automated windows nt 4.0 deployment custom installation process presented by: andrew wilson and...
TRANSCRIPT
Automated Windows NT 4.0 DeploymentAutomated Windows NT 4.0 Deployment
Custom Installation ProcessPresented by: Andrew Wilson and Lewis Donofrio
The College of Literature, Science & the Arts - Information Technology Department
The University of Michigan
Project ScopeProject Scope
Automate the NT Install processRelease v1 NT delivered to 700
Administrative Staff in 1998Release v2 NT Desktop to 3,000
systems in 1999Release v3 NT will use Windows 2000
Design GoalsDesign Goals
Provide simple “hands off” installation method for Windows NT
Provide a standardized desktop image for all NT users Provide customized NT desktop and applications Reduce administrative overhead and management costs Minimize support effort for company support staff Provide flexibility for departmental customizations Improve PC network security and network infrastructure Provide remote administrative capability for support staff Provide remote and automated software distribution
capability Provide a highly portable installation method
Technical OverviewTechnical Overview
Copy I386 contents to the NT distribution server Create NT distribution share and source structure Use MS-DOS 6.22 install disk with NDIS TCP/IP drivers Customize the boot disk with multiple network card drivers Dynamically create custom files for each installation Use the OEM Installation process Use Sysdiff for OS install issues Use Seagate WinInstall for packaged applications Use the Web to generate custom boot disk’s
The Boot Disk Web PageThe Boot Disk Web Page
Boot Disk Web FormBoot Disk Web Form
Accessible from MS Internet Explorer or Netscape Navigator– https://www.lsa.umich.edu/lsait/sst/
Uses Microsoft Access database with ODBC Drivers Uses secure socket layer (SSL) certificate from
Verasign Used NT Domain security for account access Used WinImage to create the NT boot disk Works on Windows9X and NT clients
A Boot Disk EntryA Boot Disk Entry
Department Site SurveyDepartment Site Survey
Pre-visit each department, assess hardware– Minimal configuration:486/66, 32MB RAM, 700MB HD, VGA
640x480, 10BaseT NIC– Order new systems if necessary– Define hardware class for 30+ systems, ex. DELLGXi
Assess migration issues (printers, servers, etc.) Collect data and prepare NT installation disks Back up necessary data prior to NT installation Determine Add-on applications prior to roll-out
– To allow enough time to package and test applications
Installation PhasesInstallation Phases
There are eight phases for our NT installation process
Each phase is marked by a reboot of the system
Phases 0 through 5 are part of the normal Microsoft installation process
Phases 0, 1, and 5 have been customized Phases 6 ,7 and 8 are custom installation
phases
Phase 0Phase 0
Generate boot disk from the web page NT boot disk is method automatically set to "hdd"
(method /hdd) Boot PC with NT Boot Disk User is prompted to enter "y" to repartition hard disk NT boot disk method is automatically changed to web
mode (method /web) Any existing partition is destroyed and a 500MB
partition is created Computer Reboots and moves to Phase 1
Phase 1 -slide1Phase 1 -slide1
System variables are loaded into memory RAM drive (R:) is created to expedite install process Self-extracting executable file is copied from NT boot disk to RAM
drive and exploded All file creation and execution is now done on the RAM Drive Network Card is detected using the 3COM 3link-id program for auto-
detection of 3COM Desktop NIC’s Netcards.bat is called to dynamically create the NDIS files
(protocol.ini and system.ini) in RAM The SmartDrive disk cache is loaded to accelerate file copy of the
Windows NT files from the installation server Network services are loaded and connectivity to installation source
server is made (Drive N:)
Phase 1 -slide2Phase 1 -slide2
Hard drive is formatted with DOS 6.22 as a 500MB FAT partition Configuration files (registry, inf, batch, etc.) are dynamically created using
system variables Unattend.bat is called to dynamically create the setup script (unattend.txt) All configuration files are copied to the c:\build directory on the local hard
drive NT boot disk method is automatically changed to "hdd" to make NT boot
disk reusable User is prompted to remove NT boot disk from drive A: and enter "y" to
begin NT file copy process from installation source server– (this happens about 3 to 5 minutes into installation)
Windows NT source files are copied to hard disk System reboots into Phase 2
Phase 2Phase 2
Phase 2 is a standard sequence in the NT unattended load process developed by Microsoft– All processing is local to system– Core Windows NT operating system files are
distributed from temporary directories on C: drive to default Windows NT directories (i.e. winnt, system32)
– System reboots into Phase 3
Phase 3Phase 3
Phase 3 is a standard sequence in the NT unattended load process developed by Microsoft– All processing is local to system– Disk is flagged to convert to NTFS– Disk is flagged to extend the 500MB partition to the
capacity of the disk• The 500MB partition is the default size; other
partition sizes can be optionally set to 1GB and 2GB, and do not require using the full capacity of the hard disk
– System reboots into Phase 4
Phase 4Phase 4
Phase 4 is a standard sequence in the NT unattended load process developed by Microsoft– All processing is local to system– NTFS conversion takes place and NTFS
partition is extended to capacity of disk– The "Check Disk" program is automatically
run to verify the disk– System reboots into Phase 5
Phase 5 -slide1Phase 5 -slide1
All processing is local to systemSetup enters graphical modeNetwork setup, video setup, and
hardware detection takes placeStation joins the NT domain or
WorkgroupThe cmdlines.txt file executes the
phase5.cmd file
Phase 5 -slide2Phase 5 -slide2
The workstation is locked using the "workstation lock" program
Some variables are added to the NT environment The NT workstation is hidden from the browse list
(see hide.inf) Options (e.g. welcome message, netware client, etc.)
are turned off The initial registry size is increased to accommodate
overhead such as "WinInstalled" applications
Phase 5 -slide3Phase 5 -slide3
The boot.ini file is modified to change the system startup time to 5 seconds
The Network monitor service is set to start automatically
NT system recovery settings are set to "restart" after a crash
The NT "schedule service" is set to start automatically
Autologon is enabled as local administrator for phase 6
Phase 5 -slide4Phase 5 -slide4
The phase6.cmd file is copied to the "All Users" Startup folder The text description identifier of the station is added to the
registry The local administrator password is set using the default value
or department specified value The DNS suffix (e.g. admin.lsa.umich.edu) is set The workstation lock service for the workstation lock program
is added and set to automatic– This was done to fill a security hole. Previously, users
could hold down the left shift key to interrupt the install process and gain access to the NT system as local administrator
System reboots into phase 6
Phase 6 -slide1Phase 6 -slide1
Processing is local and networked Workstation is locked with the “workstation lock service" to
prevent user access/interruption Autologon is made to the station using the local administrator
account The phase6.cmd file is processed by the "All Users" Startup
folder Permissions are modified on the local administrative groups (lsa
helpdesk, dept sysadm, etc.) to accommodate necessary security access
Network connection is made to begin package installation using Seagate WinInstall
Phase 6 -slide2Phase 6 -slide2
If build is CDROM, the installer is prompted to switch the CDROM
File and Directory security is implemented for the NT operating system using the "cacls" command
Perl is installed to the station to assist some of the package installations
Core applications are installed using the "coreapps.cmd" file and the Seagate WinInstall program
Department specific applications are installed using the dept.cmd file and the Seagate WinInstall program
Phase 6 -slide3Phase 6 -slide3
Class specific applications are installed using the %class%.cmd file and the Seagate WinInstall program– NOTE: %class% is a variable replaced by the appropriate
class type (e.g. staff, faculty, studentlab, etc.) Update applications are installed using the "updates.cmd" file
– NOTE: This step provides a method of fixing bugs found in the previous package installation steps between major releases of the NT install process. This will insure that all stations being built will have the latest updates for applications. This will reduce the need for SMS pushes on new stations. Existing stations will receive updates using SMS.
Phase 6 -slide4Phase 6 -slide4
The c:\ root file permissions are adjusted to allow sms modifications
The help desk (support) information is added to the "system properties" under the Control Panel– NOTE: This step inserts custom text information that
will provide users information who to contact for computer assistance. (like a new Dell or Gateway system has)
NT Service Pack 3 is installed– This step will be changed in the near future as we
implement Service Pack 4
Phase 6 -slide5Phase 6 -slide5
Hardware packages are installed using the %hardware%.cmd file
– NOTE: We are using Seagate WinInstall to package hardware drivers for such things as video, and audio. The %hardware%.cmd file is also used in phases 7 and 8 since some hardware additions are dependent on later phases. A hardware ‘class’ generally represents a "driver set" for a specific computer. A hardware class should be defined for 30 or more identical machines
The NT system is flagged to shutdown in 5 seconds The phase7.cmd file is copied into the "All Users" Startup folder The phase6.cmd file deleted from the "All Users" Startup folder System reboots into phase 7
Phase 7 -slide1Phase 7 -slide1
Processing is local and networked Workstation is locked with the “workstation lock service" to
prevent user access/interruption– If build is CDROM, the installer is prompted to switch the CDROM
Auto-logon for domain installer account is set up for phase 8 Network connection is made to allow additional package updates
– NOTE: This provides another "update window" for packages or changes that could not be installed earlier due to dependencies on other items (e.g. installation of Service Pack 3)
Internet Explorer v4 and the Exchange Outlook applications are installed– Depended on the phase 6 installation of Service Pack 3
Phase 7 -slide2Phase 7 -slide2
Update applications are installed using the "updates2.cmd" file– NOTE: This step provides a method of fixing bugs found in the
previous package installation steps between major releases of the NT install process. Some packages may require a reboot before updating.
Hardware packages are installed using the %hardware%.cmd file
The NT system is flagged to shutdown in 5 seconds The phase8.cmd file is copied into the "All Users" Startup folder The phase7.cmd file is deleted from the "All Users" Startup
folder System reboots into phase 8
Phase 8 -slide1Phase 8 -slide1
Processing is local and networked Workstation is locked with the “workstation lock service" to prevent user
access/interruption Checks are made to see if the SMS client will be installed from the
network SMS Package Command Manager Service is installed for unattended
software distribution Auto logon is disabled Options (e.g. welcome message, netware client, etc.) are turned back on Site specific options are installed (e.g. scheduled jobs, desktop icons,
etc.) The local administrator password is reset to blank if "join=workgroup" or
"build=cdrom”
Phase 8 -slide2Phase 8 -slide2
A check is made to see if "join=workgroup" and "build=network". If true, a network connection is made to allow additional package updates
Update applications are installed using the "updates3.cmd" file Hardware packages are installed using the %hardware%.cmd
file Final lockdown of file permissions is implemented for the NT
operating system using the cacls2.cmd NT Service Pack 4 is installed
– This step will be used after we implement Service Pack 4 Post-Service Pack Hot Fixes are installed (e.g. Win Nuke) The recycle bin is emptied
Phase 8 -slide3Phase 8 -slide3
If NT build is "server", the computer system is made visible to the browse list
Post installation options (e.g. help page for printers, sound, etc.) are set up for the first user login
The NT source file locations (sourcepath) are modified to allow server based updates which would normally depend upon the NT CDROM. This will make installation of things like RAS much easier
The "Legal Notice" option is processed if set to yes (set legalnotice=yes). The legal notice can be used at login to notify users of any legal obligations prior to using the NT system. This option is highly recommended for public site computers like student labs
The "work lock" service is stopped and removed
Phase 8 -slide4Phase 8 -slide4
The default user profile is updated to fix specific IE4 problems
The domain installer account is removed from the local administrators group
Most environment variables used during the installation are removed from the system
Temporary work files are deleted or cleaned up Installation is complete. System is shut down in
preparation for first user login
New User Login and Initial SetupNew User Login and Initial Setup
NT accounts managed by the Support Staff Initial user training is provided on ‘NT roll out
day’ Paths for major applications are set to point
“data directories” at user’s home directory (H: drive) as user logs in for first time
Local TCP/IP printer access is configured Shortcuts are created for the “department”
and “home” folders
Maintenance/SupportMaintenance/Support
Additional applications will be pushed out using SMS Service Packs, Hot Fixes, Bug Fixes will be pushed out
using SMS Changes for existing stations will be packaged and
delivered with SMS If reinstallation is necessary, procedure is the same as a
new installation– All user data is saved on the network or a second hard
drive Local department administrators will provide front line
support
Whew! Were done!Whew! Were done!
Now wasn’t that fun! Questions…(if there’s time)