Slashdot Mirror
Remote or Unattended Installation Solutions?
HaloZero asks: "I work for a medium-sized company (350+ users), and am charged with new builds and deployments for a mix of aged and new desktops, and a smattering of similar laptops. The hardware is certainly not uniform across the entire infrastructure. Our current deployment 'system' (Ghost/Sysprep, Acronis/NewSID) is somewhat of a kludge -- as my mentor would say -- and I've been looking into alternative, cleaner methods. We're burgeoning on an Active Directory domain, so RIS has been the hot topic on my desk as of late. Does anyone have any experience with RIS? Is there anything that isn't very well documented that I should watch out for? We're considering other unattended install solutions, such as nLite, and a composite of Bart's PE Builder-type setups. Any other suggestions out there?"
Why not use Unattended? http://unattended.sourceforge.net/ - we use it, and it works wonders here. Unattended is a system for fully automating the installation of Windows 2000 Professional and Server, Windows XP, and Windows Server 2003. When you are finished setting up Unattended, you will be able to boot any PC from a floppy, from a CD-ROM, or directly from the network, answer a few questions, and come back an hour or two later to a fully-installed Windows workstation. We boot from the network, and the machines build themselves without our intervention. They have a step-by-step guide on how to set it up even.
Note that RIS is not a very good solution. Even if you have uniform hardware, (Like Dell's, or HP/Compaq's) changing one driver can muck up the whole process. Not so with unattended. Being an Open Source project, you are im complete control of your build process.
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
... but Internet Explorer used to be very good at facilitating remote installs.
Reality is defined by the maddest person in the room
This was covered recently in a nearly identical Ask Slashdot almost two months ago. You might find a lot of relvant information in the comments to that story. There were many great suggestions.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
I support about 20,000 desktops, running mostly Windows XP, and here's what we do.
For the actual system image itself, I've created a single DVD that contains a simple boot menu. There are some basic tools (like DBAN and an "old school" Bart's Network Boot Disk) but the bulk of the disk is devoted to an unattended XP install with (a) splipstreamed patches, (b) drivers for ALL of our major hardware models, (c)custom configuration, and (d) all of our enterprise software.
Any time that Dell (or one of our other vendors - kiosks, tablets) ships us a new machine, I update one line in an INF file, add some drivers, and automatically build another image exactly to standard -- no mystyped keys -- no forgotten registry settings. The image completes, sysprep runs, the machine shuts off, and we make an image with Ghost to send to our vendors.
That image is sent back to the OEM, and our boxes come pre-imaged. You don't need a lot of pull with your vendors for this. Most OEMs are hungry enough for your business that they'll do it no matter how small you are -- and Dell's CFI group has been a pleasure to work with.
When a machine shows up at any of our 50+ facilities, the first thing it does after getting a machine-name post-sysprep is boot up, logon as the local administrator, and visit a webpage that presents a "pretty" front end to our automated software deployment tool. [We use Marimba.] The password for the administrative account is then changed to a unique pattern-based one automatically (to allow support from Desktop, but to prevent worm-like activity) and the machine is deployed with any regional or departmental programs chosen from the Marimba front-end.
While you may not have Marimba or Alteris or SMS to do your customization dirty-work for you, you've got Active Directory, and people in the right OU's will get whatever you want deployed to them.
Similarly, we use AD to do all of our policy management -- keeping enforcement of screensavers and proxy manageable.
There's a great joy in having all of your machines running the EXACT same image - with "Extra" software installed from a known reference point (even network shares - as long as it's your network share).
The unattended guides at MSFN.org are a fantastic reference for making an unattended CD/DVD.
Or just use Etherboot to create boot floppies with a PXE stack for the NICs that don't support it.
It's always a long day... 86400 doesn't fit into a short.
I work for a mid-size company (~1500 desktops at 40+ remote sites), and I've been working on exactly the same problem for the last 2 weeks. Our solution until now has been buiding a new 'base' system and using PowerQuest V2i to take a disk image. This works OK, except for the fact that we had to build a new image from scratch every time slightly new hardware came out, and since our current hardware list is HUGE (we're slowly phasing out old hardware with new standardized stuff), it was impossible to build an image for every permutation.
Over the last 2 weeks or so I've been building up an automated deployment suite -- I started first by figuring out how to do unattended installs of all our client software (this is different for each piece of software you'll deploy, so RTFM). Microsoft generally provides *great* tools for deployment (and usually anything using the Windows Installer is easy to customize), everything else is a mixed bag. Once I had applications installing properly in unattended mode, I turned my sights to the operating system.
I explored a couple of options, like Sysprep/Image. The sysprep method worked, but there were a couple things that weren't ideal in our environment (for one, we would have had to ship 3 CDs to each of our branches -- one for the V2i restore utility itself, then 2 or 3 for the spanned disk image. Not all our machines have DVD-ROMs yet, nor do they all have local servers). The disc duplication efforts alone were a time sink.
What I ended up doing was using nLite (http://www.nliteos.com) to customize the install process, including the unattended settings. I RARed up the unattended applications, and included the RAR file, a commandline UnRAR utility, and miscellaneous filesystem stuff in the $OEM$ folder on the Windows disc. Then I put some entries in RunOnceEx which automatically UnRARed the archive, then installs each application in turn.
The total install process involves two steps of user interaction -- the first is to select what partition to install Windows to during the text-based portion of the install, and again during the setup process to ask for a machine name (we use a structured machine naming convention). The machine is joined to the domain automatically, apps are set up automatically, and the machine reboots to its 'final' state automatically. About 20-30 minutes after popping in the disc, you have a complete, reimaged system, and you only need to pay attention to it for about 30 seconds.
After stripping the OS CD down with nLite, and RARing up our customized apps, my disc came out at a nice 664MB... small enough to fit on one CD, with room left over for future service packs, patches, and additional drivers.
Now all we have to do is add new drivers and roll in new service packs and patches as needed, which is a breeze with the nLite wizard. We plan a new 'release' of the disc every 2-3 months, with incremental OS and application patches pushed out as needed.
Best of luck; it takes a little while to really figure out the best approach, but once you do it's quite easy to maintain, and is definitely a huge time saver.