In Windows Server 2012 or R2 core fresh installation, the source files aren't copied to the Windows to reduce disk space and some features like .NET Framework 3.5 and Windows Deployment Services (WDS) also aren't copied to Windows. To install .NET Framework 3.5, you can follow "Installing Microsoft .NET Framework 3.5 in Windows Server 2012 or R2 by Windows Server installation disk" to install the feature. However, administrators need to insert the Windows Server installation disk on the server. In domain environment, administrators can copy the sources file to a file share to share it. After that, administrators configure and assign to servers which are installed Windows Server 2012 or R2 core. It's more efficiency.
In addition to core installation, servers with GUI installation were performed "Uninstall-WindowsFeature" with "-Remove" parameter. The binary files for installing roles or features are deleted.
Goal
Configuring folder permission
1. On FS02, log in as Domain Administrator.
2. Create a folder named "Sources" in C drive.
Remark: In production environment, you should configure the share folder on non-system drive.
3. Right-click "Sources", select "Properties".
4. Select "Sharing" tab then click "Advanced Sharing".
5. On "Advanced Sharing" window, check "Share this folder".
6. Click "Permissions".
7. On "Permissions for Sources" window, remove "Everyone" and then add "Domain Computers".
8. Check "Allow - Read".
9. Click "OK" twice.
10. Select "Security" tab then click "Advanced".
11. On "Advanced Security Settings for Sources" window, click "Disable inheritance".
12. On "Block Inheritance" window, click "Convert inherited permissions into explicit permissions on this object".
13. Click "Remove" to remove "Users" on this permission table.
14. Click "Add".
15. On "Permission Entry for Sources" window, click "Select a principal".
16. Enter "Domain Computers".
17. Make sure the permission "Allow - Read, List folder contents and Read & execute" and "Applies to - This folder, subfolders and files".
18. Click "OK".
We assigned the "Allow - Read" permission for Domain Computers to access the "Sources" folder. Domain Users don't need to access this folder.
19. Click "OK" twice.
20. Insert Windows Server installation DVD and then copy "Install.wim" to "C:\Sources".
Configuring an alternate source path Group Policy Object
1. On DC01, log in as Domain Administrator.
2. Launch "Group Policy Management Console".
3. Right-click "Default Domain Policy", select "Edit".
4. Navigate to "Computer Configuration > Administrative Templates > System".
5. On the right pane, double-click "Specify settings for optional component installation and component repair".
6. On "Specify settings for optional component installation and component repair" window, select "Enabled".
7. Next to "Alternate source file path", enter "WIM:\\FS02\Sources\install.wim:4".
8. Check "Never attempt to download payload from Windows Update".
We configured to get the source files from the file share and don't allow servers to get sources from Windows Update.
9. Click "OK".
10. Close "Group Policy Management Console".
Testing
Make sure the server is applied the latest GPO.
1. On SC01, log in as Domain Administrator.
2. Launch "PowerShell".
As a result, SC01 get the source files from FS02 to install the roles or features.
Additional: Administrators can perform "Get-WindowsFeature | Where InstallState -eq Removed" to check which role or service is needed an alternate source path for installation.
Reference:
Install or Uninstall Roles, Role Services, or Features
In addition to core installation, servers with GUI installation were performed "Uninstall-WindowsFeature" with "-Remove" parameter. The binary files for installing roles or features are deleted.
Goal
- Configuring a file share path on a file server to share source files
- Configuring default alternate source path for all servers by Group Policy
Lab environment
- 1 file server is installed Windows Server 2012 R2 named FS02 is joined test.tls1.lab
- 1 domain controller is installed Windows Server 2012 R2 named DC01
- 1 server core member server is installed Windows Server 2012 R2 named SC01
Lab
For the demonstration, I will use Domain Administrator to log in all servers. In production environment, you should use another account with local administrator right to complete the steps.Configuring folder permission
1. On FS02, log in as Domain Administrator.
2. Create a folder named "Sources" in C drive.
3. Right-click "Sources", select "Properties".
4. Select "Sharing" tab then click "Advanced Sharing".
6. Click "Permissions".
8. Check "Allow - Read".
10. Select "Security" tab then click "Advanced".
15. On "Permission Entry for Sources" window, click "Select a principal".
17. Make sure the permission "Allow - Read, List folder contents and Read & execute" and "Applies to - This folder, subfolders and files".
19. Click "OK" twice.
20. Insert Windows Server installation DVD and then copy "Install.wim" to "C:\Sources".
Remark: In production environment, you may create other subfolders to store the other Windows Versions like Windows Server 2012.
1. On DC01, log in as Domain Administrator.
2. Launch "Group Policy Management Console".
3. Right-click "Default Domain Policy", select "Edit".
5. On the right pane, double-click "Specify settings for optional component installation and component repair".
7. Next to "Alternate source file path", enter "WIM:\\FS02\Sources\install.wim:4".
8. Check "Never attempt to download payload from Windows Update".
9. Click "OK".
10. Close "Group Policy Management Console".
Testing
Make sure the server is applied the latest GPO.
1. On SC01, log in as Domain Administrator.
2. Launch "PowerShell".
3. Perform "Install-WindowsFeature WDS -IncludeAllSubFeature -IncludeManagementTools" to install Windows Deployment Services on SC01.
Additional: Administrators can perform "Get-WindowsFeature | Where InstallState -eq Removed" to check which role or service is needed an alternate source path for installation.
Install or Uninstall Roles, Role Services, or Features
This posting is provided “AS IS” with no warranties, and confers no rights!
No comments:
Post a Comment