Back in 2009, I started work on a Deployment Server 6.x Imaging Add-on called ImageInvoker. This was to answer the need locally for IT staff to provision machines without prior training in using the Deployment Console. It provides a self-service imaging interface in automation, a deployment portal if you will, so that desk-side IT staff can schedule the immediate deployment of images without requiring the assistance of a DS administrator.
By July in 2010, ImageInvoker had matured and was finally able to deliver images from both the Linux and WinPE automation environments. I had at that point intended to halt development. Within 6 months though, I decided to revisit that decision and to proceed with further development on 6.x branch. Simply put, I had an emerging need to provide a flavour of ImageInvoker which reflected security as seen through the DS console. Only through such security scoping could the ImageInvoker portal be opened up to the multitude of IT roles as required by our multi-departmental setup.
This is an on-going project, and as I write new 'chapters' they'll be added to the development path summaries below. Feel free to comment with ideas, as once it goes public it will be purely bug-fixes from then on. Unless I deem the bugs to be 'By Design', naturally.....
In this chapter, I lay down the key improvements I intend to make, notably AD integration and in-the-fly menu creation. Work begins on the T-SQL side of the house as I tinker with the SQL required to generate the new menu-items.
Understanding Deployment Server console security is key to implementing the authorisation piece which goes hand-in-hand with AD authentication. After looking at how DS security works, work begins on looking at how we can establish the 'effective permissions' on our menu items.
After some testing, this chapter was a quick return to base for the effective permissions code. The code from Part 2 failed to assess the effective permissions in the scenarios where the multiple group permissions were configured. This part tackles this problem, and provides the full T-SQL functions for the final code.
Using the effective permissions code from part 3, this part talks through how we can use this code to generate each user's own ImageInvoker menu. Quite simply put, it was not going to be a simple as I first imagined.
Now that we've got the engine able to authorise user's based on their group and user memberships, we now need some functions which can accurately ennumerate those memberships in the first place. Lots of VBScripts here
In this part, we get down to the nitty gritty of engine -the lauching of the axsched utility. Several flaws in the utility worked around, and several process spawning methods are discussed.
Here I cover some of the upgrading steps involved in upgrading the WinPE client for authentication and menu navigation. The WinPE environment is also discussed from a programmers point of view.