TITLE PAGE

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 TABLE OF CONTENT 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

1|Page
INTRODUCTION
 
 
Scope and Limitation 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 

 
 

2|Page
 

Creating Domain Controller

On this documentation, we will show you on how to create domain controller from scratch. Domain
controller is the main foundation of the server to act as controller to all PC’s and Co-server. These are
the procedure on how to create domain controller:

1st step: Boot the server machine and insert the cd and choose boot from CD-ROM/DVD drive. This will
follow by the boot from software.

2nd step: choose the operating system that you want to install:

 Server Core Installation option

With this option, the standard user interface (the “Server Graphical Shell”) is not installed; you manage the server
using the command line, Windows PowerShell, or by remote methods.

 Server with a GUI option

With this option, the standard user interface and all tools are installed. Server roles and features are installed with
Server Manager or by other methods.

(in our case always choose SERVER WITH GUI)

3rd step: Just click the “I Accept the license terms” then next

3|Page
4th step: If you want to upgrade your OS choose Upgrade or if you want to start from scratch with a clean installation of
Windows, you can choose Custom you can create a partition in this installation.

5th step: We don’t need to create a partition so just click next

6th step: Wait until you’re done installing the windows

4|Page
7th step: Once the operating system is done, we need to input the Local Administrator Account for security purposes.

8th step: Just press Ctrl+Alt+Delete on keyboard to login.

9th step: Enter the Administrator’s password to log in.

5|Page
10th step: First thing to do is to set your network into STATIC (the purpose of this, is to have a unique IP Address for our server)
Right click the network and choose “Open Network and Sharing Center”

11th step: Click the “Change adapter settings”

12th step: Right click the “Ethernet” and select the “Properties”

6|Page
13th step: Choose the “Internet Protocol Version 4 (TCP/Ipv4)”
And click “Properties”

(The picture shown below is just an example)

7|Page
14th step: After setting up the static IP, open the Server Manager. In the Server Manager click on "Add Roles and Features".

15th step: Now some important information will be given, you can read it and then click on the "Next" button.

16th step: The Installation type page will be opened that will ask you to select one of the options. Select the first option i.e.
"Role Based on Feature based Installation" and then click on "Next".

8|Page
17th step: Now you must select a Server from the Server Pool. Since I have only one server, my default server is automatically
selected. After selecting the server click on "Next".

18th step: Select the “Active Directory Domain Services” role.

19th step: Accept the default features required by clicking the “Add Features” button.

9|Page
20th step: Select the “DNS Server” role.

21st step: Accept the default features required by clicking the “Add Features” button.

22nd step: Now there will be certain features to be selected. You can select any of them or can just click on "Next" if you simply
want to move on.

10 | P a g e
23rd step: After that one more page will be opened showing you some points to remember.

24th step: this will show the function of DNS server. Click next to proceed.

25th step: On the Confirm installation selections screen click the Install button.

11 | P a g e
26th step: After that, click on Install and the installation will begin.

27th step: Once completed, notification is made available on the dashboard highlighted by an exclamation mark. Select it and
amidst the drop down menu.

28th step: select “Promote this server to a domain controller.”

12 | P a g e
29th step: Select deployment configuration:

 Add a domain controller to an existing domain

“For services redundancy” or “for domain authentication improvement in remote Site”.In case of server failure, we
still have another one which can provide necessary services in our network, which avoids business discontinuity.
 Add a new domain to an existing domain
 Add a new forest
You will create a new domain

(Select Add a new forest and input your desire domain name)

30th step: It’ll automatically select the windows that you are using. Just input your desire password (this is for safe mode
password

31st step: Just click “next”

13 | P a g e
32nd step: You can set your desire domain name

33rd step: Specify location for AD database and SYSVOL and Click the Next button.

14 | P a g e
34th step: Review Options screen provides a summary of all of the selected options for server promotion. As an added bonus,
when clicking View Script button you are provided with the PowerShell script to automate future installations. To click
the Next button to continue.

35th step: Should all the prerequisites pass, click the Install button to start the installation.

36th step: Once the roles are installed. This will automatic restart to implement the domain name.

15 | P a g e
Now this will be your domain controller that you have been created.
(Picture shown below is just an example)

Implementing File Server

As a server administrator, you can manage access to any server folders (known as “shared
folders” when accessed from the Remote Web Access) on the server by usingsi ca the tasks on
the Server Folders tab of the Dashboard, allowing users varying levels of access to a variety of files. This
documentation will show you on how to create and implement file server on your server infrastructure,
here’s the step in how to create it:

1st step: You need to set your network into static to have an internet connection
First thing you need to do is right click your network settings and click open Network and
sharing.

16 | P a g e
Go to Change adapter settings

Right click the Ethernet and click Properties

17 | P a g e
Select the Internet Protocol 4 (TCP/IPv4)

Make it static (Picture shown below is just an example)

18 | P a g e
2nd step: Join it to your domain (Go to computer properties)
(It must be connected on your network)

19 | P a g e
Enter your domain name so it will connect on your network.
(Note: if you click “OK” it’ll automatically restart)

20 | P a g e
It’ll ask you to enter the credential that has permission (ex. Administrator) to apply the changes that
you’ve been created.

21 | P a g e
Log in using Administrator and the password of it.

3rd step: Go to Computer management click the Disk management

22 | P a g e
Right click the Unallocated Disk

(note: if you have different file storage this method will be follow, otherwise proceed to other steps.)

And click Online

23 | P a g e
Convert to GPT Disk
(GPT allows for a nearly unlimited amount of partitions)

Simple volume is a dynamic volume that is made up of disk space from a single dynamic disk. A simple
volume can consist of a single region on a disk or multiple regions of the same disk that are linked
together. You can create simple volumes only on dynamic disks.

24 | P a g e
Apply how many MB you want

It Depends on what letter do you want to choose

(Note: But be careful on putting a letter, this will be the permanent letter of the drive)

NTFS (NT file system) is the file system that the Windows NT operating system uses for storing and
retrieving files on a hard disk. 

25 | P a g e
This would be the disk that you’ve been created

Go to Sever Manager and Click Add roles and features

26 | P a g e
 Role-based or feature-based installation: this is the advanced option for installing RDS, it allows you
to manually select the roles that you would like to install and manually configurethose roles, for
example if you only need to install the "Remote Desktop Session Host" service to support using RDS
in a Workgroup machine, or to allow more than 2 concurrent sessions, you may use the Role-based
or feature-based installation process to only install that service.
 Remote Desktop Service installation: this is the new way of deploying RDS in Windows. Depending
on the scenario that you choose, this way will select, install and configure all the needed
components for you to help save time and effort. it usually installs the three basic roles that are 1)
RD Connection Broker 2) RD Web Access and 3) RD Session Host, those roles can all be installed and
configured remotely using a single wizard, which helps save time and effort in the deployment.

27 | P a g e
Install File and Storage Services
File and iSCSI Services
(File and Storage includes technologies that help you set up and manage one or more file servers, which
are servers that provide central locations on your network where you can store files and share them with
users. Services)

By using File Server Resource Manager, administrators can place quotas on folders and volumes,
actively screen files, and generate comprehensive storage reports. This set of advanced instruments not
only helps the administrator efficiently monitor existing storage resources, but it also aids in the
planning and implementation of future policy changes.

28 | P a g e
29 | P a g e
Go to Server Manager and click File and Storage Services that you have been installed.

Click Shares and drop down the Tasks

30 | P a g e
SMB Share Quick- This basic profile represents the fastest way to create an SMB file share, typically
used to share files with Windows-based computers.
 Suitable for general file sharing
 Advanced options can be configured later by using the Properties dialog
SMB Share Advanced -This advanced profile offers additional options to configure a SMB file share.
 Set the folder owners for access-denied assistance
 Configure default classification of data in the folder for management and access policies
 Enable quotas
SMB Share Applications- This profile creates an SMB file share with settings appropriate for Hyper-V,
certain databases, and other server applications.
NFS Share Quick- This basic profile represents the fastest way to create a NFS file share, typically used to
share files with UNIX-based computers.
 Suitable for general file sharing
 Advanced options can be configured later by using the Properties dialog
NFS Share Advanced- This advanced profile offers additional options to configure a NFS file share.
 Set the folder owners for access-denied assistance
 Configure default classification of data in the folder for management and access policies
 Enable quotas

We will choose the drive that we configure on the last step for our storage on file server.

31 | P a g e
Input your desire Share Name to make it more organize

32 | P a g e
Access-based enumeration displays only the files and folders that a user has permissions to access

Allow caching of share ensures that users have access to shared files even when they are working
offline without access to the network. 

Encrypt data access to make data transfers secure by encrypting data in-flight, to protect against
tampering and eavesdropping attacks.

You can customize your shared folders by clicking Customize permissions

Where you can Add and Remove user who can view your shared folder

33 | P a g e
In the Advanced Security Settings dialog box, click the Disable Inheritance button to disable inherited
permissions from the parent folder in preparation of setting an explicit set of folder permissions. 

When prompted, click the option to convert inherited permissions into explicit permissions on this
object. This will create a copy of each inherited permission access list entry into an explicit entry for this
folder that we’ll be able to edit or remove. 

34 | P a g e
In this case, we want to modify the default permissions granted to the Users group for this folder.  Use
the Remove button to remove each of the existing access list entries granted to the Users group. 

Then use the Add button to grant a new set of file permissions to the Users group.  In this scenario, we
want users to have read, write and delete permissions to files ( and only files ) inside this folder, so we’ll
select the following permission options for files: 

35 | P a g e
Once we’re done adding file permissions, we’ll use the Add button again to grant a new set of folder
permissions to the Users group.  In this scenario, we want users to have the ability to see folders and
create new files, so we’ll select the following permission options for folders: 

The tabs that are new or improved for the NTFS Security Dialog in Windows Server 2012 include:

 Share – integrates Share permissions into a separate tab on the NTFS security dialog, so that
NTFS and Share permissions can be compared side-by-side
 Effective Access – improved to provide an easier user interface to work with for evaluating the
effective permissions for a user, group, device or claim.
 Central Policy – used with the new Dynamic Access Control (DAC) feature of Windows Server
2012 to centralize folder permissions into security policies that can be dynamically applied to
files and folders based on Active Directory claims.

36 | P a g e
37 | P a g e
Go to File Server Resource Manager to create Quota where you can:
 Limit space allowed for a volume or folder, and generate notifications when the quota limits are
approached or exceeded,
 Generate auto apply quotas that apply to all existing subfolders in a volume or folder and to any
subfolders that are created in the future
 Define quota templates that can be easily applied to new volumes or folders and then used
across an organization.

When you create a quota, you choose a quota path, which is a volume or folder that the storage limit
applies to. On a given quota path, you can use a template to create one of the following types of quota

38 | P a g e
• Create quota on path limits the space for an entire volume or folder.

• An auto apply quota, which assigns the quota template to a folder or volume. Quotas based on
this template are automatically generated and applied to all subfolders.

Right click the folder that you have been created a quota and click Edit Quota properties

39 | P a g e
• Hard quota. Prevent users from writing data to disk. With hard quotas, the utility automatically
limits the user's disk space for you, and no users are granted exceptions. Once users are about to reach
their quota, they come to you for help.

• Soft quota - send you alerts when users are about to exceed disk space. Unlike hard quotas,
there is no physical restriction to prevent users from saving their data. However, you do get alerts and
can create a corporate policy to help manage data.

File Screening Management:

• Create file screens to control the types of files that users can save, and generate notifications
when users attempt to save unauthorized files.

• Define file screening templates that can be applied to new volumes or folders and that can be
used across an organization.

• Create file screening exceptions that extend the flexibility of the file screening rules.

Drop down File screening management and click File screens

40 | P a g e
Under File screen path, type the name of or browse to the folder that the file screen will apply to. The
file screen will apply to the selected folder and all of its subfolders.

(Note you can customize what you want to block)

As you can see, the Audio and Video is already blocked.

41 | P a g e
File screen exception is a special type of file screen that overrides any file screening that would
otherwise apply to a folder and all its subfolders in a designated exception path. That is, it creates an
exception to any rules derived from a parent folder.

In the Exception path text box, type or select the path that the exception will apply to. The exception will
apply to the selected folder and all of its subfolders.

To specify which files to exclude from file screening:

• Under File groups, select each file group that you want to exclude from file screening. (To select
the check box for the file group, double-click the file group label.)

• If you want to view the file types that a file group includes and excludes, click the file group
label, and click Edit.

• To create a new file group, click Create.

Click OK.

42 | P a g e
43 | P a g e
 Mapping File Server Storage Drive
Step 1: Go to My Computer > Right Click Computer Icon > Select Map Network Drive.

Step 2: Map Network Drive > Select Available Drive then Input the Path "example \\192.168.100.236" >
Click Browse

44 | P a g e
45 | P a g e
Step 3: Select the Folder you want to Map > Click Ok > Select Option > Click Finish.

Note Select Option:

 Choose “Reconnect at Sign-in” If you want to use your current NT account else
 Choose “Connect using different credentials” if you want to user different NT account.

46 | P a g e
Note: Done. Drive (Z:) is Added.

47 | P a g e
 Group Policy Management
Active Directory User and Computer
Active Directory Site and Services
Web Server IIS
Windows Update Service

48 | P a g e
 Creating MDT/WDS
 
On this documentation, we will show you how to create MDT/WDS from scratch by step by step
procedure. We simplify all the process by installing windows server 2012 up to creating reference image
to be image by the server. Here's the step that we need to follow to build successful MDT/WDS server 
 
Step 1:    Install windows server 2008 R2 or windows server 2012 R2 to your target machine to be used as
deployment server. (If you need some guide how to install windows server OS go to page 3) 
Step 2:  After the installation of windows server 2008 or windows server 2012, download the following
software for Microsoft Deployment Toolkit. Here's the link of the software: 
 
ADK Setup: https://www.microsoft.com/en-US/download/details.aspx?id=39982 
MDT update2: https://www.microsoft.com/en-ph/download/details.aspx?id=50407  
 
Step 3: After you download all requirement application. Click adksetup to install:  
 

Step 4:  Click next button to proceed. No need to change to path, unless you have separate drive for it.
 

49 | P a g e
Step 5: Click next button again to proceed on the next process, unless you do not want to participate on
windows kit survey.

Step 6: Click next button again to proceed.

50 | P a g e
 Step 7: These are the default feature that we want to install on our server. You can click other feature if
you want to add more feature to your server. Click next to proceed.

 
 Step 8: Wait for the installation to be finished.

Step 9: After the installation of adksetup, we will proceed to installation of Microsoft deployment toolkit

Step 10: Click next button to proceed.

51 | P a g e
 
 Step 11: Click on check box that “I accept the terms on the License Agreement” and click next to
proceed to next process.

Step 12: Click next button to proceed. If you need to change on the feature, just click on the drop down
button and choose your desire feature.

Step 13: Click Next button to proceed.

52 | P a g e
 Step 14: Click install to proceed to installation.

Step 15: Wait until the installation is finished.

 Step 16: After you finished the installation, locate the MDT at start button and click to run

53 | P a g e
Step 17: We can now begin to configure the MDT by right click on Deployment Share and click New
Deployment Share

 
 
  Step 18: Locate your desire Deployment storage and click next to proceed on the next process.

 
Step 19: Input your desire Share Name. This will be your network shared folder (e.g.: \\UPT-MDT-01\
Deployment share)

54 | P a g e
Step 20: Input your desire Deployment Share description and click next to proceed.

 
Step 21: Click on the checkbox your desire rules to be apply while running the image. (This will added to
rule’s tab at the deployment share configuration

 
 Step 22: This Tab shown the summary of all the setting that we configure on the MDT

55 | P a g e
Step 23: After the configuration, we will see the MDT shared that we input previously. On this step we
need to configure the settings of our deployment share by right click on MDT and click on properties.

Step 24: On this general Tab, We need to configure the Network (UNC) path on the right location and
also the local path of the MDT storage. Click the checkbox on platform for the supported boot to be
used on WDS and later on it will generate automatic .wim file. Note: (Make sure that the folder is share
to everyone so that we didn’t encounter error).

Step 25: These are the rules for our MDT is automatic when it’s booted:

56 | P a g e
[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
SMSTSOrgName=KMC Solutions
SMSTSPackageName= %TaskSequenceName%
OSInstall=Y
SkipCapture=YES
SkipBitLocker=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipLocaleSelection=YES
SkipUserData=YES
SkipComputerBackup=YES
SkipTimeZone=YES
SkipSummary=YES
SkipFinalSummary=YES
SkipApplications=YES
OSDComputerName=UPTC-%SerialNumber%
KeyboardLocale=en-US
UserLocale=en-US
UILanguage=en-US
AdminPassword=Love2eat
JoinDomain=kmc.int
DomainAdmin=rzaragosa
DomainAdminDomain=kmcint
DomainAdminPassword=Love2eat
TimeZoneName=Eastern Standard Time
WSUSServer=http:\\UPT-WSUS-01:8530

57 | P a g e
[Settings]
Priority=Default
[Default]
DeployRoot=\\10.90.100.20\DeploymentShare$
UserDomain=kmc.int
UserID=rzaragosa
UserPassword=Love2eat
SkipBDDWelcome =YES

Step 26: On Windows PE tab, will see an x86 and x64 boot .wim file. You can also change the
deployment toolkit background screen.

58 | P a g e
Step 27: After the configuration, we need to install windows deployment service on server roles.

Step 28: On this server Roles and Feature, click on windows deployment service and click next until you
install the roles.

 
Step 29: After the installation, click on server manager > tools> windows deployment server.

59 | P a g e
Step 30: On windows deployment server, click on add server and add local or network server to be used
as boot for our MDT boot .wim

Step 31: After adding the server, right click on the server and then properties. Go to boot tab and click
and always continue the PXE boot so that it will not always press f12 to proceed.

60 | P a g e
Step 32: After the configuration on MDT and WDS, we need to configure also the network to allow the
traffic and tftp boot to proceed.

Step 33: On the Sonicwall, go to DHCP server and click on dynamic and click on edit.

61 | P a g e
Step 34: On the edit tab, go to advance and input the following configuration:

Next Server: IP Address of the server

Boot File: \boot\x64\wdsnbp.com
Server Name: Host Name of server

 
 
 
 
 
 
 

62 | P a g e
 Creating Reference Image by MDT
On this documentation, we will show you how to create reference image using Microsoft deployment
toolkit. Here’s the step on how to build a reference image:

Step 1: Format PC and install some basic software applications. (For KMC Uptown these are the sample
software that need to be install)

Step 2: Go to Device manager and check if all the drivers are updated.

63 | P a g e
Step 3: Go to Control Panel -> System and Security -> System (The windows must be ACTIVATED) or
Press windows key + E to go in system.

Step 4: if you’re done installing basic software, type “Windows”and search “Regedit” (run as admin)
-Drop down the HKEY_LOCAL_MACHINE
- Drop down the SYTEM
- Drop down the SETUP
- Drop down the STATUS
-Select SysprepStatus
- Generalization is always at (7)

64 | P a g e
Step 5: On windows 8 and 10, we just need to remove the windows store so that the sysprep will
continue without error. First, open PowerShell as administrator. Open the Start menu, search for
“PowerShell,” right-click the PowerShell shortcut, and select “Run as administrator.” Type the following
command on power shell: Get-AppxPackage | Remove-AppxPackage

Step 6: Log in Using “Administrator”

-Go to Folder
-Windows (C:)
-System32
-Sysprep
-right click sysprep and check Generalize (run as Administrator)
-it’ll automatically restart.

65 | P a g e
Step 7: Log in using Administrator and do the 4th step to 6th step but at this time DO NOT check the
Generalize -it’ll automatically restart

Step 8: This will now proceed to capture the image.

66 | P a g e
 Capturing Reference Image
On this documentation, we will show you how to capture the image that you created using the
Microsoft Deployment Toolkit.

Step 1: After you’ve done created the best image, you can now reboot it to F12 and choose “Onboard
NIC”
(Onboard NIC is connected to the network)

Step 2: Wait until you connected to WDS server

67 | P a g e
Step 3: Choose between Lite Touch Windows PE (x86) or (x64)
(x86 = 32bit, x64 = 64bit)

Step 4: wait until Lite TouchPE boot is finished.

Step 5: Select “Sysprep and Capturex64”

68 | P a g e
Step 6: Select “Capture an image of this reference computer” set the target location and file name.

Step 7: On this process, it’s now capturing the image that you have been created

Step 8: Wait until the capture is done.

69 | P a g e
 Uploading Reference Image
On this documentation, we will show you how to upload reference image using MDT and how to create
task sequence for deployment. Here’s the steps on how to upload image using Microsoft Deployment
Toolkit

Step 1: Go to Remote Desktop (Connect) then enter your credentials or if you intended to used physical
connection, login to your physical MDT/WDS server.

Step 2: On the windows server desktop click the start then drop down the arrow button

70 | P a g e
Step 3: Choose the “Deployment Workbench”

Step 4: Drop Down the “Deployment Shares”

Drop Down the “Deployment share name)”
Drop Down the “Operating Systems”
Right click “Designate Image location” then click the “Import Operating system”

(NOTE: if this is your first time to use the deployment, we recommend to open the deployment and
browse the location of deployment.)

Step 5: Choose desire Operating system to be upload.

71 | P a g e
Choose “Full set of source files” if you’re OS is from CD of USB devices

Choose “Custom image file” if you’re OS is from windows server capture of any third party Application

Step 6: Browse the location of your operating system to be upload

(Note: Don’t forget to click the check box to move the files instead of copying it)

Step 7: Set up: Set up files is not needed (then next…)

Destination: TS-00_ (next)
(Next)

72 | P a g e
Wait until it successfully uploaded
Then click “Finish”

Step 8: Click windows Image “right click” the image that you have been uploaded and rename it.

Step 9: Drop down the task sequences

- Choose which folder that you have been created an image
- Right click the folder
- Click “New Task Sequence”

Step 10: First, we must enter a Task sequence ID and a Task sequence name. Specify an ID and name
which will allow you to easily know with which operating system this Task Sequence is linked.

73 | P a g e
Step 11: Choose your desire template for your task sequence.

*remember when you creating Task Sequence always choose the “Standard Client Task Sequence” if
your using this image to deploy. Unless you’ll capturing the image always choose “Sysprep and Capture”
Then click next button.

Step 12: Drop down Windows Image as shown in the picture below and click the image that you have
been uploaded.

74 | P a g e
Step 13: We continue by specifying the Product Key.

Do not specify a product key at this time

If you select this option, you will be prompt to enter the product key during the deployment process.

Specify a multiple activation key (MAK key) for activating this operating system
If you have volume license product key for this operating system, you can enter it here.

Specify the product key for this operating system

Enter the retail license linked to this operating system/single computer.

Choose the option you want and click on Next.

75 | P a g e
Step 14: In the OS Settings window we specify the Full Name, Organization and you can also define the
Internet Explorer Home Page. Then click on Next.

Step 15: Enter the Administrator password for the OS going to be deployed with this Task Sequence.
Click on Next.

Step 16: Summary about the configurations of this Task Sequence. Check it and click on Next.

76 | P a g e
Step 17: After we have a Progress window, when task is completed you click on Next and you will arrive
on the Confirmation window. You can click on Finish.

Once the Task Sequence is created it will appear in the Task Sequences container of your Deployment
Share.

77 | P a g e
Step 18: When you’re done uploading the image and creating task sequence you must Update it.
- Right click MDT Deployment Sharex64 (G:\DeploymentShares)
- Click Update Deployment Share

Step 19: Go to Server manager

- TOOLS
- Windows Deployment Services

78 | P a g e
Step 20: Drop down Servers and right click the “Server Name”

Step 19: Click “All Tasks” then “restart”

Step 21: We can now proceed for deployment.

79 | P a g e
 Deploying Reference Image
On this documentation, we will show you on how to deploy image using Microsoft deployment toolkit
and how it will works. Here’s the steps on how to deploy reference image.

Step 1: Get PC that ready to format. Reboot (F12) choose “Onboard NIC”
(Onboard NIC is connected to the network)

Step 2: Wait until you connected to WDS server

Step 3: Choose between Lite Touch Windows PE (x86) or (x64)

(x86 = 32bit, x64 = 64bit)

80 | P a g e
Step 4: Wait until Lite TouchPE boot is finished.

Step 5: Select the task sequence0 that you’ve been created for deployment.

Step 6: Do not check the apps unless you’re creating new image. Just click “next”

(Note: if this tab is not appear, then it disable on the rules)

81 | P a g e
Step 7: Click “Do not capture an image of this computer” then next

(Note: if this tab is not appear, then it disable on the rules)

Step 8: Wait until the image is already applied.

82 | P a g e
 MDT Add-on Feature
WSUS Connection on Task Sequence
Right now we can deploy OS by using our MDT and the Task Sequence we have just created, but, we will
tweak it a little bit in order to make our OS deployed to get updates from our WSUS in the same time.

Step 1: First, do a right click on your Task Sequence and click on Properties.

The first tab is about the Task Sequence generals’ information, like the ID, Name, etc.
You can also enable or disable a Task Sequence from here.

Step 2: The second tab is about the Task Sequence process, all the steps that will be executed to prepare
and deploy the system. This is here that we will work to tweak our Task Sequence.

83 | P a g e
Step 3: The last tab concerns the OS which will be deployed by the Task Sequence.

Step 4: Now, we go back to the Task Sequence tab and we will activate the search for update during
images deployment.

Click on the Windows Update (post-Application Installation) and Windows Update (Pre-Application
Installation) and uncheck the Disable this step box. Then click on Ok.

84 | P a g e
Step 5: Go back to your Deployment Share and do a Right click on it, go to Properties and go to the
Rules tab.

In this tab you can add/modify parameters directly for this deployment share. There are a lot of
parameters available, we will only set few here:
SkipComputerName=NO
Skip or not the step to specify the Computer Name.
SkipDomainMembership=YES
We don’t want to be prompted to join the computer to the domain.
SkipUserData=YES
for backup user data before imaging
SkipCapture=YES
If you need or not to capture the system after the deployment.
DoCapture=NO
By setting it to No it ensure you will not be prompted at the end of deployment
SkipLocaleSelection=YES
Don’t prompt us to select local selection (ie : languages, etc.)
SkipTaskSequence=NO
If you want to skip task sequences. Here we don’t want to.
SkipTimeZone=YES
Skip or not the TimeZone window. We define the time zone below so we can skip it.
SkipApplications=NO
We don’t want to skip Application window in case of we want to install additional applications
SkipSummary=NO
We don’t skip the summary in order to double check settings.
SkipBDDWelcome=YES
Skip the Welcome wizard
TimeZone=210
TimeZoneName=China Standard Time
We define the time zone.
WSUSServer=http://srv-wsus:8530
This is the WSUS Server which will be used to get update for our images.

85 | P a g e
Step 6: We also need to modify the Bootstrap.ini file. Click on Edit Bootstrap.ini.

We will specify in this Bootstrap.ini a specific service account used only for the deployment with its
credentials and the keyboard layout.

UserID=WDSAdmin
UserDomain=WDS.lan
UserPassword=P@ssword
KeyboardLocale=fr-US
SkipBDDWelcome=YES

Step 7: If you are deploying servers or client computers which are going to stay in your
company/infrastructure and will still use the WSUS server, this is not a problem. But, if you are
deploying servers or client computers planned to use another WSUS server or Windows Update, you
must remove this registry key to make them contacting Microsoft Windows Update servers again.

Of course, we are not going on every computer/server to make it manually, MDT will make it for us!

To do that, we need to add two steps in our TS.

1)      Run a PowerShell script to remove the registry key
2)      Restart the computer
Open your Task Sequence and click on Add. As you can see, we can add many parameters, even some
Active Directory roles.

86 | P a g e
Step 9: For now, we will focus on the General menu and especially the Run PowerShell Script and
Restart Computer.

So first, we will create our PowerShell script. Go into your Deployment Share’s script folder. For me it is
in E:\MDT 2013\DeploymentShare\Scripts.

To create a powershell script, create a new text document, enter the following command:

Stop-Service wuauserv
Remove-Item -Path ‘HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\*’ -recurse -force
Start-Service wuauserv

When saving it, change the .txt extension to .ps1.

After, we will add a Run PowerShell Script step. Be sure to add it at the end of the whole steps.
In the PowerShell script box, enter %SCRIPTROOT%\<YourScript>.ps1

87 | P a g e
Step 10: After modifying the registry we need to restart the computer, that is why we will add a step
Restart computer by following the same process Add > Restart computer.

Another modification (among all the others available) you can bring to your TS is to change the default
name given by MDT to the hard drive, change the size, partition it, etc.

88 | P a g e
 MDT Join Domain
To move the Domain Join process to later in the deployment you need to update the Unattend.xml
and the ZTIDomainJoin script. Here’s how you do it:

Step 1: Update Unattend.XML

The first thing we need to do is to stop MDT from performing the Domain Join during OS Setup. One way
to achieve this is to remove the MDT Domain Join Task Sequence Variables in CustomSettings.ini and
instead set these on the Task Sequence in the “State Restore” phase.  But I generally prefer to set my
variables in CustomSettings.ini so to make this work I have to remove the Domain Join Node from the
unattend.xml.

This will prevent MDT from adding the Domain Join settings to the unattend.xml and OS Setup will
therefore not join the machine to the domain.

89 | P a g e
Step 2: Update ZTIDomainJoin.wsf
An update to the ZTIDomainJoin.wsf script is required to prevent the script from rebooting the
machine after joining the domain. I usually avoid editing built-in MDT scripts but if I have to, I
prefer to make a custom subdirectory in the MDT scripts folder and edit a copy of the script in
the subdirectory. This will ensure that any subsequent updates to MDT will not overwrite the
script and break your Task Sequence (remember to update the relative path to ZTIUtility at the
top of the script). The following TWO lines of the script need to be commented out to suppress
the reboot:

oEnvironment.Item(“LTISuspend”) = “”

‘oEnvironment.Item(“SMSTSRetryRequested”) = “true”
‘oEnvironment.Item(“SMSTSRebootRequested”) = “true”

iRetVal = SUCCESS

3.Add a Domain Join Step into the Task Sequence

Now add a new command line step into the Task Sequence to run the updated script:

90 | P a g e
Step 4: Set Domain Join Variables in CustomSettings.ini
Next, you need to set the following six variables in customsettings.ini for ZTIDomainJoin.wsf to work:

JoinDomain (Domain to join)

DomainAdmin (Account to be used to perform Domain Join)
DomainAdminDomain (Domain of Domain Join account)
DomainAdminPassword (Password for Domain Join account)
MachineObjectOU (OU in which machine object should be created)
DomainErrorRecovery (What to do on failure e.g FAIL)

91 | P a g e
 Certificate of Authority
On this documentation, we will discuss on how to install the certificate of authority. This role is
important if you need to generate certificate for you server and web server. This role can be used as a
security to ensure that all user that will access to your server is bind on that certificate. Here’s the step
by step procedure in order to install the certificate:

Step 1: Go to Server Manager and click add roles and features.

Step 2: Add Roles and feature tab will appear, click next until server roles tab.

92 | P a g e
Step 3: Click the check box of Active directory Certificate Service and click next button until AD CS Roles
Service.

Step 4: on this tab, you can choose what kind of services you should install on your windows server
certificate. Click next button if you have decided your service to proceed on confirmation and
installation.

93 | P a g e
Step 5: Wait until the installation is finished then closed.

Step 6: once the installation is done. Click on post deployment configuration.

Step 7: On this tab, you will see the post guide for the configuration of certificate. You can
change the credential to be used on certificate.

94 | P a g e
Step 8: Click on the Role service that you want to configure.

Step 9: On this step, you will choose on what CA setup type you want on your certificate.

Step 10: you need to specify what type of certificate you will be configuring.

95 | P a g e
Step 11: you need to create new private key if you don’t have existing key. This private key will
be used when you need to export on other server device.

Step 12: Leave all setup alone, unless you need to change the configuration.

96 | P a g e
Step 13: Click on next button to proceed.

Step 14: On this step will determine the expiration of the certificate. You can input any number
of the year that will expire the certificate.

Step 15: Leave all setting below if and only if you don’t have any changes from the detabase.
Click next to proceed to confirmation and installation.

97 | P a g e
Step 15: Once its succeeded, you may now launch the certificate of authority under the server
management tab.

Step 16: As you will see the server that configured by the certificate. You can revoke.issued
pending certificate in here. You can see

Step 17: you will see various of certificate template found here and use it as service.

98 | P a g e
 Remote Desktop Connection
On this documentation, we will show you on how to enable remote access to server and enable echo
request. Here’s the step for remote protocol:

Step 1: Go to window search > search for firewall with advance security.

Step 2: Firewall > Click Inbound Rules > Search for File and Printer Sharing (Echo
Request- ICMPv4-In).

99 | P a g e
Step 3: click the first one > check enable > apply and click Ok. After that do it again to second and third
rules. Then close window firewall.

100 | P a g e
Step 4: Go to My Computer > Right Click Computer Icon > Select Properties. Then Click remote settings

101 | P a g e
Step 5: Select “Allow remote connection to this computer” Option Menu > Check it > Ok button > done.

Step 6: Go to window search again > search for remote desktop connection and select. Wait for the
Remote Desktop Connection User Interface to show.

Step 7: Input the IP address of the unit you want to remote > click connect.

102 | P a g e
Step 8: Click more choices > choose use different account > login using your NT Account. Done

103 | P a g e
 Virtual Machine
HYPER-V
On this documentation, we will show you on how to create virtual machine using HYPER- V in which add
on feature of windows server roles. Here’s the guide and steps on how to implement hyper V:

Step 1: Open Hyper-V Manager. Click Start and search for Hyper-V Manager or click Start, point to
Administrative Tools, and then click Hyper-V Manager.

When you click the Hyper-V Manager the Service Manager Dashboard will appear.

Step 2: Click Tools, then Click or choose the Hyper-V Manager.

104 | P a g e
Note: The Hyper-V Manager will be shown.

Step 4: Click New > Virtual Machine in the Actions pane to create a new virtual machine.

105 | P a g e
Note: Click next to create a virtual machine.

Step 6: Specify Name and the Location of the virtual machine that you will use > Click Next.

106 | P a g e
Step 7: Specify or choose the generation of the virtual machine.

Note: Generation 1 is for Legacy Boot refers to BIOS Firmware while Generation 2 is for UEFI boot mode
to use UEFI drivers that we will use for this configuration.

Step 8: Specify the amount of memory.

Note: For this configuration the Startup memory is 1024 MB or 1 G.

107 | P a g e
Step 9: In configuring the network choose the VM_CAM to connect to the internet.

Step 10: Create a virtual Hard disk > Name > Location > Browse > Size > Next.

Note: If it already has an existing virtual hard disk choose that option then Click Next.

108 | P a g e
Step 11: Choose install an operating system later.

Note: If you choose the Second option you will browse an ISO image file.

109 | P a g e
Step 12: This will show the summary to double check of what you are about to create. Click Finish.

Step 13: Double Click the one that you’ve created or Right Click > Connect.

110 | P a g e
Note: You are now in the virtual machine that you created.

Step 14: Click Settings then proceed to the next step or picture.

111 | P a g e
112 | P a g e
Note: Specify the amount of RAM.

113 | P a g e
Step 15: Click Add to add a new hard drive.

Note: Browse the virtual hard disk to specify the path or location.

114 | P a g e
Step 16: Add a DVD Drive.

Note: Browse an Image file or ISO.

115 | P a g e
Step 17: Go back to the Firmware then Click on the DVD Drive > Move up (until the DVD Drive is on top)
> Apply > OK.

Step 18: Double Click the Virtual Machine that you create and Click the Start Button.

116 | P a g e
Note: Wait then Press Enter Key to proceed to the installation of the Operating System.

YOU’VE SUCCESSFULLY CREATE A VIRTUAL MACHINE!

117 | P a g e
Network Policy and Access Services

118 | P a g e
Windows Server Backup

119 | P a g e
 IBackup Implementation
On this documentation, we will discuss on how to install Ibackup cloud storage software and how to
backup and restore the file that we need to store on the file server. Here’s the step on how to
implement Ibackup cloud storage.

Step 1: go to https://www.ibackup.com/online-backup-downloads/ to login and download the IBackup

software.

Step 2: After you download the installer, install to the desire server or pc. Follow the step by step
installation below.

120 | P a g e
Step 3: After you click the run. Click Next

Step 4: Click the I Agree to proceed to the installation.

Step 5: The location is optional. In this document I choose default location. Click Next.

121 | P a g e
Step 6: After you click the next. The installation is now on process. After the installation you may now
proceed to step 3.

Step 7: Configure the Ibackup to the Server or PC by opening the application.

122 | P a g e
 Step 8: Click Change to set up the location of the file that you want to backup. You can see all drive that
connected to the server or pc. After you set up the location of the file, Click OK to sync the backup to the
ibackup account in the cloud.

Step 9: After you set up the file location. You can see now the folder that you connect to the Ibackup.

123 | P a g e
Step 10: Click Schedule Backup. You can set the time and day that you want to backup the file from
Ibackup. You can also add an email account to the Email Notification you can notify if the backup is
successful or not.

Step 11: After you set up the Schedule Backup click Save Changes to take effect the set up.

Step 12: From Ibackup application click Restore.

124 | P a g e
Step 13: After you click the Restore. Find the location of the file in the Folder or Drive that you connect
to the backup. After you find the file check the checkbox.

Step 14: After you check the checkbox click Restore Now.

125 | P a g e
Step 15: After the restoring the backup. There is a message prompt up you can locate the location of the
restore file or check the logs.

 
 
 
 

126 | P a g e