer, and then click Next. Alternatively, click Change to choose the user or group with permission to join this computer to the domain, and then click Next.
- On the Managed page, select This Is A Managed Computer, type the computer's GUID, and then click Next. The GUID can be found in the system firmware or it might be posted on the computer case.
- On the Host Server page, choose the Windows Deployment Services server that will service this client. Click Next, and then click Finish.
In this tutorial:
- Deploying Windows 7
- Working with Windows PE
- Understanding Windows pe
- Configuring Windows PE
- Preparing a Build environment
- Creating a Build: the essentials
- Mounting a Windows pe Image
- Customizing a Windows PE Image
- Capturing and Optimizing a Build
- Creating a Bootable ISO Image and Bootable Media
- Creating a Bootable USB Flash Drive
- Booting to an Image from a hard Disk
- Adding Windows pe Images to Windows Deployment Services
- Working with Windows RE
- Creating a Customized Windows RE Image
- Creating Windows re recovery Media
- Adding Windows RE Images to Windows Deployment Services
- Deploying Windows with a Customized Windows RE
- Creating Windows Images for Deployment
- Understanding Windows Imaging
- Creating a Windows Install Image
- Configuring and Using Windows Deployment Services
- Setting Up Windows Deployment Services
- Importing Images
- Installing Windows from an Image
- Capturing Images
- Managing access and prestaging Computers
- Modifying Image File Security
- Customizing Windows Images