Deploy / OS Training Series (part 2): Installation
(Last updated on July 3, 2020)
Welcome to part 2 of the Specops Deploy / OS training series. In part 1, we provided an overview of the environmental preparations. In this post, we will provide some supplemental information that can be used alongside the installation guide.
Specops Deploy / OS consists of the following components:
- Maintains operating system images and drivers used in each Deployment Group and replicates them to the associated Deployment Servers.
- MDT and ADK will be installed on this server. This will be the hub for DFS-R to replicate the images.
- Used to configure the central aspects of the solution and enable the creation of new deployment servers.
- Should be installed on any computers that you will use to manage Specops Deploy.
- Replies to client requests for PXE booting and Client Side Extension. The Deployment Server(s) will be the DFS-R target for the Image Server. The Windows Deployment Services role will be installed onto this server.
Specops Log Viewer (optional):
- Provides searchable log files, in various formats, in real-time.
- Recommended for any machine where the Administration Tools have been installed.
Active Directory Scope
The level in your AD used to install computers. Select a scope that allows you to manage all computer accounts you intend to use with the system.
Access is controlled through a security group called Domain Specops Deployment Servers. Membership in the group allows editing the netbootGUID and netbootMachineFilePath attributes of computer objects in the selected scope.
Also known as the domain join account, this user account joins computers to the domain, and communicates with the Deployment Servers. New computer accounts created by Specops Deploy will contain the minimum required permissions. Existing computers should have permissions configured on the same level as the AD scope.
The password of the domain join account is stored in a file called bootstrap.ini.
The following permissions should be configured for the installation account and applied to Descendant Computer objects on the selected AD scope:
|Allowed to authenticate||Object|
|Validated write to service principal name||Object|
|Validated write to DNS host name||Object|
|Read public information||Property|
|Read personal information||Property|
|Read account restrictions||Property|
|Write account restrictions||Property|
|Read DNS host name attributes||Property|
That’s all for today. Stay tuned for part 3 of the Training Series. In the meantime, you can find Specops Deploy / OS documentation here.