I don't know what I don't know and that concerns me greatly
April 12, 2015 7:50 PM Subscribe
I'm suddenly in charge of IT and I need a crash course on preparing Windows images.
Six months ago I was hired to be one of two IT guys at a medium sized company. The other IT guy had been at the company for over twenty years and was a nightmare to work with - he didn’t bother hiding his contempt for the “stupid users”, had his own way of doing things (with zero documentation) and kept me in the dark on day-to-day operations unless I twisted his arm. Management finally had enough of his behavior and let him go at the end of last week so now I’m the only IT guy on site.
I have a lot of fun work ahead of me and one of the first things I want to tackle is our imaging process. This was something that he was working on since before I was hired and it’s far from perfect. Post image prep takes upwards of two hours because there are a ton of Windows Updates and driver installs that have to be done. I feel like I can improve this.
Problem is I’ve never built an image in a corporate environment and could use some guidance on best practices. I have done images for myself so I’m not totally clueless but...yeah.
So I could use the best guides, how to videos, etc on how to properly prepare a Windows image for deployment in a corporate environment. Free is nice but I could convince the higher ups to throw money at this if needed. We are a 100% Microsoft house (Windows 7, Active Directory, Exchange, Office, etc) so nothing unusual on that front.
Six months ago I was hired to be one of two IT guys at a medium sized company. The other IT guy had been at the company for over twenty years and was a nightmare to work with - he didn’t bother hiding his contempt for the “stupid users”, had his own way of doing things (with zero documentation) and kept me in the dark on day-to-day operations unless I twisted his arm. Management finally had enough of his behavior and let him go at the end of last week so now I’m the only IT guy on site.
I have a lot of fun work ahead of me and one of the first things I want to tackle is our imaging process. This was something that he was working on since before I was hired and it’s far from perfect. Post image prep takes upwards of two hours because there are a ton of Windows Updates and driver installs that have to be done. I feel like I can improve this.
Problem is I’ve never built an image in a corporate environment and could use some guidance on best practices. I have done images for myself so I’m not totally clueless but...yeah.
So I could use the best guides, how to videos, etc on how to properly prepare a Windows image for deployment in a corporate environment. Free is nice but I could convince the higher ups to throw money at this if needed. We are a 100% Microsoft house (Windows 7, Active Directory, Exchange, Office, etc) so nothing unusual on that front.
Response by poster: We probably have two or three different models of Dell desktops and two or three different models of Dell laptops (a full site inventory is one of my top priorities).
posted by Diskeater at 8:14 PM on April 12, 2015
posted by Diskeater at 8:14 PM on April 12, 2015
So the standard corporate answer is approximately what you have, I suspect, which amounts to:
* Use sysprep and unattended install to install a base windows
* Use active directory to then put software on this
* Use SuS or equivalent to push out updates to systems
The reason for things generally being done this way, is that building images is a pain, and patching is generally a two weekly to monthly cycle for desktops, and so doing this constantly would be a nightmare. This works on the "rebuilds are actually rare" theory. That said, another common pattern is:
* have the above
* install a new system this way, and patch it to current
* Image that, and serve it out with trueimage or something similar to get the base system down (which then calls sysprep /genericize to remove the computer stuff from it and re-register with AD)
posted by jaymzjulian at 9:51 PM on April 12, 2015 [1 favorite]
* Use sysprep and unattended install to install a base windows
* Use active directory to then put software on this
* Use SuS or equivalent to push out updates to systems
The reason for things generally being done this way, is that building images is a pain, and patching is generally a two weekly to monthly cycle for desktops, and so doing this constantly would be a nightmare. This works on the "rebuilds are actually rare" theory. That said, another common pattern is:
* have the above
* install a new system this way, and patch it to current
* Image that, and serve it out with trueimage or something similar to get the base system down (which then calls sysprep /genericize to remove the computer stuff from it and re-register with AD)
posted by jaymzjulian at 9:51 PM on April 12, 2015 [1 favorite]
We just moved to using OSD in Microsoft SCCM which more or less is doing everything from scratch but automated and scripted. It's very nice from an administrative standpoint but actually slower than the way we previously did it. We had a contractor come in to help with the SCCM setup/roll-out and setting up OSD was included in the contract.
Should you not have that kind of time/resource, what we did previously was using sysprep and unattend to generalize a very robust image.
i used VMWare to create a clean Windows 7 image with all the software (Microsoft Office, Adobe Acrobat, etc) and Windows updates that we deploy to everyone. If you only have a few systems, it's pretty straightforward to shove their drivers into the image as well- the network driver is going to be the most important as it'll let you get out to Dell's website to pickup the latest versions of everything else.
Before sysprep-ing, take a snapshot in VMWare because you'll want to revert to the pre-sysprep snapshot when you want to update things. (Windows also gets grumpy about sysprep-ing too many times). It's not a bad idea to take a couple snapshots along the way (like Windows 7 with all the updates) in case you need to roll back further. Don't overdo it with the snapshots as they can quickly fill up a drive.
Then just sysprep and capture the image with whatever imaging tool you use. (We were using Ghost at the time). You'd then use the same imaging tool to deploy the image to clients.
Afterwards, every month or two I'd revert to the pre-sysprep VM snapshot and run Windows updates, get the latest Java/Flash/etc and make any other changes that were necessary... save a snapshot, sysprep, ghost, repeat.
posted by noloveforned at 8:00 AM on April 13, 2015
Should you not have that kind of time/resource, what we did previously was using sysprep and unattend to generalize a very robust image.
i used VMWare to create a clean Windows 7 image with all the software (Microsoft Office, Adobe Acrobat, etc) and Windows updates that we deploy to everyone. If you only have a few systems, it's pretty straightforward to shove their drivers into the image as well- the network driver is going to be the most important as it'll let you get out to Dell's website to pickup the latest versions of everything else.
Before sysprep-ing, take a snapshot in VMWare because you'll want to revert to the pre-sysprep snapshot when you want to update things. (Windows also gets grumpy about sysprep-ing too many times). It's not a bad idea to take a couple snapshots along the way (like Windows 7 with all the updates) in case you need to roll back further. Don't overdo it with the snapshots as they can quickly fill up a drive.
Then just sysprep and capture the image with whatever imaging tool you use. (We were using Ghost at the time). You'd then use the same imaging tool to deploy the image to clients.
Afterwards, every month or two I'd revert to the pre-sysprep VM snapshot and run Windows updates, get the latest Java/Flash/etc and make any other changes that were necessary... save a snapshot, sysprep, ghost, repeat.
posted by noloveforned at 8:00 AM on April 13, 2015
Response by poster: How many workstations are you thinking about supporting, how many images will you be deploying in a given week or month, and does that support include Windows 8?
There are roughly 150-175 workstations and 20-30 laptops out in the wild. We won't be moving to Windows 8. I'm not sure yet how many I'll be deploying per week/month but it'll probably be on an "as needed" basis - for example, all new hires and redeploys will be on the new image. I'll have a better idea once inventory is complete.
posted by Diskeater at 11:50 AM on April 13, 2015
There are roughly 150-175 workstations and 20-30 laptops out in the wild. We won't be moving to Windows 8. I'm not sure yet how many I'll be deploying per week/month but it'll probably be on an "as needed" basis - for example, all new hires and redeploys will be on the new image. I'll have a better idea once inventory is complete.
posted by Diskeater at 11:50 AM on April 13, 2015
So, you are basically in my exact situation.
After this got dumped on me with no help, I used Macrium Reflect and created an image for our 2 desktop models and 2 laptop models. Just sysprep the image after everything is updated.
I simply restore the image to an SSD with a dock when we need additional machines. It takes 15 minutes. Join the machine to the domain when done.
I completely understand how you SHOULD do things with SCCM and network image restores and yada yada yada, but honestly this is easier and costs almost nothing.
I just update the image manually every 2-3 months or if there is a major update.
posted by lattiboy at 12:51 PM on April 13, 2015
After this got dumped on me with no help, I used Macrium Reflect and created an image for our 2 desktop models and 2 laptop models. Just sysprep the image after everything is updated.
I simply restore the image to an SSD with a dock when we need additional machines. It takes 15 minutes. Join the machine to the domain when done.
I completely understand how you SHOULD do things with SCCM and network image restores and yada yada yada, but honestly this is easier and costs almost nothing.
I just update the image manually every 2-3 months or if there is a major update.
posted by lattiboy at 12:51 PM on April 13, 2015
I should also mention I looked into Acronis and other 3rd party solutions. All were expensive, had a fair amount of licensing headaches, and didn't really save any time when you factor in admin/training on the system itself.
I'm guessing your total new employee>replacement schedule is something like 15 machines per quarter. At that rate, it's very hard to justify a highly scripted or automated process as the admin of that requires more work than the simple cloning method.
posted by lattiboy at 1:09 PM on April 13, 2015
I'm guessing your total new employee>replacement schedule is something like 15 machines per quarter. At that rate, it's very hard to justify a highly scripted or automated process as the admin of that requires more work than the simple cloning method.
posted by lattiboy at 1:09 PM on April 13, 2015
« Older I used to make money writing. How can I do that... | Neat place to stay between DC and Winterthur? Newer »
This thread is closed to new comments.
posted by k8t at 7:59 PM on April 12, 2015 [1 favorite]