How to boot Image Builder Wizard from network and deploy Windows Embedded Standard 7/8

An opportunity to deploy Windows systems using local network exists, there is nothing new here. Known way for desktop Windows systems is to perform the following steps:

1. Setup Windows Deployment Services role on Windows Server.
2. Add boot and install images.
3. Boot up "boot image" using PXE.
4. Select "install image" and deploy it.

I'm not covering very rich Windows Deployment Services and Microsoft Deployment Toolkit functionality here; the description above is only to show the problem.

The problem

The problem is you cannot initially deploy Windows Embedded Standard (WES) this way. Why?
WDS and MDT require fully functional install.wim (install image) to deploy an OS successfully.
WES is component system unlike traditional Windows; thus there is no fully functional install.wim.


Instead of that there is small-size special install.wim (you can check it - mount IBW ISO disk and find the file - it is small indeed) and component share folder ("Distribution Share" in WES7 and "Catalog" in WE8S). In case of WES' general deployment process Image Builder Wizard (IBW) deploys initial small install.wim and then deploys selected components from that component share. If you try to use just that install.wim with WDS the OS won't function properly because there will be actually no components added to the OS image, because only IBW can add the components.

To be accurate, WDS deployment with WES is possible in case if you initially deployed an image using IBW, then syspreped it, and then captured it to your custom wim file, and then deployed that wim file.

I was developing a training on Windows Embedded systems deployment in company that I work in (Quarta Technologies) and when I developed network deployment section I was wondering how to do network deployment for Windows Embedded initial deploy. Unfortunately, there was absolutely no information on how to do that in documentation and online, but I've figured out it is possible. I've tested the solution on both WES7 and WE8S.

Here I'll describe only general steps to reproduce my solution because I think general description is more value than step-by-step guide; it allows people to understand the whole concept.

The benefits from the solution are:

• There will be only one components share folder in your intranet, no need to install entire share to each development computer;
• Once the components share is updated each development computer that uses the share obtains the latest components;
• You'll need to update only one share instead of each development computer's share;
• You'll be able to prototype with IBW quickly. No need to create USB boot disk each time the share updates;
• Nobody can alter that components share because it will be mounted as read-only.

The solution

1. Let's select one Windows version, for example, Windows Embedded 8 Standard x86. Let's select Windows Server version as well. You need Windows Server because it natively supports WDS role. I used Windows Server 2012 R2. In this example Windows Server will be used as standalone server, not including it in any domain.
2. Download and install all the latest updates for your server system.
3. Download and install WE8S toolkit. Install all the components available.
4. Run Windows Embedded Developer Update, add Windows Embedded Catalog folder, search and install all updates available (you can exclude language packs as you wish).
5. Create new user account. Deny interactive logon for that account using Group Policy tool. This account will be used only to create network shared catalog folder, the folder will be read-only and contain only Windows components, so you can use simple password or create empty password.
6. If you used empty password, go to Group Policy tool and allow to use empty passwords for network shares.
7. Share catalog folder (C:\Windows Embedded Catalog by default) for user account created above as read-only folder. Check twice you gave only "Read" right for that account. Write down resource's network name.
8. Run Image Configuration Editor (ICE). Select Tools - Create Media - Create IBW image with full Catalog. Select x86 architecture and specify folder C:\IBW_x86. Once finished, go to folder and delete catalog from it (we don't want to use this catalog because WEDU doesn't update it automatically).
9. When finished, share C:\IBW_x86 the same way as Windows Embedded Catalog. Now you have two shared folders. One of them contains catalog files, another contains IBW files.
10. Return back to ICE and select Tools - Create Media - Create Windows PE image. Select C:\winpe folder, x86.
11. We need to change startnet.cmd script inside Windows PE image. Run command line as administrator, mount c:\winpe\media\sources\boot.wim using DISM.
12. Locate \windows\system32\startnet.cmd inside mounted image, remove its content and put the following lines (replace "SERVER_NAME" to your server name, "user_name" to user account name, "password" to its password):
    wpeinit
    net use n: "\\SERVER_NAME\Windows Embedded Catalog" /user:user_name password
    net use m: "\\SERVER_NAME\IBW_x86" /user:user_name password
    m:\setup /catalog:n:\
    
13. Save the file, dismount image with commit.
14. Add the boot.wim to WDS boot images using WDS snap-in. Give it understandable name and description.
15. Create virtual machine with PXE boot capabilities or use physical machine to test the solution.
16. Boot the machine from WDS, select boot image added to WDS above.
17. Once start, it will mount shares and start IBW.
18. Test network IBW deployment.

How it works

In the solution above we have the following key elements:

1. Shared folder with catalog components.
2. Shared folder with IBW files.
3. Windows PE image that mounts the folders on startup and executes IBW. It points IBW to mounted catalog folder using /catalog command line switch.
4. You have no troubles with catalog folder updates because you always use original updated folder.
5. But when WEDU does update tools itself, you'll need to update your C:\IBW_x86 folder.

Of course now you can have multiple development stations using shared components folder. To do that setup, select custom setup during development tools installation and then exclude Development Share (for WES7) or Catalog (for WE8S). After setup finishes, mount network share with components, run Image Configuration Editor, say "Select development share" ("Select catalog" for WE8S) and select network share with components.
There may be one issue with ICE for WES7. It requires elevation to run. Thus if you have mounted network share as normal user you won't be able to see network drive under elevated environment. So you need to mount network share under elevated environment itself. To do that, in "Specify Distribution Share" dialog box, go to Desktop, make right-mouse click on Computer and then select Map Network Drive, then map network drive as usual.

Improvements

Of course this is not ideal solution. Consider possible questions and improvements:

1. Use only one shared folder instead of two (Windows directory junctions can help to put put different locations on a file system to one shared folder).
2. Create Windows PE images for different architectures.
3. I understand this isn't good practice to install development tools on server system, so you can decide to create separate virtual machine on server host to do that (Definitely, Hyper-V will be the fastest way).
4. Of course you need an error handling. What if server is unavailable? It is good practice to give user friendly error message and exit to command line, for example.

For our company I use slightly different solution that incorporates ordinary WIM deployments with IBW deployments and allows a user to select deployment option from special menu system.