Mass Deploy Images that Contain Write Filters (Standard 8)

7/8/2014

Review information on mass deployment of Write Filter-enabled Windows Embedded 8 Standard (Standard 8) images.

This topic explains special scenarios and configurations that you must consider when you deploy images that contain Unified Write Filter (UWF), Enhanced Write Filter (EWF) or File-Based Write Filter (FBWF).

Mass Deployment Scenario

A typical mass deployment scenario involves a developer creating a master image by adding the components that they must have to meet their device requirements. The developer then deploys the master image to a single computer. After deploying the image to a single computer, the developer can customize the run time image by modifying the settings for write filters or other components.

When ready to deploy the run time to multiple computers, the developer must prepare the image for mass deployment by removing system-specific settings such as the computer security identifier (SID). By definition, system-specific settings such as the SID are incompatible from one computer to the next. You can use the Sysprep tool to remove system-specific settings. With the image now ready to be mass deployed, you can capture the image as a WIM file by using the ImageX utility. When you deploy the WIM to a different computer, the computer-specific settings removed by Sysprep are regenerated and customizations to write filters or other components are retained.

Note

Each deployment process performs several verifications, which rely on the target device's date and time settings. For optimal performance, confirm before deployment that each target device is set to the correct date and time.

Additional Support for Write Filters during Mass Deployment

During configuration using Image Configuration Editor (ICE) or manually at runtime, volumes that need protection are specified by using drive letters (For example C: for FBWF) or {disk number, partition number} pairs (for example disk number 0, partition number 1, for EWF). Both write filters will translate these non-persistent volume identifiers to persistent identifiers. FBWF uses volume GUIDs in the form of \\?\Volume{GUID}\ where GUID identifies the volume (for example, \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\). EWF uses the unique integer signature assigned by the OS to identify the physical disk and then uses a byte offset to identify the partition associated with the volume (for example, DiskSignature=dword:61e10f39 and PartitionOffset=hex(b):00,00,a0,c0,22,00,00). Both are persistent identifiers for volumes that do not change across computer restarts or when additional disks/volumes are added or removed. This guarantees that the write filters always protect the correct volume (as identified by the user during initial setup).

The persistent-volume identifiers used by the write filters are specific to each computer and they will not match any volumes on any other computers. This means all write filter settings would be lost after mass deployment onto a different computer. To change this behavior, you must perform additional actions during the generalize and specialize configuration passes to maintain and reapply the write filter settings to give users a seamless experience during mass deployment. The developer must disable write filters before mass deployment of the image starts.

Providing Additional Settings during Generalization

Sysprep lets users provide additional settings in a configuration file to be applied onto the master image. These settings can be related to any component including write filters. These additional settings are optional and will be merged with the current settings for write filters. For example, if the current configuration for FBWF protects the C drive alone, you can specify settings for additional volumes in the configuration file during generalization; for example, D and E. When the WIM is deployed, FBWF will have three protected volumes: C, D, and E.

Executing Sysprep

With Windows Embedded 8 Standard (Standard 8) installed images, Sysprep.exe is provided as a preinstalled component that can be found in the %WINDIR%\System32\Sysprep directory. This utility is the main program that orchestrates execution of all other executable files that help in preparing the system for deployment. Sysprep.exe must be run in the context of the installed directory, and administrator rights will be required to correctly generalize or specialize the image for later deployment.

Preconditions on Reference Image before Sysprep Generalization

It is usually necessary to test an initial installation and provide additional adjustment before redeployment. This usually includes adding custom applications to the image and testing the system in field conditions.

Special consideration is required before you use Sysprep on an image to make sure that write filters are not protecting the operating system volume. To make sure that Sysprep is successful, write filter protection must be temporarily disabled. Sysprep makes special demands that are incompatible with operation of a protected system because several core components will be invoked to modify the system in preparing for a generalized image. This is also the case on image deployment during later specialization. Execution of Sysprep as long as the system volume has a write filter enabled is not supported and will likely put the system into an unstable intermediate state.

We recommend that you deploy the image with system volume protection disabled and then re-enable protection after Windows Welcome, or the oobeSystem phase is completed. Alternatively, you could have Sysprep install and configure write filters during mass deployment as specified in a supplied configuration file. For more information, see Sysprep Command-Line Settings.

Mass Deployment Logs

Sysprep uses the Panther logging engine to capture useful debugging information that you can use to help resolve installation or deployment-related issues. For more information about Windows Setup Log files, see the following Microsoft Web site.

Procedures

To configure and mass deploy an image

1. Create an image using Image Configuration Editor (ICE) or Image Builder Wizard (IBW).

2. Deploy the reference image.

3. Start Windows Embedded 8 Standard (Standard 8) in audit mode.

   1. If you use IBW with a configuration file, change the settings within Deployment_<Architecture> for either Phase 5 (Audit System), or Phase 6 (Audit User). For the Deployment component, change the Mode setting under Reseal to Audit. Make sure that the ForceShutdownNow setting is set to false.
      For more information, see Deployment.

      Note

      Changing these settings will let the user interact with Windows Audit Mode. When using the Audit Mode, the user has full control over using the desktop, command prompt, and other features.

   2. If you are using IBW without a configuration file, as soon as the Windows Welcome screen is displayed, press SHIFT+CTRL+F3 to enter Audit Mode.

4. Configure and customize the reference image.

5. (Optional) Enable and configure any Lockdown and Branding features. This state may require several restarts.

6. If you use a write filter (UWF, EWF, or FBWF), disable it.

7. Restart the system.

8. Generalize the image using Sysprep.

9. Use ImageX to capture the image from Windows PE.

10. Mass deploy the image using one of the following technologies:

    1. ImageX and BCDBoot
    2. Windows Deployment Services
    3. Create a custom IBW disk.
    4. System Center Configuration Manager (ConfigMGR)

Additional Reading for Image Setup and Mass Deployment

• For more information about Windows PE, see Windows PE Technical Reference.
• For more information about automated installation, see Unattend Windows Setup Reference.

See Also

Reference

ImageX Technical Reference
BCDBoot Technical Reference

Concepts

Write Filters Overview
Deploy Images

Other Resources

Sysprep Technical Reference