Active Directory-related changes to Windows Deployment Services in Windows Server 2012

Windows Deployment Services has a long-standing tradition of being part of the Windows Server Operating System. What used to be Remote Installation Services (RIS), became Windows Deployment Services (WDS) in Windows Server 2003 Service Pack 2.

Windows Deployment Services (WDS) has ties to Active Directory, as I’ve blogged about earlier. In Windows Server 2012, however, some of the statements in that blogpost have changed.

Among the many improvements in Windows Deployment Services (WDS) in Windows Server 2012, these three Active Directory-related changes pop out:


Standalone server

Windows Deployment Services (WDS) is now configurable as a Standalone server, without the need for Active Directory. Although this was possible in Windows Server 2008 r2, already, that configuration was limited and complex: You needed to configure the server using wdsutil.exe or the registry editor.

In Windows Server 2012, while installing the Windows Deployment Services (WDS) Server Role you can configure it as a Standalone server as opposed to the Integrated with Active Directory mode. In this mode, information on prestaged devices is stored in a local store.

The Standalone Mode is useful since it allows for a portable deployment solution that is independent of any existing environment.


Active Directory Prestaged Devices

Prestaging devices is now possible in the Windows Deployment Services Graphical User Interface (GUI). You no longer have to use wdsutil.exe for that purpose. It is possible to prestage devices, based on their:

  • MAC Address
  • GUID (Global Unique Identifier)
  • DUID (DHCPv6 Unique Identifier)

You can pre-stage setting like the computer name, PXE policies, boot image, installation image, permissions on join and more. You can also, optionally, create an unattend.xml for the device.


BitLocker Network Unlock

Now, you might almost think, integrating Windows Deployment Services (WDS) is no longer a Server Role that is better with Active Directory. While the above feature makes your life as a deployment admin easier, Windows Deployment Services offer unrivaled functionality when used with Active Directory. One of the new features surrounding Windows Deployment Services in Windows 8 and Windows Server 2012 on hardware with UEFI 2.3.1 is the possibility to automatically unlock the Operating System drive when a machine is booted while connected to the corporate network. This feature allows for desktops and servers to be secure, but not burdening the user or server admin with security protocol.

One of the requirements for BitLocker Network Unlock is Windows Deployment Services (WDS). Other requirements include Active Directory Domain Services and Active Directory Certificate Services. See the combo?



Windows Deployment Services is a mature component for many deployment scenarios. You can use it with or without Active Directory, and this blogpost provides an overview of the benefits in both scenarios.

Related Blogposts

WDS without Active Directory
Windows Deployment Services: A Real Ghostbuster Part 1
Deploying Windows 7 with Windows Deployment Services
Five Must-Have Hardware components to get the most out of Windows 8

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.