automated imaging: from inventory to ctrl-alt-delete

From From Inventory Inventory

to to Ctrl-Alt-DelCtrl-Alt-Del

Hamilton CollegeHamilton College

Clinton, NYClinton, NY

Hamilton CollegeHamilton CollegeDesktop Integration SupportDesktop Integration Support

Gretchen MaxamGretchen MaxamDesktop Integration Specialist – Imaging SupportDesktop Integration Specialist – Imaging Support

[email protected]@hamilton.edu

Jesse Thomas Jesse Thomas Desktop Integration Specialist – Academic FacilitiesDesktop Integration Specialist – Academic Facilities


Dan SloanDan SloanInstallation SpecialistInstallation Specialist


HistoryHistory

Existing Inventory SystemExisting Inventory System– Computer Serial NumberComputer Serial Number– License License – User Name, LocationUser Name, Location– SoftwareSoftware

Used GhostUsed Ghost

Win98Win98

HistoryHistory

When XP arrivedWhen XP arrived– Needed to provide unique name to computerNeeded to provide unique name to computer– Add to DomainAdd to Domain– Provide proper license to activateProvide proper license to activate

Added SysprepAdded Sysprep– ““Fed” it with unique data from Inventory DBFed” it with unique data from Inventory DB

““Pre-Create” computer objects in ADPre-Create” computer objects in AD

and on and on…and on and on…

Overview of EnvironmentOverview of Environment

Academic FacilitiesAcademic Facilities– 9 ITS Managed Labs 9 ITS Managed Labs

68 Windows68 Windows

71 Macintosh71 Macintosh

– 49 TE Classrooms49 TE Classrooms34 Windows & Macintosh34 Windows & Macintosh

15 Macintosh Only15 Macintosh Only

Overview of EnvironmentOverview of Environment

6 Academic Images6 Academic Images– 3 Windows3 Windows– 3 Macintosh3 Macintosh

GhostGhost

AD Structure AD Structure

Terminology Terminology – Push the buttonPush the button– Group Re-imageGroup Re-image

Ease of ImagingEase of Imaging

Get Hamilton Barcode(s)Get Hamilton Barcode(s)

Locate machine(s) in Inventory Locate machine(s) in Inventory


Equipment Information


Users Tab


Software Tab


Function Tab


Group ReimageGroup Reimage– Edit psexec commandEdit psexec command– Schedule TaskSchedule Task– Verify restore Verify restore

How do we get here?How do we get here?

REBOOTfirst_boot.cmdfirst_boot.cmd

Full File on Page 1 of Supplement

first_boot.cmdfirst_boot.cmd

Script that runs on ‘first boot’Script that runs on ‘first boot’

Cleans up ‘loose ends’ after imaging Cleans up ‘loose ends’ after imaging processprocess– Changes local account passwordsChanges local account passwords– Performs registry editsPerforms registry edits– Re-installs anti-virus software (Sophos)Re-installs anti-virus software (Sophos)– Edits folder permissionsEdits folder permissions


Cleans up ‘loose ends’ after imaging Cleans up ‘loose ends’ after imaging process (cont’d)process (cont’d)– Sets ‘Computer Description’Sets ‘Computer Description’– Hides service partitionHides service partition– Restarts computerRestarts computer– Deletes itselfDeletes itself


Changes local account passwordsChanges local account passwords

net user net user <username> <new_password><username> <new_password>

net user net user itsadmin unique_passworditsadmin unique_password


Performs Registry Edits - Delete KeysPerforms Registry Edits - Delete Keys

reg DELETE reg DELETE <KeyName> <options><KeyName> <options>

reg DELETE "HKLM\Software\Sophos\ALC reg DELETE "HKLM\Software\Sophos\ALC Agent\Private" /v pkc /fAgent\Private" /v pkc /f


Performs Registry Edits - Change Performs Registry Edits - Change Permissions (Citrix Web Client)Permissions (Citrix Web Client)

regini regini <input_file> <input_file> (text file with registry (text file with registry data)data)

echo \Registry\Machine\Software\Microsoft\echo \Registry\Machine\Software\Microsoft\MSLicensing\HardwareID [1 5 7 13 17] > c:\MSLicensing\HardwareID [1 5 7 13 17] > c:\Management\regini.txtManagement\regini.txt

regini c:\Management\regini.txtregini c:\Management\regini.txt


Re-installs anti-virus software (Sophos)Re-installs anti-virus software (Sophos)

msiexec msiexec <path_to_msi> <options><path_to_msi> <options>

msiexec.exe /i "c:\Program Files\Sophos\msiexec.exe /i "c:\Program Files\Sophos\AutoUpdate\cache\savxp\Sophos Anti-AutoUpdate\cache\savxp\Sophos Anti-Virus.msi" REINSTALL=ALL Virus.msi" REINSTALL=ALL REINSTALLMODE=voums UPDATEDRIVERS=0 /quietREINSTALLMODE=voums UPDATEDRIVERS=0 /quiet


Edits folder permissionsEdits folder permissions

cacls cacls <filename> <options><filename> <options>

cacls "c:\Documents and Settings\All Users\cacls "c:\Documents and Settings\All Users\Application Data\Windows Genuine Application Data\Windows Genuine Advantage" /E /T /G Everyone:FAdvantage" /E /T /G Everyone:F


Hides service partitionHides service partition

diskpart /s diskpart /s <diskpart_script><diskpart_script>

diskpart /s c:\Management\diskpart /s c:\Management\diskpart_hide_winpe.txtdiskpart_hide_winpe.txt

diskpart_hide_winpe.txtdiskpart_hide_winpe.txtselect disk 0select disk 0select partition 1select partition 1remove remove exitexit


Restarts computerRestarts computer

shutdown shutdown <options><options>

shutdown -r -f -t 5shutdown -r -f -t 5


Deletes itselfDeletes itself

del del <files or directories><files or directories>

del c:\Management\first_boot.cmddel c:\Management\first_boot.cmd

REBOOTfirst_boot.cmdfirst_boot.cmdREBOOTSysprepSysprep


SysprepSysprep

minisetup - w/ sysprep.inf ‘answer’ fileminisetup - w/ sysprep.inf ‘answer’ file– PnP device installation PnP device installation – product keyproduct key– sets 'Administrator' password sets 'Administrator' password – sets computer namesets computer name– joins to domainjoins to domain

SysprepSysprep

PnP device installationPnP device installation

[Unattended][Unattended]

UpdateInstalledDrivers=YesUpdateInstalledDrivers=Yes

DriverSigningPolicy=ignoreDriverSigningPolicy=ignore

SysprepSysprep

Product KeyProduct Key

[UserData][UserData]

ProductID=ABCDE-12345-FGHIJ-67890-KLMNOProductID=ABCDE-12345-FGHIJ-67890-KLMNO

SysprepSysprep

Sets Administrator password & computer Sets Administrator password & computer namename

[GuiUnattended][GuiUnattended]AdminPassword=“pa$$w0rd”AdminPassword=“pa$$w0rd”

[UserData][UserData]ComputerName=“pc-869273”ComputerName=“pc-869273”

SysprepSysprep

Joins domainJoins domain

[Identification][Identification]

JoinDomain=hamilton.eduJoinDomain=hamilton.edu

DomainAdmin=networkadminDomainAdmin=networkadmin

DomainAdminPassword=pa$$w0rdDomainAdminPassword=pa$$w0rd

SysprepSysprep

Calls first_boot.cmdCalls first_boot.cmd

[GuiRunOnce][GuiRunOnce]

Command0() = Command0() = "%systemdrive%/Management/first_boot.cmd""%systemdrive%/Management/first_boot.cmd"

REBOOTfirst_boot.cmdfirst_boot.cmdSysprepSysprep REBOOT

DownloadImage

DownloadImage

RE

BO

OT

Downloading the ImageDownloading the Image

Three partsThree parts1.1. Boot into WinPEBoot into WinPE

2.2. Run download_production_image.cmdRun download_production_image.cmd

3.3. Run unique ghost.cmdRun unique ghost.cmd


PART 1PART 1

Boot into WinPEBoot into WinPE– located on 5GB ‘service’ partitionlocated on 5GB ‘service’ partition– installed using WinPE bootable CDinstalled using WinPE bootable CD

““DIS WinPE Utility”DIS WinPE Utility”


PART 2PART 2

download_production_image.cmddownload_production_image.cmd– called by startnet.cmd in WinPEcalled by startnet.cmd in WinPE

– sets-up environmentsets-up environmentmaps drivesmaps drivessets variables for MAC address, service tag, IPsets variables for MAC address, service tag, IPstarts VNC serverstarts VNC serverruns machine specific ghost.cmdruns machine specific ghost.cmd



PART 2PART 2: download_production_image.cmd: download_production_image.cmd

Maps drivesMaps drives

net use net use <drive letter> <path> <drive letter> <path> /user:</user:<username> <password>username> <password>

net use i: \\casper2\DIS-WIN /user:admin pa$net use i: \\casper2\DIS-WIN /user:admin pa$$w0rd$w0rd


PART 2: PART 2: download_production_image.cmddownload_production_image.cmd

Sets variablesSets variables

for /f "tokens=1" %%x in ('<command>') do set for /f "tokens=1" %%x in ('<command>') do set <variable>=%%x<variable>=%%x

for /f "tokens=1" %%i in ('ipconfig /all ^| gawk -F": for /f "tokens=1" %%i in ('ipconfig /all ^| gawk -F": " "/IP Address/ { print $2 }"') do set ip=%%I" "/IP Address/ { print $2 }"') do set ip=%%I

for /f "tokens=1" %%s in ('ghost32 -lockinfo ^| gawk -for /f "tokens=1" %%s in ('ghost32 -lockinfo ^| gawk -F\^" "/Serial/ { print $2 }"') do set serial=%%sF\^" "/Serial/ { print $2 }"') do set serial=%%s


PART PART 2: download_production_image.cmd2: download_production_image.cmd

Starts VNC serverStarts VNC server

regedit /s i:\Ghost-G3\tools\vnc\ultravnc.regregedit /s i:\Ghost-G3\tools\vnc\ultravnc.reg

start /min winvnc.exestart /min winvnc.exe


PART 2PART 2: download_production_image.cmd: download_production_image.cmd

Runs machine specific ghost.cmdRuns machine specific ghost.cmd

i:\Ghost-G3\data\%serial%\ghost.cmdi:\Ghost-G3\data\%serial%\ghost.cmd


PART 3PART 3

machine specific ghost.cmdmachine specific ghost.cmd– downloads appropriate image (Ghost32)downloads appropriate image (Ghost32)– copies files to local machinecopies files to local machine

sysprep.inf, first_boot.cmdsysprep.inf, first_boot.cmd

– sets boot disksets boot disk– writes logging infowrites logging info– rebootsreboots


PART 3PART 3: ghost.cmd: ghost.cmd

Runs Ghost32.exe commandRuns Ghost32.exe command

ghost32 -clone,MODE=prestore,src="i:\images\2006 ghost32 -clone,MODE=prestore,src="i:\images\2006 Images\Desktop\sysprep\GX620.gho:1",dst=1:2 -sure Images\Desktop\sysprep\GX620.gho:1",dst=1:2 -sure -fx-fx




Sets boot diskSets boot disk

diskpart /s diskpart_set_active.txtdiskpart /s diskpart_set_active.txt

select disk 0select disk 0select partition 2select partition 2assign letter wassign letter wactiveactiveexitexit



Outputs logging infoOutputs logging info

echo I was imaged on: %date% %time% >> i:\echo I was imaged on: %date% %time% >> i:\Ghost-g3\logs\%barcode%.txtGhost-g3\logs\%barcode%.txt

copy i:\Ghost-g3\logs\%barcode%.txt "w:\copy i:\Ghost-g3\logs\%barcode%.txt "w:\Management\image.log"Management\image.log"



Copies files & rebootsCopies files & reboots

mkdir w:\Managementmkdir w:\Management

copy "i:\Ghost-G3\data\%serial%\sysprep.inf" "w:\sysprep\"copy "i:\Ghost-G3\data\%serial%\sysprep.inf" "w:\sysprep\"

copy "i:\Ghost-G3\data\%serial%\first_boot.cmd" "w:\copy "i:\Ghost-G3\data\%serial%\first_boot.cmd" "w:\Management\”Management\”

exitexit

Inventory SystemInventory System Behind the ScenesBehind the Scenes


Scripts Scripts used to “format” data

Plug-in creates:– Custom directories using cpu serial– Custom files with specific data for cpu


AddComputerToAD

Information from the Inventory record

Computer Barcode to create part of the name

Current User Department to determine Academic or Employee

Current User Building and Current User Department to determine the current OU

Current User Name and Department for the object description

Inventory System Inventory System Behind the ScenesBehind the Scenes

AddComputerToAD

Inventory SystemInventory System AddComputerToAD

strComputer = "pc-barcode"strCompDesc = "CompDesc1"Set objContainer = GetObject("LDAP://ou=BUILDING, ou=MANAGED COMPUTERS, ou=All Domain Computers,“

BecomesstrComputer = "pc-13880"strCompDesc = “KJ220- 10 - ITS-LABS"Set objContainer = GetObject("LDAP://ou=KJ 220, ou=Academic Facilities, ou=MANAGED COMPUTERS, ou=All Domain Computer,”

VB script that pre-creates the computer object in Active Directory


Inventory System Inventory System Behind the ScenesBehind the ScenesAddComputerToAD


AddComputerToAD


Prep ButtonPrep Button



Information from the Inventory record is used to create:Sysprep answer file

Ghost.cmd

first_boot.cmd

Backup files

Directory on server to store these files



Sysprep answer file with specific data

Admin Password (based on barcode)Windows License (can be volume or from cpu)Computer Name (based on barcode) Domain nameDomain Account need to add computer to domain

– account passwordRun once file



Prep ButtonPrep ButtonSysprep answer file[GuiUnattended]

AutoLogon=Yes

AdminPassword=Unique_Based_On_Barcode

AutoLogonCount =1

EncryptedAdminPassword=NO

OEMSkipRegional=1

TimeZone=35

OemSkipWelcome=1



Sysprep answer file [UserData]

ProductID= ct6gt-x6tp7-9tk98-ykjq9-ykf6

FullName="Hamilton College"

OrgName="Hamilton College"

ComputerName="pc-13880"



Sysprep answer file[Identification] JoinDomain=hamilton-d DomainAdmin=<networkadmin> DomainAdminPassword=<pa$$w0rd>

[Networking] InstallDefaultComponents=Yes

[GuiRunOnce]Command0() =

"%systemdrive%/Management/first_boot.cmd"



Ghost.cmd file with specific data

Image name




Ghost.cmd page # of handout

:: run ghost command

echo Running Ghost...

ghost32 -clone,MODE=prestore,src="i:\images\2006 Images\Academic\sysprep\KJUnified.gho:1",dst=1:2 -sure –fx



First_Boot.cmd with specific data

Local User Password (based on barcode)

Sets computer description (based on barcode)




First_boot.cmd page # of handout

:: using net user command

net user itadmin UniquePassword

:: Set computer description

reg ADD "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v srvcomment /d "pc-13880" /f


Re-image ButtonRe-image Button


Re-image ButtonRe-image Button

Startimage.cmdpsexec \\pc-barcode -s c:\management\

initiate_automated_imaging.cmd



Remote Desktop ButtonRemote Desktop Button


Remote Desktop ButtonRemote Desktop Button

Remote.rpdscreen mode id:i:1desktopwidth:i:1280desktopheight:i:1024session bpp:i:16winposstr:s:0,1,1300,9,2542,870full address:s:PC-BARCODEcompression:i:1keyboardhook:i:2audiomode:i:0redirectdrives:i:0redirectprinters:i:1



Update Image Log ButtonUpdate Image Log Button

NetworkNetworkDirectory Structure


“Commands” Directory


“Data” Directory


Inside “Data” Directory


“Logs” Directory

NetworkNetworkDirectory Structure“Tools” Directory

COREUTILS http://gnuwin32.sourceforge.net/packages.html

GAWK http://gnuwin32.sourceforge.net/packages.html

GREP http://gnuwin32.sourceforge.net/packages.html

psexechttp://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx

UltraVNChttp://ultravnc.sourceforge.net/

NetworkNetworkTools used - SharewareTools used - Shareware

Ghosthttp://www.symantec.com/enterprise/

FileMakerProwww.filemaker.com

Troi File plug-in for Filemakerhttp://www.troi.com/software/fileplugin.html

NetworkNetworkTools used - PurchasedTools used - Purchased

ConclusionConclusion

Building Blocks– Keep adding– Can modify and add to scripts in Inventory

Built with what we had

Didn’t need to switch to (or buy) new technology or software

Fits our workflow

ConclusionConclusion

Apply what we have to other systems

– Use for Faculty and Admin computers

– We have a parallel system for Macs

Next StepsNext Steps

PXE boot

WinPE2

Add application installers

Create a web form for self service

Add scheduling

Next StepsNext Steps

Vista

Thank you!Thank you!

Questions?Questions?

automated imaging: from inventory to ctrl-alt-delete

Technology

ease of imaging group

reboot sysprep

ease of imaging software

winpe sets

image part2

ease of imaging users

ease of imaging function

f tokens