Automated Imaging: From Inventory to CTRL-ALT-DELETE

  • 360 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
360
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • /v = VALUE, as in the value pkc /f = FORCE
  • [1 5 7 13 17] is an ACL that sets write permissions for all users
  • Reinstalls Sophos using cached msi
  • cacls = change access control list E = Edit ACL instead of replacing it T = Recursion (the file specified and all files within it) G = Grant user:permissions, Everyone:Full
  • diskpart is an interactive command, so we have to specify an input script in order for it to perform actions automatically
  • f = force r = reboot t = time in seconds
  • f = force r = reboot t = time in seconds
  • hardware agnostic 32-bit environment standard XP drivers
  • from the startnet.cmd inside the core of WinPE. startnet.cmd download_production_image resides on server, system-wide changes from single point
  • from the startnet.cmd inside the core of WinPE
  • from the startnet.cmd inside the core of WinPE
  • from the startnet.cmd inside the core of WinPE
  • from the startnet.cmd inside the core of WinPE
  • from the startnet.cmd inside the core of WinPE. startnet.cmd download_production_image resides on server, system-wide changes from single point
  • from the startnet.cmd inside the core of WinPE
  • from the startnet.cmd inside the core of WinPE
  • from the startnet.cmd inside the core of WinPE
  • from the startnet.cmd inside the core of WinPE

Transcript

  • 1. From Inventory to Ctrl-Alt-Del Hamilton College Clinton, NY
  • 2. Hamilton College Desktop Integration Support
    • Gretchen Maxam
    • Desktop Integration Specialist – Imaging Support
    • [email_address]
    • Jesse Thomas
    • Desktop Integration Specialist – Academic Facilities
    • [email_address]
    • Dan Sloan
    • Installation Specialist
    • [email_address]
  • 3. History
    • Existing Inventory System
      • Computer Serial Number
      • License
      • User Name, Location
      • Software
    • Used Ghost
    • Win98
  • 4. History
    • When XP arrived
      • Needed to provide unique name to computer
      • Add to Domain
      • Provide proper license to activate
    • Added Sysprep
      • “ Fed” it with unique data from Inventory DB
    • “ Pre-Create” computer objects in AD
    • and on and on…
  • 5. Overview of Environment
    • Academic Facilities
      • 9 ITS Managed Labs
        • 68 Windows
        • 71 Macintosh
      • 49 TE Classrooms
        • 34 Windows & Macintosh
        • 15 Macintosh Only
  • 6. Overview of Environment
    • 6 Academic Images
      • 3 Windows
      • 3 Macintosh
    • Ghost
    • AD Structure
    • Terminology
      • Push the button
      • Group Re-image
  • 7. Ease of Imaging
    • Get Hamilton Barcode(s)
    • Locate machine(s) in Inventory
  • 8. Ease of Imaging Equipment Information
  • 9. Ease of Imaging Users Tab
  • 10. Ease of Imaging Software Tab
  • 11. Ease of Imaging Function Tab
  • 12. Ease of Imaging
  • 13. Ease of Imaging
  • 14. Ease of Imaging
  • 15.  
  • 16. Ease of Imaging
    • Group Reimage
      • Edit psexec command
      • Schedule Task
      • Verify restore
  • 17. How do we get here?
  • 18. REBOOT first_boot.cmd Full File on Page 1 of Supplement
  • 19. first_boot.cmd
    • Script that runs on ‘first boot’
    • Cleans up ‘loose ends’ after imaging process
      • Changes local account passwords
      • Performs registry edits
      • Re-installs anti-virus software (Sophos)
      • Edits folder permissions
  • 20. first_boot.cmd
    • Cleans up ‘loose ends’ after imaging process (cont’d)
      • Sets ‘Computer Description’
      • Hides service partition
      • Restarts computer
      • Deletes itself
  • 21. first_boot.cmd
    • Changes local account passwords
    • net user <username> <new_password>
    • net user itsadmin unique_password
  • 22. first_boot.cmd
    • Performs Registry Edits - Delete Keys
    • reg DELETE <KeyName> <options>
    • reg DELETE &quot;HKLMSoftwareSophosALC AgentPrivate&quot; /v pkc /f
  • 23. first_boot.cmd
    • Performs Registry Edits - Change Permissions (Citrix Web Client)
    • regini <input_file> (text file with registry data)
    • echo RegistryMachineSoftwareMicrosoftMSLicensingHardwareID [1 5 7 13 17] > c:Management egini.txt
    • regini c:Management egini.txt
  • 24. first_boot.cmd
    • Re-installs anti-virus software (Sophos)
    • msiexec <path_to_msi> <options>
    • msiexec.exe /i &quot;c:Program FilesSophosAutoUpdatecachesavxpSophos Anti-Virus.msi&quot; REINSTALL=ALL REINSTALLMODE=voums UPDATEDRIVERS=0 /quiet
  • 25. first_boot.cmd
    • Edits folder permissions
    • cacls <filename> <options>
    • cacls &quot;c:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage&quot; /E /T /G Everyone:F
  • 26. first_boot.cmd
    • Hides service partition
    • diskpart /s <diskpart_script>
    • diskpart /s c:Managementdiskpart_hide_winpe.txt
    • diskpart_hide_winpe.txt
    • select disk 0
    • select partition 1
    • remove
    • exit
  • 27. first_boot.cmd
    • Restarts computer
    • shutdown <options>
    • shutdown -r -f -t 5
  • 28. first_boot.cmd
    • Deletes itself
    • del <files or directories>
    • del c:Managementfirst_boot.cmd
  • 29. REBOOT first_boot.cmd REBOOT Sysprep Full File on Page 2 of Supplement
  • 30. Sysprep
    • minisetup - w/ sysprep.inf ‘answer’ file
      • PnP device installation
      • product key
      • sets 'Administrator' password
      • sets computer name
      • joins to domain
  • 31. Sysprep
    • PnP device installation
    • [Unattended]
    • UpdateInstalledDrivers=Yes
    • DriverSigningPolicy=ignore
  • 32. Sysprep
    • Product Key
    • [UserData]
    • ProductID=ABCDE-12345-FGHIJ-67890-KLMNO
  • 33. Sysprep
    • Sets Administrator password & computer name
    • [GuiUnattended]
    • AdminPassword=“pa$$w0rd”
    • [UserData]
    • ComputerName=“pc-869273”
  • 34. Sysprep
    • Joins domain
    • [Identification]
    • JoinDomain=hamilton.edu
    • DomainAdmin=networkadmin
    • DomainAdminPassword=pa$$w0rd
  • 35. Sysprep
    • Calls first_boot.cmd
    • [GuiRunOnce]
    • Command0() = &quot;%systemdrive%/Management/first_boot.cmd&quot;
  • 36. REBOOT first_boot.cmd Sysprep REBOOT Download Image REBOOT
  • 37. Downloading the Image
    • Three parts
      • Boot into WinPE
      • Run download_production_image.cmd
      • Run unique ghost.cmd
  • 38. Downloading the Image
    • PART 1
    • Boot into WinPE
      • located on 5GB ‘service’ partition
      • installed using WinPE bootable CD
        • “ DIS WinPE Utility”
  • 39. Downloading the Image
    • PART 2
    • download_production_image.cmd
      • called by startnet.cmd in WinPE
      • sets-up environment
        • maps drives
        • sets variables for MAC address, service tag, IP
        • starts VNC server
        • runs machine specific ghost.cmd
    Full File on Page 3 of Supplement
  • 40. Downloading the Image
    • PART 2 : download_production_image.cmd
    • Maps drives
    • net use <drive letter> <path> /user:< username> <password>
    • net use i: asper2DIS-WIN /user:admin pa$$w0rd
  • 41. Downloading the Image
    • PART 2: download_production_image.cmd
    • Sets variables
    • for /f &quot;tokens=1&quot; %%x in ('<command>') do set <variable>=%%x
    • for /f &quot;tokens=1&quot; %%i in ('ipconfig /all ^| gawk -F&quot;: &quot; &quot;/IP Address/ { print $2 }&quot;') do set ip=%%I
    • for /f &quot;tokens=1&quot; %%s in ('ghost32 -lockinfo ^| gawk -F^&quot; &quot;/Serial/ { print $2 }&quot;') do set serial=%%s
  • 42. Downloading the Image
    • PART 2: download_production_image.cmd
    • Starts VNC server
    • regedit /s i:Ghost-G3 oolsvncultravnc.reg
    • start /min winvnc.exe
  • 43. Downloading the Image
    • PART 2 : download_production_image.cmd
    • Runs machine specific ghost.cmd
    • i:Ghost-G3dataserial%ghost.cmd
  • 44. Downloading the Image
    • PART 3
    • machine specific ghost.cmd
      • downloads appropriate image (Ghost32)
      • copies files to local machine
        • sysprep.inf, first_boot.cmd
      • sets boot disk
      • writes logging info
      • reboots
  • 45. Downloading the Image
    • PART 3 : ghost.cmd
    • Runs Ghost32.exe command
    • ghost32 -clone,MODE=prestore,src=&quot;i:images2006 ImagesDesktopsysprepGX620.gho:1&quot;,dst=1:2 -sure -fx
    Full File on Page 4 of Supplement
  • 46. Downloading the Image
    • PART 3 : ghost.cmd
    • Sets boot disk
    • diskpart /s diskpart_set_active.txt
    • select disk 0
    • select partition 2
    • assign letter w
    • active
    • exit
  • 47. Downloading the Image
    • PART 3 : ghost.cmd
    • Outputs logging info
    • echo I was imaged on: %date% %time% >> i:Ghost-g3logsbarcode%.txt
    • copy i:Ghost-g3logsbarcode%.txt &quot;w:Managementimage.log&quot;
  • 48. Downloading the Image
    • PART 3 : ghost.cmd
    • Copies files & reboots
    • mkdir w:Management
    • copy &quot;i:Ghost-G3dataserial%sysprep.inf&quot; &quot;w:sysprep&quot;
    • copy &quot;i:Ghost-G3dataserial%first_boot.cmd&quot; &quot;w:Management”
    • exit
  • 49. Inventory System Behind the Scenes
  • 50. Inventory System Behind the Scenes
    • Scripts used to “format” data
    • Plug-in creates:
      • Custom directories using cpu serial
      • Custom files with specific data for cpu
  • 51. Inventory System Behind the Scenes AddComputerToAD
  • 52.
    • Information from the Inventory record
    • Computer Barcode to create part of the name
    • Current User Department to determine Academic or Employee
    • Current User Building and Current User Department to determine the current OU
    • Current User Name and Department for the object description
    Inventory System Behind the Scenes AddComputerToAD
  • 53. Inventory System AddComputerToAD
      • strComputer = &quot; pc-barcode &quot;
      • strCompDesc = &quot; CompDesc1 &quot;
      • Set objContainer = GetObject(&quot;LDAP://ou= BUILDING , ou= MANAGED COMPUTERS , ou= All Domain Computers ,“
    • Becomes
      • strComputer = &quot; pc-13880 &quot;
      • strCompDesc = “ KJ220- 10 - ITS-LABS &quot;
      • Set objContainer = GetObject(&quot;LDAP://ou= KJ 220 , ou= Academic Facilities , ou= MANAGED COMPUTERS , ou=All Domain Computer,”
    VB script that pre-creates the computer object in Active Directory Full File on Page 5 of Supplement
  • 54. Inventory System Behind the Scenes AddComputerToAD
  • 55. Inventory System Behind the Scenes AddComputerToAD
  • 56. Inventory System Behind the Scenes AddComputerToAD
  • 57. Inventory System Behind the Scenes Prep Button
  • 58. Inventory System Behind the Scenes Prep Button
    • Information from the Inventory record is used to create:
    • Sysprep answer file
    • Ghost.cmd
    • first_boot.cmd
    • Backup files
    • Directory on server to store these files
  • 59. Inventory System Behind the Scenes Prep Button
  • 60. Inventory System Behind the Scenes Prep Button
  • 61. Inventory System Behind the Scenes Prep Button
    • Sysprep answer file with specific data
    • Admin Password (based on barcode)
    • Windows License (can be volume or from cpu)
    • Computer Name (based on barcode)
    • Domain name
    • Domain Account need to add computer to domain
      • account password
    • Run once file
    Full File on Page 2 of Supplement
  • 62. Inventory System Behind the Scenes Prep Button
    • Sysprep answer file
    • [GuiUnattended]
    • AutoLogon=Yes
    • AdminPassword= Unique_Based_On_Barcode
    • AutoLogonCount =1
    • EncryptedAdminPassword=NO
    • OEMSkipRegional=1
    • TimeZone=35
    • OemSkipWelcome=1
  • 63. Inventory System Behind the Scenes Prep Button
    • Sysprep answer file
    • [UserData]
    • ProductID= ct6gt-x6tp7-9tk98-ykjq9-ykf6
    • FullName=&quot;Hamilton College&quot;
    • OrgName=&quot;Hamilton College&quot;
    • ComputerName=&quot; pc-13880 &quot;
  • 64. Inventory System Behind the Scenes Prep Button
    • Sysprep answer file
    • [Identification]
    • JoinDomain=hamilton-d
    • DomainAdmin=< networkadmin >
    • DomainAdminPassword =< pa$$w0rd >
    • [Networking]
    • InstallDefaultComponents=Yes
    • [GuiRunOnce]
    • Command0() = &quot;%systemdrive%/Management/ first_boot.cmd &quot;
  • 65. Inventory System Behind the Scenes Prep Button
  • 66. Inventory System Behind the Scenes Prep Button
    • Ghost.cmd file with specific data
    • Image name
    Full File on Page 4 of Supplement
  • 67. Inventory System Behind the Scenes Prep Button
    • Ghost.cmd page # of handout
    • :: run ghost command
    • echo Running Ghost...
    • ghost32 -clone,MODE=prestore,src=&quot; i:images2006 ImagesAcademicsysprep KJUnified.gho :1 &quot;,dst=1:2 -sure –fx
  • 68. Inventory System Behind the Scenes Prep Button
    • First_Boot.cmd with specific data
    • Local User Password (based on barcode)
    • Sets computer description (based on barcode)
    Full File on Page 1 of Supplement
  • 69. Inventory System Behind the Scenes Prep Button
    • First_boot.cmd page # of handout
    • :: using net user command
    • net user itadmin UniquePassword
    • :: Set computer description
    • reg ADD &quot;HKLMSYSTEMCurrentControlSetServiceslanmanserverparameters&quot; /v srvcomment /d &quot; pc-13880 &quot; /f
  • 70. Inventory System Behind the Scenes Re-image Button
  • 71. Inventory System Behind the Scenes Re-image Button
    • Startimage.cmd
    • psexec pc-barcode -s c:managementinitiate_automated_imaging.cmd
    Full File on Page 8 of Supplement
  • 72. Inventory System Behind the Scenes Remote Desktop Button
  • 73. Inventory System Behind the Scenes Remote Desktop Button
    • Remote.rpd
    • screen mode id:i:1
    • desktopwidth:i:1280
    • desktopheight:i:1024
    • session bpp:i:16
    • winposstr:s:0,1,1300,9,2542,870
    • full address:s:PC- BARCODE
    • compression:i:1
    • keyboardhook:i:2
    • audiomode:i:0
    • redirectdrives:i:0
    • redirectprinters:i:1
    Full File on Page 8 of Supplement
  • 74. Inventory System Behind the Scenes Update Image Log Button
  • 75. Network Directory Structure
  • 76. Network Directory Structure “Commands” Directory
  • 77. Network Directory Structure “Data” Directory
  • 78. Network Directory Structure Inside “Data” Directory
  • 79. Network Directory Structure “Logs” Directory
  • 80. Network Directory Structure “Tools” Directory
  • 81.
    • COREUTILS http://gnuwin32.sourceforge.net/packages.html
    • GAWK
    • http://gnuwin32.sourceforge.net/packages.html
    • GREP
    • http://gnuwin32.sourceforge.net/packages.html
    • psexec
    • http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx
    • UltraVNC
    • http://ultravnc.sourceforge.net/
    Network Tools used - Shareware
  • 82.
    • Ghost
    • http://www.symantec.com/enterprise/
    • FileMakerPro
    • www.filemaker.com
    • Troi File plug-in for Filemaker
    • http://www.troi.com/software/fileplugin.html
    Network Tools used - Purchased
  • 83. Conclusion
    • Building Blocks
      • Keep adding
      • Can modify and add to scripts in Inventory
    • Built with what we had
    • Didn’t need to switch to (or buy) new technology or software
    • Fits our workflow
  • 84. Conclusion
    • Apply what we have to other systems
      • Use for Faculty and Admin computers
      • We have a parallel system for Macs
  • 85. Next Steps
    • PXE boot
    • WinPE2
    • Add application installers
    • Create a web form for self service
    • Add scheduling
  • 86. Next Steps
    • Vista
  • 87. Thank you! Questions?