automated imaging: from inventory to ctrl-alt-delete
TRANSCRIPT
From From Inventory Inventory
to to Ctrl-Alt-DelCtrl-Alt-Del
Hamilton CollegeHamilton College
Clinton, NYClinton, NY
Hamilton CollegeHamilton CollegeDesktop Integration SupportDesktop Integration Support
Gretchen MaxamGretchen MaxamDesktop Integration Specialist – Imaging SupportDesktop Integration Specialist – Imaging Support
[email protected]@hamilton.edu
Jesse Thomas Jesse Thomas Desktop Integration Specialist – Academic FacilitiesDesktop Integration Specialist – Academic Facilities
[email protected]@hamilton.edu
Dan SloanDan SloanInstallation SpecialistInstallation Specialist
[email protected]@hamilton.edu
HistoryHistory
Existing Inventory SystemExisting Inventory System– Computer Serial NumberComputer Serial Number– License License – User Name, LocationUser Name, Location– SoftwareSoftware
Used GhostUsed Ghost
Win98Win98
HistoryHistory
When XP arrivedWhen XP arrived– Needed to provide unique name to computerNeeded to provide unique name to computer– Add to DomainAdd to Domain– Provide proper license to activateProvide proper license to activate
Added SysprepAdded Sysprep– ““Fed” it with unique data from Inventory DBFed” it with unique data from Inventory DB
““Pre-Create” computer objects in ADPre-Create” computer objects in AD
and on and on…and on and on…
Overview of EnvironmentOverview of Environment
Academic FacilitiesAcademic Facilities– 9 ITS Managed Labs 9 ITS Managed Labs
68 Windows68 Windows
71 Macintosh71 Macintosh
– 49 TE Classrooms49 TE Classrooms34 Windows & Macintosh34 Windows & Macintosh
15 Macintosh Only15 Macintosh Only
Overview of EnvironmentOverview of Environment
6 Academic Images6 Academic Images– 3 Windows3 Windows– 3 Macintosh3 Macintosh
GhostGhost
AD Structure AD Structure
Terminology Terminology – Push the buttonPush the button– Group Re-imageGroup Re-image
Ease of ImagingEase of Imaging
Get Hamilton Barcode(s)Get Hamilton Barcode(s)
Locate machine(s) in Inventory Locate machine(s) in Inventory
Ease of ImagingEase of Imaging
Equipment Information
Ease of ImagingEase of Imaging
Users Tab
Ease of ImagingEase of Imaging
Software Tab
Ease of ImagingEase of Imaging
Function Tab
Ease of ImagingEase of Imaging
Ease of ImagingEase of Imaging
Ease of ImagingEase of Imaging
Ease of ImagingEase of Imaging
Group ReimageGroup Reimage– Edit psexec commandEdit psexec command– Schedule TaskSchedule Task– Verify restore Verify restore
How do we get here?How do we get here?
REBOOTfirst_boot.cmdfirst_boot.cmd
Full File on Page 1 of Supplement
first_boot.cmdfirst_boot.cmd
Script that runs on ‘first boot’Script that runs on ‘first boot’
Cleans up ‘loose ends’ after imaging Cleans up ‘loose ends’ after imaging processprocess– Changes local account passwordsChanges local account passwords– Performs registry editsPerforms registry edits– Re-installs anti-virus software (Sophos)Re-installs anti-virus software (Sophos)– Edits folder permissionsEdits folder permissions
first_boot.cmdfirst_boot.cmd
Cleans up ‘loose ends’ after imaging Cleans up ‘loose ends’ after imaging process (cont’d)process (cont’d)– Sets ‘Computer Description’Sets ‘Computer Description’– Hides service partitionHides service partition– Restarts computerRestarts computer– Deletes itselfDeletes itself
first_boot.cmdfirst_boot.cmd
Changes local account passwordsChanges local account passwords
net user net user <username> <new_password><username> <new_password>
net user net user itsadmin unique_passworditsadmin unique_password
first_boot.cmdfirst_boot.cmd
Performs Registry Edits - Delete KeysPerforms Registry Edits - Delete Keys
reg DELETE reg DELETE <KeyName> <options><KeyName> <options>
reg DELETE "HKLM\Software\Sophos\ALC reg DELETE "HKLM\Software\Sophos\ALC Agent\Private" /v pkc /fAgent\Private" /v pkc /f
first_boot.cmdfirst_boot.cmd
Performs Registry Edits - Change Performs Registry Edits - Change Permissions (Citrix Web Client)Permissions (Citrix Web Client)
regini regini <input_file> <input_file> (text file with registry (text file with registry data)data)
echo \Registry\Machine\Software\Microsoft\echo \Registry\Machine\Software\Microsoft\MSLicensing\HardwareID [1 5 7 13 17] > c:\MSLicensing\HardwareID [1 5 7 13 17] > c:\Management\regini.txtManagement\regini.txt
regini c:\Management\regini.txtregini c:\Management\regini.txt
first_boot.cmdfirst_boot.cmd
Re-installs anti-virus software (Sophos)Re-installs anti-virus software (Sophos)
msiexec msiexec <path_to_msi> <options><path_to_msi> <options>
msiexec.exe /i "c:\Program Files\Sophos\msiexec.exe /i "c:\Program Files\Sophos\AutoUpdate\cache\savxp\Sophos Anti-AutoUpdate\cache\savxp\Sophos Anti-Virus.msi" REINSTALL=ALL Virus.msi" REINSTALL=ALL REINSTALLMODE=voums UPDATEDRIVERS=0 /quietREINSTALLMODE=voums UPDATEDRIVERS=0 /quiet
first_boot.cmdfirst_boot.cmd
Edits folder permissionsEdits folder permissions
cacls cacls <filename> <options><filename> <options>
cacls "c:\Documents and Settings\All Users\cacls "c:\Documents and Settings\All Users\Application Data\Windows Genuine Application Data\Windows Genuine Advantage" /E /T /G Everyone:FAdvantage" /E /T /G Everyone:F
first_boot.cmdfirst_boot.cmd
Hides service partitionHides service partition
diskpart /s diskpart /s <diskpart_script><diskpart_script>
diskpart /s c:\Management\diskpart /s c:\Management\diskpart_hide_winpe.txtdiskpart_hide_winpe.txt
diskpart_hide_winpe.txtdiskpart_hide_winpe.txtselect disk 0select disk 0select partition 1select partition 1remove remove exitexit
first_boot.cmdfirst_boot.cmd
Restarts computerRestarts computer
shutdown shutdown <options><options>
shutdown -r -f -t 5shutdown -r -f -t 5
first_boot.cmdfirst_boot.cmd
Deletes itselfDeletes itself
del del <files or directories><files or directories>
del c:\Management\first_boot.cmddel c:\Management\first_boot.cmd
REBOOTfirst_boot.cmdfirst_boot.cmdREBOOTSysprepSysprep
Full File on Page 2 of Supplement
SysprepSysprep
minisetup - w/ sysprep.inf ‘answer’ fileminisetup - w/ sysprep.inf ‘answer’ file– PnP device installation PnP device installation – product keyproduct key– sets 'Administrator' password sets 'Administrator' password – sets computer namesets computer name– joins to domainjoins to domain
SysprepSysprep
PnP device installationPnP device installation
[Unattended][Unattended]
UpdateInstalledDrivers=YesUpdateInstalledDrivers=Yes
DriverSigningPolicy=ignoreDriverSigningPolicy=ignore
SysprepSysprep
Product KeyProduct Key
[UserData][UserData]
ProductID=ABCDE-12345-FGHIJ-67890-KLMNOProductID=ABCDE-12345-FGHIJ-67890-KLMNO
SysprepSysprep
Sets Administrator password & computer Sets Administrator password & computer namename
[GuiUnattended][GuiUnattended]AdminPassword=“pa$$w0rd”AdminPassword=“pa$$w0rd”
[UserData][UserData]ComputerName=“pc-869273”ComputerName=“pc-869273”
SysprepSysprep
Joins domainJoins domain
[Identification][Identification]
JoinDomain=hamilton.eduJoinDomain=hamilton.edu
DomainAdmin=networkadminDomainAdmin=networkadmin
DomainAdminPassword=pa$$w0rdDomainAdminPassword=pa$$w0rd
SysprepSysprep
Calls first_boot.cmdCalls first_boot.cmd
[GuiRunOnce][GuiRunOnce]
Command0() = Command0() = "%systemdrive%/Management/first_boot.cmd""%systemdrive%/Management/first_boot.cmd"
REBOOTfirst_boot.cmdfirst_boot.cmdSysprepSysprep REBOOT
DownloadImage
DownloadImage
RE
BO
OT
Downloading the ImageDownloading the Image
Three partsThree parts1.1. Boot into WinPEBoot into WinPE
2.2. Run download_production_image.cmdRun download_production_image.cmd
3.3. Run unique ghost.cmdRun unique ghost.cmd
Downloading the ImageDownloading the Image
PART 1PART 1
Boot into WinPEBoot into WinPE– located on 5GB ‘service’ partitionlocated on 5GB ‘service’ partition– installed using WinPE bootable CDinstalled using WinPE bootable CD
““DIS WinPE Utility”DIS WinPE Utility”
Downloading the ImageDownloading the Image
PART 2PART 2
download_production_image.cmddownload_production_image.cmd– called by startnet.cmd in WinPEcalled by startnet.cmd in WinPE
– sets-up environmentsets-up environmentmaps drivesmaps drivessets variables for MAC address, service tag, IPsets variables for MAC address, service tag, IPstarts VNC serverstarts VNC serverruns machine specific ghost.cmdruns machine specific ghost.cmd
Full File on Page 3 of Supplement
Downloading the ImageDownloading the Image
PART 2PART 2: download_production_image.cmd: download_production_image.cmd
Maps drivesMaps drives
net use net use <drive letter> <path> <drive letter> <path> /user:</user:<username> <password>username> <password>
net use i: \\casper2\DIS-WIN /user:admin pa$net use i: \\casper2\DIS-WIN /user:admin pa$$w0rd$w0rd
Downloading the ImageDownloading the Image
PART 2: PART 2: download_production_image.cmddownload_production_image.cmd
Sets variablesSets variables
for /f "tokens=1" %%x in ('<command>') do set for /f "tokens=1" %%x in ('<command>') do set <variable>=%%x<variable>=%%x
for /f "tokens=1" %%i in ('ipconfig /all ^| gawk -F": for /f "tokens=1" %%i in ('ipconfig /all ^| gawk -F": " "/IP Address/ { print $2 }"') do set ip=%%I" "/IP Address/ { print $2 }"') do set ip=%%I
for /f "tokens=1" %%s in ('ghost32 -lockinfo ^| gawk -for /f "tokens=1" %%s in ('ghost32 -lockinfo ^| gawk -F\^" "/Serial/ { print $2 }"') do set serial=%%sF\^" "/Serial/ { print $2 }"') do set serial=%%s
Downloading the ImageDownloading the Image
PART PART 2: download_production_image.cmd2: download_production_image.cmd
Starts VNC serverStarts VNC server
regedit /s i:\Ghost-G3\tools\vnc\ultravnc.regregedit /s i:\Ghost-G3\tools\vnc\ultravnc.reg
start /min winvnc.exestart /min winvnc.exe
Downloading the ImageDownloading the Image
PART 2PART 2: download_production_image.cmd: download_production_image.cmd
Runs machine specific ghost.cmdRuns machine specific ghost.cmd
i:\Ghost-G3\data\%serial%\ghost.cmdi:\Ghost-G3\data\%serial%\ghost.cmd
Downloading the ImageDownloading the Image
PART 3PART 3
machine specific ghost.cmdmachine specific ghost.cmd– downloads appropriate image (Ghost32)downloads appropriate image (Ghost32)– copies files to local machinecopies files to local machine
sysprep.inf, first_boot.cmdsysprep.inf, first_boot.cmd
– sets boot disksets boot disk– writes logging infowrites logging info– rebootsreboots
Downloading the ImageDownloading the Image
PART 3PART 3: ghost.cmd: ghost.cmd
Runs Ghost32.exe commandRuns Ghost32.exe command
ghost32 -clone,MODE=prestore,src="i:\images\2006 ghost32 -clone,MODE=prestore,src="i:\images\2006 Images\Desktop\sysprep\GX620.gho:1",dst=1:2 -sure Images\Desktop\sysprep\GX620.gho:1",dst=1:2 -sure -fx-fx
Full File on Page 4 of Supplement
Downloading the ImageDownloading the Image
PART 3PART 3: ghost.cmd: ghost.cmd
Sets boot diskSets boot disk
diskpart /s diskpart_set_active.txtdiskpart /s diskpart_set_active.txt
select disk 0select disk 0select partition 2select partition 2assign letter wassign letter wactiveactiveexitexit
Downloading the ImageDownloading the Image
PART 3PART 3: ghost.cmd: ghost.cmd
Outputs logging infoOutputs logging info
echo I was imaged on: %date% %time% >> i:\echo I was imaged on: %date% %time% >> i:\Ghost-g3\logs\%barcode%.txtGhost-g3\logs\%barcode%.txt
copy i:\Ghost-g3\logs\%barcode%.txt "w:\copy i:\Ghost-g3\logs\%barcode%.txt "w:\Management\image.log"Management\image.log"
Downloading the ImageDownloading the Image
PART 3PART 3: ghost.cmd: ghost.cmd
Copies files & rebootsCopies files & reboots
mkdir w:\Managementmkdir w:\Management
copy "i:\Ghost-G3\data\%serial%\sysprep.inf" "w:\sysprep\"copy "i:\Ghost-G3\data\%serial%\sysprep.inf" "w:\sysprep\"
copy "i:\Ghost-G3\data\%serial%\first_boot.cmd" "w:\copy "i:\Ghost-G3\data\%serial%\first_boot.cmd" "w:\Management\”Management\”
exitexit
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Scripts Scripts used to “format” data
Plug-in creates:– Custom directories using cpu serial– Custom files with specific data for cpu
Inventory SystemInventory System Behind the ScenesBehind the Scenes
AddComputerToAD
Information from the Inventory record
Computer Barcode to create part of the name
Current User Department to determine Academic or Employee
Current User Building and Current User Department to determine the current OU
Current User Name and Department for the object description
Inventory System Inventory System Behind the ScenesBehind the Scenes
AddComputerToAD
Inventory SystemInventory System AddComputerToAD
strComputer = "pc-barcode"strCompDesc = "CompDesc1"Set objContainer = GetObject("LDAP://ou=BUILDING, ou=MANAGED COMPUTERS, ou=All Domain Computers,“
BecomesstrComputer = "pc-13880"strCompDesc = “KJ220- 10 - ITS-LABS"Set objContainer = GetObject("LDAP://ou=KJ 220, ou=Academic Facilities, ou=MANAGED COMPUTERS, ou=All Domain Computer,”
VB script that pre-creates the computer object in Active Directory
Full File on Page 5 of Supplement
Inventory System Inventory System Behind the ScenesBehind the ScenesAddComputerToAD
Inventory System Inventory System Behind the ScenesBehind the Scenes
AddComputerToAD
Inventory System Inventory System Behind the ScenesBehind the Scenes
AddComputerToAD
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Information from the Inventory record is used to create:Sysprep answer file
Ghost.cmd
first_boot.cmd
Backup files
Directory on server to store these files
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Sysprep answer file with specific data
Admin Password (based on barcode)Windows License (can be volume or from cpu)Computer Name (based on barcode) Domain nameDomain Account need to add computer to domain
– account passwordRun once file
Full File on Page 2 of Supplement
Inventory System Inventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep ButtonSysprep answer file[GuiUnattended]
AutoLogon=Yes
AdminPassword=Unique_Based_On_Barcode
AutoLogonCount =1
EncryptedAdminPassword=NO
OEMSkipRegional=1
TimeZone=35
OemSkipWelcome=1
Inventory System Inventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Sysprep answer file [UserData]
ProductID= ct6gt-x6tp7-9tk98-ykjq9-ykf6
FullName="Hamilton College"
OrgName="Hamilton College"
ComputerName="pc-13880"
Inventory System Inventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Sysprep answer file[Identification] JoinDomain=hamilton-d DomainAdmin=<networkadmin> DomainAdminPassword=<pa$$w0rd>
[Networking] InstallDefaultComponents=Yes
[GuiRunOnce]Command0() =
"%systemdrive%/Management/first_boot.cmd"
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Ghost.cmd file with specific data
Image name
Full File on Page 4 of Supplement
Inventory System Inventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
Ghost.cmd page # of handout
:: run ghost command
echo Running Ghost...
ghost32 -clone,MODE=prestore,src="i:\images\2006 Images\Academic\sysprep\KJUnified.gho:1",dst=1:2 -sure –fx
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
First_Boot.cmd with specific data
Local User Password (based on barcode)
Sets computer description (based on barcode)
Full File on Page 1 of Supplement
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Prep ButtonPrep Button
First_boot.cmd page # of handout
:: using net user command
net user itadmin UniquePassword
:: Set computer description
reg ADD "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v srvcomment /d "pc-13880" /f
Inventory SystemInventory System Behind the ScenesBehind the Scenes
Re-image ButtonRe-image Button
Inventory System Inventory System Behind the ScenesBehind the Scenes
Re-image ButtonRe-image Button
Startimage.cmdpsexec \\pc-barcode -s c:\management\
initiate_automated_imaging.cmd
Full File on Page 8 of Supplement
Inventory System Inventory System Behind the ScenesBehind the Scenes
Remote Desktop ButtonRemote Desktop Button
Inventory System Inventory System Behind the ScenesBehind the Scenes
Remote Desktop ButtonRemote Desktop Button
Remote.rpdscreen mode id:i:1desktopwidth:i:1280desktopheight:i:1024session bpp:i:16winposstr:s:0,1,1300,9,2542,870full address:s:PC-BARCODEcompression:i:1keyboardhook:i:2audiomode:i:0redirectdrives:i:0redirectprinters:i:1
Full File on Page 8 of Supplement
Inventory System Inventory System Behind the ScenesBehind the Scenes
Update Image Log ButtonUpdate Image Log Button
NetworkNetworkDirectory Structure
NetworkNetworkDirectory Structure
“Commands” Directory
NetworkNetworkDirectory Structure
“Data” Directory
NetworkNetworkDirectory Structure
Inside “Data” Directory
NetworkNetworkDirectory Structure
“Logs” Directory
NetworkNetworkDirectory Structure“Tools” Directory
COREUTILS http://gnuwin32.sourceforge.net/packages.html
GAWK http://gnuwin32.sourceforge.net/packages.html
GREP http://gnuwin32.sourceforge.net/packages.html
psexechttp://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx
UltraVNChttp://ultravnc.sourceforge.net/
NetworkNetworkTools used - SharewareTools used - Shareware
Ghosthttp://www.symantec.com/enterprise/
FileMakerProwww.filemaker.com
Troi File plug-in for Filemakerhttp://www.troi.com/software/fileplugin.html
NetworkNetworkTools used - PurchasedTools used - Purchased
ConclusionConclusion
Building Blocks– Keep adding– Can modify and add to scripts in Inventory
Built with what we had
Didn’t need to switch to (or buy) new technology or software
Fits our workflow
ConclusionConclusion
Apply what we have to other systems
– Use for Faculty and Admin computers
– We have a parallel system for Macs
Next StepsNext Steps
PXE boot
WinPE2
Add application installers
Create a web form for self service
Add scheduling
Next StepsNext Steps
Vista
Thank you!Thank you!
Questions?Questions?