Jump to content

Efficient Workstation Roll-out


Recommended Posts

One of the things I do at work is set up computer workstations for new staff. I'm trying to make the process as efficient as possible. I'll describe what I'm doing now, and I would like to hear your ideas for anything I could improve on or something I'm missing.

A little background...I have no formal training in the IT world. I was assigned the majority of the IT duties where I work because there was no one else to do them. I learn extremely quickly in that once I figure something out, I can do it many times the exact same way. I also have domain admin rights.

I set up all of the new person's accounts (domain, email, phone, fax, etc.) using a checklist (click here, type this...) that I recently converted into a script (this is how I found AutoIT in the first place). All of the physical machines are of one of two models. I have a "master" machine set up of each of these models that I leave on and connected to the network, mainly so they will automatically download new virus definitions. I also keep these two master computers up-to-date with Windows Updates and any software updates for the software we use. When I set up a new computer, I physically take out it's hard drive and put it in the appropriate master computer, then boot from a cloning CD (Acronis 9.0) and clone the entire hard disk from the master disk. It takes around 4 minutes for the cloning software to completely finish.

I return the freshly cloned disk to it's computer, boot without the network cable plugged in, change the computer name to what it used to be (I previously delete the computer from Active Directory), reboot and plug in the network cable as it is rebooting, add the computer to the domain, reboot, log is as the user and initialize some basic settings for Outlook, and finally remove Domain Users from the Administrator's group. Most of the settings are pre-configured in the Default User's folder, so they're automatically copied at the first login.

I would love to be able to clone the computer from the network. Something that let me say "clone \\masterA to \\workstation145" that would also take care of renaming the clone back to workstation145 as the final part of the process would be fantastic. Can this be scripted?

I welcome your suggestions and I can clarify anything if you need.

Regards,

Link to comment
Share on other sites

Outside of hardware driver issues (which complicate things)... you could...

- have your source PC disjoined from the domain

- sysprep (study this, but it is pretty easy) and shutdown

- boot from a WinPE CD (I have one with all the network stuff needed if you have a hard time making one)

- map a network drive

- use IMAGEX.EXE to create a "image file" of the source pc onto the mapped drive. (I have created a simple IMAGEX gui with AutoIt for this. already on my WinPE boot disk)

then when you get a new PC you want to put an "image" onto

- connect the net cable and boot to the WinPE boot disk

- map the same network drive as above (net use z: \\pcname\sharename)

- use IMAGEX.EXE to apply the image file onto the new PC (my gui does this too)

- let it boot up...

sysprep is configurable to give you a new PC name and even join the domain.

You need a Windows "volume" license to supply to sysprep.

Anyways... if you decide on this... there will be a few week learning curve.

Lar.

f_mrcleansmalm_77ce002.jpgAutoIt has helped make me wealthy

Link to comment
Share on other sites

The source PCs are disjoined from the domain...otherwise that would be an additional step every time.

I've never heard of WinPE before...that looks interesting. I wouldn't have to open the case, but I'd still have to insert the CD. Is there a way to do it remotely? Also, approximately how long does it take to save an image and apply the image from the mapped network drive?

So, are you saying there's a way to have one source computer for both models? Right now I have one source for one model and another source for the other model. One's hard drive (or clone) will not boot in the other model. It would be nice to only have to keep one machine maintained.

Can AutoIT scripts run in the Preinstallation Environment? I've heard of sysprep, but I've never used it.

Link to comment
Share on other sites

AutoIt scripts do run on WinPE.

A properly configured sysprep can handle multiple hardware driver sets. Resulting in one image per HAL (HAL type can be scripted, but don't go there)

Depending on network traffic the compressed image apply could be 1 gig per minute.

Typical compressed base image sizes are between 2 and 4 gigs.

It is possible to use WDS (*free* ... was BDD?) to store a WinPE ISO that is remote booted via F12 (boot from LAN).

Possible to image many machines at once using Symantec GhostCast Server.

Anyways... there are many cat skinning scenarios.

Lar.

f_mrcleansmalm_77ce002.jpgAutoIt has helped make me wealthy

Link to comment
Share on other sites

There are a few options depending on your learning curve. The first and easiest would be to check out nLite, it can build a bootable automated install cd from an XP disk with drivers, patches, software, etc. That way you don't have to worry about cloning. You can use custom Autoit scripts to install software as part of it's toolset. I do this for family when they buy a new pc, so if they have a problem, they backup their data and drop the disk in to refresh the pc.

The second is what Larry is talking about: MS BDD & WDS (ver.2 of RIS) but that has a huge learning curve no matter what anyone tells you. That said, we use WDS and it's extremely convenient to boot a limping pc to an independent OS, back it up, lay down a new image using imagex (GimageX actually, another great Autoit Gui). Imagex is brilliant because it is non destructive, or at least you can tell it not to be. The BDD Workbench is a pretty nice tool for bare metal installs too. It's a bit more of a learning curve on top of WDS but basically you can import drivers and create scripts for programs, patches and deploy them to any hardware. It's not as fast as Ghostcasting (it typically takes us about 30 minutes to build a pc from out of the box) but when it's done all we do is setup Outlook and Printers (which it could do as well but we got lazy once it was working). All the apps installed are Autoit scripts and we cherry pick the ones we want once we boot into WinPE. If your looking for a challenge, look up WAIK, WDS and BDD.

PS, your sysprepping your cloned systems right?

Edited by Legacy99
Link to comment
Share on other sites

If your joining an AD Domain, you could run into problems with security, tools, applications especially if they are Active Directory aware like SMS, McAfee, etc. See here for more info about it. http://www.petri.co.il/using_sysprep_in_an...nstallation.htm

Here is a good resource for unattended windows installs

MSFN

Here is another for deploying Apps (scripting unattended installs of apps)

AppDeploy.com

Edited by Legacy99
Link to comment
Share on other sites

If your joining an AD Domain, you could run into problems with security, tools, applications especially if they are Active Directory aware like SMS, McAfee, etc. See here for more info about it. http://www.petri.co.il/using_sysprep_in_an...nstallation.htm

Wow, that's a lot of information. I haven't run into any problems yet, and I've been doing it this way for 2 years now. After getting the master machine where I wanted it, I removed it from the domain. After cloning, the first thing I do is boot without the network cable plugged in, change the name, and delete the name from Active Directory (since the cases are labeled, I keep the name the same). Then I plug the network cable in and add it to the domain.
Link to comment
Share on other sites

You asked me to be more specific :) .

If sysprep is too much for the fly (as in using a hammer to kill one), and it ain't broke don't fix it I guess. If your not using group policies or tools that leverage AD then you probably don't have alot to worry about, forget I mentioned it.

Edited by Legacy99
Link to comment
Share on other sites

  • 1 month later...

I would recommend learning sysprep if you haven't already. As long as your machines are similar you could have one base image that works for both using the OemPnPDriversPath. There are probably other ways to achieve the same thing but I have one image that has worked on the last 6 models of desktops that we have had. Laptops seem to be a little more diffucult but it can be done.

Link to comment
Share on other sites

  • 7 months later...

...just wanted to give you an update. Since I last posted in this thread, I started taking MS exams and earned MCSE a couple months ago, so I understand a lot more now than I used to.

It turns out sysprep is a good idea after all. There's no more trouble about disconnecting the network cable to avoid duplicate names on the network among other benefits.

http://driverpacks.net/ solved the problem of incompatible hardware. The only downside is it takes 10 - 15 minutes to boot up the first time...but it's all automated so it isn't a big deal. This also allowed me to start keeping my source machine in VMware., which make it easy to keep it updated.

I've had to use vbscript as my primary scripting language recently due to employer preference, but I sneak in a little autoit whenever I come up against something vbscript won't do, or won't do easily...which seems to happen more an more.

Here's a question I have not yet resolved:

Let's say I want to re-image an existing machine. Either because of a hard drive failure or because of time constraints, I don't want to disjoin it from the domain before applying a fresh image. I apply the image and the script tries to add the machine to the domain and because of the company naming convention I want it to use the old name, but it can't because that name already exists from the previous image. I tried getting around this by pinging the name and comparing the IP address to it's own IP address. If the IP's matched, the script proceeds to remove the existing computer object, and then proceed as normal. The problem is the IP addresses don't always match, and the old name and IP still return pings for a while (not sure exactly how long, but at least an hour or so). I took it a step further and examined the arp table on the computer, but it shows a difference MAC address for the old IP than ipconfig /all shows for it's own MAC...I'm not really sure why this is. I need a way for the script to determine if the old name is available or if it's a live machine somewhere else on the network so it can determine whether it's safe to remove that computer object and continue.

Link to comment
Share on other sites

  • 2 weeks later...

I need a way for the script to determine if the old name is available or if it's a live machine somewhere else on the network so it can determine whether it's safe to remove that computer object and continue.

I've still been thinking about this. Since the old name returns pings on the same hardware, if I had a way to monitor incoming ping requests, that should do it. Any ideas?
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...