introduction to deployment solution 7 - veritasvox.veritas.com/legacyfs/online/veritasdata/up...

Introduction to Deployment Solution 7.5

Description This course is designed to provide an introductory look into Deployment Solution 7.5.

This lab assumes a basic and general understanding of the Symantec Management Platform and operating system imaging. Basic Microsoft Windows skills are recommended.

At the end of this lab, you should be able to

� Have a good understanding of the new features in Deployment Solution 7.5 (DS 7.5)

� Understand the architectural changes in DS 7.5 and how they differ from DS 7.1

� Understand what is needed to properly configure DS 7.5 for image deployment using a distributed architecture

� Have a basic understanding of configuring the F8 Boot menu for customized scenarios

� Have a general knowledge on how to customize WinPE

� Understand the flow of data in DS 7.5

Notes

� A brief presentation will introduce this lab session and discuss key concepts.

� The lab will be directed and provide you with step-by-step walkthroughs of key features.

� Feel free to follow the lab using the instructions on the following pages. You can optionally perform this lab at your own pace.

� Be sure to ask your instructor any questions you may have.

� Thank you for coming to our lab session.

2 of 42

Table of Contents

Introduction to Deployment Solution 7.5 ......................................................................................... 1

Cheat Sheet ..................................................................................................................................... 3

Site Server Locations ............................................................................................................... 3

SMP Locations ......................................................................................................................... 3

Important Notes/Things to Remember ..................................................................................... 4

Installing the Symantec NetBoot Service ........................................................................................ 5

Creating WinPE Images .................................................................................................................. 8

Creating the Basic WinPE Image ................................................................................................. 8

Creating the Advanced WinPE Image ....................................................................................... 11

Creating Initial Deployment Jobs ................................................................................................... 13

Creating the Initial Deployment Job ........................................................................................... 13

Creating the Re-Deployment Image Job ................................................................................... 14

Configuring Deployment Solution for Network Boot ...................................................................... 16

Configuring Predefined Computers............................................................................................ 16

Configuring the Initial Deployment Policy .................................................................................. 17

Customizing Deployment Solution Network Boot Policies ......................................................... 20

Enabling the NBS Global Policy ............................................................................................. 20

Configuring the NBS General Policy ...................................................................................... 21

Testing the Boot Scenarios ........................................................................................................... 24

Booting from an Unknown Computer (Initial Deployment) ........................................................ 24

Booting from Predefined Computer ........................................................................................... 26

Booting from a Managed Computer ........................................................................................... 28

Appendix A - Unboxing Deployment Solution 7.5/First Time Setup .............................................. 30

Differences in PXE Services ...................................................................................................... 30

Configuring DHCP Options ........................................................................................................ 30

Sysprep Configuration ............................................................................................................... 32

Adding OS License Keys ........................................................................................................... 32

Creating the Personality Capture Template ............................................................................... 33

Creating Jobs & Tasks .................................................................................................................. 34

Creating the Windows 7 Migration Job ...................................................................................... 34

Creating the Basic Capture and Deploy Jobs ............................................................................ 36

Create the Image Capture Job ............................................................................................... 36

Create the Image Deployment Job ........................................................................................ 38

Adding Preboot Drivers ................................................................................................................. 40

Importing Existing Images ............................................................................................................. 42

3 of 42

Cheat Sheet This section is designed to provide you with a quick reference for navigating Deployment Solution 7.5 and locating important Deployment Solution 7.5 resources.

Site Server Locations

� Directory where WinPE images are processed (think temp folder)

o C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{GUID}\cache\bootwiz\oem\DS\winpe\x86\Base\

� Directory for completed WinPE images

o C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images

SMP Locations

� eXpress share location

o Deprecated (No longer supported in DS 7.5)

� NSCAP share location

o C:\Program Files\Altiris\Notification Server\NSCap

� Image store location (may also exist on package server)

o C:\Program Files\Altiris\Notification Server\NSCap\bin\Deployment\Packages\Images\

� PC Transplant location

o C:\Program Files\Altiris\Deployment\PCT\TEMPLATE.EXE

� Core WinPE files location (for customizing WinPE)

o C:\Program Files\Altiris\Deployment\BDC\bootwiz\oem\DS\winpe\x86\Base\

� Resource Import Utility (for importing images)

o C:\Program Files\Altiris\Deployment\Tools\

4 of 42

Important Notes/Things to Remember

� If you are sure you have correctly installed/configured the Symantec Netboot Service but your clients will still not PXE boot, try restarting the “Symantec Network Boot Service” and also verifying DHCP settings

� You must have an image available in the system before you can create any task/job that would deploy an image

� Do not forget to enter in Windows Product keys in the “OS Licenses” screen – Our Sysprep files are generated with SMP Tokens and having a blank or “null” license key may result in a failed image deployment (fails on post image sysprep configuration)

� Make sure DNS is properly configured in your environment AND that your DHCP options reflect the correct DNS Name Server. The SMP processes are inconsistent when it comes to using Fully Qualified Domain Names (NS75.Symplified.Org) and/or IP Addresses (192.168.128.131). You will likely have failed jobs/policies/deployments/etc without proper DNS configuration

� Remember that any WinPE changes you make (driver additions/customizations/etc) will result in the need to recreate any or all WinPE images on each NBS Site Server. This can be a time consuming process – be patient and use the methods in this lab to help you verify completion

� Regarding SSL – At the time of this writing there has been an issue identified that will prevent Deployment Solution 7.5 from properly functioning if SSL has been enabled after the installation of the SMP. The current supported method for SSL in DS is to enable SSL support during the installation of the platform. The section titled “Post SSL Configuration Workaround” will detail a currently working method for resolving this issue.

5 of 42

Installing the Symantec NetBoot Service As previously mentioned, the Symantec Netboot Service is what facilitates the PXE and BDSP (Apple Netboot) management process.

1) On the NS75 virtual machine double click on the Symantec Management Console 7.5 icon to launch the Symantec Management Console

2) Navigate to Settings-> Notification Server-> Site Server Settings->

3) Expand “Site Management-> Site Servers->

4) Click on “Site Servers”

5) Add a new Site Server by pressing the “New” button

6) Select the “MONITOR” machine from the list and press the > button to move it to the “Selected Computers” list

6 of 42

7) Press “OK” The Add/Remove Services window appears

8) Select “Network Boot Service” from the list

Note: Make sure to only select “Network Boot Service” from the list. While this is essentially a site server deployment, the purpose of the lab is to showcase the distributed architecture.

9) Press “Next” *** DO NOT PRESS OK just yet ***

10) Switch to the MONITOR virtual machine

11) Double click the “Disk Pulse” icon on the desktop to open Disk Pulse Note: Disk Pulse is freeware utility that monitors file system traffic. It is not affiliated with Symantec in anyway

12) Press the “Monitor” button in upper left corner of the menu bar

13) Select the C:\ from the directories list and press the “Del” button

14) Press the “Add” button

15) Navigate to C:\Program Files\Altiris\

16) Press “OK”

7 of 42

17) Press “OK” again to confirm the directory

18) Press “Start” (the button in Disk Pulse, NOT the Windows Start Menu) to begin the file system monitoring process Note: Disk Pulse is currently “watching” the C:\Program Files\Altiris\ directory for any new, modified or deleted files or folders. This allows us to watch in “real time” as the Symantec Management Agent consumes the Site Server Policy and deploys the Symantec Netboot Service.

19) Switch back to the NS75 virtual machine

20) Press “OK” to confirm the installation of the Network Boot Service

21) Switch back to the MONITOR virtual machine

22) You may now either wait for the Symantec Management Agent to check in or force it by double clicking the agent icon in the system tray, pressing the settings button and then the update button When the agent receives the site server policy it will begin installing the site server components and then install the Symantec Netboot Service. Disk Pulse will show you a flurry of files that are being modified and created. These are the actual files and respective locations of the Site Server Network Boot Service

23) Verify the Symantec Netboot Service is up and running by clicking on the services icon in the task bar (pair of gear icons) and looking for the following services: Symantec Network Boot Service (PXE and BSDP) Symantec Network Boot Service (TFTP)

8 of 42

Creating WinPE Images

Creating the Basic WinPE Image

WinPE is a preboot operating environment that is based on versions of Microsoft Windows. WinPE 3.1 is the version Deployment Solution 7.5 uses and is based on the Windows 7 SP1 OS.


2) Navigate to Settings-> Deployment-> Create Preboot Configurations->

3) Check the box to “Apply Policy Immediately” This setting essentially forces any NBS Servers to check in right away to build the WinPE image. Note: In the previous version of Deployment Solution a customer had to either wait for the agents to check in based on their policies OR manually force each server to check in for the build process to be initiated

4) Press the “Add” button Note: You may be prompted for Java client authentication, if so enter the following credentials (make sure to check the box to remember password in your password list): Username: Administrator Password: symc4now! Domain: symplified

5) Name the Preboot configuration “Default WinPE”

6) Make sure only x86 architecture is selected

7) Make sure “Inject imaging tools” is selected

9 of 42

8) Choose to create “Both PXE and Automation folder”

9) Press “OK” *** DO NOT PRESS Save Changes yet

10) Switch to the MONITOR virtual machine and press the “Reset” button on the Disk Pulse Menu Note: This will clear the Disk Pulse change log so we can view the WinPE build process and has no direct effect on the WinPE build process itself, it is just for instructional purposes

11) Switch back to the NS75 virtual machine and press “Save Changes” on the Preboot Configurations page

12) Switch back to the MONITOR virtual machine and note that Disk Pulse has already (if not shortly) begun picking up changes in the Altiris directory. Browse through the Disk Pulse change log as the WinPE build is being processed. What kinds of files are being created on the MONITOR virtual machine? Note: It is important to remember that a Site Server with the Symantec Netboot Service on it does not initially contain the required components to build a WinPE image. Upon the initial preboot environment (WinPE) build request, the WinPE (or other) build components are copied to the Site Server VIA package delivery. After the components have been copied, the Site Server can process the build request. This is by design to avoid large amounts of data being deployed along with the Symantec Netboot Service. Your instructor can explain in more detail as the process can initially be a bit confusing Note: The process of building the WinPE image(s) can take anywhere from 5 minutes to 30 minutes per WinPE instance. The forthcoming exercises will explain how to verify the WinPE image process has completed

10 of 42

13) To verify that the WinPE build process completed navigate to the following directory: C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\

14) Verify that the “Default WinPE” directory exists Note: This may take up to 20 minutes Note: The directory name gets its name directly from the Preboot Configuration form that was used earlier in the lab. It is highly recommended that you use some type of standardized naming convention in a production environment. While there are various use cases for using multiple WinPE instances, other than architecture (x86/x64) there is no delineation between instances of WinPE. You will need to rely on the description field in the Symantec Management Console’s Preboot Configuration Screen or on a naming convention (preferably both).

15) Switch back to the NS75 virtual machine

16) Close the “Preboot Configurations” window

11 of 42

Creating the Advanced WinPE Image

Symantec does not officially support the customization of the core WinPE environment. With the exception of drivers, no mechanism exists to customize an instance of WinPE. Although unsupported in the traditional sense, making customizations to WinPE is very typical in a customer environment. This exercise walks through a process whereby additional files are added to the Symantec core WinPE directory that will be processed (mixed in with the WinPE image the next time a build request is made.

This Symantec KB article may help as well: http://www.symantec.com/docs/HOWTO55908

1) On the NS75 virtual machine locate the shortcut on the desktop labeled “Enable_Advanced_WinPE_Tools” and run it. Note: This will copy the advanced tool kit from the lab resources folder into the WinPE folder on the SMP. (C:\Program Files\Altiris\Deployment\BDC\bootwiz\oem\DS\winpe\x86\Base\) Note: Remember that even though you may copy files/folders into this directory, they will still need to “replicate” down to each site server that is building a new WinPE Image. Site Servers will not receive these files until a task is generated to build a WinPE image. This helps reduce unnecessary network traffic.

2) Double click on the Symantec Management Console 7.5 icon to launch the Symantec Management Console

3) Navigate to Settings-> Deployment-> Create Preboot Configurations->

4) Press the “Add” button

5) Name the new Preboot Configuration WinPE Advanced”

6) Select “x86” for the architecture”

7) Make sure the bax labeled “Inject Imaging Tools” is checked

8) Select the “PXE” radio button under “Select which preboot environments to build”

9) Press “OK”

12 of 42

10) Make sure the “Apply Policy Immediately” box is checked and press the “Save Changes” button

11) Close the Preboot Configurations Window

12) Switch to the MONITOR virtual machine Disk Pulse should already be picking up the changes in the Altiris directory

13) Navigate to the following folder to verify WinPE Image creation C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Images\ Note: Completed WinPE Images show up as folders with their respective names Note: This will take approximately 5 to 10 minutes to complete

13 of 42

Creating Initial Deployment Jobs

Creating the Initial Deployment Job

The Initial Deployment feature in Deployment Solution allows an administrator to pre-assign a job(s) to an unknown resource (unknown in this case is a machine that the SMP has no prior information of)


2) Navigate to Manage-> Jobs and Tasks->

3) Expand “System Jobs and Tasks”

4) Right click on “System Jobs and Tasks” and select New-> Folder->

5) Name the folder “Initial Deployment”

6) Right click the newly created folder and choose New-> Client Job

7) Name the job “Initial Deployment Job”

8) Add a new task by pressing the “New” button

9) Select “Deploy Image”

10) From the “Image Name” drop down select “Windows7base.gho”

11) Select the product key from the drop down

12) Press “OK”


14) Select “Boot To”

15) Rename the task “Boot To Production”

16) Select the “Production” radio button

17) Press “OK”

14 of 42

18) Press “Save Changes” Your job should now look like this:

Creating the Re-Deployment Image Job



3) Right click on the “Redeploy Image” folder and select New-> Client Job->

4) Name the job “Redeploy Image”



7) Choose the “Windows7Base.gho” image from the drop down

8) Select the product key from the drop down

9) Press “OK”





15 of 42

14) Press “OK” Your job should now look like this:

15) Press “Save changes”

16 of 42

Configuring Deployment Solution for Network Boot Now that the foundational configuration process is complete, it is time to configure Deployment Solution to accept network based boot clients. Although it is technically possible to complete some of this exercise much earlier on, waiting until the end prevents an administrator from having to unnecessarily revisit these configuration steps.

Configuring Predefined Computers

Predefined Computers allow an administrator to provide Deployment Solution with basic information about a computer before the computer has physically been communicated with on the network. This allows for job and task pre-assignment as well as various other tasks such as inclusion in Organizational Views and Groups and Filter assignment.


2) Navigate to Settings-> Deployment-> Predefined Computers If prompted for Java credentials, enter the following: User name: administrator Password: symc4now! Domain: Symplified

3) Press the “Add” button Note: If you receive a warning message about Predefined Boot Images, just ignore it

17 of 42

4) Fill out the form as follows: Name: PredefinedPC MAC Address: 00-50-56-3C-74-CF

5) Press “OK”

6) Close the Predefined Computers window

Configuring the Initial Deployment Policy

The Initial Deployment policy is where an administrator may assign jobs and tasks for an unknown resource to consume. A default job may be set as well allowing for “zero touch imaging” to take place.


2) Navigate to Settings-> Deployment-> Initial Deployment Note: At first glance this policy will seem to conflict with another configuration policy found later in this guide. It is important to understand that all of the information on this page (timeouts, job selection, etc) apply specifically to the initial deployment process itself and have nothing to do with PXE, WinPE or Automation Folders

3) Under the “Initial Deployment (Unknown Computer) Menu” section press the “Add” button

4) Expand Tasks-> Jobs and Tasks-> System Jobs and Tasks-> Initial Deployment

18 of 42

5) Select the “Initial Deployment Job”

6) Press “OK”

7) Select the “Run default job after” radio button

8) Set the value at “120” seconds

9) Under the “Re-Deployment (Managed Computer) Menu” section press the “Add” button

10) Expand Tasks-> Jobs and Tasks-> System Jobs and Tasks-> Redeploy Image”

19 of 42

11) Select the “Redeploy Image” job

12) Press “OK”

13) Select the “Wait indefinitely for user selection” radio button

14) Press “Save changes”

15) Close the Initial Deployment screen

20 of 42

Customizing Deployment Solution Network Boot Policies

The Symantec NetBoot Service policies control how Deployment Solution responds to resources based on a known or unknown state.

Enabling the NBS Global Policy


2) Navigate to Settings-> Deployment-> NBS Global Settings

3) Select the red orb in the upper right hand corner to enable the policy Note: At this time the NBS Global Policy is only responsible for Mac Address Filtering. Although organizations may not leverage that feature, it is still recommended that the policy be enabled.

4) Check the box labeled “Apply NBS settings immediately” Note: This will insure that if at any point you choose to make changes to the Mac Address Filter list, those changes are applied ASAP.

5) Press “Save Changes” The screen will refresh

6) Close the NBS Global Policy Settings window

21 of 42

Configuring the NBS General Policy

Although we have configured the Symantec Network Boot Services and created a boot image, a boot client still needs to fall into either of the following two scenarios in order to successfully PXE boot (assuming of course all required services have been correctly configured)

• Client is instructed VIA a job or task that it “needs” to be in a PXE state (i.e. “reboot to” task – This requires that the operating system be in a “Production” state and that a functioning Symantec Management Agent be installed

• The “NBS General Settings” Policy can be configured to automatically respond to clients based on 1 of 3 scenarios:

o “Initial Deployment (Unknown Computer) – Symantec Management Platform has no record of client in the CMDB

o “Redeployment (Predefined Computer) – Symantec Management Platform has been manually informed (initial deployment record created) of clients information but initial contact has not been made

o Redeployment (Managed Computer) – Symantec Management Platform has a corresponding record of client in CMDB and previous contact has been made

1) While still in the Symantec Management Console navigate to Settings-> Deployment-> NBS General Settings Note: That the Policy is enabled by default

2) Check the box labeled “Apply NBS settings immediately”

3) In the section labeled “Initial Deployment (Unknown Computer)” check the box to “Respond to unknown computers”

4) For the “PXE boot image” select “Default WinPE”

5) Select the “Run default boot option after” radio button

22 of 42

6) Enter “120” seconds for the delay

7) In the section labeled “Redeployment (Predefined Computer)”, check the box to “Respond to Predefined computers”

8) For the “PXE boot image” select “Default WinPE”

9) Select the “Continue after” radio button


11) Expand the “Redployment (Managed Computer)” section and check the box to “Respond to Managed computers”

12) For the “PXE boot image” select WinPE Advanced”

13) Select the “Continue after” radio button


15) Press “Save Changes”

23 of 42

16) Close the “NBS General Settings” policy window Configuration Summary:

Boot Menu Name PXE Boot Image Boot Menu Option Menu Timout

Initial Deployment (Unknown Computer)

Default WinPE Run Default Boot Option After

120 Seconds

Redeployment (Predefined Computer)

Default WinPE Run Default Boot Option After

60 Seconds

Redeployment (Managed Computer)

WinPE Advanced Run Default Boot Option After

180 Seconds

24 of 42

Testing the Boot Scenarios

Booting from an Unknown Computer (Initial Deployment)

In this exercise you will see how Deployment Solution responds to an unknown computer and presents it with the Initial Deployment Screen.

1) Locate and launch the “Initial Deployment” virtual machine Note: This virtual machine has been minimally configured with: 1 CPU Core 1024MB of RAM 30GB Hard Drive (non formatted) First boot device – Intel e1000 NIC Note: When the F8 menu loads, how many seconds does the delay start with?

After 2 minutes have passed, the system will boot into WinPE

Note: You can skip the 2 minute delay by pressing F8 and choosing the “Default WinPE” instance After a brief period, the Initial Deployment menu will load (it can take up to 5 minutes)

2) Click on the “Initial Deployment Job” line item to interrupt the countdown

25 of 42

3) Press “OK” to manually launch the initial deployment job Note: Had we not interrupted the countdown, this job would have automatically run after 120 seconds. It is very important that you instruct customers to be careful with the Initial Deployment settings and process. It is highly possible for an “Unknown” (perhaps the CEO’s new laptop) machine to accidentally boot to the network. If automatic imaging is configured, you can potentially destroy sensitive data.

At this point you can watch the imaging job complete (to verify the job worked correctly) What was the outcome of the job?

26 of 42

Booting from Predefined Computer

In this exercise you will see how Deployment Solution is able to pre-assign a job or task to a resource based on an administrator providing information.

1) Locate and launch the “Predefined” virtual machine Note: This virtual machine has been minimally configured with: 1 CPU Core 1024MB of RAM 30GB Hard Drive (non formatted) First boot device – Intel e1000 NIC Note: When the F8 menu loads, how many seconds does the delay start with? After 60 seconds have passed, the system will boot into WinPE Note: You can skip the 60 second delay by pressing F8 and choosing the “Default WinPE” instance After a brief period, WinPE will load and present you with an Altiris Automation Background

2) Switch to the NS75 virtual machine


4) Navigate to Manage-> Jobs and Tasks

5) Expand System Jobs and Tasks-> Redeploy

6) Select the “Redeploy Image” job

7) Press the “Quick Run” button and select “PredefinedPC” from the list

27 of 42

8) Press the “Run Button” Note: Automatic job processing is only supported for Initial Deployment or Re-Deployment scenarios. Since this is a “Predefined Computer” we need to manually assign a job to this computer (or a Saved Search with this computer in it). This does not have to be done after the client boots. The advantage to Predefined Computers is that you can schedule jobs and tasks long before the machine boots to the network.

At this point you can watch the imaging job complete (to verify the job worked correctly) What was the outcome of the job?

28 of 42

Booting from a Managed Computer

This exercise is primarily designed to show not only that Deployment Solution responds to known, managed computers in a different way, but to also showcase some of the possible use cases for customizing WinPE.

1) Locate and launch the “Win7” virtual machine Note: This virtual machine has been configured with: 1 CPU Core 1024MB of RAM 40GB Hard Drive (NTFS Formatted) First boot device – Intel e1000 NIC Windows 7 installed Symantec Management Agent Installed Note: The 180 second countdown before the boot process continues.

2) Press F8 to bypass the countdown

3) Select “WinPE Advanced” from the list

4) When the “Initial Deployment” window pops up, press “Cancel” Note: There is a dramatic difference between the previous WinPE instances and this one. This exercise is designed to not only differentiate the boot scenarios supported by Deployment Solution but to showcase some of the more advanced potential use cases. Your instructor will explain the process used to customize this particular instance of WinPE

5) Hover over each icon on the object dock for a description of functionality

29 of 42

6) Locate and execute the “PECTAgent Log File” Note: Nothing has been done to alter the log file itself, rather a GUI mechanism (Notepad) has been implemented to allow for easier viewing of log file information

7) Close Notepad

8) Locate and execute the “Explorer” application Note: This is a GUI file system explorer that allows you visually navigate the WinPE file system. This is highly useful for troubleshooting or editing files that are typically locked when the system is in production

9) Locate and execute the “Run SEP Scan” application

10) Select “Continue loading endpoint recovery”

11) Select “English”

12) Enter the following PIN number KDCG3V9D8DB63

13) Press “I Agree” to accept the EULA

14) Press the “Start Scan” button Note: Symantec Endpoint Protection has the ability to run inside of WinPE to perform “offline” threat detection. It is not unheard of for a system to be compromised to a point where localized threat management solutions cannot clean the workstation. Note: Typically this process would be a bit more automated, allowing for automatic “scan on boot”.

15) Continue investigating the other options/utilities on the object dock

30 of 42

Appendix A - Unboxing Deployment Solution 7.5/First Time Setup

Differences in PXE Services

In Deployment Solution 7.1 the PXE architecture was included with the base installation of Deployment Solution. This is no longer the case in 7.5. The PXE Services have been rebranded as “Symantec NetBoot Services or NBS”. These services are also now part of the Site Server and must be manually deployed. Note: Do not confuse Symantec NetBoot Services with Apple’s Netboot Services. While they share a name and even in some cases, functionality, they are two separate technologies.

Configuring DHCP Options

DHCP must be configured in order for the Symantec PXE Services to manage boot clients. In addition to the exercise below make sure your DHCP Scope options accurately reflect the DNS and Gateway services in your environment. Misconfigured DNS is a common problem in PXE troubleshooting.

1) On the NS75 virtual machine open DHCP from the Start menu (Or using the taskbar shortcut)

2) Right click on the DHCP node and choose Add Server

3) Type “DC” for the server name

4) Expand and select DHCP > DC.Symplified.Org > IPv4 > Server Options

5) Right-click on Server Options and select Configure Options

6) Locate “Option 003” (Router) and check the box

7) In the “IP Address” field type: 192.168.128.2

8) Locate “Option 006” (DNS Server) and check the box

9) In the “IP Address” field type: 192.168.128.130

10) Locate “Option 046” (WINS/NBT Node Type) and check the box

31 of 42

11) Change the Byte option to “0x8”

12) Click OK.

13) Close the DHCP Management Console. Note: If the DHCP Server Role is installed on the same server as DS 7.5, DS will automatically add option 060 as soon as the PXE services are started for the first time. Since DHCP is not on the DS Server in this lab, option 60 will not be there.

32 of 42

Sysprep Configuration

Microsoft operating systems created after Windows XP/2003 include Sysprep files. If you plan to image Windows XP/2003 machines, you must first upload the necessary files.


2) Navigate to Settings > Deployment > Sysprep Imaging Configuration

3) Click Upload in the x86 Deploy.cab section of the window

4) Browse to C:\Lab Resources\Deployment Solution\Sysprep Files\32-bit, select DEPLOY.CAB, and then click Open

5) Click Upload in the x64 Deploy.cab section of the window

6) Browse to C:\Lab Resources\Deployment Solution\Sysprep Files\64-bit, select DEPLOY.CAB, and then click Open.

7) When the files are finished uploading, close the window

Adding OS License Keys

In order for several of the imaging tasks to function correctly, a valid operating system license key must be available.


2) Navigate to Settings > Deployment > OS Licenses.

3) Click Add.

4) Select “Windows 7 Professional Service Pack 1 (x64)” as the Operating System.

5) Enter “HYF8J-CVRMY-CM74G-RPHKF-PW487” as the Product Key. Note: This is a “default” key that Microsoft provides for unattended installations. Note: There is a text file “Windows 7 Demo License Key.txt” on the desktop. Feel free to cut and paste.

6) Click OK.

7) Close the window. Note: In a production environment this step would need to be completed for each key/OS combination you will be using.

33 of 42

Creating the Personality Capture Template

In this exercise, we will build a PC Transplant template that will be used to migrate a user’s wallpaper, computer name, desktop icons, Internet favorites, music, documents, and pictures.

1) On the NS75 virtual machine, browse to and execute the following application: C:\Program Files\Altiris\Deployment\PCT\TEMPLATE.EXE Note: You may be prompted to update the PCT product – Choose “Don’t remind me again”

2) Click Next.

3) Leave the default options selected and click Next.

4) Leave all fields blank and click Next.

5) Click the Desktop tab, click Clear All, scroll down and select “Wallpaper”.

6) Click the Network tab, click Clear All, and select “Computer name”.

7) Click Next.

8) Click the Folders tab and select “Desktop”, “Favorites”, “Music”, “My Documents”, and “Pictures”.

9) Click Next.



12) Save the file as \\NS75\NSCap\bin\Win32\X86\Deployment\PCT\EN\Migration

13) Click OK and click Finish

34 of 42

Optional Exercises

Creating Jobs & Tasks

Creating the Windows 7 Migration Job

This exercise walks through an example migration job that would migrate a Windows XP (or later) user to Windows 7. In a production environment this job would ultimately be more complex but this is a valid starting point (and fully functional) whereby an administrator could begin migration scenario testing.





5) Name the folder “Windows 7 Migration”

6) Right click on the “Windows 7 Migration” folder and select New-> Client Job->

7) Name the job “Windows 7 Migration”


9) Select “Capture Personality”

10) In the section labeled “Select Template” press the “Browse” button

11) Expand EN-> and choose “DNA.pbt”

12) Press “Open” The Browse window closes

13) Press “OK”



16) Rename the task “Boot To PXE”

17) Select the “PXE/Netboot” radio button and choose “Default WinPE” from the list

18) Press “OK”


20) Select “Deploy Image” from the list

21) For the “Image Name” choose “Windows7base.gho”

22) Select the product key from the list

23) Press “OK”




35 of 42


28) Press “OK”


30) Select “Update Client Configuration”

31) Press “OK”


33) Select “Distribute Personality”

34) For “Personality Name” select “%COMPNAME% from the drop down

35) Press “OK” Your job should now look like this”


36 of 42

Creating the Basic Capture and Deploy Jobs

Throughout the typical day to day operations of an imaging administrator basic imaging jobs may be required. These exercises focus on creating simple, yet powerful image capture and image deployment jobs. In a production environment these jobs could be further customized to support a wide array of imaging scenarios.

Create the Image Capture Job





5) Name the folder “Capture”

6) Repeat the process and create another folder called “Deploy”

7) Repeat the process and create another folder called “Redeploy Image”

8) Right click on the “Capture” folder and select New-> Client Job->

9) Name the job “Basic Image Capture”


11) Select “Prepare for Image Capture” from the list

12) Make sure the “Windows” radio button is selected and choose “Windows 7 Professional Service Pack 1 (x64) from the “OS Type” drop down

13) In the “Product Key” drop down select the product key from the list

14) Enter the following credentials to rejoin the domain: User name: symplified\administrator Password: symc4now! Confirm Password: symc4now!

37 of 42

15) In the “Boot To” section choose “PXE” then choose “Default WinPE” from the drop down and choose “x86” as the architecture

16) Press “OK”


18) Select “Create Image”

19) Enter “Win7” for the image name

20) Press “OK”



23) Rename the task to “Boot To Production”


38 of 42

25) Press “OK” Your Job should now look like this:


Create the Image Deployment Job



3) Right click on the “Deploy” folder and select New-> Client Job->

4) Name the job “Basic Image Deployment”



7) Rename the task “Boot To PXE”

8) Select the PXE/Netboot radio button then choose Default WinPE and “x86” for the architecture



11) Choose the “Windows7base” image from the drop down

12) For the Product Key select the product key from the list

13) Press “OK”





39 of 42

18) Press “OK” Your job should now look like this:


40 of 42

Adding Preboot Drivers Although optional in this lab it is a certainty that an administrator will at some point have to add drivers to the Preboot and/or DeployAnywhere driver databases.


2) Navigate to Settings-> Deployment-> Driver Management

3) Click on the Preboot tab.

4) Click Add. Note: If you see a warning about the digital signature we use, check the box to “Always trust content from this publisher” and then click Run.

5) Add drivers by doing the following:

41 of 42

6) Click the folder icon to the right of Location and browse into: C:\Lab Resources\Deployment Solution\VMware Drivers\LSI_Driver\. Note: You won’t see anything inside the folder, but the root will be selected. Note: You may see a brief message that says “Loading…” Click OK.

7) Click Open.

8) Back at the Driver Database Management window, click on the Preboot tab.

9) Click Add

10) Click the folder icon to the right of Location and browse into: C:\Lab Resources\Deployment Solution\VMware Drivers\VMSCSI_Driver\. Note: You won’t see anything inside the folder, but the root will be selected. Note: You may see a brief message that says “Loading…” Click OK.

11) Click Open

12) Back at the Driver Database Management window, close the driver window.

42 of 42

Importing Existing Images Deployment Solution utilizes Symantec Ghost as the primary imaging engine. As such, any images previously created with Ghost may be imported directly into Deployment Solution for immediate use.

1) On the NS75 virtual machine browse to: C:\Program Files\Altiris\Deployment\Tools\

2) Run “ResourceImportTool.exe”

3) Click Browse, navigate to C:\Lab Resources\Deployment Solution\Images\Windows 7, select “Windows7Base.gho”, and then click Open. Note: that you can select multiple files at a time in this window using the CTRL and Shift keys (i.e. – the image you are importing is split into multiple files).

4) Select “Windows 7 Professional Service Pack 1” as the OS.

5) Click Import.

When the image is finished uploading, a message will appear indicating the import was successful. Acknowledge the message and then close the Import Tool.