Jump to content

I have 2 weeks to create a master image.


arto94

Recommended Posts

It's 6:21AM, I've been at work since about 8PM (prior days night), and will be here until 5 or 6PM EST. I have been given the task to create a standard image (one) for the company to work across ALL hardware platforms (old desktops to our spiffy new dual core laptops). This will continue.

I've almost mastered the art of Sysprep long ago....there isn't really much to master.

I've got most of my drivers on the image (still need tweaking, that can come later). What i'm really having a hard time with, is WinPE. I've never used this before, and none of the documentation really goes over my biggest question.

"How the hell do I get this to work on computers with different HALs?" My master image is already ACPI, built on an IBM Thinkpad T42. Setting the updatehal command line in my sysprep.ini file resulted in 2 things. Either the image working on a dual core machine, or not. With every half hour that drains away as I re-ghost my master computer to pre-sysprepped state, I've been reading up, and came across some interesting articles both here and outside of here. Namely http://www.myitforum.com/articles/15/view.asp?id=8997 a script that would basically do the work for me.

However...

"1. Download the sample scripts from this article and store it on your WinPE image or on the deployment server (note the script expects to find the DiskpartActivate.txt script in the working directory). This script assigns a driveletter (C:) to the partition (using a diskpart script), detects the hal type and modifes sysprep.inf with correct info. Some details about the script."

How the heck would I set it up on my image? Should I just keep the scripts on my machine? Which I guess will be the deployment server? How do I run deployment server software, i'm rambling, lack of sleep. sorry.

Main concerns.

1. How do I 'inject' the HAL-Change script into my WinPE image.

2. Deployment server - seperate software? If so, can it be run on a winxp machine.

3. My syspreps take FOREVER. Should I use mini setup on them? Automatically isntall non pnp drivers? I'm going to clean it up a tiny bit, sysprep it and say "to hell with it, winpe will save me"

I guess that's really all for now. Thanks in advance, even if you can give me a good old fashioned "Hi arto94, welcome to the forums, please check out this link for answers to your ultra-basic questions!"

Edited by arto94
Link to comment
Share on other sites


Well you got a little challange ahead of you :)

I would read up on Microsofts BDD solution. IT's a free download from MS and if you can do with Light touch you only need a server 2003 box and some clients to test the stuff.

Johans skript is intended (if i remember correctly) to run from win pe during the deployment phaze of BDD

Link to comment
Share on other sites

Well you got a little challange ahead of you :)

I would read up on Microsofts BDD solution. IT's a free download from MS and if you can do with Light touch you only need a server 2003 box and some clients to test the stuff.

Johans skript is intended (if i remember correctly) to run from win pe during the deployment phaze of BDD

I enjoy challenges, it gives me an opportunity to stop becoming a contractor and start becoming a staff employee for this company and finally have some decent health insurance....Also, I'll be looking for a new job if I don't get it done! :angry:

But anyway, to the matter at hand. BDD installed and i'm going through it. so far so good! Thanks!

I've gotten nowhere. I have all the tools, put the script in the image file (only at the same directory as every other file) and I really don't know where to go from there, or how to activate the script or anything.

Edited by arto94
Link to comment
Share on other sites

the script should be running from PE after you put your image on the machine. Example sequence:

1. boot from PE

2. Deploy image to machine from PE, if possible do next step without a reboot.

3. Run script to determine desired system HAL and modify now deployed OS accordingly.

4. reboot system.

The issue usually is accessing the deployed os without first rebooting the system. There were various steps you had to go through with earlier versions of Ghost (prior to Solutions Suite 2), You can use WIM files and WinPE2 but I'm not sure if the HAL is detected the same way in PE2 since it is based on Vista and it needs a minimum of 384mb of memory to run diskpart to partition the drive before deploying the image.

Link to comment
Share on other sites

2 weeks huh? Took me 8 months the first time I had to do that, in my spare time at work. Now-a-days I use PE 2.0 and went completely away from "images" because I think with all the extra stuff you have to do in order to make it hardware independent, it's time prohibitive. At the end of the day you might have a working image to be proud of, but in a matter of days it's outdated. Antivirus falls behind, patch levels fall behind, hotfixes, service packs, programs that you realized you needed. You have to re-deploy, let it reinstall, install the stuff you're missing, and re-image. Then test. Now with PE I use a bare metal scripted install, I slipstream my hotfixes, and the ones I can't slipstream, I have scripted as a post install. For hardware I just keep adding drivers through custom DriverPacks, and any programs, etc that I need to add as time marches on, I just add in as installs through some scripted INI's I've written. The "image" all sits nicely on a USB Key, and we have 30 of them in the company that our techs use if they need to rebuild a machine. The Key gets updated through scripts on our network, you plug in, run 1 executable, and within a few minutes you've got a fully updated "image". It's even fully encrypted so if anyone loses a Key or one gets stolen, our "image", apps, programs, serials, etc, etc are all secure. Took me a long time to get to this point... man 2 weeks huh? F that. I pity your situation. I can't even offer advice because you have such a silly deadline IMO. Good luck.

Link to comment
Share on other sites

I've got to second GTOOOOOH's sentiment - hardware independent images with anything prior to Vista is just not feasible. You can get close, yes, but never 100% independent. And the post is spot-on about applications and updates, too - unless you're imaging a base Windows install and post-installing all apps and updates, it really makes it hard to stay current.

I don't do desktop deployment anymore for a variety of reasons, but when I did, I had a RIS server that could push out a base XP or 2000 OS, from a flat install source (not an image) and install and configure all apps in about 90 minutes a machine, from POST to ready-to-go. And if I wanted to update the image, I could re-write a script or replace an app on the RIS server or deployment point and never have to touch much to keep things updated.

I wish you luck if you go the image route - 2 weeks is pretty unrealistic.

Link to comment
Share on other sites

if the script your talking about is Johan's then......

Build your image on a machine that is a uni proc place all your drivers in your desried location.

Download spdrvscn.exe from www.vernalex.com

download...

pskill.exe

psloglist.exe

sync.exe

from sysinternals.

Place all these files in your sysprep folder.

use this batch file and adjust it to point to your driver folder..


rem Infrastructure Team
@ECHO OFF
CLS
ECHO System Preparation Tool
ECHO.
ECHO Before continuing please:
ECHO 1. Be sure that the pre-sysprep steps were followed.
ECHO 2. Image the computer previous to this, as the sysprep
ECHO process may fail and this would corrupt the installation
ECHO you have prepared.
ECHO 3. Restart the computer before attempting this so that
ECHO system buffers are cleared.
ECHO 4. Close all open windows before continuing.
ECHO.
pause

ECHO.
ECHO Flushing data to disks (preliminary):
sync -r -e

ECHO.
ECHO Cleaning up old driver caches:
del /s /q c:\drivers\infcache.1

ECHO.
ECHO Creating driver path (SysPrep Driver Scanner):
spdrvscn /p c:\drivers /e inf /d C:\windows\inf /a /s /q

ECHO.
ECHO Closing open SMB connections:
net use * /delete /yes

ECHO.
ECHO Terminating unneeded processes:
kill /f vptray
kill /f ccapp
kill /f explorer
kill /f alg
kill /f ati2evxx
kill /f ccevtmgr
kill /f ccsetmgr
kill /f defwatch
kill /f lucoms~1
kill /f mdm

ECHO.
ECHO Stopping unnessary services:
net stop alerter /yes
net stop wuauserv /yes
net stop browser /yes
net stop cryptsvc /yes
net stop dhcp /yes
net stop mdm /yes
net stop trkwks /yes
net stop protectedstorage /yes
net stop remoteregistry /yes
net stop seclogon /yes
net stop samss /yes
net stop wscsvc /yes
net stop lanmanagerserver /yes
net stop "symantec antivirus" /yes
net stop defwatch /yes
net stop ccevtmgr /yes
net stop sndsrvc /yes
net stop ccpwdsvc /yes
net stop ccsetmgr /yes
net stop sens /yes
net stop srservice /yes
net stop schedule /yes
net stop lmhosts /yes
net stop ups /yes
net stop uphclean /yes
net stop webclient /yes
net stop audiosrv /yes
net stop sharedaccess /yes
net stop msiserver /yes
net stop w32time /yes
net stop wzcsvc /yes
net stop lanmanworkstation /yes
net stop spooler /yes

ECHO.
ECHO Removing cached OEM drivers...
attrib -r -a -s -h C:\windows\inf\oem*.*
del /q c:\windows\inf\oem*.*
del /q c:\windows\inf\infcache.1

ECHO.
ECHO Clear the event logs...
psloglist -c application
psloglist -c security
psloglist -c system

ECHO.
ECHO Flushing data to disks (finalization):
sync -r -e

ECHO.
ECHO Executing system preparation tool (reseal / minisetup)...
start sysprep -reseal -mini -quiet -shutdown

Once your image is built go into device manager and then expand the computer icon, right click and then update the ACPI type click "Install from a list" option and then click "Don't search I will choose option" click "next" and then choose " Advanced Configuration and Power Interface (ACPI) PC"

Ok now for the sysprep.inf make the settings you require. Do not use the oempnpDriverspath spdrvscan will scann all dirs and then place this directly into the registry for windows to search for drivers paths.

Don't forget to add your mass storage Device Driver IDS into the sysprep.inf for the machine to boot.

If your running new hardware that has the new Sata drivers then use "IDE Merge" attachd to this post this will pre-stage the drivers into the windows registry so that when windows boots it will correctly install the correct Sata driver..

iaahci.inf or iastor.inf

Set up Windows 2003 with WDS with PXE for your winpe image to deploy to your clients (Do not forget that you need Drivers for the Mass Storage Device Drivers and network in the winpe image) now as Iceman said if your going with winpe 2.0 then you need at least 348mb of ram to create a pri a partition

The PXE server will answer requests for the "F12" send the winpe image to the client partition the drive lay an image from a share, look up the hal type "HKLM\SYSTEM\CurrentControlSet\Enum\Root\ACPI_HAL\0000\HardwareID" (winpe 2.0 and winpe 2005 use the same reg key to find hal type)

Run the ztihaldetect.vbs to adjust the sysprep to correctly which will adjust the sysprep depending on the hal IE: if it reports "Advanaced Power Interface ACPI PC" it will not do anything. if it reports "ACPIAPIC_MP" then it adds an entry to sysprep in the unattended part "UpdateHAL=ACPIAPIC_MP,%WINDIR%\Inf\Hal.inf this will then get its files that are required from the "dllcache" the machine will now have the correct hal.

If you would like the "IDE Merge" then please PM me (its 201k :-()

I have managed to reduce the companys images from 35 to 1 which includes laptops.

Only thing I need to work out is how to do laptop hardware profiles from the cmd line.

Link to comment
Share on other sites

if the script your talking about is Johan's then......

Build your image on a machine that is a uni proc place all your drivers in your desried location.

Download spdrvscn.exe from www.vernalex.com

download...

pskill.exe

psloglist.exe

sync.exe

from sysinternals.

Place all these files in your sysprep folder.

use this batch file and adjust it to point to your driver folder..


rem Infrastructure Team
@ECHO OFF
CLS
ECHO System Preparation Tool
ECHO.
ECHO Before continuing please:
ECHO 1. Be sure that the pre-sysprep steps were followed.
ECHO 2. Image the computer previous to this, as the sysprep
ECHO process may fail and this would corrupt the installation
ECHO you have prepared.
ECHO 3. Restart the computer before attempting this so that
ECHO system buffers are cleared.
ECHO 4. Close all open windows before continuing.
ECHO.
pause

ECHO.
ECHO Flushing data to disks (preliminary):
sync -r -e

ECHO.
ECHO Cleaning up old driver caches:
del /s /q c:\drivers\infcache.1

ECHO.
ECHO Creating driver path (SysPrep Driver Scanner):
spdrvscn /p c:\drivers /e inf /d C:\windows\inf /a /s /q

ECHO.
ECHO Closing open SMB connections:
net use * /delete /yes

ECHO.
ECHO Terminating unneeded processes:
kill /f vptray
kill /f ccapp
kill /f explorer
kill /f alg
kill /f ati2evxx
kill /f ccevtmgr
kill /f ccsetmgr
kill /f defwatch
kill /f lucoms~1
kill /f mdm

ECHO.
ECHO Stopping unnessary services:
net stop alerter /yes
net stop wuauserv /yes
net stop browser /yes
net stop cryptsvc /yes
net stop dhcp /yes
net stop mdm /yes
net stop trkwks /yes
net stop protectedstorage /yes
net stop remoteregistry /yes
net stop seclogon /yes
net stop samss /yes
net stop wscsvc /yes
net stop lanmanagerserver /yes
net stop "symantec antivirus" /yes
net stop defwatch /yes
net stop ccevtmgr /yes
net stop sndsrvc /yes
net stop ccpwdsvc /yes
net stop ccsetmgr /yes
net stop sens /yes
net stop srservice /yes
net stop schedule /yes
net stop lmhosts /yes
net stop ups /yes
net stop uphclean /yes
net stop webclient /yes
net stop audiosrv /yes
net stop sharedaccess /yes
net stop msiserver /yes
net stop w32time /yes
net stop wzcsvc /yes
net stop lanmanworkstation /yes
net stop spooler /yes

ECHO.
ECHO Removing cached OEM drivers...
attrib -r -a -s -h C:\windows\inf\oem*.*
del /q c:\windows\inf\oem*.*
del /q c:\windows\inf\infcache.1

ECHO.
ECHO Clear the event logs...
psloglist -c application
psloglist -c security
psloglist -c system

ECHO.
ECHO Flushing data to disks (finalization):
sync -r -e

ECHO.
ECHO Executing system preparation tool (reseal / minisetup)...
start sysprep -reseal -mini -quiet -shutdown

Once your image is built go into device manager and then expand the computer icon, right click and then update the ACPI type click "Install from a list" option and then click "Don't search I will choose option" click "next" and then choose " Advanced Configuration and Power Interface (ACPI) PC"

Ok now for the sysprep.inf make the settings you require. Do not use the oempnpDriverspath spdrvscan will scann all dirs and then place this directly into the registry for windows to search for drivers paths.

Don't forget to add your mass storage Device Driver IDS into the sysprep.inf for the machine to boot.

If your running new hardware that has the new Sata drivers then use "IDE Merge" attachd to this post this will pre-stage the drivers into the windows registry so that when windows boots it will correctly install the correct Sata driver..

iaahci.inf or iastor.inf

Set up Windows 2003 with WDS with PXE for your winpe image to deploy to your clients (Do not forget that you need Drivers for the Mass Storage Device Drivers and network in the winpe image) now as Iceman said if your going with winpe 2.0 then you need at least 348mb of ram to create a pri a partition

The PXE server will answer requests for the "F12" send the winpe image to the client partition the drive lay an image from a share, look up the hal type "HKLM\SYSTEM\CurrentControlSet\Enum\Root\ACPI_HAL\0000\HardwareID" (winpe 2.0 and winpe 2005 use the same reg key to find hal type)

Run the ztihaldetect.vbs to adjust the sysprep to correctly which will adjust the sysprep depending on the hal IE: if it reports "Advanaced Power Interface ACPI PC" it will not do anything. if it reports "ACPIAPIC_MP" then it adds an entry to sysprep in the unattended part "UpdateHAL=ACPIAPIC_MP,%WINDIR%\Inf\Hal.inf this will then get its files that are required from the "dllcache" the machine will now have the correct hal.

If you would like the "IDE Merge" then please PM me (its 201k :-()

I have managed to reduce the companys images from 35 to 1 which includes laptops.

Only thing I need to work out is how to do laptop hardware profiles from the cmd line.

Man that's a lot for an unknown end result. As for your last statement about laptop hardware profiles let me expand on that with a little elegance. If you use PE with any kind of WMI scripting you can query the BIOS and determine just about any manufacturers info, specifically the model. If they're custom built computers, that's nearly impossible but if they are, you're probably not in a corporate environment anyway and this doesn't really pertain to you. So, you query the BIOS get the model, then based on the model you only install the drivers you need. The way I did this was by heavily rescripting DriverPacks and making my own bastardized version. So my installs go as follows.

Plug in USB key

Answer a few questions like machine name, IP Segment you're currently on, Domain you'll be joining, etc

Provide the password for the encrypted volume on the key

After a few minutes it prompts you to remove the key, now, sit back and relax.

In the background it determines what sort of hardware it is, copies the right driverpacks to the C: drive, and moves ahead with the installation. Post install gets all our corporate apps/tweaks/settings/etc. 0 interaction from the tech once they unplug the key.

It takes about an hour from start to finish which most people scoff at because it's not UBER quick and it's not GHOST, and it's not coming down from a network share, blah blah blah. But if you've ever had to maintain images you know you'll spend FAR more time on maintenance tasks and testing then actually improving your product. So, start to finish most images take about a 1/2 hour with apps and all sorts of setting changes etc.. however once you get new hardware the process starts out all over again and it's an absolute pain to continue rebuilding and testing images in a hardware diverse environment. So, you double your "imaging" time, but you by creating a solution that takes 5 minutes to deploy, but 55min to setup, you lower your costs because a tech can walk away and come back while the user works on a loaner machine or is out to lunch. The only thing I WISH for is a faster network where we COULD push the same solution down via PXE, but that's impossible for now, so this solution is great and scalable, cost effective and fast.

Link to comment
Share on other sites

lol

Unknown result? I know what the result it is all documented.

I work for the biggest IT contract currently alot of users more than 250,000 across more than 1000 sites.

the information I have provided is all the info I have received from this board :-).

I have one Image when I say image I mean I have one "Imagex Image" not really an Image its a bunch of files, this includes all my drivers for my current models.

I can deploy this by WDS, CD/DVD or USB it takes 3 mins on my slowest machine by USB. If I have any other models then I can inject the drivers into the "Image" I can do a SMS wipe and load if I want to. The user can rebuild his machine using WDS if he wishes everything is locked down.

Every last Detail is documented this includes the drivers used, I can hardly say download "The Driver packs" etc. Not that i am knocking the driverpacks by sneaky I can not use them in my Enterprise cause I can not truly say how it works.

I allready have a way of setting custom actions widescreens , DVD Writers, local printers, etc with the single build that I never have to update unless I have to go to a different windows version.

The question with hardware profiles is how can I script this? I could run an autoit script to manually send the keys but thats not our way.

I would go with the BDD way 2.5 or the 2007.

You can then decide if you want drivers in your image or out and let the BDD inject these depending on what you want, be warned there are loads of ways you can do this in the BDD. I will take more than two weeks to read and digest the thing!

BDD is free and supported which has to be in my case as I am not allowed to deploy anything that is not supported due to our "contract"

unknown result lol

TCO's depend on the size of the company if you have 2 Weeks to do a single image for less then 100 users then I would not bother with the BDD if you have more than 500 then the cost to invest time into the BDD will in the end lower the TCO.

Link to comment
Share on other sites

I've got to second GTOOOOOH's sentiment - hardware independent images with anything prior to Vista is just not feasible. You can get close, yes, but never 100% independent.

I disagree. It is definitely possible to do, I have done it (22 models, 3 different manufacturers and a combination of laptops and desktops as well as 3 HAL types). I would give it a few months though and not 2 weeks. It does take an awful long time getting everything to work together nicely (namely because it takes so **** long to sysprep, reboot, test, resysprep). For a while I used mysysprep to get the HALs right. Now I am attempting to use haldetect.vbs. I will let everyone know how that goes.

I also had a lot of vbscripts running at different times and for different reasons (auto naming the PC based on the Asset Tag and a "site" prefix, joining the domain, installing "helper" apps such as synaptics touchpad drivers but only if the devices existed on the system, etc.).

One could make a career out of building images!

Link to comment
Share on other sites

I wish I only had 22 models and that right there is the reason why imaging with sysprep and re-sysprepping would be so prohibitive on time for me, by the time I'm "done" we'd have new models to test. Currently at the last count we had over 6 manufacturers and 53 models, now for the most part as long as the HAL is the same, you can cut that number in half, however staying on top of virus dat's and critical KB's from MS because we run Safe Access to lock down all our machines requires I stay up to date by no less then 4 days, otherwise a machine in our domain is quarantined and the user unable to get a production IP. This also forces us to use local media rather then a network install because PXE can't hand out addresses in our production environment because Safe Access blocks machines not in our domain. Your way of doing things is really pie-in-the-sky for me, one day maybe, but with so much legacy equipment, SOX restrictions, and red-tape... 1 hour is the best we got at this point.

Edited by GTOOOOOH
Link to comment
Share on other sites

I had a very similar challenge some time ago and automated all needed steps onto a single project.

This helped me to speed a lot of the testing and improving process until it I reached my expected results.

Now I only need to update the driverpacks or any of the included addons and rebuild again as needed.

------------

I've released this project today as beta - it's not based on sysprep as I preferred the traditional XP install but I hope it can still help you.

http://www.boot-land.net/forums/index.php?showtopic=3651

It allows to automate customization of the windows source and also adds a XP PE environment to apply any additional tasks with MMC such a disk partitioning or running Winnt32.exe with custom switches from command line.

:)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...