Deployment 101
March 13, 2012 12:56 PM
I have 2 weeks to deploy ~60 Windows 7 laptops and desktop workstations. How can I do this with limited/no budget and manpower? Snowflake details inside.
the biggest issue is that we don't have a windows enterprise licence.
So I'll need the Crapware off, the computer joined to a domain, and bunch of apps installed, etc etc. I think I can make an image, create a .wim file, using windows 7. Is there a way to deploy this to a network?
I realize that not having enterprise limits our options, best case scenario is that I just type in the windows keys in manually. one by one. would be easier than our current, brute force plan.
if you want met to add details let me know, I gotta go...actually set these things up.
the biggest issue is that we don't have a windows enterprise licence.
So I'll need the Crapware off, the computer joined to a domain, and bunch of apps installed, etc etc. I think I can make an image, create a .wim file, using windows 7. Is there a way to deploy this to a network?
I realize that not having enterprise limits our options, best case scenario is that I just type in the windows keys in manually. one by one. would be easier than our current, brute force plan.
if you want met to add details let me know, I gotta go...actually set these things up.
Would the Windows User State Migration Tool help you?
posted by DisreputableDog at 1:42 PM on March 13, 2012
posted by DisreputableDog at 1:42 PM on March 13, 2012
Sysprep and it's more modern versions should do most of what you want. I haven't used sysprep since XP days, but google tells me there are network-aware versions (looks like it's called the deplyoment toolkit now ? Ah, that's the PE PsuDab93 mentions. )
posted by k5.user at 1:53 PM on March 13, 2012
posted by k5.user at 1:53 PM on March 13, 2012
You could have a very relaxing two weeks if you set up an installation script using AutoIt. Remember a lot of software packages support silent installations these days. Domain joining should be easy from from the command line.
Ninite is a handy tool to installing a bunch of useful applications, you'll need the pro version (trial available) for commercial use and gain the offline installation option, so you're not hammering the 'net connection.
posted by Static Vagabond at 3:10 PM on March 13, 2012
Ninite is a handy tool to installing a bunch of useful applications, you'll need the pro version (trial available) for commercial use and gain the offline installation option, so you're not hammering the 'net connection.
posted by Static Vagabond at 3:10 PM on March 13, 2012
Like, a decade ago when I was in high school, I had a summer job at a university deploying hundreds of brand new computers. This is how we did it then (Windows 2000), and I presume that the process is the same if not significantly easier now. All the machines were the same hardware, and we wanted the exact same base software setup on all machines. So, we took a single machine, and made a brand new clean install straight off the Windows CD. I'm talking formatted all the way down, to be 100% sure none of the Dell software came along for the ride. Then, we ran all Windows Updates, and then deleted the uninstallers that we would never use and were taking up space. Then, any common software that would be on all machines (e.g. Microsoft Office, institutional virus scanner, etc.) was installed, and all appropriate updates for that software was installed. Then, a Windows System Cleanup Tool and then Defrag. At this point, our generic image was basically done, so we used Norton Ghost to make an image of the machine and store it on a network server. This image was then pushed to every other machine, basically making them all clones of each other. You said budget was limited, so if you don't have access to Norton Ghost, you may want to check out some of the disc cloning tools on, say, Hiren's Boot CD or other utility. There are plenty out there and presumably they all have similar functionality.
Back when we were working with Windows 2000, manually typing in every machine's key wasn't a big deal because the machines didn't activate against the server. With Windows 7, each machine is going to need its real key, but that is exactly what sysprep exists for. You will probably have to manually type each key, but 60 of them isn't thaaaaat bad.
Upon Googling for a nice sysprep link, I found three tutorials that might help you: link 1, link 2, link 3.
posted by wondercow at 6:16 PM on March 13, 2012
Back when we were working with Windows 2000, manually typing in every machine's key wasn't a big deal because the machines didn't activate against the server. With Windows 7, each machine is going to need its real key, but that is exactly what sysprep exists for. You will probably have to manually type each key, but 60 of them isn't thaaaaat bad.
Upon Googling for a nice sysprep link, I found three tutorials that might help you: link 1, link 2, link 3.
posted by wondercow at 6:16 PM on March 13, 2012
As a followup, I'm not allowed to use any imaging solutions at work on this job, and I'll have to do each computer by hand. Thank you for the suggestions, I hope to use one of them someday.
posted by hellojed at 7:24 PM on March 13, 2012
posted by hellojed at 7:24 PM on March 13, 2012
Assuming you have OEM licenses, that license does not provide the rights to do imaging. That's something reserved for business license agreements with Microsoft.
The suggestion to look in to autoit is a good one. Perform the first cleanup by hand, writing autoit scripts to help with the easiest steps. As you move on to each other machine, add to the scripts so you have to type/do less with each machine.
posted by fief at 8:48 PM on March 13, 2012
The suggestion to look in to autoit is a good one. Perform the first cleanup by hand, writing autoit scripts to help with the easiest steps. As you move on to each other machine, add to the scripts so you have to type/do less with each machine.
posted by fief at 8:48 PM on March 13, 2012
What's the rationale behind the ban on imaging tools?
posted by flabdablet at 9:19 PM on March 13, 2012
posted by flabdablet at 9:19 PM on March 13, 2012
unattended.sourceforge.net is still a useful resource for finding out how to script silent installations even though the main project doesn't yet support Windows 7.
posted by flabdablet at 9:25 PM on March 13, 2012
posted by flabdablet at 9:25 PM on March 13, 2012
You have a good two weeks to plow through this. If that's based on a 40 hour week you'll have to do ~2 or more an hour to keep on schedule...giving a little bit of slack for the problem PCs.
So far, some great suggestions above. Ninite will speed up the updates for browser plugins (which are crucial for preventing malware). AutoIT has a recording function within the advanced editor that could help macro out some common tasks...although for the sake of saving time, you might want to explore that more when you're not against a deadline...as it could take a big chunk of your time developing and debugging those scripts.
Unattended and Appdeploy are great resources for building unattended installs for common applications. (eg. you could keep a deploy-ready app on a thumbdrive or the network, run it, and walk tot he next station without having to answer any additional prompts)
For cleaning up residual software, CCleaner is a very popular utility. You'll be able to run uninstalls as well as perform general registry tuning and temp cleanup from within its console. PCDecrapifier is another very popular and easy to use utility that might also be worthwhile to have on hand. It even has a mode for removing the OEM junk from brand new PCs.
If you have to migrate profiles, I would probably use Windows Easy Transfer over USMT at first. They're basically the same engine, yet USMT is all command line. When more experience is gained using WET, developing an USMT script down the road will be easier.
ImageX and Sysprep are some other really good technologies for deploying Windows, but those could take the entire two weeks just developing the unattend.xml and resealing process. If you get to the point where you can get enterprise licensing it's definitely worth exploring however to save on manpower in the long run.
posted by samsara at 5:41 AM on March 14, 2012
So far, some great suggestions above. Ninite will speed up the updates for browser plugins (which are crucial for preventing malware). AutoIT has a recording function within the advanced editor that could help macro out some common tasks...although for the sake of saving time, you might want to explore that more when you're not against a deadline...as it could take a big chunk of your time developing and debugging those scripts.
Unattended and Appdeploy are great resources for building unattended installs for common applications. (eg. you could keep a deploy-ready app on a thumbdrive or the network, run it, and walk tot he next station without having to answer any additional prompts)
For cleaning up residual software, CCleaner is a very popular utility. You'll be able to run uninstalls as well as perform general registry tuning and temp cleanup from within its console. PCDecrapifier is another very popular and easy to use utility that might also be worthwhile to have on hand. It even has a mode for removing the OEM junk from brand new PCs.
If you have to migrate profiles, I would probably use Windows Easy Transfer over USMT at first. They're basically the same engine, yet USMT is all command line. When more experience is gained using WET, developing an USMT script down the road will be easier.
ImageX and Sysprep are some other really good technologies for deploying Windows, but those could take the entire two weeks just developing the unattend.xml and resealing process. If you get to the point where you can get enterprise licensing it's definitely worth exploring however to save on manpower in the long run.
posted by samsara at 5:41 AM on March 14, 2012
those could take the entire two weeks just developing the unattend.xml and resealing process
Took me longer than that to fight with the "easy" MS tools sufficiently to get myself a reference image of Windows 7 Professional. If you were working on it full time you might do better. You don't need Enterprise to use that stuff, not even a volume license key (though that saves work when it comes time to activate your new boxes).
In the end I didn't even use MDT for the actual deployment; I let it get as far as preparing a reference machine, then used my favorite Linux live CD and a handful of scripts to capture and image of that onto a bootable USB key that can re-image the machine it boots on (this turned out faster for my one-man box-unpacking workflow than using the network, even with multicast). But if your workplace prohibits imaging, you've got very little option but doing lots of things by hand and hoping you get them mostly right every time. Glad I don't work for your employer.
posted by flabdablet at 6:21 AM on March 14, 2012
Took me longer than that to fight with the "easy" MS tools sufficiently to get myself a reference image of Windows 7 Professional. If you were working on it full time you might do better. You don't need Enterprise to use that stuff, not even a volume license key (though that saves work when it comes time to activate your new boxes).
In the end I didn't even use MDT for the actual deployment; I let it get as far as preparing a reference machine, then used my favorite Linux live CD and a handful of scripts to capture and image of that onto a bootable USB key that can re-image the machine it boots on (this turned out faster for my one-man box-unpacking workflow than using the network, even with multicast). But if your workplace prohibits imaging, you've got very little option but doing lots of things by hand and hoping you get them mostly right every time. Glad I don't work for your employer.
posted by flabdablet at 6:21 AM on March 14, 2012
I ran the idea of using pcdecrapifier and other apps by my boss, who said no on the grounds that open source software requires a lot of testing by us before we can use it (time for which we don't have). Thanks for the suggestions anyway.
posted by hellojed at 7:25 AM on March 14, 2012
posted by hellojed at 7:25 AM on March 14, 2012
open source software requires a lot of testing by us before we can use it
You're in hell. Change jobs.
posted by flabdablet at 8:06 AM on March 14, 2012
You're in hell. Change jobs.
posted by flabdablet at 8:06 AM on March 14, 2012
Failing that, you can write your own .cmd script to uninstall crapware. If you start Regedit and have a look in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall, you'll find sub-keys for all the packages installed on your machine. Each of those has an UninstallString value containing the command required to uninstall the software. Most often, this will involve an invocation of msiexec.exe with an /X or /I switch and a {nasty-looking-guid}.
If you make up a .cmd script with a bunch of lines that look like
start /wait msiexec /x /passive {nasty-looking-guid}
you can run that to uninstall those items without user interaction (/x means remove package, /passive switch does that).
If the UninstallString value doesn't use msiexec but instead invokes some kind of setup command, you can try adding various switches like /S or /VerySilent to what's there to turn off all the UI. Check the unattended link I posted earlier for hints on recognizing what kind of setup package you have and what silent switches it supports.
posted by flabdablet at 8:16 AM on March 14, 2012
If you make up a .cmd script with a bunch of lines that look like
start /wait msiexec /x /passive {nasty-looking-guid}
you can run that to uninstall those items without user interaction (/x means remove package, /passive switch does that).
If the UninstallString value doesn't use msiexec but instead invokes some kind of setup command, you can try adding various switches like /S or /VerySilent to what's there to turn off all the UI. Check the unattended link I posted earlier for hints on recognizing what kind of setup package you have and what silent switches it supports.
posted by flabdablet at 8:16 AM on March 14, 2012
Also: at the school I sysadmin, I don't attempt to include our standard operating environment's application software on any of the images I put on new computers; instead, I use Group Policy to specify a startup script, and I run all the silent application installers from inside that. Startup scripts run with the credentials of the inbuilt SYSTEM user, so they're already privileged enough to do software installs. You can put your desktop and laptop machines in separate Active Directory OUs if they need different startup scripts.
I run my startup scripts synchronous and visible, and turn off their script timeout. If you can't work out how to do these things post back and I'll go look it up.
posted by flabdablet at 8:24 AM on March 14, 2012
I run my startup scripts synchronous and visible, and turn off their script timeout. If you can't work out how to do these things post back and I'll go look it up.
posted by flabdablet at 8:24 AM on March 14, 2012
I do mini rollouts on a regular basis. I have eight laptops to swap over in a few hours today. I have a Ninite Pro account and every week I make a standard intstaller with Firefox and Chrome, the plugins and Acrobat reader etc. I keep that with CCleaner, MSOfice, software keys on my flashdrive and in my home drive on the server of my workplace (I contract to several schools and small businesses).
Today I will set up three or four laptops in a row and then rotate through them until my job is done.
posted by chairish at 11:24 AM on March 14, 2012
Today I will set up three or four laptops in a row and then rotate through them until my job is done.
posted by chairish at 11:24 AM on March 14, 2012
« Older What do you call this thing? | My coworker used drugs with a student. What should... Newer »
This thread is closed to new comments.
posted by ShawnString at 1:08 PM on March 13, 2012