Deploy / OS Training Series (part 2): Installation

Welcome to part 2 of the Specops Deploy / OS training series. In part 1, we provided an overview of the environmental preparations. In this post, we will provide some supplemental information that can be used alongside the installation guide.

Components

Specops Deploy / OS consists of the following components:

Image Server:

  • Maintains operating system images and drivers used in each Deployment Group and replicates them to the associated Deployment Servers.
  • MDT and ADK will be installed on this server. This will be the hub for DFS-R to replicate the images.

Administration Tool:

  • Used to configure the central aspects of the solution and enable the creation of new deployment servers.
  • Should be installed on any computers that you will use to manage Specops Deploy.

Deployment Server(s):

  • Replies to client requests for PXE booting and Client Side Extension. The Deployment Server(s) will be the DFS-R target for the Image Server. The Windows Deployment Services role will be installed onto this server.

Specops Log Viewer (optional):

  • Provides searchable log files, in various formats, in real-time.
  • Recommended for any machine where the Administration Tools have been installed.

Active Directory Scope

The level in your AD used to install computers. Select a scope that allows you to manage all computer accounts you intend to use with the system.

Access is controlled through a security group called Domain Specops Deployment Servers. Membership in the group allows editing the netbootGUID and netbootMachineFilePath attributes of computer objects in the selected scope.

Installation Account

Also known as the domain join account, this user account joins computers to the domain, and communicates with the Deployment Servers. New computer accounts created by Specops Deploy will contain the minimum required permissions. Existing computers should have permissions configured on the same level as the AD scope.

The password of the domain join account is stored in a file called bootstrap.ini.

Permissions

The following permissions should be configured for the installation account and applied to Descendant Computer objects on the selected AD scope:

PermissionPermission Type
Change password Object
Reset passwordObject
Allowed to authenticateObject
Validated write to service principal nameObject
Validated write to DNS host nameObject
Read public information Property
Read personal informationProperty
Read account restrictionsProperty
Write account restrictionsProperty
Read DNS host name attributesProperty

You can find part 3 here where we will be discussing configuration.

(Last updated on December 3, 2024)

johan soderstom

Written by

Johan Soderstrom

Author at Specops Software

Back to Blog

Related Articles

  • Deploy / OS Training Series (part 1): Environmental Preparations

    Specops Deploy has been designed from the ground up to utilize and integrate with your existing Windows environment. This offers customers unique advantages such as fast implementation, and native scalability. Most importantly, your Specops Deploy environment will be as stable, and reliable as your Windows environment. The Training Series will provide you with all the…

    Read More
  • PXE boot, GUIDs, and MAC addresses in Specops Deploy and WDS

    In this blog post, I will describe the core functionality in the PXE boot used by Specops Deploy. I will address prestaging, and how the MAC address, or UUID work when finding objects in AD. Pre-boot eXecution Environment (PXE) boot PXE is a protocol that allows computers (PXE clients) to load an operating system from…

    Read More
  • How to: become the LOCAL SYSTEM account with PsExec

    If you are an administrator using Specops Deploy, you may have had the following experience: an application can be deployed without any problems when you are trying it on your local machine but when you try to deploy it you can’t seem to get it to work. This blog post might shed some light on…

    Read More