Deployment Solution

 View Only
Back to Library

Chapter 3: Introducing the DS Console 

Mar 10, 2008 01:15 PM

In this third chapter of my Deployment Solution training notes, we take a look at the DS Console and focus on how computers are managed within it. To illustrate console functionality, we install the DS agent (AClient) on an XP laptop so that we can demonstrate basic management and helpdesk tasks.

This is a light chapter technically - its aim it to get the DS administrator familiar with the console as a tool. After installing the Deployment Solution agent on a Windows XP computer, we will demonstrate basic tasks such as remote control & chat. Job and task creation are also discussed using a reboot job utilising a VBS script as an example. Later chapters will delve into the details of what is actually happening behind the scenes.

Please note that this article assumes a server configured as detailed in the previous articles in this series,

Chapter 1: Preparing your Server for a DS6.8SP2 Installation Chapter 2: Installing Deployment Solution 6.8SP2

Console Startup

The Deployment Solution Console is the administrative interface to Deployment Solution. Using this, you can configure your Deployment environment, manage your computers, and develop your computer tasks. During the Deployment Solution installation, a shortcut for the Console is placed in the desktop of the 'All Users' profile. No matter which user you then login to the server as, you should see the DS icon on your desktop.

In order to understand how the Deployment Console interacts with the SQL database lets take a look at the Console startup process. First, the DS Console runs as the process eXpress.exe. When the eXpress process starts up, it must do the following before it can load up the Console interface.

  1. Connect to the SQL instance directly using the logged-on users (your) NT credentials
  2. Connect to the SQL database through the Altiris DB Management Service. This service runs as the process mm.exe, and should now be using the altservice credential (we configured this in the previous article).

Bearing the above in mind, if you do have any problems opening the DS Console its likely related to SQL access. To troubleshoot, first check that both the MS SQL and the Altiris DB Management Services are up and running. Next ensure that you are logging into your server as a local administrator (MS SQL Server by default grants access to local administrators). Finally, be patient -firing up the console just after a server reboot will likely fail as the SQL service takes a bit of time to get rolling.

Console Layout

Once you've double-clicked the Deployment Console shortcut, and MS SQL makes all the right noises in the background, a console similar to that shown below will open. The console is designed around windows explorer (which makes it fairly intuitive) and it consists of three panes, a couple of toolbars and a menubar.

Click to view.

The Computers Pane

The computers pane (located at the top-left of the console) presents a simple interface for organising and managing your computers. Each computer which registers with the Console will appear here so it can be managed. You can create hierachies of folders for computers (computer groups), and use the interface's Drag'n'Drop capability to move machines between these folders. This allows you to produce a logical layout which suites your environment.

The Jobs Pane

The jobs pane is located in the bottom-left section of the console, and this area is used to build jobs and tasks for running on your computers. You can create folders too in this pane, allowing you to organise your jobs into a stucture which suites your script and software distribution strategy.

Already populated in this pane you'll find the System Jobs folder hierachy. This folder stores any jobs which are created on the fly when you use the deployment solution tools and menus to run jobs on computers. This provides an audit trail for many of the tasks you can run on computers from the DS interface.

The Details Pane

The details pane provides a Windows Explorer-like drilldown view based on the current selections in the other panes. For example, when you select a computer in the computers pane, you will see in the details pane this computer's job history. Further, selecting a job in the jobs pane will provide a breakdown, showing all the tasks which have been used to create it.

The ToolBars

There are two toolbars at the top of the Deployment Console, and these are the main toolbar, and the tool toolbar.

The graphic opposite depicts the functionality exposed by the main toolbar. Its an odd mix of items, from a Lab Building wizard to tasks which create and delete computers. Although this toolbar looks daunting, most of the items here are available through the context menus which popup when you right-click in either the computers or jobs pane. For this reason, these particular icons are rarely used, and I often advise hiding this toolbar to reduce console clutter (you can hide/unhide the toolbars from the view menu item on the menu bar).

The Tools toolbar is split into three sections. The first section is context specific, and is only enabled when navigating in the computers pane as the items therein are specifically related to managing computers. The second and third sections provide access to usefull tools such as the boot disk creator and the PXE configuration utility. These tools are also available from the tools menu on the menubar.

Rather than explore the toolbars and menus in tedious detail now, we'll instead walk a more practical path of loading a computer into the console, and executing a few routine management operations on it using some of these tools.

Getting a Computer into the Deployment Console

As this chapter is focusing on the Console, we are not going to get heavily bogged-down in the nitty-gritty of how DS manages computers (this is covered later). Suffice to say, that for DS to manage a computer, we need to install a little program on it called an agent. This program establishes contact with the server, uploads an inventory and thereafter keeps an open channel to await requests from the server.

A robust way of installing the agent is to install it manually. This means logging into the PC we want to manage, connecting to the eXpress share on the DS Server, and running the agent installer from there.

Don't worry about the scalability of this process in the enterprise environment -this isn't how you'll deploy the agent in practice!

Manually Installing the Deployment Solution Agent on a Windows Client

Let's proceed by installing the Deployment Solution agent on a Windows XP computer. Login to the XP client you wish to manage as an administrator and do the following:

1. Connecting to the Server Fileshare. In the run box, type in the UNC path to your DS Server. In these articles, I have setup the server with the name Altiris-DS.

2.  Authenticating to the Server In the connection dialog which appears, type in a known credential which will grant your access to the share. I've used here the altservice credential which we created previously.

3.   The Agent Installation Files Navigate into the express share where you'll you'll find the agents folder. In here you'll find all the agent installion programs for your Windows, Linux and Mac OSX clients. Navigate to the AClient folder which contains the agent installation programs for the Window platform. The reason for so many files in here is two-fold,

  1. Since Vista, there are now two different streams of agent. The DAgent for Vista, and the AClient for the other Windows operating systems.
  2. In order to accomodate different architectures, the agent has been a compiled to run on 64bit and Intel Itanium CPUs in addition to typical 32-bit offering.
To maintain some form of order here, the following naming convention is employed; altiris-agentname-version.architecture.exe So, for my XP computer i'm wanting to manage with Deployment Solution, I have to choose from the following installers,
  • altiris-aclient-6.8.378.IA64.exe, for Intel Itanium machines
  • altiris-aclient-6.8.378.X64.exe, for 64bit machines
  • altiris-aclient-6.8.378.X86.exe, for 32bit machines
As I know I don't own a single a 64-bit machine of any description (much to my dismay), the installer we want is altiris-aclient-6.8.378.X86.exe

4.  Agent Installation There are many ways to install the Deployment Solution agent on a client. The method we follow below allows us to perform an agent installation without having to delve into the details of the process. It is also quite a robust way of installing the Deployment Solution Agent too.

To begin, lets create a single-line batch file in eXpress\Agents\AClient folder which runs the correct installer for our managed client architecture. By specifying an argument to the installer executable, we can offer an input file for the agent configuration (it is by using this input file that we avoid the detailed options which are presented when the installer is run directly through Windows explorer).

So, to begin, lets create two files in the eXpress\Agents\AClient folder. The first will be the batch file used to install the agent called altiris-x86-install.bat and the second will be the agent configuration input file quick-install.inp. The contents of the files are detailed below,

altiris-x86-install.bat 
altiris-aclient-6.8.378.X86.exe quick-install.inp

 

quick-install.inp 
TcpAddr=Altiris-DS
TcpPort=402
AllowRemoteControl=Yes

 

WatchPoint: Each line in the AClient input file must be terminated with a carriage return for it to be parsed as an AClient configuration option. Ensure therefore you have a carriage return on the last line! The above input file answers a minimum of questions -the name of our Altiris Deployment Server, the TCP port to connect on, and that the agent should allow remote control. If we now log into the computer we wish to manage as a local administrator, we can map a drive to the Deployment server and run our altiris-x86-install.bat installation batch file. To do this open up a command prompt, and type the following, 
> net use * \\altiris-ds\express /user:altservice
  Command Completed Successfully

> cd Z:\Agents\AClient
> altiris-x86-install.bat

5.   The AClient Systray Icon After a few moments, you should see the AClient icon appear in your client computer's systray -this indicates the service has started. Initially however, it will have a white circle to let us know that it is not yet in contact with the Deployment Server. After a few moments though, the white circle should turn blue, indicating that communication with the configured DS server has been established. Lets now return to the Deployment Solution Console where we should now see our managed machine!

Computer Inventory

Looking at the server, we should see our XP computer in the console, under the "All Computers" group. In this particular case the computer I installed the agent on is called OUCS-ICT-TOSH. If we select the computer in the computers pane, we can see from the details pane a status entry. This informs us that inventory has been recieved.

Note also the icon representing the computer -it shows a desktop with a user beside it. This icon reflects that a user is currently logged into the computer. If you look at the header of the details pane, you'll also see that the user logged in is OUCS-ICT-TOSH\iana. This is quite cool. The details pane also shows some useful inventory items such as the processor architecture, IP address and MAC address. To view all the inventory information, just double-click the computer to bring up the "Computer Properties" window. Here you can find,

  • Hardware Information such as Processor type, memory, computer model, serial number & BIOS revision
  • Fixed Disk information including capacity, free space and filesystem type
  • Microsoft/Netware networking information
  • TCP/IP information, including network card vendor and model revision
  • Add/Remove program data
  • System Services data
  • Device Manager summary

Computer Groups

Before we dive into the interesting bit of creating jobs to run on our newly imported computer, lets do some tidying up. Our newly managed XP laptop resides in the root of the "All Computers" folder. Its good practice to file away any computers that appear here into a sensible hierachy.

Creating Computer Groups

Lets create a computer group hierachy pretending that this laptop belongs to someone in human resources,

  1. In the computers pane, right-click "All Computers" and select "New Group" from the Context menu. Name the new group "Staff Machines".
  2. Right-click the "Staff Machines" group, and create a new group called "Accounts"
  3. Right-click the "Staff Machines" group, and create a new group called "Personnel"
  4. Select the computer you imported, and drag it into the "Personnel" group
Get into the habit of moving computers into logical groups as they appear in DS. Its not all manual work though -in large rollouts we can create custom input files which place your computers into specific groups.

Jobs: Creating a Power Control Task

Creating and deploying jobs is life's blood of DS. In Deployment Solution terminology, a Job is a collection of one of more tasks, and there are many types of tasks that DS is configured to handle,
  1. OS Deployment Tasks
    • Create Disk Image
    • Distribute Disk Image
    • Scripted OS Install
  2. Package Deployment Tasks
    • Distribute Software
    • Manage SVS Layer
    • Capture Personality
    • Distribute Personality
  3. Registry Tasks
    • Backup Registry
    • Restore Registry
  4. Miscellaneous
    • Modify Configuration
    • Get Inventory
    • Run Script
    • Copy File to
    • Power Control
    • Wait
Pretty daunting huh? Let's start by creating a simple job consisting of one task, with a view to expanding it later. One job which might be useful to have on DS is one which reboots a computer, lets call it "Helpdesk Reboot".

Helpdesk Reboot Job & Agent Prompts

A reboot job is pretty simple one to perform in DS. The steps are,
  1. Right-click in the jobs pane, and select "New Folder" to create a folder called "Helpdesk Tasks" (this is just to keep our jobs tidy!)
  2. Right-Click the "Helpdesk Tasks" folder, and select "New Job" from the context menu. Call the new job "Helpdesk Reboot"

     

  3. In the Details Pane, add a "Power Control" task to the "Helpdesk Reboot" job.

    Select "Restart" from the options. As we generally don't want a system reboot to be held up by open files, lets tick the checkbox to force applications to close without a message. This may appear mean, but if you really want to ensure a reboot occurs, this is critical.

  4. Click "Next" to move on to the "Return Codes" form.

    This form allows us to perform specific actions based on the program's return code, that is the error flag each program sets on completion to let us know how well it did. We don't need to think about return codes just yet, so click "Finish"

  5. To run the "Helpdesk Reboot" task on the target XP computer, in the interface simply drag the job over to the computer and drop it.

    When you've dropped a job on your target computer, Deployment Solution will offer you the chance to schedule the job. By default, the scheduling is set to "Run this Job Immediately", but you also have the option of setting this for a later time. As a safety precaution, the tabs on this dialog offer you the chance to review the job(s) and computer(s) which have been associated.

    Stick with the default to run the job immediately, and click OK. After one final confirmation, sit back and watch your client.

    On your Windows XP client, you should now see an Altiris Client Service Message window, informing you that a power control task has been scheduled to run. This is because we pre-configured the User Properties in the Agent's Access tab earler to give a 10 second warning prior to executing any jobs. Unless you defer the reboot, or abort the job, your computer will reboot in 10 seconds.

On top of providing a humble example of a Deployment Solution job, this reboot job illustrates the power you give to your users should you make the AClient visible. With a visible client, you users are capable of configuring their User Properties so that they can abort job deployment on their computers.

Reconfiguring the AClient's User Properties

While the user warnings issued by the AClient can be useful in for certain data destructive tasks (like a reboot), it's a bit over the top to have the job notifications appearing all the time. It is more useful to control the user prompting at the level of the job itself. A simple way of doing this is with a Visual Basic (VB) script. We can use VBscript to present a message box informing the user that a reboot is imminent. Depending on what the user clicks, we can then run the reboot job. If we are to move to vbscript for prompting at the job level, we can now get rid of those user prompts in the client Access tab,

1.  Right-click the AClient icon in the systray. Select User Properties from the menu. 2.  In the Access tab, clear the user prompt check boxes and click OK (leave the Remote Control checkbox selected)

On clicking OK the agent will briefly reinitialise, allowing it to reload with the new settings. During this reinitialisation, you should see the circle in the agent icon flip white and then blue as it disconnects and reconnects once again to the server.

Helpdesk Reboot Job with Message box

Now lets improve our "Helpdesk Reboot" job to include a user prompt. For this, we need to add a task which utilises some VBScript;
  1. Create a Copy of the "Helpdesk Reboot" job Select the "Helpdesk Reboot" job and press CTRL-C and then CTRL-V to copy and paste the job. You should now see a new job appear, called "Copy of Helpdesk Reboot". Right-Click the copied job, and select rename from the context menu. Rename the job to "Helpdesk Reboot with Prompt".
  2. Add a Script task the the "Helpdesk Reboot with Prompt" job With the "Helpdesk Reboot with Prompt" job selected in the jobs pane, the details pane should show the job specifics -currently a single Power Control task. Click "Add" and Select Run Script from the menu. The run script window which appears allows you to run a script from a file, or to paste a script directly into the run window. Paste the following VBScript, which presents a simple message box to the user, 
    'vbscript
msgbox "You computer needs rebooting. Click OK to reboot.",0,"Helpdesk Reboot"

    Notice at the bottom of the Run Script form, we can choose which operating system to run our script in. The default selection is appropriate -we wish to run the script in Windows. Click "Next".

    The form which appears next (shown opposite), allows us to specify how the script is run. The defaults are fine for us, but notice the flexibility this form provides. Not only can we choose whether to run the script on either the client or the server itself, we can also choose whether to run the script under a specific account rather than using the system account. As we want to run this script under the system account on the client, the defaults are just right for us. Click "Next".

    The final form (opposite) allows us to perform actions depending on the return code. The return code (also known as the exit code) is an integer value which processes declare when they finish to let us know how well they performed their task. For this simple message box task we don't need to worry about the return code, so click "Finish"

  3. Running the Job The sharp eyed among you will have already recognised a small flaw with this job at the moment -the reboot occurs first in the task order, and the warning message box second! To correct this, simply highlight the the script job, and click the up arrow button to move it up the list. You should now see your job detail pane looking similar to the graphic opposite -the vbscript now being the first task.

    When we ran the "Helpdesk Reboot" task before, we dragged the job onto the computer. An equivalent way of associating a job with a computer, is to do the reverse -drag the computer onto the job. Try this with the "Helpdesk Reboot with Prompt" job.

Please note that this job should not be used as it is in your environment -it needs further improvement to cope with workstations which are not currently logged into (we'll tackle this in a later chapter). That takes us to the end of our taster session on Jobs and Tasks. Lets now take a quick look at some other useful management features offered by the DS Console.

Helpdesk Tools

If you right-click any computer in the console, the computer context menu has several useful tools,
  • Power Control (Wakeup, Reboot, shutdown, logoff)
  • Remote Control
  • Remote Desktop
  • Execute
  • Copy File
  • Chat

These tools are there to allow you to perform some useful tasks on PCs (such as file copies, and remote execution) without having to explicitly create jobs. For now, lets just take a look two items which are particularly useful -Remote control and Chat.

Remote Control

If you right-click your computer in the console, you'll have two Remote options available,
  1. Remote Control: This is the Deployment Solution's own remote option. This allows you to remote in and share someone elses desktop to troubleshoot issues. It provides instant access -no extra authentication.
  2. Remote Desktop: This is a quick link to fire up the Microsoft RDP Client. This does not share the remote machines desktop, and you are required to login. Remember though that this will not work out of the box -you'll need to enable remote desktop on the PC via the remote options in the computer's system properties.
If you recall, when we installed the agent we specified in the input file to allow remote control. Try this out now by selecting "Remote Control" from the options in the context list.

After a few brief moments where it attempts to connect with the message "waiting for clients to accept connection", you should be presented with your client's screen. There a couple of items on the menu bar which are worthy of mention,


  1. Chat You can initiate a chat session whilst doing remote control -most useful.
  2. File Copy This copies files to the client computer. To speed things up on slow connections, compression can be enabled and they can even be encrypted.
  3. CTRL+ALT+Delete This primarily allows us to login to machines where the GINA is present and requesting our CTRL-ALT-DELETE signal to get the login prompt
  4. Toggle Control Allows you to toggle whether your keyboard and mouse movements in the Remote Control windows are transferred the target computer or not. On the control menu bar you can also disable client input entirely.

The Remote Red Eye

A comforting feature of remote control for users with a visible AClient is that during a remote session, it flashes showing a red eye. When the remote control session ends, the AClient icon once again becomes static.

Chat

Another helpdesk tool which is available from the computer context menu is the "Chat" program. Its a shame it can't be customised to look more friendly to users in your environment -users are generally quite bewildered when they first see it.

Opposite I show a sceptical user's response to a chat session. In most scenarios you're lucky if you get his far -on being presented with an unknown window popup the instant response of most users is to close it. To get around this, compose your message in notepad first, copying it to the buffer, then initiate chat pasting your message instantly and sending. This should give the user something to read instantly -belyaing the impulse close the window.

Summary

This has been a long, but hopefully light introduction into using the DS Console. If you've got this far, you've managed to,
  • write a batch file to install an agent onto a computer with custom settings
  • examine the inventory of a managed computer
  • enable and disable user notifications of impending jobs
  • perform some simple tasks on a client such as chat and remote control
  • create your first job using a vbscript and a power control task to reboot a client computer
Further you've set up a simple computer group and job heirachy -a most useful excercise as it both improves console layout and makes the later implementation of console security easier. Now we're ready to move onto the meatier topics of the agents and imaging with Altiris.

Chapter 2: Installing Deployment Solution 6.8SP2

Chapter 4: Introduction to Imaging using PXE

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Stu Harris
Jun 17, 2008 02:52 PM

This is probably the most frequently asked question I've had from first-time Altiris customers. Thanks for taking the time to type this up!

ianatkin
Mar 27, 2008 07:20 AM

Hi Dominique,
I was simply referring to the "Thin-Client Install" option which you are offered when you begin installing Deployment Solution. With this view, the console gets a customisation option which is better for thin-clients.
You can toggle this thin-client view option once its installed though, allowing you to return at any time to the standard DS Client view.
Kind Regards,
Ian./

Migration User
Mar 26, 2008 08:09 PM

Ian,
you are correct as we are already fighting due to the customization done on the Helpdesk console it could be another breach for the Deployment Server.
Hopefully we might be able to do something with Task Server sooner or later close to what we wanted to do on Deployment Server.
Which thin-client were you referencing?
Dom

Ron.Traweek
Mar 11, 2008 01:47 PM

Very nice work there! Thank you very much.
Ron Traweek
Systems Administrator
The Cleveland Clinic Health System

ianatkin
Mar 10, 2008 03:57 PM

Hi Dom,
I certainly haven't heard of a way of doing this, and I don't even think i'd know where to start.
As you'll probably know, Altiris provide a thin-client install for DS, which essentially offers a customised view.
The fact that this is a separate install, rather than a simple console mod implies that the view in the details pane is hardcoded.
Although it would seem to be a fabulous improvement, to customise the details pane to our criteria, Altiris may not like it as an enhancement request. This would mean opening up the console in a way which would allow users to insert their own SQL queries to get the details they want on the console. And as the console refreshes rather frequently, this might not play nice with the CPU.....
Kind Regards
Ian./

Migration User
Mar 10, 2008 02:10 PM

Hello
Any way to customize the details pane?
Dom

Related Entries and Links

No Related Resource entered.