Claremont MakerSpace Windows 10 Deployment
A mess of various stuff to install Windows 10 via the network, with automatic hostname assignment from Snipe-IT and installation of Salt minion. Domain join and rest of setup (installing applications, applying configuration, etc.) is done afterwords by Salt and group policy.
Usage
In theory, just enable UEFI PXE Booting, plug into the CMS Classroom
network, and select PXE Boot (IPV4)
(or similar) as a boot option.
- For computers with UEFI, but without UEFI PXE (for some reason...), you can make a USB drive to jumpstart the process by with
ipxe.usb
(see below). - For computers without Ethernet, a USB 3 Ethernet adapter can be used (I'm not sure if all adapters work, but I believe it does have to be USB 3).
- In theory, some WiFi adapters support PXE booting (and are supported by iPXE), but not the ones in the latops CMS has.
Setup
Somewhat based on this helpful guide. Written for Debian 11. Various hostnames and exact paths may need to be adjusted in provided files. Also assumes UEFI booting, because Legacy booting is pretty deprecated at this point.
Enable PXE booting in DHCP server
Depends pretty heavily on DHCP server, but in UniFi it's in Settings -> Networks -> <specific network> -> Advanced
.
See previously mentioned guide or iPXE docs for more details (but ignore the bit about chainloading, as we instead are using an embedded script).
Build custom iPXE
- Clone
git://git.ipxe.org/ipxe.git
- Copy
embed.ipxe
tosrc/
- This allows for chainloading, without needing support from the DHCP server
- Build PXE executable or usb image
make bin-x86_64-efi/ipxe.usb EMBED=embed.ipxe SHELL="sh" # For USB drive
make bin-x86_64-efi/ipxe.efi EMBED=embed.ipxe SHELL="sh" # For PXE TFTP boot
dd
ipxe.usb
to a USB drive, if needed (for computers with UEFI, but not UEFI PXE)
TFTP (via tftpd-hpa
)
- Install
tftpd-hpa
package - Copy
tftp/main.ipxe
(andipxe.efi
, if PXE booting) to/srv/tftp
- This doesn't actually need to be a menu; it could basically just be
chain http://<hostname here>:8081/poll/1/${mac} ||
- This doesn't actually need to be a menu; it could basically just be
- Copy
tftp/tftpd.map
to/etc/
, and add--map-file /etc/tftpd.map
toTFTP_OPTIONS
in/etc/default/tftpd-hpa
- This is to work around some older UEFI PXE implementations, which add a 0xFF character (which they render as ÿ) after the file name for unclear reasons
Hostname script
- Install
python3
andpython3-requests
- Copy
ipxe-set-hostname-from-serial.py
to/usr/lib/cgi-bin
- Generate a token from Snipe-IT and edit it into the script
Shoelaces
- Set base URL, bind address, and data dir in
/etc/default/shoelaces
- Copy [
shoelaces
][./shoelaces] folder to/srv/shoelaces
- Download wimboot and put it in
/srv/shoelaces/static/windows
- Adjust
mappings.yaml
for the targeted subnet
Windows Installer
- Download The latest Windows 10 ISO
- Extract the ISO to
software
SMB share, atpxe/Windows10
- Retrieve the following files for pxe booting, and place them in
/srv/shoelaces/static/windows/windows10/
(keeping the folder structure):
boot/bcd
boot/boot.sdi
sources/boot.wim
Salt minion
- Download latest salt windows minion installer
- Place in
<software share>/pxe/Windows10/sources/$OEM$$/$$/setup/scripts/
asSalt-Minion-Setup.exe
- This slightly magic path will place the files at
C:\Windows\Setup\Scripts
in the installed OS
- This slightly magic path will place the files at
- Copy
SetupComplete.cmd
to same directory- This will be run after setup is complete as
SYSTEM
, and installs salt with the configured hostname as the minion name
- This will be run after setup is complete as