Introduction to Windows Deployment Services
Windows Deployment Services (WDS) is a server role in Windows Server 2019 that enables network-based operating system deployment using PXE (Preboot Execution Environment) boot. WDS allows administrators to deploy Windows operating systems to bare-metal machines or to re-image existing machines over the network without physical media. It stores boot images and install images in a central image store and serves them to network-booting clients. WDS is ideal for deploying Windows to dozens or hundreds of machines simultaneously, standardizing OS installations, and reducing the time and cost of manual deployments.
Prerequisites and Infrastructure Requirements
WDS has specific infrastructure requirements. The WDS server must be a member of an Active Directory domain. A DHCP server must exist on the network or on the WDS server itself to assign IP addresses to PXE-booting clients. A DNS server must be available for name resolution. The WDS server should have significant disk space, at least 20 GB, dedicated to the image store. Network switches must support spanning tree port fast or PortFast for PXE boot reliability. Ensure BIOS or UEFI on client machines supports PXE boot and that it is enabled in the firmware settings.
Installing the WDS Role
Install the WDS role and both role services: Deployment Server for full WDS functionality, and Transport Server for multicast-only scenarios without PXE:
Install-WindowsFeature WDS -IncludeAllSubFeature -IncludeManagementToolsVerify the installation:
Get-WindowsFeature WDS* | Select-Object Name, InstallStateConfiguring WDS
After installation, configure WDS using the Windows Deployment Services console or the command-line tool wdsutil. Open the WDS console from Server Manager Tools. Right-click your server and select Configure Server. The wizard asks whether DHCP is on the same server and whether to configure DHCP option 60. If DHCP is on the same server, check both options: Do not listen on DHCP ports and Configure DHCP option 66 for boot server. Set the remote installation folder path to a dedicated volume with sufficient space, such as D:RemoteInstall. Configure whether to respond to all client computers or only known computers. Using wdsutil for the same configuration:
wdsutil /Initialize-Server /RemInst:"D:RemoteInstall" /Authorization
wdsutil /Set-Server /AnswerClients:All
wdsutil /Start-ServerConfiguring DHCP for PXE Boot
If DHCP is on a separate server, configure DHCP options to direct PXE clients to the WDS server. Add option 66 (Boot Server Host Name) with the WDS server’s IP address or hostname, and option 67 (Bootfile Name) with the appropriate bootfile. For BIOS clients the bootfile is bootx86pxeboot.0 or bootx64pxeboot.0. For UEFI clients it is bootx64wdsnbp.com. Configure DHCP options using PowerShell:
Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 -OptionId 66 -Value "192.168.1.50"
Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 -OptionId 67 -Value "bootx64wdsnbp.com"If WDS is on the same server as DHCP, configure WDS to not bind to DHCP ports to avoid conflicts:
wdsutil /Set-Server /UseDhcpPorts:No /DhcpOption60:YesAdding Boot Images
Boot images start the WDS client on the network-booting machine and present the WDS interface. The Windows PE boot image is provided on the Windows Server 2019 installation media. Mount the ISO or use the DVD and copy the boot image:
Mount-DiskImage -ImagePath "D:ISOWindowsServer2019.iso"
$driveLetter = (Get-DiskImage -ImagePath "D:ISOWindowsServer2019.iso" | Get-Volume).DriveLetter
Import-WdsBootImage -Path "${driveLetter}:bootboot.wim" -NewImageName "Windows Server 2019 Setup Boot" -SkipVerifyUsing wdsutil to add a boot image:
wdsutil /Add-Image /ImageFile:"E:bootboot.wim" /ImageType:BootAdding Install Images
Install images are the full OS images that get deployed to client machines. Copy install.wim from the Windows installation media and add it to WDS. Create an image group first to organize images:
wdsutil /Add-ImageGroup /ImageGroup:"Windows Server 2019"
wdsutil /Add-Image /ImageFile:"E:sourcesinstall.wim" /ImageType:Install /ImageGroup:"Windows Server 2019"Using PowerShell:
New-WdsInstallImageGroup -Name "Windows Server 2019"
Import-WdsInstallImage -ImageGroup "Windows Server 2019" -Path "${driveLetter}:sourcesinstall.wim" -ImageName "Windows Server 2019 SERVERSTANDARD"List the images in WDS to verify they were added:
Get-WdsInstallImage -ImageGroup "Windows Server 2019" | Select-Object ImageName, FileName, ImageSizeCreating Custom Capture Images
A capture image is a boot image that boots a reference machine and captures its OS to a WIM file in WDS. First prepare a reference machine by installing Windows, configuring the OS to your standard baseline, and running Sysprep:
C:WindowsSystem32Sysprepsysprep.exe /oobe /generalize /shutdownAfter shutdown, in the WDS console right-click a boot image and select Create Capture Boot Image. Name the image WDS Capture 2019 and save it. Add this capture image to WDS:
wdsutil /New-CaptureImage /Image:"Windows Server 2019 Setup Boot" /ImageType:Boot /Architecture:x64 /DestinationImage /FilePath:"D:RemoteInstallBootx64Capture2019.wim" /Name:"WDS Capture 2019"
wdsutil /Add-Image /ImageFile:"D:RemoteInstallBootx64Capture2019.wim" /ImageType:BootPXE boot the reference machine, select the capture image, and capture the OS to the WDS server. The captured WIM is automatically added to the install images.
Configuring Unattended Installations
WDS supports unattend XML files that automate the deployment process without user interaction. Create an unattend.xml file using Windows System Image Manager (SIM) from the Windows Assessment and Deployment Kit (ADK). In the WDS console, associate the unattend file with a specific install image by right-clicking the install image and selecting Properties, then the General tab, and setting the Allow image to install in unattended mode checkbox and browsing to the unattend file. Using wdsutil:
wdsutil /Set-Image /Image:"Windows Server 2019 SERVERSTANDARD" /ImageType:Install /ImageGroup:"Windows Server 2019" /UnattendFile:"D:UnattendWS2019Unattend.xml"Configure a client unattend file at the server level to answer the WDS client questions automatically:
wdsutil /Set-Server /WdsClientUnattend:"D:UnattendWDSClientUnattend.xml" /WdsClientUnattendEnabled:YesManaging Prestaged Computers
Prestaging a computer in Active Directory means creating a computer account with the machine’s MAC address or GUID so WDS knows it is an authorized client. This is used when WDS is configured to respond only to known computers. In Active Directory Users and Computers, right-click the Computers OU and select New Computer. After creating the account, open its Properties and navigate to the Remote Install tab to manage the WDS settings. Using PowerShell:
New-ADComputer -Name "NEWPC01" -OtherAttributes @{netbootGUID=[byte[]](0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x15,0x5d,0x00,0x6a,0x00,0x00,0x00)}Configuring Multicast Deployments
Multicast transmissions allow WDS to deploy an image to multiple clients simultaneously using a single network stream, dramatically reducing network utilization compared to unicast. In the WDS console, expand the server, right-click Multicast Transmissions, and select New Multicast Transmission. Name the transmission, select the install image, and choose Auto-Cast for on-demand multicast or Scheduled-Cast for transmissions that start at a specific time or when a minimum number of clients have connected:
wdsutil /New-MulticastTransmission /FriendlyName:"WS2019 Multicast" /Image:"Windows Server 2019 SERVERSTANDARD" /ImageType:Install /ImageGroup:"Windows Server 2019" /TransmissionType:AutoCastMonitoring and Troubleshooting WDS
Monitor WDS activity and troubleshoot PXE boot failures using WDS logging and Windows Event Viewer:
wdsutil /Get-Server /Show:All
wevtutil qe Microsoft-Windows-Deployment-Services-Diagnostics/Debug /c:50 /f:text
Get-WinEvent -LogName "Microsoft-Windows-Deployment-Services-Diagnostics/Operational" -MaxEvents 20 | Format-List TimeCreated, MessageCommon issues include PXE clients not receiving DHCP offers, which indicates DHCP option 66/67 misconfiguration, or clients receiving a TFTP timeout, which typically means Windows Firewall is blocking UDP port 69 used for TFTP file transfers. Ensure the WDS TFTP firewall rule is enabled:
Get-NetFirewallRule -DisplayName "*WDS*" | Select-Object DisplayName, Enabled, Direction
