Windows Build Server
A service for building custom WIM images for deployments.
The WIM images may contain additional drivers or post setup deployment scripts.
WIM images can be server or desktop OS and are useful in virtual and physical environment deployments.
To build the server, start with a fresh install of Windows Server. This example will be based on Windows Server 2016. The example should work on Windows Server 2019 with little to no modification.
Only a few modifications were changed to the installation.
- Server name
- Network Settings
- Driver installation
- Disable IE lock down settings. (Needed to download drivers)
- Create new local user in the administrators group. (Security will be configured later)
- Remote Desktop enabled for easy of use.
- Ansible prep powershell script run. Download Here.
Download the Windows Builder role or Private Data System playbook to deploy the build server.
Update the inventory file.
Run the deploy-winbuild playbook.
The Windows update portion of the build can be very time consuming. To speed up the build time and the WIM updating process, the updates will be downloaded ahead of time. This is not necessary to run manually since the buld scripts will run the updates tools too.
Sign in to the Windows Build Server and go to the <wsus-offline-updater> folder.
Run the UpdateGenerator.exe
Select the version(s) of Windows to download updates for.
This example will only download updates for Windows 10 and Windows Server 2016.
After a few moments the UpdateGenerator will begin to run.
This process may take a very long time depending on the number of versions selected and if Office was included.
When the process is complete, a prompt will appear to review the logs.
Sign in to the Windows Build Server and go to the source\Builder\Drivers folder.
There are folders for each Windows version that can be deployed. The boot directory is for WinPE and 10.0 is for Windows Server 2016. Note that Windows Server 2019 will also build in the 10.0 folder. (For now)
Copy the drivers that are needed to the folders. The folders are recursively scanned, so add as many as you need. To keep the WinPE size to a minimum, only place drivers required for install in the boot folder. At a minimum, this would be the storage and networking drivers. For this example, the hypervisor is KVM. The virtstor and netkvm drivers were added to the folders. For the actual OS image place all of the needed inf in the folder. Multiple drivers for multiple hardware platforms can be copied to the folders to allow for a simple image to be used on many platforms.
If drivers require a setup file to be run, we'll add those to the post install playbooks. More on that later.
There are two base WIM files that will be needed to build the custom ones. You will need a copy of the Windows Server ISO along with the Windows Assessment and Deployment Kit, and the Windows Assessment and Deployment Kit Windows Preinstallation Environment Add-on. Both Windows ADK components are installed when using the deploy-winbuild playbook.
boot.wim: Copy the winpe.wim file from
C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us to
\source\Builder\SourceWims\boot and rename the files boot.wim.
install.wim: You will need a licensed copy of the Windows Server installation media for this step. If you configured the playbook to download the ISO file it will be located in the
\source\ISO directory on the build system. Copy the
DVD:\sources\install.wim file to
\source\Builder\SourceWims\boot. Do not change the file name.
Once all of the base requirements are in place, it is time to run the build scripts. These script are modified versions of the Foreman build scripts. Open the \source\Builder folder and run the Build-All.ps1 in an elevated PowerShell console.
After the build scrips have created the new WIM files, they will be located in the \Deploy directory on the build server. Review the date modified and the file size to determine that the file has recently been updated. Unless the build scripts fail, most error messages can be ignored.
The deploy-winbuild playbook automatically shared this folder to the network. These files are now ready for deployment and can be used with your favorite deployment tools.