[Conrad10781]

I tried searching around for help on this to no avail. I was wondering if it is possible to somehow limit the Windows Install to certain machines.. I will explain more detailed.


I am doing some network admin work for a medium sized business in my area. They have ~100 or so computers. Before i got there they setup some corporate key licensing with Microsoft. So one key is used on all machines. I have already used this website to get them going nicely on unattended installs.

All of the machines are the same model.. of Hewlett Packards. with same specs. I do notice that sometimes a hard drive is maxtor and others its WD, but with same 40GB size. What i have found the last few months is that people from the office are taking copies of the cd's and bringing them home.. passing them out etc. and has made a small problem already.

So now knowing all the machines are pretty identical. is there anyway to have some sort of script looking for a specific motherboard model or something that they all have 100% in common to prevent future abuse of their current setup? Or is the best alternative somehow to have any install cd's locked up... PS that is how it is now, but everyone seems to have access.

[jamesas]

well why dont you just not let them take them use something like RIS and lock the cds up safly in a cupboard or something and deploy the os on the machine via RIS

[Conrad10781]

Sorry for not being more specific before.....
These computers are spread across 4 bulidings. the main one has such a remote install service that is just not ever used. I don't know if the owner would be interested in getting the 4 buildings networked together to keep the security that way... but i will suggest it. thanks for the help, and if you can think of anything else, please don't hesitate

[JohnGruhn]

Once they have gotten the physical media, all bets are off. If you have admins sign for using the CDs, you can tell who is taking what. Since you are in a corp enviroment, I assume you have a user agreement the end user signs. Include in this user agreement that software taken from work is assumed to be stolen unless granted by your admin group in writing.

Physical copies such as what you have should remain in the admin group area unless in use. Nobody except the admin group has legit right to use them, so don't lend them out. If they are taking without your permission, slam them with the user agreement you make them sign from above. Since they signed it, it makes it hard for them to claim ignorance.

Rather than have the CDs in a locked cabinet, you should probably invest in a safe with a combo lock that you can change. That way you can change the combo at any random time and keep it a roaming target. Have your admin group sign a seperate statement that says they wont divulge the combo as a term of employment. Its still not foolproof and you will have leaks, but you will have enough paperwork to go after them when they do.

Hope this helps.

[jrios]

Do a search on Google for "System Locked Pre-installation". OEMs use this method for locking their pre activated OS to specific hardware. There is a lot involved with this and I don't know if it would even be available (even if it is, it's not cheap) to a non-OEM.

[Martin Zugec]

Answers: Dont use cds, use network installation insted.

The trick U R looking for can be achieved by quite simple vbscript file. Work with WMI and check for Win32_Baseboard class and Product value.

U can use this methods for almost every better PC. I am using it not for locking installations, but for automatic chipset driver installations

[Martin Zugec]

This could maybe help U little bit

'Automaticka instalacia ovladacov pre chipset a nastavenie biosu
'Martin Zugec
'12.7.2004
'20.9.2004

Option Explicit
On Error Resume Next

Dim objWMIService, objShell
Dim strBoard, arrayBoards, strInstallPath
Dim strTypPocitaca

Set objWMIService = GetObject("winmgmts:root\cimv2")
Set arrayBoards = objWMIService.InstancesOf("Win32_BaseBoard", 48)
Set objShell = Wscript.CreateObject("Wscript.shell")

strInstallPath = Left(WScript.ScriptFullName,Len(Wscript.ScriptFullName) - Len(WScript.ScriptName + "n")) & "\"

for each strBoard in arrayBoards
 Select Case Trim(LCase(strBoard.Product)) 
  Case "optiplex gx150"
 	 'Wscript.Echo "OptiPlex GX150"
 	 NainstalovanieChipsetu("gx150")
  Case "00t606","02x378"
 	 'Wscript.Echo "Optiplex GX260"
 	 NainstalovanieChipsetu("gx260")
  Case "0x1078","0r2472","0u1324"
 	 'Wscript.Echo "OptiPlex GX270"
 	 NainstalovanieChipsetu("gx270")
	Case "0n4846","0968h","0g5611","0f7739"
  'Wscript.Echo "OptiPlex GX280"
 	 NainstalovanieChipsetu("gx280")
  Case Else 
 	 Call OdoslanieMailu
 	 'wscript.echo ". Unsuccessful!"
 End Select
next

Call RestartPocitaca

Set objWMIService = Nothing
Set arrayBoards = Nothing
Set objShell = Nothing

Wscript.Quit(0)

Sub OdoslanieMailu

	Dim objEmail, objNetwork
	Dim strComputerName

	Set objEmail = CreateObject("CDO.Message")
	Set objNetwork = CreateObject("Wscript.Network")

	strComputerName = objNetwork.ComputerName

	With objEmail
   	 .From =  strComputerName & "@domain.com"
   	 .To = "USD_Install@domain.com"
   	 .Subject = "Error"
   	 .Textbody = "Chipset driver was not installed. Baseboard identificator is " &strBoard.Product & ". Ignore this message if you are installing older computer than OptiPlex"
   	 .Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
   	 .Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.domain.com"
   	 .Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
   	 .Configuration.Fields.Update
   	 .Send
	End With

	Set objEmail = Nothing
	Set objNetwork = Nothing

End Sub

Function NainstalovanieChipsetu(strTypPocitaca)
	'Wscript.Echo strInstallPath & strTypPocitaca & "\setup.exe -b -s"
	objShell.Run strInstallPath & strTypPocitaca & "\setup.exe -b -s", 1, True
	'wscript.echo ". Nainstalovany chipset pre pocitac " & strTypPocitaca
End Function

Sub RestartPocitaca
	objShell.Run "shutdown.exe -r -f -t 01", 0, False
End Sub