specialsm
13-12-2018, 12:05
Есть необходимость создать эталонный образ Win10 и разворачивать его прямиком на флешку, дабы винда грузилась именно с флешки.
Использоваться будут, скорее всего, sandisk extreme go usb 3.1.
Поделитесь опытом, как всё это можно автоматизировать.
Если делить на этапы, то получается:
-готовим usb диск для разворачивания wim файла
-разворачиваем образ с помощью /apply на usb
-меняем имя компьютера в образе(как?)
-закидываем этот пк в домен
-bcdboot
Помогите, как всё это автоматизировать, например, используя powershell
есть рабочий скрипт, который используется для 8.1, но тогда использовались специальные флешки kingston datatraveler win2go
# PARAMS
$driveLetter = "d"
$scriptPath = "c:\image\"
$computerName ="tc-chist0114"
$domainName = "fil.abb-win.akbars.ru"
$unattendFile = "$scriptPath\unattend.xml"
# wim-file name with the number of image
$wimFile = "v3.wim 1"
$isBitlockerEnabled = $false
$bitlockerPassword = "P@ssw0rd1"
# FUNCTIONS
# function that returns the list of free drives letters
function Get-NextFreeDriveLetter {
68..90 | ForEach-Object { "$([char]$_)" } | `
Where-Object {(New-Object System.IO.DriveInfo "${_}:").DriveType -EQ 'NoRootDirectory' }
}
# In order to make console output readable
chcp 65001
# Stop script if there are errors
$ErrorActionPreference = "Stop"
# Prepare Disk
$disk = Get-Disk -Partition (Get-Partition -DriveLetter $driveLetter)
Clear-Disk -InputObject $disk -RemoveData -Confirm:$false
Initialize-Disk –InputObject $disk -PartitionStyle MBR
# Create two volumes
$systemPartition = New-Partition -InputObject $disk -Size (350MB) -IsActive
Start-Sleep -Seconds 1
# FAT32 Colume label length is restricted with 11 symbols
$systemVolumeLabel = "sys-"+$computerName.substring($computerName.Length - 7,7)
Write-Host $systemVolumeLabel
Format-Volume -NewFileSystemLabel $systemVolumeLabel -FileSystem FAT32 -Partition $systemPartition -Confirm:$false
$OSPartition = New-Partition -InputObject $disk -UseMaximumSize -IsActive
Start-Sleep -Seconds 1
Format-Volume -NewFileSystemLabel "os-${computerName}" -FileSystem NTFS -Partition $OSPartition -Confirm:$false
try {
Set-Partition -InputObject $OSPartition -NewDriveLetter $driveLetter
# Get next free drive letter
$systemDriveLetter = (Get-NextFreeDriveLetter)[0]
Set-Partition -InputObject $systemPartition -NewDriveLetter $systemDriveLetter
}
catch {
Write-Host "You so unlucky! Letter that is proposed to be your system drive letter is occupied. Try to run script again."
Write-Host "Result: FAILURE"
exit
}
# Run ImageX + BCDBOOT
$drivePath = $driveLetter + ":"
$systemDrivePath = $systemDriveLetter + ":"
Set-Location -Path $scriptPath -PassThru
Invoke-Expression ".\IMAGEX.EXE /APPLY $wimFile $drivePath\"
Set-Location -Path "C:\" -PassThru
Invoke-Expression "BCDBOOT.EXE $drivePath\WINDOWS /S $systemDrivePath /F ALL"
# Generate blob file with djoin and put its content into unattend.xml
$result = Invoke-Expression 'djoin.exe /PROVISION /DOMAIN $domainName /MACHINE $computerName /machineou "OU=Тонкие клиенты Win2Go (Все филиалы),DC=fil,DC=abb-win,DC=akbars,DC=ru" /SAVEFILE $scriptPath\blob.txt'
Write-Host $result
# Throw errors
if ($result -like '*0x8b0*') {
Write-Host "WTF! Computer with such name already exists in AD!"
Write-Host "Result: FAILURE"
Break
}
[xml]$UnattendXML = Get-Content $unattendFile
$blobContent = Get-Content $scriptPath\blob.txt
# Replace null symbol
$blobContent = $blobContent -replace([char]0,"")
$UnattendXML.unattend.settings.component | Where-Object {$_.name -eq "Microsoft-Windows-UnattendedJoin"} | `
ForEach-Object {$_.Identification.Provisioning.AccountData = [string]$blobContent}
# Put computer name into unatted.xml
$UnattendXML.unattend.settings | Where-Object {$_.pass -eq "specialize"} | ForEach-Object {$_.component} | `
Where-Object {$_.name -eq "Microsoft-Windows-Shell-Setup"} | ForEach-Object {$_.ComputerName = $computerName}
$UnattendXML.Save($unattendFile)
Copy-Item $unattendFile $drivePath\Windows\Panther\
# Bitlocker operations
if ($isBitlockerEnabled) {
$bitlockerRecoveryProtector = Add-BitLockerKeyProtector $drivePath -RecoveryPasswordProtector
$recoveryPassword = $bitlockerRecoveryProtector.KeyProtector.RecoveryPassword
$recoveryPassword > $scriptPath\bitlocker_recovery_password.txt
$spwd = ConvertTo-SecureString -String $bitlockerPassword -AsPlainText -Force
Enable-BitLocker $drivePath -PasswordProtector $spwd
}
Write-Host "Result: SUCCESS. If you use BitLocker, please wait until the process of encryption will finish."
Использоваться будут, скорее всего, sandisk extreme go usb 3.1.
Поделитесь опытом, как всё это можно автоматизировать.
Если делить на этапы, то получается:
-готовим usb диск для разворачивания wim файла
-разворачиваем образ с помощью /apply на usb
-меняем имя компьютера в образе(как?)
-закидываем этот пк в домен
-bcdboot
Помогите, как всё это автоматизировать, например, используя powershell
есть рабочий скрипт, который используется для 8.1, но тогда использовались специальные флешки kingston datatraveler win2go
# PARAMS
$driveLetter = "d"
$scriptPath = "c:\image\"
$computerName ="tc-chist0114"
$domainName = "fil.abb-win.akbars.ru"
$unattendFile = "$scriptPath\unattend.xml"
# wim-file name with the number of image
$wimFile = "v3.wim 1"
$isBitlockerEnabled = $false
$bitlockerPassword = "P@ssw0rd1"
# FUNCTIONS
# function that returns the list of free drives letters
function Get-NextFreeDriveLetter {
68..90 | ForEach-Object { "$([char]$_)" } | `
Where-Object {(New-Object System.IO.DriveInfo "${_}:").DriveType -EQ 'NoRootDirectory' }
}
# In order to make console output readable
chcp 65001
# Stop script if there are errors
$ErrorActionPreference = "Stop"
# Prepare Disk
$disk = Get-Disk -Partition (Get-Partition -DriveLetter $driveLetter)
Clear-Disk -InputObject $disk -RemoveData -Confirm:$false
Initialize-Disk –InputObject $disk -PartitionStyle MBR
# Create two volumes
$systemPartition = New-Partition -InputObject $disk -Size (350MB) -IsActive
Start-Sleep -Seconds 1
# FAT32 Colume label length is restricted with 11 symbols
$systemVolumeLabel = "sys-"+$computerName.substring($computerName.Length - 7,7)
Write-Host $systemVolumeLabel
Format-Volume -NewFileSystemLabel $systemVolumeLabel -FileSystem FAT32 -Partition $systemPartition -Confirm:$false
$OSPartition = New-Partition -InputObject $disk -UseMaximumSize -IsActive
Start-Sleep -Seconds 1
Format-Volume -NewFileSystemLabel "os-${computerName}" -FileSystem NTFS -Partition $OSPartition -Confirm:$false
try {
Set-Partition -InputObject $OSPartition -NewDriveLetter $driveLetter
# Get next free drive letter
$systemDriveLetter = (Get-NextFreeDriveLetter)[0]
Set-Partition -InputObject $systemPartition -NewDriveLetter $systemDriveLetter
}
catch {
Write-Host "You so unlucky! Letter that is proposed to be your system drive letter is occupied. Try to run script again."
Write-Host "Result: FAILURE"
exit
}
# Run ImageX + BCDBOOT
$drivePath = $driveLetter + ":"
$systemDrivePath = $systemDriveLetter + ":"
Set-Location -Path $scriptPath -PassThru
Invoke-Expression ".\IMAGEX.EXE /APPLY $wimFile $drivePath\"
Set-Location -Path "C:\" -PassThru
Invoke-Expression "BCDBOOT.EXE $drivePath\WINDOWS /S $systemDrivePath /F ALL"
# Generate blob file with djoin and put its content into unattend.xml
$result = Invoke-Expression 'djoin.exe /PROVISION /DOMAIN $domainName /MACHINE $computerName /machineou "OU=Тонкие клиенты Win2Go (Все филиалы),DC=fil,DC=abb-win,DC=akbars,DC=ru" /SAVEFILE $scriptPath\blob.txt'
Write-Host $result
# Throw errors
if ($result -like '*0x8b0*') {
Write-Host "WTF! Computer with such name already exists in AD!"
Write-Host "Result: FAILURE"
Break
}
[xml]$UnattendXML = Get-Content $unattendFile
$blobContent = Get-Content $scriptPath\blob.txt
# Replace null symbol
$blobContent = $blobContent -replace([char]0,"")
$UnattendXML.unattend.settings.component | Where-Object {$_.name -eq "Microsoft-Windows-UnattendedJoin"} | `
ForEach-Object {$_.Identification.Provisioning.AccountData = [string]$blobContent}
# Put computer name into unatted.xml
$UnattendXML.unattend.settings | Where-Object {$_.pass -eq "specialize"} | ForEach-Object {$_.component} | `
Where-Object {$_.name -eq "Microsoft-Windows-Shell-Setup"} | ForEach-Object {$_.ComputerName = $computerName}
$UnattendXML.Save($unattendFile)
Copy-Item $unattendFile $drivePath\Windows\Panther\
# Bitlocker operations
if ($isBitlockerEnabled) {
$bitlockerRecoveryProtector = Add-BitLockerKeyProtector $drivePath -RecoveryPasswordProtector
$recoveryPassword = $bitlockerRecoveryProtector.KeyProtector.RecoveryPassword
$recoveryPassword > $scriptPath\bitlocker_recovery_password.txt
$spwd = ConvertTo-SecureString -String $bitlockerPassword -AsPlainText -Force
Enable-BitLocker $drivePath -PasswordProtector $spwd
}
Write-Host "Result: SUCCESS. If you use BitLocker, please wait until the process of encryption will finish."