Remote or Unattended Installation Solutions? 45
HaloZero asks: "I work for a medium-sized company (350+ users), and am charged with new builds and deployments for a mix of aged and new desktops, and a smattering of similar laptops. The hardware is certainly not uniform across the entire infrastructure. Our current deployment 'system' (Ghost/Sysprep, Acronis/NewSID) is somewhat of a kludge -- as my mentor would say -- and I've been looking into alternative, cleaner methods. We're burgeoning on an Active Directory domain, so RIS has been the hot topic on my desk as of late. Does anyone have any experience with RIS? Is there anything that isn't very well documented that I should watch out for? We're considering other unattended install solutions, such as nLite, and a composite of Bart's PE Builder-type setups. Any other suggestions out there?"
Open Source project: Unattended (Score:5, Informative)
Note that RIS is not a very good solution. Even if you have uniform hardware, (Like Dell's, or HP/Compaq's) changing one driver can muck up the whole process. Not so with unattended. Being an Open Source project, you are im complete control of your build process.
Re:Open Source project: Unattended (Score:1)
Re:Open Source project: Unattended (Score:2)
RIS works pretty much the same way the Unattended Project does, only without the Linux/Perl glue holding together the pre and post-install tasks.
One advantage with RIS is that it will most likely be the first "fully-baked" automated Vista installation out there.
Re:Open Source project: Unattended (Score:2, Informative)
Re:Open Source project: Unattended (Score:2)
Based on that statement, though, you didn't evaluate it very well. The method of loading drivers for either system is pretty much the same... Slipstreamed into the windows distribution and activated with unattended.txt (especially in the case of network or storage drivers) or applied after the fact through scripting (unattended) or group policy (RIS)
Re:Open Source project: Unattended (Score:1)
Re:Open Source project: Unattended (Score:1)
Re:Open Source project: Unattended (Score:3, Insightful)
RIS (Score:2, Informative)
I'm afraid I haven't tried it recently... (Score:5, Funny)
This was covered recently (Score:5, Informative)
There are some gotchas... (Score:1)
As it explains the article you linked from MS, the biggest hurtle you may have to jump is making sure that you meet the NIC requirement:
"PXE DHCP-based boot ROM version 1.00 or later network adapter, or a network adaptor that is supported by the RIS boot disk."
Because you have a hodge podge of clients on your network, you may have to make an investment to upgrade all your NICs if they don't meet spec. I would start first by determining what hardware you currently got and make some decisions on how mu
Re:There are some gotchas... (Score:5, Insightful)
Etherboot rocks (Score:4, Interesting)
Also if you don't want to carry around a separate disk for each nic, there is a patched disk available at etherboot.anadex.de [anadex.de]. That one disk contains support for all Etherboot-supported cards. This can probably be made into a el torito cd, but I haven't tried it.
What we do, and how it scales... (Score:5, Informative)
For the actual system image itself, I've created a single DVD that contains a simple boot menu. There are some basic tools (like DBAN and an "old school" Bart's Network Boot Disk) but the bulk of the disk is devoted to an unattended XP install with (a) splipstreamed patches, (b) drivers for ALL of our major hardware models, (c)custom configuration, and (d) all of our enterprise software.
Any time that Dell (or one of our other vendors - kiosks, tablets) ships us a new machine, I update one line in an INF file, add some drivers, and automatically build another image exactly to standard -- no mystyped keys -- no forgotten registry settings. The image completes, sysprep runs, the machine shuts off, and we make an image with Ghost to send to our vendors.
That image is sent back to the OEM, and our boxes come pre-imaged. You don't need a lot of pull with your vendors for this. Most OEMs are hungry enough for your business that they'll do it no matter how small you are -- and Dell's CFI group has been a pleasure to work with.
When a machine shows up at any of our 50+ facilities, the first thing it does after getting a machine-name post-sysprep is boot up, logon as the local administrator, and visit a webpage that presents a "pretty" front end to our automated software deployment tool. [We use Marimba.] The password for the administrative account is then changed to a unique pattern-based one automatically (to allow support from Desktop, but to prevent worm-like activity) and the machine is deployed with any regional or departmental programs chosen from the Marimba front-end.
While you may not have Marimba or Alteris or SMS to do your customization dirty-work for you, you've got Active Directory, and people in the right OU's will get whatever you want deployed to them.
Similarly, we use AD to do all of our policy management -- keeping enforcement of screensavers and proxy manageable.
There's a great joy in having all of your machines running the EXACT same image - with "Extra" software installed from a known reference point (even network shares - as long as it's your network share).
The unattended guides at MSFN.org are a fantastic reference for making an unattended CD/DVD.
Re:What we do, and how it scales... (Score:4, Interesting)
a few resources (some of which were mentioned earlier):
MSFN.org [msfn.org]
nlite [nliteos.com]
BartPE [nu2.nu]
Technet XP Deployment ref [microsoft.com]
Disclaimer: Scan anything you download thoroughly for viruses. The worst thing you could do is inject a vulnerability in your image framework.
If you are in the position to need to reload your systems for any reason remotely I would suggest using a PXE deployment solution of some kind. Ghost/Altiris both provide good PXE and post-install config utilities. We use altiris and deploy our images through PXE. This allows for imaging in place after the fact, something that we try do semi-anually.
Every major vendor provides UNDI [nilo.org]-Driver capable on-board nics now-a-days, so the headache of PXE (nic specific) boot images is pretty much a thing of the past (unless you were one of the saps who bought the Gateway E-4300s.)
There's something about booting to your nic, loading an image on a station in 8 minutes and monitoring the unattended install from a remote TS console miles away from the station you're reloading.
Re:What we do, and how it scales... (Score:1)
How do you get a sysprep'ed machine to run non-interactively? So a script can gather and apply the machine's name a.s.o.
Re:What we do, and how it scales... (Score:2)
Technicians taking a machine out of the box have to do one thing -- enter a machine name. After they've done that, the machine (pre-sysprep) was configured for one more auto-logon as the local administrator with an semi-secure password. There's a RUNONCE key that launches a script that runs the final configurations. Those configurations include the changing of the local administrative password to a pattern based "secure" one and some
Re:What we do, and how it scales... (Score:1)
The part that's wrong is:
whenever I finally sysprep -reseal , in order to have the image perform a rescan of the hardware and regenerate the SID, the booted machine does not perform the hardware rescan and eventually
Why is Ghost a kludge? (Score:3, Interesting)
Re:Why is Ghost a kludge? (Score:1)
It's obvious (Score:2)
Re:It's obvious (Score:2)
I *JUST* finished the exact same thing. (Score:5, Insightful)
Over the last 2 weeks or so I've been building up an automated deployment suite -- I started first by figuring out how to do unattended installs of all our client software (this is different for each piece of software you'll deploy, so RTFM). Microsoft generally provides *great* tools for deployment (and usually anything using the Windows Installer is easy to customize), everything else is a mixed bag. Once I had applications installing properly in unattended mode, I turned my sights to the operating system.
I explored a couple of options, like Sysprep/Image. The sysprep method worked, but there were a couple things that weren't ideal in our environment (for one, we would have had to ship 3 CDs to each of our branches -- one for the V2i restore utility itself, then 2 or 3 for the spanned disk image. Not all our machines have DVD-ROMs yet, nor do they all have local servers). The disc duplication efforts alone were a time sink.
What I ended up doing was using nLite (http://www.nliteos.com) to customize the install process, including the unattended settings. I RARed up the unattended applications, and included the RAR file, a commandline UnRAR utility, and miscellaneous filesystem stuff in the $OEM$ folder on the Windows disc. Then I put some entries in RunOnceEx which automatically UnRARed the archive, then installs each application in turn.
The total install process involves two steps of user interaction -- the first is to select what partition to install Windows to during the text-based portion of the install, and again during the setup process to ask for a machine name (we use a structured machine naming convention). The machine is joined to the domain automatically, apps are set up automatically, and the machine reboots to its 'final' state automatically. About 20-30 minutes after popping in the disc, you have a complete, reimaged system, and you only need to pay attention to it for about 30 seconds.
After stripping the OS CD down with nLite, and RARing up our customized apps, my disc came out at a nice 664MB... small enough to fit on one CD, with room left over for future service packs, patches, and additional drivers.
Now all we have to do is add new drivers and roll in new service packs and patches as needed, which is a breeze with the nLite wizard. We plan a new 'release' of the disc every 2-3 months, with incremental OS and application patches pushed out as needed.
Best of luck; it takes a little while to really figure out the best approach, but once you do it's quite easy to maintain, and is definitely a huge time saver.
Re:I *JUST* finished the exact same thing. (Score:1)
Re:I *JUST* finished the exact same thing. (Score:2)
Although, TBH, WinRAR really isn't that expensive if we wanted to license it... $5 per machine for 999 licences, would would probably buy 2000 or so, so probably an even better discount. $5 per machine is a very, very small cost compared to Windows license, Office license, Citrix CAL, Exchange CAL, antivirus, etc.
MSFN.org & Image vs Unattended (Score:4, Informative)
HEX
Re:MSFN.org & Image vs Unattended (Score:1)
It is a windows batch file so everything it does is transparent and it can be considered an open solution. It supports 2k/XP/2003 and RIS [msfn.org].
The batch file calls standard windows programs in order to integrate hotfixes, codecs, drivers, and lots of other neat stuff into a fresh ISO (automatically). Really quite easy, and the support is excellent.
The community is here: http://www.msfn.org/board/index.php?showforum=129 [msfn.org]
And a full description is here: http://www.msfn.org/board/index [msfn.org]
Altiris + Sysprep (Score:3, Informative)
One suggestion: Power Cockpit (Score:2)
What I do (Score:3, Informative)
Business Desktop Deployment (Score:1)
It comes in two different versions, standard and enterprise. The standard version will work with smaller organizations, but I highly recommend the enterprise versio
Kickstart (Score:1)
Already lots of good advice (Score:1)
All I can offer is my own experience with RIS, Windows 2000 Server, and Windows 2000 Pro and XP desktops. The biggest PITA with RIS is the network drivers. With Ghost you just get the NDIS driver, set the driver to use with your bootdisk, and then image your workstation. It includes all the nifty utils to flip the SID, name the
Re:Already lots of good advice (Score:1)
Ghost has multicast ability and is nice if you have more than 2 machines you need to build and they are identical ('identical' can be bypassed if you put a lot of effort into building the images).
RIS only got unicast, which means you will hog your network. It was very fun to see the MS-fanboy taking charge of the imaging process at my college and trying to do 50 installs simultaniously.
Re:Already lots of good advice (Score:1)
Re:Already lots of good advice (Score:1)
It would be 10mbit* if the disk IO doesn't kill the throughput of the harddrives. On 100mbit that would give you 7-8 clients before the slowdown occurs. On a gigabit link you could possibly do 70-80.
Ghost uses multicast, one read from the disk and one stream to the clients. With multicasting you can scale to whatever number of nodes you need, with
Skynet (Score:1)
How about commercial solutions (Score:2)
If you take a look on Microsofts CD, you'll find plenty documentation on how to automatically set up machines with names, IP, security patches all unatended. Then you'll need to keep up with your list of software - and their updates etc
I would go with Computer Associates USD product because It's the one I know. from within that product you can install, and maintain accross you wan/lan your desktops -from the os to your software packages.
ZENworks (Score:1)
Huh (Score:2)
Well yes... in fact, there's a company that fully supports all aspects of the RIS product, and even offers a series of training certifications that allow certificated individuals to demonstrate a passable knowledge of the product. The company is called Microsoft.
This whole article is FUD. Does this guy honestly believe it's possible that nobody understands how to use a pretty fundamental Windows technology? Wait, wait... he's used to asking for support from Linux fo