MDT 2010, Server 2008 & Roles and Features
I’ve spent some time with MDT 2010 deploying Server 2008 & Windows 7. I can build a Server 2008 x86, x64, or R2 server with minimal interaction. Basically boot, enter a name, select the task sequence and walk away. While setting this up I started thinking about roles and features. The stock MDT ability to add roles and features is nice, I like it, but it’s not as flexible as I want. I don’t want a bunch of different task sequences for different roles and features. Granted the core would be the same, but there must be a cleaner way.
What I did was create applications, and sometimes bundles, to handle installing roles and features. That way I have minimal task sequences and all I need to do to build a Server 2008 R2 server with IIS, Hyper-V, and Windows Process Activation Service all I do is select them from the application list. (Note: I haven’t actually tried that combination, it’s just an example.) This can all be done with a little two-line powershell script for each role or feature. Even better I just created a folder under applications in the MDT console and called it Server Roles & Features. I’m still in process of gathering prerequisites for all the roles and features, I’ve come across some like the server must be part of a domain before installing Remote Desktop Services & the processor must support hardware virtualization for Hyper-V, etc. The only one I’ve hit so far that won’t install is WSUS.
This is the powershell code to do it:
#######################################################################
#Import the Server Manager command console to use later to add, remove, or query features or roles.
import-module servermanager
#Add Windows features or roles by passing the component name to the add-windowsfeature cmd. Use a comma to seperate multiple features.
# This example is installing default IIS and Windows Process Activation Service. Some components require a reboot before more can be installed.
add-windowsfeature Web-Server, WAS
#######################################################################
Basically copy that code into notepad and save it as .ps1 and that’s it. There is one caveat with this; with making no changes out of the box to Server 2008 powershell may be configured to restricted mode. That means no powershell scripts will run period. To get around that I went into my task sequence and during the State Restore phase I added a command line item called “Enable Powershell” it’s just running “powershell.exe -Command Set-ExecutionPolicy Unrestricted -force” or you could also use RemoteSigned. Then depending on your environment you can just copy that item and place it at the end to lock powershell back down if needed by setting back to Restricted or something else. The other item of note, if you are doing a LTI deployment or your PowerShell script is running from a UNC location you’ll need to add that location one of the more open IE zones during the build. I just added my deployment server to the Intranet zone because this is all happening prior to joining a domain. Even if you change the execution policy to unrestricted it will still prompt you to allow because it’s running from a remote location.
When I was talking to someone about this they asked about how did I know IIS is called Web-Server and Windows Process Activation Service was called WAS? Well, I used the query cmdlet to get all that and dumped it to a spreadsheet. I’ll include that info at the end of this post.
This post has been a little disjointed, so if anyone has questions feel free to ask or if people want some screen shots I could post those later. Here’s the dump of feature display names and short names:
| Display Name | Name | |
| [ ] Active Directory Certificate Services | AD-Certificate | |
| [ ] Certification Authority | ADCS-Cert-Authority | |
| [ ] Certification Authority WEB Enrollment | ADCS-WEB-Enrollment | |
| [ ] Online Responder | ADCS-Online-Cert | |
| [ ] Network Device Enrollment Service | ADCS-Device-Enrollment | |
| [ ] Certificate Enrollment WEB Service | ADCS-Enroll-WEB-Svc | |
| [ ] Certificate Enrollment Policy WEB Service | ADCS-Enroll-WEB-Pol | |
| [ ] Active Directory Domain Services | AD-Domain-Services | |
| [ ] Active Directory Domain Controller | ADDS-Domain-Controller | |
| [ ] Identity Management for UNIX | ADDS-Identity-Mgmt | |
| [ ] Server for Network Information Services | ADDS-NIS | |
| [ ] Password Synchronization | ADDS-Password-Sync | |
| [ ] Administration Tools | ADDS-IDMU-Tools | |
| [ ] Active Directory Federation Services | AD-Federation-Services | |
| [ ] Federation Service | ADFS-Federation | |
| [ ] Federation Service Proxy | ADFS-Proxy | |
| [ ] AD FS WEB Agents | ADFS-WEB-Agents | |
| [ ] Claims-aware Agent | ADFS-Claims | |
| [ ] Windows Token-based Agent | ADFS-Windows-Token | |
| [ ] Active Directory Lightweight Directory Services | ADLDS | |
| [ ] Active Directory Rights Management Services | ADRMS | |
| [ ] Active Directory Rights Management Server | ADRMS-Server | |
| [ ] Identity Federation Support | ADRMS-Identity | |
| [ ] Application Server | Application-Server | |
| [ ] .NET Framework 3.5.1 | AS-NET-Framework | |
| [ ] WEB Server (IIS) Support | AS-WEB-Support | |
| [ ] COM+ Network Access | AS-Ent-Services | |
| [ ] TCP Port Sharing | AS-TCP-Port-Sharing | |
| [ ] Windows Process Activation Service Support | AS-WAS-Support | |
| [ ] HTTP Activation | AS-HTTP-Activation | |
| [ ] Message Queuing Activation | AS-MSMQ-Activation | |
| [ ] TCP Activation | AS-TCP-Activation | |
| [ ] Named Pipes Activation | AS-Named-Pipes | |
| [ ] Distributed Transactions | AS-Dist-Transaction | |
| [ ] Incoming Remote Transactions | AS-Incoming-Trans | |
| [ ] Outgoing Remote Transactions | AS-Outgoing-Trans | |
| [ ] WS-Atomic Transactions | AS-WS-Atomic | |
| [ ] DHCP Server | DHCP | |
| [ ] DNS Server | DNS | |
| [ ] Fax Server | Fax | |
| [ ] File Services | File-Services | |
| [ ] File Server | FS-FileServer | |
| [ ] Distributed File System | FS-DFS | |
| [ ] DFS Namespaces | FS-DFS-Namespace | |
| [ ] DFS Replication | FS-DFS-Replication | |
| [ ] File Server Resource Manager | FS-Resource-Manager | |
| [ ] Services for Network File System | FS-NFS-Services | |
| [ ] Windows Search Service | FS-Search-Service | |
| [ ] Windows Server 2003 File Services | FS-Win2003-Services | |
| [ ] Indexing Service | FS-Indexing-Service | |
| [ ] BranchCache for network files | FS-BranchCache | |
| [ ] Hyper-V | Hyper-V | |
| [ ] Network Policy and Access Services | NPAS | |
| [ ] Network Policy Server | NPAS-Policy-Server | |
| [ ] Routing and Remote Access Services | NPAS-RRAS-Services | |
| [ ] Remote Access Service | NPAS-RRAS | |
| [ ] Routing | NPAS-Routing | |
| [ ] Health Registration Authority | NPAS-Health | |
| [ ] Host Credential Authorization Protocol | NPAS-Host-Cred | |
| [ ] Print and Document Services | Print-Services | |
| [ ] Print Server | Print-Server | |
| [ ] LPD Service | Print-LPD-Service | |
| [ ] Internet Printing | Print-Internet | |
| [ ] Distributed Scan Server | Print-Scan-Server | |
| [ ] Remote Desktop Services | Remote-Desktop-Services | |
| [ ] Remote Desktop Session Host | RDS-RD-Server | |
| [ ] Remote Desktop Virtualization Host | RDS-Virtualization | |
| [ ] Remote Desktop Licensing | RDS-Licensing | |
| [ ] Remote Desktop Connection Broker | RDS-Connection-Broker | |
| [ ] Remote Desktop Gateway | RDS-Gateway | |
| [ ] Remote Desktop WEB Access | RDS-WEB-Access | |
| [ ] WEB Server (IIS) | WEB-Server | |
| [ ] WEB Server | WEB-WEBServer | |
| [ ] Common HTTP Features | WEB-Common-Http | |
| [ ] Static Content | WEB-Static-Content | |
| [ ] Default Document | WEB-Default-Doc | |
| [ ] Directory Browsing | WEB-Dir-Browsing | |
| [ ] HTTP Errors | WEB-Http-Errors | |
| [ ] HTTP Redirection | WEB-Http-Redirect | |
| [ ] WEBDAV Publishing | WEB-DAV-Publishing | |
| [ ] Application Development | WEB-App-Dev | |
| [ ] ASP.NET | WEB-Asp-Net | |
| [ ] .NET Extensibility | WEB-Net-Ext | |
| [ ] ASP | WEB-ASP | |
| [ ] CGI | WEB-CGI | |
| [ ] ISAPI Extensions | WEB-ISAPI-Ext | |
| [ ] ISAPI Filters | WEB-ISAPI-Filter | |
| [ ] Server Side Includes | WEB-Includes | |
| [ ] Health and Diagnostics | WEB-Health | |
| [ ] HTTP Logging | WEB-Http-Logging | |
| [ ] Logging Tools | WEB-Log-Libraries | |
| [ ] Request Monitor | WEB-Request-Monitor | |
| [ ] Tracing | WEB-Http-Tracing | |
| [ ] Custom Logging | WEB-Custom-Logging | |
| [ ] ODBC Logging | WEB-ODBC-Logging | |
| [ ] Security | WEB-Security | |
| [ ] Basic Authentication | WEB-Basic-Auth | |
| [ ] Windows Authentication | WEB-Windows-Auth | |
| [ ] Digest Authentication | WEB-Digest-Auth | |
| [ ] Client Certificate Mapping Authentic… | WEB-Client-Auth | |
| [ ] IIS Client Certificate Mapping Authe… | WEB-Cert-Auth | |
| [ ] URL Authorization | WEB-Url-Auth | |
| [ ] Request Filtering | WEB-Filtering | |
| [ ] IP and Domain Restrictions | WEB-IP-Security | |
| [ ] Performance | WEB-Performance | |
| [ ] Static Content Compression | WEB-Stat-Compression | |
| [ ] Dynamic Content Compression | WEB-Dyn-Compression | |
| [ ] Management Tools | WEB-Mgmt-Tools | |
| [ ] IIS Management Console | WEB-Mgmt-Console | |
| [ ] IIS Management Scripts and Tools | WEB-Scripting-Tools | |
| [ ] Management Service | WEB-Mgmt-Service | |
| [ ] IIS 6 Management Compatibility | WEB-Mgmt-Compat | |
| [ ] IIS 6 Metabase Compatibility | WEB-Metabase | |
| [ ] IIS 6 WMI Compatibility | WEB-WMI | |
| [ ] IIS 6 Scripting Tools | WEB-Lgcy-Scripting | |
| [ ] IIS 6 Management Console | WEB-Lgcy-Mgmt-Console | |
| [ ] FTP Server | WEB-Ftp-Server | |
| [ ] FTP Service | WEB-Ftp-Service | |
| [ ] FTP Extensibility | WEB-Ftp-Ext | |
| [ ] IIS Hostable WEB Core | WEB-WHC | |
| [ ] Windows Deployment Services | WDS | |
| [ ] Deployment Server | WDS-Deployment | |
| [ ] Transport Server | WDS-Transport | |
| [ ] Windows Server Update Services | OOB-WSUS | |
| [ ] .NET Framework 3.5.1 Features | NET-Framework | |
| [ ] .NET Framework 3.5.1 | NET-Framework-Core | |
| [ ] WCF Activation | NET-Win-CFAC | |
| [ ] HTTP Activation | NET-HTTP-Activation | |
| [ ] Non-HTTP Activation | NET-Non-HTTP-Activ | |
| [ ] Background Intelligent Transfer Service (BITS) | BITS | |
| [ ] IIS Server Extension | BITS-IIS-Ext | |
| [ ] BitLocker Drive Encryption | BitLocker | |
| [ ] BranchCache | BranchCache | |
| [ ] Connection Manager Administration Kit | CMAK | |
| [ ] Desktop Experience | Desktop-Experience | |
| [ ] DirectAccess Management Console | DAMC | |
| [ ] Failover Clustering | Failover-Clustering | |
| [ ] Group Policy Management | GPMC | |
| [ ] Ink and Handwriting Services | Ink-Handwriting | |
| [ ] Ink Support | IH-Ink-Support | |
| [ ] Handwriting Recognition | IH-Handwriting | |
| [ ] Internet Printing Client | Internet-Print-Client | |
| [ ] Internet Storage Name Server | ISNS | |
| [ ] LPR Port Monitor | LPR-Port-Monitor | |
| [ ] Message Queuing | MSMQ | |
| [ ] Message Queuing Services | MSMQ-Services | |
| [ ] Message Queuing Server | MSMQ-Server | |
| [ ] Directory Service Integration | MSMQ-Directory | |
| [ ] Message Queuing Triggers | MSMQ-Triggers | |
| [ ] HTTP Support | MSMQ-HTTP-Support | |
| [ ] Multicasting Support | MSMQ-Multicasting | |
| [ ] Routing Service | MSMQ-Routing | |
| [ ] Message Queuing DCOM Proxy | MSMQ-DCOM | |
| [ ] Multipath I/O | Multipath-IO | |
| [ ] Network Load Balancing | NLB | |
| [ ] Peer Name Resolution Protocol | PNRP | |
| [ ] Quality Windows Audio Video Experience | qWave | |
| [ ] Remote Assistance | Remote-Assistance | |
| [ ] Remote Differential Compression | RDC | |
| [ ] Remote Server Administration Tools | RSAT | |
| [ ] Role Administration Tools | RSAT-Role-Tools | |
| [ ] Active Directory Certificate Services Tools | RSAT-ADCS | |
| [ ] Certification Authority Tools | RSAT-ADCS-Mgmt | |
| [ ] Online Responder Tools | RSAT-Online-Responder | |
| [ ] AD DS and AD LDS Tools | RSAT-AD-Tools | |
| [ ] AD DS Tools | RSAT-ADDS | |
| [ ] AD DS Snap-Ins and Command-Line … | RSAT-ADDS-Tools | |
| [ ] Active Directory Administrative … | RSAT-AD-AdminCenter | |
| [ ] Server for NIS Tools | RSAT-SNIS | |
| [ ] AD LDS Snap-Ins and Command-Line Tools | RSAT-ADLDS | |
| [ ] Active Directory module for Windows … | RSAT-AD-PowerShell | |
| [ ] Active Directory Rights Management Servi… | RSAT-RMS | |
| [ ] DHCP Server Tools | RSAT-DHCP | |
| [ ] DNS Server Tools | RSAT-DNS-Server | |
| [ ] Fax Server Tools | RSAT-Fax | |
| [ ] File Services Tools | RSAT-File-Services | |
| [ ] Distributed File System Tools | RSAT-DFS-Mgmt-Con | |
| [ ] File Server Resource Manager Tools | RSAT-FSRM-Mgmt | |
| [ ] Services for Network File System Tools | RSAT-NFS-Admin | |
| [ ] Hyper-V Tools | RSAT-Hyper-V | |
| [ ] Network Policy and Access Services Tools | RSAT-NPAS | |
| [ ] Print and Document Services Tools | RSAT-Print-Services | |
| [ ] Remote Desktop Services Tools | RSAT-RDS | |
| [ ] Remote Desktop Session Host Tools | RSAT-RDS-RemoteApp | |
| [ ] Remote Desktop Gateway Tools | RSAT-RDS-Gateway | |
| [ ] Remote Desktop Licensing Tools | RSAT-RDS-Licensing | |
| [ ] Remote Desktop Connection Broker Tools | RSAT-RDS-Conn-Broker | |
| [ ] WEB Server (IIS) Tools | RSAT-WEB-Server | |
| [ ] Windows Deployment Services Tools | RSAT-WDS | |
| [ ] Feature Administration Tools | RSAT-Feature-Tools | |
| [ ] BitLocker Drive Encryption Administratio… | RSAT-BitLocker | |
| [ ] BitLocker Drive Encryption Tools | RSAT-Bitlocker-DriveEnc | |
| [ ] BitLocker Recovery Password Viewer | RSAT-Bitlocker-RecPwd | |
| [ ] BITS Server Extensions Tools | RSAT-Bits-Server | |
| [ ] Failover Clustering Tools | RSAT-Clustering | |
| [ ] Network Load Balancing Tools | RSAT-NLB | |
| [ ] SMTP Server Tools | RSAT-SMTP | |
| [ ] WINS Server Tools | RSAT-WINS | |
| [ ] RPC over HTTP Proxy | RPC-over-HTTP-Proxy | |
| [ ] Simple TCP/IP Services | Simple-TCPIP | |
| [ ] SMTP Server | SMTP-Server | |
| [ ] SNMP Services | SNMP-Services | |
| [ ] SNMP Service | SNMP-Service | |
| [ ] SNMP WMI Provider | SNMP-WMI-Provider | |
| [ ] Storage Manager for SANs | Storage-Mgr-SANS | |
| [ ] Subsystem for UNIX-based Applications | Subsystem-UNIX-Apps | |
| [ ] Telnet Client | Telnet-Client | |
| [ ] Telnet Server | Telnet-Server | |
| [ ] TFTP Client | TFTP-Client | |
| [ ] Windows Biometric Framework | Biometric-Framework | |
| [ ] Windows Internal Database | Windows-Internal-DB | |
| [ ] Windows PowerShell Integrated Scripting Environm… | PowerShell-ISE | |
| [ ] Windows Process Activation Service | WAS | |
| [ ] Process Model | WAS-Process-Model | |
| [ ] .NET Environment | WAS-NET-Environment | |
| [ ] Configuration APIs | WAS-Config-APIs | |
| [ ] Windows Server Backup Features | Backup-Features | |
| [ ] Windows Server Backup | Backup | |
| [ ] Command-line Tools | Backup-Tools | |
| [ ] Windows Server Migration Tools | Migration | |
| [ ] Windows System Resource Manager | WSRM | |
| [ ] Windows TIFF IFilter | TIFF-IFilter | |
| [ ] WinRM IIS Extension | WinRM-IIS-Ext | |
| [ ] WINS Server | WINS-Server | |
| [ ] Wireless LAN Service | Wireless-Networking | |
| [ ] XPS Viewer | XPS-Viewer |
