If there's a part in your job description that mentions desktop imaging, bookmark this article. Now. Frequent contributor CondorMan picks up a slew of imaging best practices and lays down how you can use those tools on your belt to make it all happen.
This document accompanies the Best Practices for Standardized Desktop Images Presentation. It is intended as a guideline to creating a Standard Image and will introduce you to the methods you can use to create a Hardware Independent Image including HII Tools and the Altiris Hardware Independent Imaging Best Practices Document.
- Step I: Prepare to Create and Distribute Hardware Independent Images
- Step II: Create your Standard Desktop Image
- Step III: Distribute your Standard Desktop Image
Deployment Server makes it possible to create and deploy disk images to similar hardware. With a little extra work, you can easily create and deploy disk images to any computer regardless of hardware. You will need to prepare your Deployment Server to create and distribute Hardware Independent Images; this must be done only once. Once you have done this, you can create and distribute these Images from any computer to any computer.
This document focuses on creating and distributing a Standardized Desktop Image. However, you can use Hardware Independent Images for the following scenarios and more:
- Create a hardware independent backup of any workstation.
- You will be able to restore this backup to any replacement laptop, workstation, or server without regard to hardware.
- Upgrade a server or workstation with minimal down-time.
- Order a more robust server, take a hardware independent image of your old server, and deploy it to your new server.
- Often, when the boss orders a new computer, his old one is sent down the chain. With these methods, you can take an image of the boss' old computer (it's just the way he likes it) and deploy it to the new and do the same for the person who inherits the old computer.
This document has an accompanying Presentation that you can download here.Step I: Prepare to Create and Distribute Hardware Independent Images.
- Install the latest version of Deployment Server 6.8
- Prepare Deployment Server to Create and Distribute Hardware Independent Images using one of the following options:
- Altiris Hardware Independent Imaging Best Practices Document is the officially supported method of creating Hardware Independent Images. You can find it here.
- HII Tools was written as a proof of concept by an Altiris employee. It may be used as a prototype, but is not supported by Altiris. [The tools are not currently available; e-mail firstname.lastname@example.org to request notification of updates to the tools.]
- Altrinsic Solutions' Hardware Independent Imaging Solution (HIIS) has not yet been released, but you can find information here.
The rest of this document assumes that you are using this option. You may need to alter your steps if you use one of the other two options.
- If you want to be able to change your Administrator password without re-creating your images, do the following.
- When you install the OS on the source computer, leave the Administrator password blank.
- To supply or modify the Administrator password for Windows XP or 2003, with using Encryption.
- Extract \\<YourServer>\Sysprep\DotNet\deploy.cab and run setupmgr.exe
- Choose to Create New, Sysprep setup, for any version, do not fully automate the installation.
- Go to the Administrator Password section, choose Use the following, enter your password, and check Encrypt the Administrator password
- Click File, Save, choose a location to save your temporary sysprep.inf file and click OK.
- Open the temporary sysprep.inf file in Notepad, select the line that begins with AdminPassword= and copy it to the clipboard.
- Edit the Sysprep.inf file that was created when you followed the Quick Start Guide in Step I.2. Replace AdminPassword=* with the line that you copied into the clipboard in the last step. Save the file.
- To supply or modify the Administrator password for Windows 2000, XP, or 2003, without using Encryption.
- Edit the Sysprep.inf file that was created when you followed the Quick Start Guide in Step I.2. Find the line that begins with AdminPassword= and replace * with the desired password. Save the file.
- Deployment Server includes default Sysprep.inf files that use information in the Database to configure the computer. The files are located in the eXpress share under Sysprep. You can modify them with any token. For example, if you want the computer name to be WS-<SerialNumber>, you could replace %COMPNAME% with WS-%SERIALNUM%. For a list of tokens, see Deployment Solution Reference Guide, page 500.
- Collect the drivers* for each device in your environment into your Driver Library. You have three options to do this.
- Run the Capture Drivers for Hardware Independent Imaging job on computer(s) that already have the appropriate drivers installed.
- Download the drivers from the device manufacturer's website, extract each driver into a unique subfolder under "<Deployment Server Install Dir>\HII\Manual Driver Collect\" and then run "Manual Driver Collect.bat."
- If neither of these works, you must use a Run Script or Distribute Software task to install the driver after the image has been deployed.
* You must collect drivers for hardware before deploying images to computers with that hardware. You must re-create the image to support new Mass Storage Drivers.
- Install your operating system.
- Slipstream Service Packs, Hotfixes, and Update Packs to reduce the resulting size of the OS. This can be easily done using nLite*.
- Remove unused components to decrease the file size and memory requirements. This can be easily done using nLite*. Be careful when doing this, it is possible to remove too much and you will have an OS that is incapable of running your applications.
- Do not join the source computer to a domain. When the image is deployed to the destination computer, Sysprep can join it to the domain.
- Do not install any additional drivers. Drivers will be dynamically installed during the image deployment to the destination computer.
- Tweak the OS to conform to your company's desktop standard. This can be easily done using nLite*, via Active Directory Group Policy, or manually.
- Change the Driver Signing Policy to Ignore.
- Disable the Antivirus Alerts if you plan to manage antivirus at a corporate level.
- Disable the Windows Firewall and Alerts if you have a corporate Firewall.
- Disable Automatic Updates and Alerts if you plan on updating Windows via Deployment Server or Patch Management.
- If you would like to provide the Administrator password in the sysprep.inf file so that it can be changed later without re-creating your image (recommended), leave the Administrator password blank on the source computer. See Step I.3 (page 1) for instructions on supplying the Administrative password in the sysprep.inf file.
- Optionally: Build an Unattended Install to save time and reduce the chance of error when you need to rebuild your Standard Desktop Image. This can be done using nLite* or Deployment Server's Scripted OS Install Wizard.
* nLite is a freeware tool that will add updates to and remove unwanted components from your Windows Setup files. nLite can then create an Attended or Unattended Install CD for you. Go to www.nliteos.com for details.Note
If you use nLite, be careful to test the resulting configuration because removing some components can make your OS incompatible with some applications and/or provide unwanted results.
I was able to get the size of Windows XP down to 400MB and Windows 2000 down to 250MB installing minimal components using nLite.
I was able to get the memory usage of Windows XP from 73MB down to 49MB and Windows 2000 from 47MB down to 33MB installing minimal components using nLite.
- Install your applications.
- Only install applications that are required for all computers in your company. You can install other applications after the image deployment departmentally or individually.
You may want to exclude all applications and install all applications as Distribute Software tasks so that you don't need to update your Master Image as often.
- Install AClient.
- If you use Notification Server, you can install the Notification Server Agent now.
- Only install applications that are required for all computers in your company. You can install other applications after the image deployment departmentally or individually. Note
- Finalize the source computer.
- Review everything to make sure it is configured correctly.
- Reboot the computer to make sure all pending file writes are made.
- Capture the Image.
- Use the Create Hardware Independent Image sample job to capture your image. You may make a copy of this sample job and modify it to suit.
- Create Distribute Software jobs/tasks for the applications that are not installed as a part of the Standard Desktop Image.
- Use the application vendor's Silent Install option if one is available and feasible.
- Otherwise, you can create a silent installer for any application using Wise SetupCapture. See KB Article #20052 for details.
- Distribute the Image.
Use the Distribute Hardware Independent Image sample job to distribute your image. You may make a copy of this sample job and modify it to suit. Note
You could use this job with existing clients or with new computers using pre-defined computers or initial deployment. If you use a pre-defined computer, you must ensure that the information for all tokens in the Sysprep.inf file exists.
- Distribute additional applications.
Run the Distribute Software jobs/tasks created in Step II.5 (page 4) to install applications that are not installed as part of the Standard Desktop Image.
- Distribute PCT Package.
If you have a PCT Package for this destination computer, distribute it now.