Alteris Deployment v6 - 8 SP2-Deployment & Migration

ALTIRIS
Deployment Solution 6.8 SP2 Deployment and Migration Guide
Notice
Altiris Deployment Solution 6.8 SP2 2007 Altiris, Inc. All rights reserved. Document Date: June 25, 2007 Information in this document: (i) is provided for informational purposes only with respect to products of Altiris or its subsidiaries (Products), (ii) represents Altiris' views as of the date of publication of this document, (iii) is subject to change without notice (for the latest documentation, visit our Web site at www.altiris.com/Support), and (iv) should not be construed as any commitment by Altiris. Except as provided in Altiris' license agreement governing its Products, ALTIRIS ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. Altiris assumes no responsibility for any errors or omissions contained in this document, and Altiris specifically disclaims any and all liabilities and/or obligations for any claims, suits or damages arising in connection with the use of, reliance upon, or dissemination of this document, and/or the information contained herein. Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any foregoing intellectual property rights. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express written consent of Altiris, Inc. Customers are solely responsible for assessing the suitability of the Products for use in particular applications or environments. Products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. *All other names or marks may be claimed as trademarks of their respective companies.
Altiris Deployment Solution 6.8 SP2
Contents
Chapter 1: About Altiris Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Deployment Solution Architecture Deployment Server . . . . . Deployment Database . . . Deployment Share . . . . . Management Consoles . . Automation Tools . . . . . . Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 22 23 23 23 24 24
Part I: Planning and Installing Your Deployment System . . . . . . . . . . . . 25

Chapter 2: Preparing To Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Step Step Step Step Step Step 1: 2: 3: 4: 5: 6: Log on to Your Deployment Server Computer as an Administrator Create a Services Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . Gather Automation Operating System Install Files . . . . . . . . . . . Obtain a License File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Install .NET and MDAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Start Microsofts Internet Information Server (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 27 28 28 28 28
Chapter 3: Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Simple or Custom Install? . . . . . . . . . . . . . . . . . Simple Install. . . . . . . . . . . . . . . . . . . . . . . Custom Install . . . . . . . . . . . . . . . . . . . . . . Running the Setup Program . . . . . . . . . . . . . . . . . . . Enable Microsoft Sysprep Support . . . . . . . . . . . Enable Microsoft Windows Vista Sysprep Support . Remotely Install Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 29 29 29 29 30 30
Chapter 4: Post-Installation Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Step 1: Grant Full Control of the Deployment Share to Your Service Account. . . . . Step 2: Create Domain Join and Deployment Share Accounts . . . . . . . . . . . . . . . Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Share Read/Write Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 3: Grant Services Account the db_owner Role to Your Deployment Database . Step 4: Configure Your Deployment System . . . . . . . . . . . . . . . . . . . . . . . . . . . Add Your Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enable Security and Add Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . Grant Console Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . Grant Database Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 5: Configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 6: Install the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 7: Configure Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 8: (Optional) Configure PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 31 31 32 32 33 33 33 34 34 35 35 35 35 35
Chapter 5: Deployment Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

About the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Installing the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Using the Remote Agent Installer (Windows XP). . . . . . . . . . . . . . . . Step 1: Disable Simple File Sharing on Windows XP . . . . . . . . . . Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall Step 3: Get Local User Rights (admin$ Share) . . . . . . . . . . . . . . Step 4: Run the Remote Agent Installer . . . . . . . . . . . . . . . . . . Using a Script, E-Mail Link, or Manual Installation (All Platforms) . . . . Step 1: Provide Users Access to the Agent Installation Program . . Step 2: Create the Input File for a Silent Install . . . . . . . . . . . . . Step 3: Run the Installation Program . . . . . . . . . . . . . . . . . . . . Agent Auto Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
37 37 37 37 37 37 38 38 38 39 39
Part II: Booting Computers to Automation . . . . . . . . . . . . . . . . . . . . . . . 40

Chapter 6: What is Automation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Chapter 7: Automation Boot Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Which Automation Boot Method Should I Use? . PXE. . . . . . . . . . . . . . . . . . . . . . . . . . . . Automation Partitions . . . . . . . . . . . . . . . Boot Media (DVD/CD, USB Device, Floppy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 43 44 44
Chapter 8: Automation Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Which Automation Operating DOS . . . . . . . . . . . . . . Windows PE . . . . . . . . . Linux . . . . . . . . . . . . . System Should I Use? ................ ................ ................ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 46 47 47
Chapter 9: Installing and Configuring Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Configuring Automation Operating Systems . . . . . . . . . . . . Obtaining and Installing Windows PE, Linux, or DOS. . . Adding Additional Files . . . . . . . . . . . . . . . . . . . . . . . Adding Mass Storage Drivers for Windows PE. . . . . Adding Large Files to a Linux Boot Configuration . . . . . Configuring Automation Boot Methods . . . . . . . . . . . . . . . Configuring PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Automation Partitions . . . . . . . . . . . . . . . Configuring Boot Media (DVD/CD, USB device, Floppy) . Deploying Automation to Managed Computers . . . . . . . . . . Using Automation Partitions or Boot Media . . . . . . . . . Using PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 48 49 50 50 51 51 51 52 52 52 53
Chapter 10: Setting Up the Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

What is PXE? . . . . . . . . . . . . . . . . . . . . . . . Why Use PXE? . . . . . . . . . . . . . . . . . . . . . . PXE Services and Architecture . . . . . . . . . . . How PXE Works . . . . . . . . . . . . . . . . . . . . . Part 1: DHCP Request and PXE Discovery Part 2: PXE Bootstrap . . . . . . . . . . . . . . PXE Planning and Installation. . . . . . . . . . . . Enabling PXE on Managed Computers . . . Installing and Configuring DHCP. . . . . . . How Many Altiris PXE Servers Do I Need? Number of Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 55 56 57 58 58 59 60 60 60 60
Network Speed. . . . . . . . . . . . . . . . . Physical Layout of your Network. . . . . PXE Request Routing. . . . . . . . . . . . . Installing Altiris PXE Servers . . . . . . . . . . Configuring PXE Settings . . . . . . . . . . . . . . . . PXE Settings . . . . . . . . . . . . . . . . . . . . . . . . Shared vs. Local. . . . . . . . . . . . . . . . . . . Session Timeout . . . . . . . . . . . . . . . . . . . DHCP Server Options . . . . . . . . . . . . . . . Boot Integrity Services . . . . . . . . . . . . . . Boot Integrity Services (BIS) Removal Boot Options . . . . . . . . . . . . . . . . . . . . . . . . Shared vs. Local. . . . . . . . . . . . . . . . . . . PXE Redirection . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
60 60 61 61 61 62 62 62 62 62 63 63 63 63
Part III: Using Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Chapter 11: Deployment Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Computers. . . . . . . . . . . . . . . . . Jobs . . . . . . . . . . . . . . . . . . . . . Creating Jobs and Tasks . . . . . . . Context Menus (Right-click). . . . . Find a Computer in the Database Using Lab Builder . . . . . . . . . . . Computer Import File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 66 67 67 67 68 70
Managing from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Deployment Console Basics . . . . . . . . . . . . . . . . . . . . . . Features of the Deployment Console. . . . . . . . . . . . . . Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shortcuts and Resources View . . . . . . . . . . . . . . . . . . Thin Client View of the Deployment Console . . . . . . . . . . . Installing the Thin Client View . . . . . . . . . . . . . . . . . . Switching Between Two Views . . . . . . . . . . . . . . . . . . Computers Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resources pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . Inventory Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Toolbars and Utilities . . . . . . . . . . . . . . . . . . . . . . . . Deployment Solution Utility Tools . . . . . . . . . . . . . . . . Software Virtualization Solution . . . . . . . . . . . . . . . . . . . . Using SVS Admin Utility with Deployment Solution . Extending the Tools Menu on the DS Console . . . . . . . . . . Computer Filters and Job Conditions . . . . . . . . . . . . . . . . . Creating Conditions to Assign Jobs . . . . . . . . . . . . . . . Creating a Computer Group Filter . . . . . . . . . . . . . . . . General Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Console options . . . . . . . . . . . . . . . . . . . . . . . . . . . Global options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sysprep Settings . . . . . . . . . . . . . . . . . . . . . . . . OS Product Key tab. . . . . . . . . . . . . . . . . . . . . . . Task Password options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 73 73 74 74 75 76 76 76 77 78 78 79 80 80 81 81 82 83 83 84 85 85 85 86 86 86
Domain Accounts options . . . . . . . . . . . . . . . . RapiDeploy options . . . . . . . . . . . . . . . . . . . . Agent Settings options . . . . . . . . . . . . . . . . . . Custom Data Sources options . . . . . . . . . . . . . Allowed Stored Procedure List . . . . . . . . . . Virtual Centers . . . . . . . . . . . . . . . . . . . . . . . Security in Deployment Solution . . . . . . . . . . . . . . Best Practices for Deployment Solution Security. Enabling Security . . . . . . . . . . . . . . . . . . . . . Groups . . . . . . . . . . . . . . . . . . . . . . . . . . Rights . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Permissions . . . . . . . . . . . . . . . . . . . . Connecting to Another Deployment Server . . . . . . . Rejected Computers in Deployment Solution . . . . . . Refresh Deployment Solution . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
87 87 88 88 88 89 89 89 90 92 92 93 95 96 96
Managing Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Viewing Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Adding New Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Creating a New Computer Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Importing New Computers from a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Computer Configuration Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 General Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Microsoft Networking Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 TCP/IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 TCP/IP Advanced Options - IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 TCP/IP Advanced Options - Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 NetWare Client Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Operating System Licensing Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 User Account Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Deployment Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Server Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Startup/Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Deployment Agent for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Deployment Agent Settings for DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Drive Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Remote Desktop Connection Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Agent for Macintosh Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Deployment Agent for CE .NET. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Managing Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Computer Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Network Configuration . . . . . . . . . . . . . . . . . . . . TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Deployment Rules . . . . . . . . . . . . . . . Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Operations Using Deployment Solution . . . . . . Restoring a Computer from its Deployment History Configuring Computers . . . . . . . . . . . . . . . . . . . . Quick Disk Image . . . . . . . . . . . . . . . . . . . . . . . . Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . Send Files during Remote Control . . . . . . . . . . Remote Control Properties . . . . . . . . . . . . . . . Set Remote Control Permissions . . . . . . . . . . . Start Multiple Sessions . . . . . . . . . . . . . . . . . Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Account . . . . . . . . . . . . . . . . . . . . . . . . Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prompt User for Properties . . . . . . . . . . . . . . . . . Install Automation Partition . . . . . . . . . . . . . . . . . Change Agent Settings . . . . . . . . . . . . . . . . . . . . Deploying and Managing Servers . . . . . . . . . . . . . . . . Server Management Features . . . . . . . . . . . . . . . Server Deployment Options . . . . . . . . . . . . . . . . . Managing Server Blades . . . . . . . . . . . . . . . . Managing New Server Blades . . . . . . . . . . . . . Virtual Bays . . . . . . . . . . . . . . . . . . . . . . . . Hewlett-Packard Server Blades . . . . . . . . . . . Dell Server Blades . . . . . . . . . . . . . . . . . . . . Fujitsu-Siemens Server Blades . . . . . . . . . . . . IBM Server Blades . . . . . . . . . . . . . . . . . . . . Find a Computer in the Database . . . . . . . . . . . . . . . Using Lab Builder . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
125 125 125 125 125 126 126 126 127 127 129 130 130 130 131 133 133 134 134 135 135 136 136 137 138 138 139 139 141 141 141 142 143 143 144 144 145
Building and Scheduling Jobs
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 148 150 151 151 151 152 152 152 152 153 153 153 153 154
Viewing Job Details. . . . . . . . . . . . . . . . . . . . . New Job Wizard . . . . . . . . . . . . . . . . . . . . . . . Migrating Computers . . . . . . . . . . . . . . . . Selecting Computers in the New Job Wizard Apply Computers to a Job . . . . . . . . . . . . . Associating Destination Computers . . . . . . Setting up Conditions in the New Job Wizard Install Software Packages . . . . . . . . . . . . . Summary of Options . . . . . . . . . . . . . . . . . Building New Jobs . . . . . . . . . . . . . . . . . . . . . Job Scheduling Wizard . . . . . . . . . . . . . . . . . . Select Job(s) . . . . . . . . . . . . . . . . . . . . . . Select Computer(s) or Computer Groups . . . Setting Conditions for Task Sets . . . . . . . . . . . Order Condition Sets. . . . . . . . . . . . . . . . .
Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Creating a Mac Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Creating a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 162 Advanced Sysprep Settings for Creating a Disk Image in Windows Vista . . . . . . . . . . . . . 162 Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Distributing a Mac Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Distributing a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 166 Advanced Sysprep Settings for Distributing a Disk Image in Windows Vista . . . . . . . . . . . 166 Distribute Disk Image-Resizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Distribute Disk Image-Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 167 Scripted OS Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Scripted Install for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Select Operating System Version and Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Installation Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Operating System-Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Partition and Format Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Import an Answer File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Answer File Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Add a New Variable Value or Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Add a New Variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Command-line Switches for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Deployment Agent Settings for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install for Windows Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Distribute Software Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Managing the SVS Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Import Package Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Capture Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Distributing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Script Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Using LogEvent and WLogEvent in Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Copy File to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Copy File to Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Modifying Tasks in a Deployment Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Modifying Multiple Change Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Creating New Script Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Copy and Paste Jobs and Job Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Importing and Exporting Jobs . . . . . Setting Up Return Codes . . . . . . . . Sample Jobs in Deployment Solution Initial Deployment . . . . . . . . . . . . . Configurations . . . . . . . . . . . . . Advanced Configuration. . . . Jobs . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
192 193 195 196 196 197 197 198
Part IV: Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Chapter 12: Securing Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Part 1: Deployment Server Accounts . . . . . . . . . . . . . . Service Account . . . . . . . . . . . . . . . . . . . . . . . . . . Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . Deployment Share Read/Write Account . . . . . . . . . . Part 2: Deployment Administrator Accounts. . . . . . . . . . Role and Scope Based Security . . . . . . . . . . . . . . . Deployment Console Security. . . . . . . . . . . . . . . . . Manage By Exception . . . . . . . . . . . . . . . . . . . . . . Rights and Permissions . . . . . . . . . . . . . . . . . . . . . Grant Rights to Administrators . . . . . . . . . . . . . Grant Permissions to Administrators . . . . . . . . . Permission Rules . . . . . . . . . . . . . . . . . . . . . . . . . Part 3: Database Security . . . . . . . . . . . . . . . . . . . . . . Required Database Rights . . . . . . . . . . . . . . . . . . . Rights Required to Install . . . . . . . . . . . . . . . . Rights Required for the Services Account. . . . . . Rights Required for Deployment Administrators . Part 4: Securing Communication . . . . . . . . . . . . . . . . . Deployment Agent Authentication. . . . . . . . . . . . . . Key Authentication . . . . . . . . . . . . . . . . . . . . . Additional Agent Security . . . . . . . . . . . . . . . . . . . Keyboard Locks in Automation . . . . . . . . . . . . . . . . Appendix A: Remote Agent Installer Rights . . . . . . . . . . Appendix B: Managing Task Passwords . . . . . . . . . . . . . Appendix C: Managing Key-Based Agent Authentication . Backing up the Server Private Key . . . . . . . . . . . . . Enabling Key-based Authentication with Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 201 202 202 203 203 204 204 204 205 205 205 205 206 206 207 207 208 208 208 210 210 211 211 212 212 212
Chapter 13: Migrating Application Data and User Settings . . . . . . . . . . . . . . . . . . . . . 213 Chapter 14: Capturing and Deploying Disk Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
What is a Disk Image? . . . . . . . Imaging in Deployment Solution How Imaging Works . . . . . . . . . File Systems . . . . . . . . . . . Partitions. . . . . . . . . . . . . . Partition Size . . . . . . . . Spanning Media . . . . . . . . . Multicasting . . . . . . . . . . . . How Multicasting Works HTTP Imaging . . . . . . . . . . Capturing Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 214 214 214 215 215 215 216 216 216 216
Deploying Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Post-Imaging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Managing Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Chapter 15: ImageX Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Obtaining and Installing ImageX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Capturing and Distributing ImageX Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
: Mac Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Creating an Automation Image . . . . . . . . . . . . . . . . . . . . . . . . Step 1: Configure a Source Computer . . . . . . . . . . . . . . . . . Step 2: Provide Root Password for Automation . . . . . . . . . . Step 3: Provide Credentials to Access Images . . . . . . . . . . . Step 4: Image the Source Computer. . . . . . . . . . . . . . . . . . Configuring NetBoot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 1: Configure the NetBoot Image . . . . . . . . . . . . . . . . . Step 2: Start the NetBoot Service . . . . . . . . . . . . . . . . . . . Configuring AppleTalk Filing Protocol Shares to Host Disk Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 219 220 220 221 221 221 222 222
Chapter 16: Symantec Ghost Imaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Chapter 17: Software Packaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Why Use Software Packaging? . . . . . . . . . . Overview of the Software Packaging Process Setting up a Reference Computer . . . . . . . . . . . Accessing Wise SetupCapture . . . . . . . . . . Capturing a Software Package . . . . . . . . . . . . . What Can I Capture?. . . . . . . . . . . . . . . . . The Capture Process . . . . . . . . . . . . . . . . . Customizing a Software Package . . . . . . . . . . . Distributing a Software Package . . . . . . . . . . . . Appendix A: Migrating From RapidInstall . . . . . . . . . Appendix B: Windows Installer Format Explained . . . Advantages of Windows Installer . . . . . . . . Appendix C: SetupCapture Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 224 225 225 225 225 226 226 226 226 226 227 229
Chapter 18: Deploying Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Writing a Script . . . . . . . . . . . . . . . . . . . . . Server Scripting Commands . . . . . . . . . Retrieving Database Values Using Tokens Running Scripts on the Server . . . . . . . . Reporting Errors . . . . . . . . . . . . . . . . . . . . . DOS/CMD Error Handling. . . . . . . . . . . . Visual Basic Error Handling . . . . . . . . . . Linux Shell Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 232 233 234 234 235 236 237
Chapter 19: Creating an Image Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . 238

Why Use an Image Distribution Framework? PXE Redirection . . . . . . . . . . . . . . . . . . . . What if I Am Not Using PXE? . . . . . Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a Distribution Framework . . . . . . . Step One: Set Up Local Image Stores . . Step Two: Replicate Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 239 239 239 239 239 240
10
Step Three: Configure the Server Lookup Utility. . . . Create a Configuration . . . . . . . . . . . . . . . . . . Create a Server Lookup File . . . . . . . . . . . . . . GetSRV.EXE Parameter Descriptions . . . . . . . . . Step Four: Create a Boot Disk Creator Configuration Modify Mapdrv.bat to call Getsrv.bat. . . . . . . . . Deploy the Boot Configuration . . . . . . . . . . . . . Step Five: Distribute an Image . . . . . . . . . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
240 240 240 241 241 242 242 242
Chapter 20: Deploying and Managing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Server Management Features . . . . Server Deployment Options . . . . . . Managing Server Blades . . . . . Managing New Server Blades . . Hewlett-Packard Server Blades Virtual Bays . . . . . . . . . . . . . Dell Server Blades . . . . . . . . . Fujitsu-Siemens Server Blades . IBM Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 244 245 246 246 247 247 248 248
Part V: Operating System and Platform Reference . . . . . . . . . . . . . . . . 249

Chapter 21: 64-bit Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
64-bit Job Conditions and Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 64-bit PXE Boot Images & Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Adding Files to a Boot Disk Creator Configuration for 64-bit. . . . . . . . . . . . . . . . . . . . . . . . . 250
Chapter 22: Linux and Unix Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

ADLAgent . . . . . . . . . . . . . . . . . . . . . . Installing and Configuring ADLAgent . Distributing Software . . . . . . . . . . . . . . Imaging Linux and Unix Filesystems . . . . Linux Bootloaders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 251 251 252 252
Chapter 23: Managing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Supported Thin Client Manufacturers Thin Client Operating Systems . . . . . Windows XP Embedded (XPe) . . The Enhanced Write Filter . . Using the EWFMGR Utility . . Windows CE .NET . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . Licensing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 254 254 255 256 257 257 257
Chapter 24: Windows Vista. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Installing the Deployment Agent on Vista Vista Remote Control . . . . . . . . . . . . . . Vista Software Distribution . . . . . . . . . . Vista Run Script Tasks. . . . . . . . . . . . . . Deployment Agent UI on Vista . . . . . . . . Vista Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 258 258 258 259 259
Chapter 25: Power Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Installing The Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
11
Removing the Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Part VI: Reference: Deployment Solution Help Files . . . . . . . . . . . . . . . 261

Deployment Server Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Logon Account . . . . . General Option . . . . . Drive Mappings Option Transport Option . . . . Disk Imaging Option . Authentication Option Connections Option . . Debug Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 264 264 265 267 268 268 269
Introduction to Altiris Boot Disk Creator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

Toolbar Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . New Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . Configuration Name . . . . . . . . . . . . . . . . . . . . . . . . . File Server Type (DOS) . . . . . . . . . . . . . . . . . . . . . . . Multi-Network Adapter Configurations . . . . . . . . . . Network Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . Have Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TCP/IP Protocol Settings . . . . . . . . . . . . . . . . . . . . . . Altiris Deployment Server Communication . . . . . . . . . . Network Configuration . . . . . . . . . . . . . . . . . . . . . . . Network Drive Mappings and Mount Points . . . . . . . . . WinPE Boot Option Settings . . . . . . . . . . . . . . . . . . . . Configuration Summary . . . . . . . . . . . . . . . . . . . . . . Edit Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . Additional Files . . . . . . . . . . . . . . . . . . . . . . . . . . Create PXE Boot Image Files (PXE) . . . . . . . . . . . . . . . PXE Boot Image Creation Complete . . . . . . . . . . . . . . Automation Partitions, Network and Automation Boot Disks. Create Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . Create an Automation Install Package . . . . . . . . . . . . . Create Automation Boot Disk . . . . . . . . . . . . . . . . . . . Create Network Boot Disk . . . . . . . . . . . . . . . . . . . . . Remove Automation Partition. . . . . . . . . . . . . . . . . . . Import Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . Missing Files for Processor Types . . . . . . . . . . . . . . . . Install Pre-boot Operating System Files . . . . . . . . . . . . . . DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeDOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MS-DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 272 272 273 273 274 274 275 275 275 276 277 277 278 278 278 279 280 280 280 280 281 282 283 283 284 284 285 285 285 286 286 286
PXE Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Boot Menu Tab . . . . . . . . . . . . New Shared Menu Option . Edit Shared Menu Option . . Redirect Shared Boot Menu ...... ...... ...... Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 292 293 293
12
Import Boot Menu Options. . . . . . . . . . . . Regenerate Boot Images . . . . . . . . . . . . . Install Pre-boot Operating System Files. . . . . . DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeDOS . . . . . . . . . . . . . . . . . . . . . MS-DOS . . . . . . . . . . . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . . . . . . . . Windows PE . . . . . . . . . . . . . . . . . . . . . . New Configuration Wizard . . . . . . . . . . . . . . . Configuration Name . . . . . . . . . . . . . . . . File Server Type (DOS) . . . . . . . . . . . . . . Multi-Network Adapter Configurations . Network Adapter . . . . . . . . . . . . . . . . . . Have Disk . . . . . . . . . . . . . . . . . . . . Internet. . . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . . . . . . . TCP/IP Protocol Settings . . . . . . . . . . . . . Altiris Deployment Server Communication . Network Configuration . . . . . . . . . . . . . . Network Drive Mappings and Mount Points Configuration Summary . . . . . . . . . . . . . Edit Configurations . . . . . . . . . . . . . . . . . Additional Files . . . . . . . . . . . . . . . . . Create PXE Boot Image Files (PXE) . . . . . . PXE Boot Image Creation Complete . . . . . PXE Server Tab . . . . . . . . . . . . . . . . . . . . . . DS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . MAC Filter Tab . . . . . . . . . . . . . . . . . . . . . . . Define MAC Addresses . . . . . . . . . . . . . . Multicast Tab . . . . . . . . . . . . . . . . . . . . . . . . BIS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Logs Tab . . . . . . . . . . . . . . . . . . . . . . . Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . Remote PXE Installation . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
294 294 294 295 295 295 296 296 296 297 297 298 298 299 299 299 300 300 301 301 302 302 303 304 304 304 306 307 308 308 310 310 311 311
Altiris ImageExplorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Using ImageExplorer . . . . . . . . . . . . . . . . . View Properties . . . . . . . . . . . . . . . . . . General Properties for an Image File General Properties for a Volume . . . General Properties for a Folder . . . . General Properties for Files . . . . . . . Description Properties for an Image . Disk Partition Properties . . . . . . . . . Open a File . . . . . . . . . . . . . . . . . . . . . Opening Split Image Files . . . . . . . . Find Missing Split Image Files . . . . . Add New Files . . . . . . . . . . . . . . . . . . . Convert an Image . . . . . . . . . . . . . . . . Create an Image Index . . . . . . . . . . . . . Extract a Folder . . . . . . . . . . . . . . . . . . Find Files . . . . . . . . . . . . . . . . . . . . . . Filter Results . . . . . . . . . . . . . . . . . Make Self-Extracting Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 318 318 318 319 319 319 319 319 319 319 320 320 321 322 322 322 323
13
Not Enough Free Space . . . . . . . ImageX Sample Scripts . . . . . . . . . . Print Folder Contents . . . . . . . . . . . Print Preview . . . . . . . . . . . . . . Print a File . . . . . . . . . . . . . . . . . . Setting a Password on an Image File Settings . . . . . . . . . . . . . . . . . . . . Split Image . . . . . . . . . . . . . . . . . . Command Line Switches . . . . . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
324 324 324 325 325 326 326 327 328
Installing Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Deployment Server Components . . . . . . . . . . . . . . . . . . . . . Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Database . . . . . . . . . . . . . . . . . . . . . . . . . . Support for Multiple Database Instances . . . . . . . . . . Deployment Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . Deployment Server System Requirements . . . . . . . . . . . . . . . Simple Install for Deployment Server . . . . . . . . . . . . . . . . . . Custom Install for Deployment Server . . . . . . . . . . . . . . . . . Thin Client Install for Deployment Server . . . . . . . . . . . . . . . Component Install for Deployment Server . . . . . . . . . . . . . . . Installing Deployment Solution Agents . . . . . . . . . . . . . . . . . Client Connectivity and Network Adapters . . . . . . . . . . . . Installing the Deployment Agent . . . . . . . . . . . . . . . . . . Remote Agent Installer . . . . . . . . . . . . . . . . . . . . . . . . . Enter administrator account information . . . . . . . . . . Specify install directory . . . . . . . . . . . . . . . . . . . . . . Automatically Add to a Group. . . . . . . . . . . . . . . . . . Select Computers on the Network. . . . . . . . . . . . . . . Download Microsoft Sysprep . . . . . . . . . . . . . . . . . . Change Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . Get Server Security Key . . . . . . . . . . . . . . . . . . . . . Installing Deployment Agent for Windows . . . . . . . . . . . . Automating the Installation of Deployment Agent. . . . . . . Editing the Sample.inp file . . . . . . . . . . . . . . . . . . . . Creating a Template File using Remote Agent Installer Using the Template File . . . . . . . . . . . . . . . . . . . . . . Installing Deployment Agent on Linux . . . . . . . . . . . . . . . Installing the Automation Agent . . . . . . . . . . . . . . . . . . Managing Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the License Utility . . . . . . . . . . . . . . . . . . . . . . . . Install a Regular License for Altiris Products. . . . . . . . HP client computers and licensing. . . . . . . . . . . . . . . Install Multiple Licenses. . . . . . . . . . . . . . . . . . . . . . Adding a License from the Deployment Console . . . . . . . . Rapid Deployment Pack Licensing. . . . . . . . . . . . . . . . . . Finding the Number of Licenses Used . . . . . . . . . . . . . . . Computers Not Using a Regular License . . . . . . . . . . . . . Detecting an Expired License . . . . . . . . . . . . . . . . . . . . . Expired Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DS Installation Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 332 332 333 334 334 334 335 336 337 340 343 343 344 345 346 346 347 347 347 347 348 348 348 349 349 349 349 350 350 352 352 353 354 355 355 356 356 357 357 357 358 358
14
Install Configuration . . . . . . . . . . . . . Installing Deployment Server. . . . . . . Deployment Server Install . . . . . . . . . Pre-boot Operating System (Simple) . Pre-boot Operating System (Custom) Deployment Database Install . . . . . . . Altiris PXE Server Install . . . . . . . . . . Client Connection to Server . . . . . . . . Deployment Web Console Information Sysprep. . . . . . . . . . . . . . . . . . . . . . Installing Components . . . . . . . . . . . Installation Information Summary . . . Add Components Summary . . . . . . . . Deployment Database Authentication . Add Components . . . . . . . . . . . . . . . Console Install . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
359 360 360 361 362 363 363 364 364 365 365 365 365 366 366 366
Part VII: Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Managing from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Deployment Web Console Basics . . . . . . . . . . . . . . . . . . . . Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Web Console Options . . . . . . . . . . . . . . . . Basic Tasks from the Deployment Web Console . . . . . . . . . . Remote Computer Operations . . . . . . . . . . . . . . . . . . . Reject Client Computer Connections . . . . . . . . . . . . . . . Assigning and Scheduling Jobs . . . . . . . . . . . . . . . . . . Finding and Filtering Computers and Jobs . . . . . . . . . . . Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Server Configuration . . . . . . . . . . . . . . . . . . . . Global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Production Agent Settings . . . . . . . . . . . . . . . . . . . Automation Agent Settings . . . . . . . . . . . . . . . . . . Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling Security . . . . . . . . . . . . . . . . . . . . . . . . . Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Permissions . . . . . . . . . . . . . . . . . . . . . . . Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automated Deployment Services (ADS) . . . . . . . . . . . . . . . Deployment from the Altiris Console . . . . . . . . . . . . . . . . . . Adding Deployment Servers. . . . . . . . . . . . . . . . . . . . . Task Password options . . . . . . . . . . . . . . . . . . . . . . . . Configuring the Deployment Server AClient . . . . . . . . . . Viewing Notification Server Clients without AClient . . Installing AClient to a Notification Server Client . . . . Creating Deployment Server AClient Packages . . . . . Configuring the Deployment Server Agent . . . . . . . . . . . Generating Deployment Reports from the Altiris Console. Altiris Console Collections . . . . . . . . . . . . . . . . . . . . . . Using Package Servers to Replicate Deployment Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 370 371 371 372 372 372 372 373 373 373 373 374 375 375 375 379 380 381 382 383 385 385 386 387 387 387 388 388 388 389 389 390 390
15
Overview of Package Servers . . . . . . . . . . . . . . Setting Up a Central Deployment Server Library Setting Up Package Servers . . . . . . . . . . . . . . . Modify the DS Library Package . . . . . . . . . . Exporting and Importing Deployment Jobs . . . . Setting Polling Intervals in Deployment Solution . . . Setting the DS Agent Polling Interval . . . . . . . . Setting the Altiris Agent Configuration Request .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
390 391 392 392 393 396 396 397
Managing Computers from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . 398

Managing Multiple Deployment Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Adding Deployment Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Changing Task User Password options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Scheduling Jobs from Other Deployment Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Viewing Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Adding New Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Creating a New Computer Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Importing New Computers from a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Computer Configuration Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Networking Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 TCP/IP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 NetWare Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Operating System Licensing Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 User Account Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Managing Agent Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 TCP/IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Bay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Server Deployment Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Remote Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Find a Computer in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Creating a Computer Group Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Scheduling Jobs from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Viewing Job Details. . . Building New Jobs . . . Job Scheduling Wizard Select Computers . Select a Job . . . . . Schedule Job . . . . Scheduling Jobs . . . . . Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 420 422 422 422 422 422 423
16
Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 425 Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 Distributing Disk Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 427 Distribute Disk ImageResizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Distribute Disk ImageAdditional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 428 Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Distribute Software-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431 Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 Capture Personality-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 Distributing Personality Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Advanced Run Script Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 Copy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Copy File Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Copy Jobs and Job Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Importing and Exporting Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Setting Up Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 Initial Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Part VIII: Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

Appendix A: Command-Line Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Job Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Job Export Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . Job Import Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . Create Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . Schedule Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . Import Computer Utility . . . . . . . . . . . . . . . . . . . . . . . axengine.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . . Aclient.exe Command-line Switches . . . . . . . . . . . . . . . Aclient.inp Parameters . . . . . . . . . . . . . . . . . . . . . . . . ADLAgent.config Parameters . . . . . . . . . . . . . . . . . . . . . . . AClient.config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Agent for DOS Command-line Switches . . . . . . . Bootwork.exe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Agent for DOS Install (Bwinst.exe) Switches Keyboard and Screen Lock Utility (Kbdsclk) Switches . . . Deployment Server Install Switches . . . . . . . . . . . . . . . . . . Silent Install Options. . . . . . . . . . . . . . . . . . . . . . . . . . Simple Install Entries . . . . . . . . . . . . . . . . . . . . . . Custom Install Entries . . . . . . . . . . . . . . . . . . . . . . Add Component Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446 446 447 448 450 451 451 452 452 453 456 460 471 472 474 476 478 479 480 482 484
17
Client BIOS Settings for Wake-On LAN and PXE . Command-line Switches for the Pocket PC Agent Command-line Install Switches for Linux . . . . . . Command-line Install Switches for WinPE . . . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
485 486 486 487
Chapter 26: RapiDeploy Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

RapiDeploy Executable Files. . . . . . . . . . . . . . . . . . . . . . . . . Running RapiDeploy from the Command-line . . . . . . . . . . . . . RapiDeploy Command-line Switches . . . . . . . . . . . . . . . . Using Command-line Switches with Executable Images. . . Using File System Independent Resource Management (FIRM). How FIRM Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running FIRM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FIRM Command-Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 489 490 502 502 503 503 504
Appendix B: Tokens: Dynamic Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

System Tokens. . . . . . . . . . . . . . . . . . Finding the Right Token Value . . . . . . . Creating Unique Files Using Tokens. . . . Tokens . . . . . . . . . . . . . . . . . . . . Token Replacement Template Files . Template File Rules. . . . . . . . . The Token Replacement Process . . . . . . Custom Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 511 512 512 512 513 513 514
Appendix C: Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516

General Error Messages . . . . . Client Error Messages . . . . . . . Communication Error Messages Critical Error Messages . . . Memory Error Messages . . . . . Partition Error Messages . . . . . Installer Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517 519 520 520 522 523 524
Appendix D: System Jobs for Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 529

Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . Create Disk Image . . . . . . . . . . . . . . . . Distribute Disk Image . . . . . . . . . . . . . . Simple Tests . . . . . . . . . . . . . . . . . . . . . . . DIR Command at DOS . . . . . . . . . . . . . DIR Command at Windows . . . . . . . . . . Distribute RapidInstall Package . . . . . . . Migrations . . . . . . . . . . . . . . . . . . . . . . . . . Capture User Application Settings. . . . . . Capture User Desktop Settings. . . . . . . . Capture User Microsoft Office Settings . . Capture User Printer Settings. . . . . . . . . Misc Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . Install Office XP from Mapped Drive . . . . Install Office XP from UNC Source . . . . . SQL 2000 Unattended Install . . . . . . . . . SQL 2000 Unattended Install Using a RIP Copy WLogevent to Client . . . . . . . . . . . Install MSI 2.0 Runtime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530 530 530 530 530 530 531 531 531 531 532 532 532 533 533 534 534 535 535
18
Repair Office XP . . . . . . . . . . . . . . . . . . . . . . . Restart Computer . . . . . . . . . . . . . . . . . . . . . . Shutdown Computer . . . . . . . . . . . . . . . . . . . . Start SQL Server Service. . . . . . . . . . . . . . . . . Stop SQL Server Service . . . . . . . . . . . . . . . . . Uninstall Office XP . . . . . . . . . . . . . . . . . . . . . Wake up Computer . . . . . . . . . . . . . . . . . . . . . Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribute Software. . . . . . . . . . . . . . . . . . . . . Install Altiris Pocket PC Agent . . . . . . . . . . . . . Scripted OS Installs . . . . . . . . . . . . . . . . . . . . . . . Create W2K Install Disk Image (Target HD). . . . W2K Scripted Install (Target HD) . . . . . . . . . . . Create RH7 Install Disk Image (Network) . . . . . Create RH7 Install Disk Image (Target HD) . . . . RH7 Scripted Install (Network). . . . . . . . . . . . . RH7 Scripted Install (Target HD) . . . . . . . . . . . Create RH8 Install Disk Image (Network) . . . . . RH8 Scripted Install (Network). . . . . . . . . . . . . Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Send Email if Disk Space Low (Linux) . . . . . . . . Logevent Script (Linux) . . . . . . . . . . . . . . . . . . Restart HTTPD Service (Linux) . . . . . . . . . . . . . Move Computer to Default Container (Windows) Move Computer to Specific OU (Windows) . . . . . Send Error Email (Windows) . . . . . . . . . . . . . . Server-side Embedded VBScript (Windows) . . . . WLogevent CMD Script (Windows) . . . . . . . . . . WLogevent VB Script (Windows) . . . . . . . . . . . XP Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . Disable Enhanced Write Filter. . . . . . . . . . . . . . Enable Enhanced Write Filter . . . . . . . . . . . . . . Distribute RapidInstall Package . . . . . . . . . . . . Agent Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . SVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
535 535 535 536 536 536 536 536 537 537 537 537 539 540 541 541 542 543 543 544 545 545 545 545 546 546 546 546 547 547 547 547 547 548 548
Appendix E: Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549

PXE MTFTP . . . . . . . . . . . . . . . . . . . . . PXE Manager and PXECfg Service . . . . . . Deployment Web Console (Web Console) DB Management (Middle Man) . . . . . . . . Deployment Server. . . . . . . . . . . . . . . . Deployment Console (Win32 Console). . . Deployment Agent on Windows (AClient) Deployment Agent on Linux . . . . . . . . . . Client/Server File Transfer Port . . . . . . . RapiDeploy Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550 550 551 552 552 553 553 554 554 555
Appendix F: Deployment Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556 Appendix G: Windows Registry Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Key in the Security Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
19
Appendix H: Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564 Appendix I: Managing Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568

LAN Switch Support List . . . . . . . . . . . . . . . . . . . . Using Deployment Solution Switch Add-On . . . . . . . Adding a Switch Device . . . . . . . . . . . . . . . . . . Discovering a Device. . . . . . . . . . . . . . . . . . . . Deleting a Device . . . . . . . . . . . . . . . . . . . . . . Viewing and Setting Device Properties . . . . . . . Setting the VLAN for a Switch Port . . . . . . . . . . Assigning Connectivity to a Switch Port . . . . . . . Command-line Parameters . . . . . . . . . . . . . . . GUI Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Solution Switch Add-On (Command Line Command-line Examples . . . . . . . . . . . . . . . . . ....... ....... ....... ....... ....... ....... ....... ....... ....... ....... Options) ....... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569 569 570 571 571 571 571 572 573 573 574 575
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
20
Chapter 1
About Altiris Deployment Solution

Altiris Deployment Solution software provides a suite of tools to quickly install operating systems and software. Deployment Solution leverages a number of Altiris technologies to provide extensive management capabilities:
Altiris Technology
RapiDeploy Imaging Scripted OS Installation and Sysprep Integration PC Transplant Personality Migration Software Virtualization and Software Distribution Wise Package Studio and Wise SetupCapture Script deployment engine
Description
Capture and deploy computer images using PXE, DVDs, CDs, or USB drives. Perform automated scripted operating system installations using sysprep. Migrate user data and application settings to new hardware and operating systems. Deploy, activate, and manage SVS layers, and install other software packages. Build and capture custom installation packages using the latest Windows Installer technology. Remotely execute Visual basic and Linux shell scripts.
In addition, the following technologies are integrated with the features of Altiris Deployment Server software to provide comprehensive deployment and migration:
Deployment Server Feature

Task-sequencer
Description
Management tasks provided by Deployment Server can be grouped and executed in order, enabling you to perform complex management operations in a single job. Computers can be organized into multiple groups to simplify job deployment. Drag and drop a computer group onto a job and the job runs on all computers in the group. Scripts, Sysprep configuration files, and other values can use tokens to retrieve database values at run time. Quickly install the Deployment Agent on large numbers of Windows computers using the Remote Agent Installer. Managed computers are inventoried for software and hardware, and conditions and filters can be created based on this inventory. Example: a distribute software task could check the operating system and distribute the correct software version.
Computer groups
Dynamic insertion of database values (tokens) Computer discovery
Inventory
21
Deployment Server Feature

Extensive supported platforms
Description
Support for 32- and 64-bit architecture, servers, blades, thin clients, and Itanium, running Windows and Linux operating systems. Managed computers can be started or shutdown remotely.
Power control, Wake on LAN
Deployment Solution Architecture

Before installation, you should become familiar with the different components of a Deployment System and how these components interact. The following diagram provides an overview of the Deployment System components:
Depending on the needs of your environment, multiple Deployment System components can be installed on the same computer. A single dedicated server could host your Deployment Server, Share, Database, Management Consoles, and PXE Server.
Deployment Server
The Deployment Server is the central component of a Deployment System and manages the Deployment Database, the communication between the different components, and schedules jobs to run on managed computers.
22
Deployment Database
The Deployment Database provides the back-end datastore and stores details about the computers, groups, and jobs in your Deployment System. Most of the time, you do not need to interact directly with the database.
Deployment Share
The Deployment Share stores all files, such as installation programs, disk images, and SVS layers you want accessible to managed computers. This share can reside on your Deployment Server or on another computer, and is often replicated to different locations to provide better access, especially in distributed networks or when sharing large files.
Management Consoles
Deployment Solution provides three management consoles: Deployment Console: A Windows application that provides complete access to the Deployment System administration. Deployment Web Console: A Web application that provides browser-based administration. This console can be executed remotely using any Web browser, and has built-in tools to manage multiple Deployment Servers.
23
Deployment Tab in the Altiris Console: This interface is integrated into the Altiris Console to provide integrated management with other Altiris Solutions. Its features are the same as the Deployment Web Console.
Automation Tools
Automation is the preboot environment loaded by Deployment Server to perform tasks which need to happen outside of the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Deployment Solution provides several tools to boot computers to this environment and supports several automation operating systems.
Deployment Agent
This agent runs on managed computers to report inventory, run software and scripts, perform power control, and boot the computer into automation. A Remote Agent Installer is provided to quickly install the agent on multiple Windows computers. Linux computers can install the agent using startup scripts and other automated processes.
24
Part I Planning and Installing Your Deployment System

Deployment Solution is designed to meet deployment, management, and migration needs for small, medium and large organizations with diverse topologies and varying computer management requirements. This section provides steps for installing Deployment Solution components, but also includes system architecture details and discusses planning strategies to install and optimize your Deployment Solution system. The installation process is divided into the following sections: Preparing To Install (page 26) Installing (page 29) Post-Installation Configuration (page 31) Deployment Agent Installation (page 36)
25
Chapter 2
Preparing To Install
This sections lists the tasks you need to complete before you install Deployment Solution. Step 1: Log on to Your Deployment Server Computer as an Administrator (page 26) Step 2: Create a Services Account (page 27) Step 3: Gather Automation Operating System Install Files (page 28) Step 4: Obtain a License File (page 28) Step 5: Install .NET and MDAC (page 28) Step 6: Start Microsofts Internet Information Server (IIS) (page 28)
Step 1: Log on to Your Deployment Server Computer as an Administrator

The account you use to install Deployment Solution must be a Windows Administrator and must possess System Administrator rights on the SQL server that will host your Deployment Database to install the Deployment Database. These database rights can be granted temporarily and revoked after the installation completes. If you want to use a different account to create the database, you must select a custom install and provide SQL credentials instead of Windows NT authentication. Important In SQL Server 2005 TCP/IP is disabled by default. This must be enabled before you install Deployment Solution.
To grant database rights

1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:
26
3. 4.
Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. Click the Server Roles tab, and enable System Administrators:
5.
Click OK and verify that the role was added.
MSDE Database Engine

Optionally, in smaller installations, you can use the MSDE database engine instead of SQL Server. This is typically not recommended due to the lack of database management tools. MSDE must be installed on the same computer as the Deployment Server component. If you decide to use MSDE, it can be installed by selecting the Simple Install Helper option in the installation program. We recommend using the Simple Install Helper to install MSDE as this version is usable by Deployment Solution immediately after installation and requires no additional configuration on your part.
Step 2: Create a Services Account

Create an account to run the services and connect to the database. This account is used only by Deployment Server, and is not tied to a user. For security reasons, we dont recommend using an existing administrator account which might possess rights beyond those needed by Deployment Server. The account should not be part of a group and should not posses interactive login privileges. If your Deployment Database, Server, and Share are installed on the same computer, create a local account on that computer. If your Deployment Database or Share will be on a different computer than your Deployment Server, create a domain-level account, or create local accounts with the same credentials on each computer hosting a Deployment Solution component. Example: If your SQL Server is on another computer and you are not using a domain-level account, create a local account with the same credentials on your SQL Server computer. The same situation applies if your Deployment Share is hosted on another computer.
27
To create a services account

1. 2. On each computer where you host a Deployment System component, click Start > Administrative Tools > Computer Management. Browse to Local Users and Groups, and add a new user:
The process for creating domain-level accounts is similar. This is the only account that needs to be created before you install.
Step 3: Gather Automation Operating System Install Files

If you are ready to install an automation operating system, this can be done during the installation. If you are new to Deployment Solution and are not familiar with automation, we recommend skipping this step and installing automation operating systems later. Place your automation install files (BDC*.frm) in the same folder as the Deployment Solution installation program (by default, this is c:\DSSetup). During install, these files are detected automatically.
Step 4: Obtain a License File

For evaluation, you can use the integrated 7-day license, or you can use the 30-day 10node trial license that is sent automatically when the software is downloaded. If you have purchased a license, you need to have the .lic license file available during installation.
Step 5: Install .NET and MDAC

Your Deployment Server computer requires .NET 1.1 and MDAC 2.7 SP1 or later. This software is available on the Microsoft download site.
Step 6: Start Microsofts Internet Information Server (IIS)

If IIS is running during the Deployment Solution installation, the Deployment Web Console is installed automatically.
28
Chapter 3
Installing
Simple or Custom Install?
If you plan to install your Deployment Server, Database, and Share on the C drive of the same computer, select the Simple install. Otherwise, select Custom.
Simple Install
Installs to the C drive. Installs each of the Deployment System components (with the exception of the Deployment Agent) on the computer where the install was launched. Lets you install a single automation operating system (more can be added later). The Simple Install Helper installs the MSDE database engine if no database is detected.
Custom Install
Installs to a drive other than C. Lets you select a computer other than the computer the install was launched from to install each Deployment System component. If you select to do this, certain values regarding the installation are stored in the local Windows registry. This simplifies adding components or installing add-ons such as the Altiris packaged WinPE. Lets you select a custom name and instance for the Deployment Database. Lets you select a different computer to host the Deployment Share. If you plan on doing this, you must create the share and grant the account you created in Step 2: Create a Services Account (page 27) full control before installation. Lets you install multiple automation operating systems (more can be added later).
Running the Setup Program

After you have completed the steps outlined in the previous section, launch setup.exe. Use the administrator account you configured in the previous section to perform the installation, and provide the services account you created when prompted. If you need clarification during any of the installation steps, click Help. After Deployment Solution is installed, you have the option of enabling Sysprep support and remotely installing the Deployment Agent.
Enable Microsoft Sysprep Support

If you plan on using Sysprep to deploy standard images and scripted operating system installs, provide the location of the deploy.cab file for the operating systems for which you want to enable Sysprep. These are located on your Windows installation CDs.
29
This can be installed later by running setup.exe and selecting Component Install.
Enable Microsoft Windows Vista Sysprep Support

Microsoft Windows Vista Sysprep lets Sysprep run on a Vista Client after an Imaging event. Vista Sysprep lets Administrators prepare generic images for deploying images to different types of systems within an environment to eliminate the support for multiple images. After building the basic image, the Administrator can run Microsoft Sysprep on a computer to delete unnecessary information and prepare the system for imaging and distribution to other systems.
Remotely Install Deployment Agent

After the installation completes, you have the option of remotely installing the Deployment Agent. Unless you are familiar with Deployment Solution and the Remote Agent Installer, we recommend you do not install the agent at this time. A full discussion of Deployment Agent rollout is contained in Deployment Agent Installation (page 36).
30
Chapter 4
Post-Installation Configuration
This section contains the tasks you should perform after installation to complete the set up of your Deployment System: Step 1: Grant Full Control of the Deployment Share to Your Service Account (page 31) Step 2: Create Domain Join and Deployment Share Accounts (page 31) Step 3: Grant Services Account the db_owner Role to Your Deployment Database (page 32) Step 4: Configure Your Deployment System (page 33) Step 5: Configure Security Settings (page 35) Step 6: Install the Deployment Agent (page 35) Step 7: Configure Automation (page 35) Step 8: (Optional) Configure PXE Server (page 35)
Step 1: Grant Full Control of the Deployment Share to Your Service Account
If your Deployment Share was created during the installation, grant the services account full control of this share. By default, this folder is C:\Program Files\Altiris\eXpress\Deployment Server.
Step 2: Create Domain Join and Deployment Share Accounts

After installation, we recommend creating some additional accounts. These accounts are different than the accounts used by the people who are going to manage computers. These accounts are not tied to users, and should not possess interactive login or any rights beyond what is recommended here. The domain join account is used to join or re-join computers to a domain after imaging or initial deployment. The Deployment Share read/write account is used to access this share from the automation environment.
Domain Join Accounts

Create a separate domain-level account for each domain in which you manage computers, granting the rights recommended in the following table:
Rights
Domain
Description
Grant privileges to add computer to domain.
31
Deployment Share Read/Write Account

Create this account on the computer hosting your Deployment Share, granting the rights in the following table:
Rights
File System
Description
Grant read/write privileges to your Deployment Share.
Step 3: Grant Services Account the db_owner Role to Your Deployment Database
1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:
3. 4.
Double-click the account you are using to run the Deployment services. If the login is not listed, add it. Click the Database Access tab, select the eXpress database, and enable the db_owner role:
32
5.
Click OK and verify that the change was successful.
Step 4: Configure Your Deployment System

The majority of tasks you perform in your Deployment System use the Deployment Console.
To open the Deployment Console

1. Click Start > Programs > Altiris > Deployment Solution > Console.
Add Your Domain Join Accounts

If you are using accounts to join computers to a domain you need to provide the account credentials.
To add domain join accounts

1. 2. In the Deployment Console, click Tools > Options > Domain Accounts. Provide the accounts you created in Step 2: Create Domain Join and Deployment Share Accounts (page 31).
Enable Security and Add Administrators

By default, the Deployment Console can be used on your Deployment Server by any user who possesses rights to log in and run applications. This works well in situations where you already have policies in place to control server access, and you have a group of administrators who will have full access to deployment functionality. If you want to provide more granular access to configuration options, jobs, and computers, you can enable security.
To enable security
You must add at least one user or group to enable security.
33
1. 2.
In the Deployment Console, click Tools > Security. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly.
Security is automatically enabled after a user or group is added. Additional users or groups can be added using this same method.
Grant Console Rights to Administrators

1. 2. 3. In the Deployment Console, click Tools > Security. Select a user or Group and click Rights. Enable the rights you want granted. For a more complete discussion, see See Securing Deployment Solution 6.8 on the Altiris Knowledgebase.
Grant Database Rights to Administrators

Each Administrator with console access must be granted public rights to your Deployment Database. The best way to do this is by assigning public access to the Active Directory groups containing your Deployment administrators. This prevents you from manually granting this access to individual administrators as they are added or removed from Deployment management responsibilities. 1. 2. 3. 4. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins. Add a login for each user or group that will manage computers using Deployment Solution. For each user or group, on the Database Access tab, grant the public role for the eXpress database:
34
Configure Deployment Server

The Deployment Server Configuration Utility lets you configure advanced settings for the Deployment Server component. You can stop, start, or restart the Deployment Server services, update the services account, and configure additional options. You do not need to perform any configuration at this time, though you should become aware of the configuration options provided.
To Open the Deployment Server Configuration Utility:

1. Click Start > Programs > Altiris > Deployment Solution > Configuration.
Step 5: Configure Security Settings

See Securing Deployment Solution 6.8 on the Altiris Knowledgebase for an in-depth discussion of Deployment Solution security.
Step 6: Install the Deployment Agent

The Deployment Agent needs to be installed on all computers you want to manage using Deployment Solution. See Deployment Agent Installation (page 36).
Step 7: Configure Automation

If you plan on imaging computers or deploying computers using scripted installs you need to configure your automation environment. See Deployment Solution 6.8 Preboot Automation Environment on the Altiris Knowledgebase for an in-depth discussion of automation.
Step 8: (Optional) Configure PXE Server

Preboot Execution Environment (PXE) is an open industry standard that enables computers to boot remotely using a network card.
35
Chapter 5
Deployment Agent Installation

The Deployment Agent runs on managed computers to perform local management tasks as directed by Deployment Server. Some of these tasks include: Software installations SVS layer management Script execution Remote control Inventory and configuration If you plan on doing more than computer imaging or scripted installations, you should install the Deployment Agent on managed computers. Without installing the Deployment Agent, you can still boot computers to automation using PXE, embedded partitions, or boot media to perform some tasks. The agent simplifies these tasks by automatically restarting the computer and controlling when to boot the embedded partition, but it is not required.
About the Deployment Agent

The Deployment Agent can be installed in the production environment of all the computers you want to manage. Additionally, the Deployment Agent is automatically included in each of the automation boot configurations you create using PXE, automation partitions, or boot media. There are three versions of the Deployment Agent: DAgent - Windows Vista AClient - Windows XP and previous ADLAgent - Linux, UNIX, Solaris, Mac References in this document to the Deployment Agent refer to all versions; references to DAgent, AClient, or ADLAgent refer to the specific executable.
Installing the Agent

There are two standard methods to install the Deployment Agent on multiple computers: Using the Remote Agent Installer (Windows XP) (page 37) Using a Script, E-Mail Link, or Manual Installation (All Platforms) (page 37) For Additional details on the Vista, Linux and Mac agent see Operating System and Platform Reference (page 249).
36
Using the Remote Agent Installer (Windows XP)

Advantage: Browse your network to quickly select computers, monitor installation status in real time, and retry failed installations. Disadvantage: Requires Local User rights on each computer. Does not work with simple file sharing in Windows XP. Does not work on Vista.
Step 1: Disable Simple File Sharing on Windows XP

1. 2. In Windows Explorer, click Tools > Folder Options > View tab. Clear the Use simple file sharing check box in the Advanced settings section.
Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall

1. 2. Open the Security Center from the Windows Control Panel. Manage the security settings for the Windows firewall to add an exception for File and Printer Sharing.
Step 3: Get Local User Rights (admin$ Share)

To initially install the agent on managed computers, you need an account with Local User rights. You need access to this account only when performing the one-time agent installation, so either use your domain administrator, a domain account with local user rights, or any other account with local rights. After the agent is deployed, you no longer need access to this account. To determine whether you have sufficient rights, browse to:
\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights.
Step 4: Run the Remote Agent Installer

In the Deployment Console, click Tools > Remote Agent Installer. If you need clarification during any of the installation steps, click Help.
Using a Script, E-Mail Link, or Manual Installation (All Platforms)

Advantages: You do not need Local User rights to install if you have individual loggedin users initiate the install, works for Linux and Unix computers. Disadvantages: Not as automated as the Remote Agent Installer, troubleshooting will likely require direct intervention. The remaining installation methods are grouped together because they perform the same functions: Execute the agent installation while providing a configuration file for a silent install.
37
Step 1: Provide Users Access to the Agent Installation Program

The agent installation programs are stored in the Agents folder on your Deployment Share. Copy this file to a location that your users can have access. For security purposes, we do not recommend granting any users direct rights to your Deployment Share, especially if you are storing software or computer images on this share. Tip If you are managing 32- and 64-bit computers, you can install the 32-bit agent on both hardware types. After connecting, the 32-bit computers automatically update to the 64bit version.
Step 2: Create the Input File for a Silent Install

To configure new computers using a silent install, you can specify an input file containing configuration settings. Windows computers installing AClient use aclient.inp file. Linux and UNIX computers installing ADLAgent use adlagent.conf. Details on the options are contained within each file and are also described in the Deployment Solution Reference Guide. When modifying adlagent.conf, ensure you use a text editor that properly handles UNIXformat line endings. Configure each file and place a copy with the agent installation program. Optionally, for Windows computers, you can use the Force Deployment Agent Settings on New Computers feature to reduce the amount of configuration you need to perform in the input file. When this is enabled, the agent receives global settings you have specified when it connects for the first time.
To force agent settings on new computers:

1. 2. 3. In the Deployment Console, click Tools > Options. Click the Agent Settings tab and select the Force new agents to take the default settings check box. Click Change Default Settings to define default settings.
Step 3: Run the Installation Program

On each computer, you need to run a command similar to the following:
\\myshare\AClient.exe aclient.inp -install

or
./adlagent
To run this, you could: Have users copy and paste it into the Windows Run dialog, or send the link in an email message. Place it in a startup script. Execute it remotely using Telnet or SSH.
38
Agent Auto Update

The Deployment Agent has the ability to update itself to a newer version automatically, and is set to update computers in batches to prevent network overload. This greatly reduces the effort required when upgrading. See the release notes on the Altiris Knowledgebase for specific information on Agent upgrades.
Troubleshooting
See the following article on the Altiris KnowledgeBase: 18248 Remote Agent Installer Fails for AClient
Additional articles can be found by searching the Altiris KnowledgeBase.
39
Part II Booting Computers to Automation

Deployment Solution has the ability to perform work on computers before the normal operating system loads. To do this, a managed computer is booted into an environment where it can communicate with your Deployment Server to perform tasks. This preboot environment is called automation. In order to perform image capture and deployment, scripted installs, or execute certain scripts, you must implement a way to boot computers into this environment. This section provides the information you need to configure a boot method, including PXE, and select an operating environment for automation tasks.
40
Chapter 6
What is Automation?
Deployment Solution uses two modes to manage computers: Automation Automation is to the pre-boot environment loaded by Deployment Server to perform tasks which need to take place outside the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Production The normal operating system of the computer. Production tasks include software installation and personality capture.
Several of the tasks you perform to manage your network can be completed in the production environment. However, other tasks, primarily imaging, must be performed before the operating system boots. In Deployment Solution, this pre-boot environment is called the automation environment, or booting into automation mode. The following table contains a list of Deployment Solution tasks and the environment in which they execute:
Production Tasks
Distribute Software Capture Personality Distribute Personality Get Inventory SVS Copy File to Modify Configuration Power Control Run script
Automation Tasks
Create Disk Image Distribute Disk Image Scripted OS Install Run script
In order to manage computers in automation, you must select a method to boot computers to automation and decide which operating to use in the automation environment. Deployment Solution provides support for a broad range of boot methods and automation operating systems; this section helps you decide which works best for your environment. In order to set up automation, you must make the following decisions: Which Automation Boot Method Should I Use? (page 43)
41
Which Automation Operating System Should I Use? (page 46)
42
Chapter 7
Automation Boot Methods

Which Automation Boot Method Should I Use?
Deployment Solution supports a broad range of methods to boot computers into the automation pre-boot environment: PXE, automation partitions, or boot media (CD/DVD, USB device, or floppy). This section provides an overview of the available boot methods to help you select the method that works best for your environment, and contains the following: PXE (page 43) Automation Partitions (page 44) Boot Media (DVD/CD, USB Device, Floppy) (page 44)
PXE
Pre-boot Execution Environment (PXE) is an industry standard developed to boot computers using a network card. PXE can boot computers regardless of the disk configuration or operating system installed, and doesnt require any files or configuration settings on a client. After PXE boot is turned on in the BIOS, a computer can communicate with your DS PXE server to receive automation jobs. PXE provides a number of advantages, especially when you are using the initial deployment features of DS, which enables you to remotely deploy an image to a computer which has no software installed. Example: the receiving department of your company could have PXE enabled on their subnet. When a new computer arrives, a technician could quickly unpack and plug the computer into the network, and possibly enable PXE boot if it was not enabled by the manufacturer. When this unknown computer contacts the Deployment Server, it is assigned an initial deployment job, which could image the computer with the corporate standard image, install additional packages, and power off the computer. The computer is now ready for delivery with minimal effort. PXE also provides an advantage if you need to use multiple automation operating systems in your environment. Since the image containing the automation operating system is downloaded when a task is executed, different operating system environments can easily be assigned to different tasks. At the same time however, this can be a disadvantage if you are using an operating system with a large footprint, such as Windows PE, since the entire image must be downloaded each time you run an automation task. If you often run automation jobs, especially on several computers simultaneously, embedding the automation operating system on the disk is faster and significantly reduces network traffic. It is also possible to use PXE for initial deployment and install an automation partition as part of the deployment. In this case, you could use the initial deployment features of PXE for arriving computers and install an automation partition in case you need access to automation at a later time.
43
This configuration does not require PXE in your general network environment, but still provides access to the automation environment without physical access. When using the DOS automation environment, PXE provides an additional advantage: multicast boot. This enables your PXE server to simultaneously boot up to 100 computers in a single session to perform automation work. Although multicast imaging is supported in WinPE and Linux, multicast PXE booting is not provided in WinPE and is not supported in Linux. That means that after each computer has booted to automation, an imaging task can be multicast, but you cannot use multicast to boot these computers.
Automation Partitions
An automation partition is a sector of your hard disk drive partitioned and managed by DS. This partition contains the automation operating system and the files needed to contact your Deployment Server, and must be present on each managed computer. The biggest advantage to an embedded partition is that it does not require PXE, yet it still enables you to boot into automation remotely. The biggest disadvantages to embedded partitions are that they consume space on the drive, they require an existing partition on the drive, and they must be manually installed from a disk on Linux and Unix operating systems. Another drawback, depending on your configuration, might be the fact that only one automation operating system can be installed to a managed computer that is using an automation partition. If you have tools that are supported only in DOS, this might limit you to DOS for all automation tasks on a particular managed computer. Automation partitions have an additional advantage in some configurations. Optionally, you can create a different type of automation partition, called a hidden partition, to store an image (or other files) locally. This provides advantages in environments where computers need to be re-imaged often or in environments where there is limited bandwidth or network connectivity. Since the image is stored locally, the time needed to create and restore images is greatly reduced and network traffic is significantly reduced as well.
Boot Media (DVD/CD, USB Device, Floppy)

Generally, the biggest drawback to boot media is that it forces you to physically access the managed computer. However, if you are managing smaller numbers of computers or do not plan to access the automation environment often, it might be a good choice. Also, if you have employees with the ability and access to boot their own computers using disks you provide, this could also be a good solution. Boot media has some configuration limitations though. Deployment Solution is designed to manage computers remotely, even in the automation mode, and several tasks and jobs require access to both the production operating system and the automation environment. Example: An imaging operation first captures configuration details from the production operating system before booting to automation to capture the image. After imaging, this configuration is restored. Because of this, it is often difficult to schedule a job and coordinate booting the managed computer to the right environment at the right time. If you assign a job which
44
requires booting into automation mode, the boot disk must be present at the right time to boot automation. If a complex job requires access to the production environment during this time, the BIOS will most likely continue to boot to automation until the boot media is removed. If this job, or a subsequent job, requires automation access again, the boot media must be re-inserted. To avoid these issues, some customers load the automation operating system, the RapiDeploy imaging executable, and the image on bootable physical media. They boot a computer, execute the necessary commands, and provide the required image files. In this circumstance, the remote management capabilities of Deployment Server are not being used, so the process is more manual, but it does not require network access. This works especially well when managing thin clients or other computers where all necessary files can fit on a single disk or USB device.
45
Chapter 8
Automation Operating Systems Which Automation Operating System Should I Use?

After you have selected a method to boot computers into automation, you need to decide which operating system you want to use. In the past, MS DOS was the only supported option. Deployment Solution now supports Windows PE, Linux, MS DOS, and FreeDOS. This section provides an overview of the available automation operating systems so you can find an environment (or environments) that suit your needs. An important thing to note is that the automation environment you use is not constrained by the production operating system on the computer. All of the DS automation tools support these operating systems, so you can perform DS automation tasks in any operating system (Linux computers can be imaged from DOS, Windows computers can be imaged from Linux, and so on). You might even use two automation operating systems for different tasks within the same job. Example: you might use a vendor-supplied tool to perform a BIOS update in DOS, boot to Windows PE or Linux to perform an imaging task. When you set up your test environment, you might want to run automation jobs in multiple operating systems to see if one performs better in your environment. The following sections contain an overview of the automation operating systems: DOS (page 46) Windows PE (page 47) Linux (page 47) Although you can use these environments to perform a wide-variety of management using scripts and other tools, support for these environments is limited to the task performed by Deployment Solution.
DOS
DOS is still used often today as a pre-boot environment, though new technologies have emerged that might better suit your environment, such as Windows PE. The largest roadblocks most companies face when using DOS are access to drivers that support modern hardware, and security concerns. DOS still performs well for several tasks though, and can be a good choice if you have the proper driver support. DOS typically requires only around 1 MB of space. DOS provides an additional advantage in a PXE environment. When performing an automation task on multiple computers, the PXE server can use multicast to boot automation, which enables large numbers of managed computers to boot DOS simultaneously.
46
Windows PE
Windows PE (Windows Pre-boot Environment) is the next generation boot environment for Windows computers. Windows PE provides several advantages over DOS, including better driver support (Windows PE uses the same drivers used by the other modern versions of Windows), increased speed, and generally more functionality. Windows PE typically requires around 150 MB of space. The biggest drawbacks are its size, which causes increased boot time, especially when booting over the network using PXE, and its licensing requirements. Additionally, clients using Windows PE require at least 256 MB of RAM.
Linux
Linux provides an alternate pre-boot environment to DOS or Windows PE. Many vendors provide gigabit and wireless drivers for Linux that are not available in DOS. Linux typically requires around 10 MB of space. Linux can be a good choice if you do not want to license MS DOS or Windows PE, but you need updated driver support.
47
Chapter 9
Installing and Configuring Automation

This section explains: Configuring Automation Operating Systems (page 48) Configuring Automation Boot Methods (page 51) Deploying Automation to Managed Computers (page 52)
Configuring Automation Operating Systems

The following sections guide you through installing and configuring the automation operating systems supported by Deployment Solution.
Obtaining and Installing Windows PE, Linux, or DOS

Automation operating systems are installed using the Boot Disk Creator, which is available in the Deployment Console by clicking Tools > Boot Disk Creator. The following files are required to install the listed automation operating system: WindowsPE Windows PE 2005 installation CD. Currently, Windows PE is available to volume licensing customers through Microsoft. See http://www.microsoft.com/licensing/ programs/sa/support/winpe.mspx for information on obtaining Windows PE. Windows 2003 Server SP1 installation CD or Windows Server 2003 x64 installation CD. Linux The Linux 32 and 64-bit and FreeDOS preboot environments are available on the Deployment Solution for Clients or Servers download page at http:// www.altiris.com/Download.aspx. Click the Linux and FreeDOS Automation Environment link and save the file. Browse to the downloaded file when prompted during the installation, or when adding preboot operating systems using the Boot Disk Creator. MS DOS A Windows 98 installation CD (Windows 98 SE is preferred), and the proper licensing to use this on the intended computers. Files are copied from the win98 folder from this installation CD. The FreeDOS preboot environment is contained in the same file as the Linux preboot, see the Linux instructions for details. For additional information on FreeDOS visit www.freedos.org.
FreeDOS
48
To install
1. 2. 3. In Deployment Console, click Tools > Boot Disk Creator. In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems. Click Install and complete the wizard, providing the files listed in the previous table when prompted.
For complete details on this process see the Boot Disk Creator help.
Adding Additional Files

Occasionally, you might need to make additional files available within an automation environment, such as utilities or mass storage drivers. These files can be added to every automation configuration of a specific type, or to select configurations only. This is determined by the location you add the files in Boot Disk Creator:
49
The following example provides an overview of this process.
Adding Mass Storage Drivers for Windows PE

1. 2. 3. Select either the Windows PE Additional Files folder, or a specific Boot Disk Creator configuration. Right-click and select add > Folder. Using this add folder command, create the following path: i386\system32\diskdrivers Within the diskdrivers folder, create the necessary folders to contain your drivers. The folders you add should contain a txtsetup.oem file, and at least one *.sys file, and possibly additional files. You must also ensure that any sub-folders specified by txtsetup.oem are included, and that the [defaults] section references the proper device driver (some textsetup.oem files might support multiple devices and drivers, and the proper device must be specified in the [defaults] section).
The diskdrivers path is for adding mass storage drivers. If you are adding different driver types, you might need to modify this path.
Adding Large Files to a Linux Boot Configuration

Linux automation is typically loaded into RAM. Due to limitations on the amout of RAM available on most computers, there is a size constraint on the files that can be included. If you need to access larger files locally (such as a disk image), Boot Disk Creator provides a mechanism to mount a folder outside of the ramdisk, letting you access files that are too large to fit on the ramdisk. This is done by creating a folder named . in the root of your boot configuration. 1. 2. Right-click your configuration and select New > Folder. Name this folder . (do not include the quotes, just .).
50
Files placed in this folder are mounted in Linux automation at /mnt/atrsboot.
Example
You can place a disk image and the rdeployt executable in this folder, create a boot DVD, and restore the included image without network access, using a command similar to the following:
/mnt/atrsboot/rdeployt -md -f/mnt/atrsboot/[imagename].img
Configuring Automation Boot Methods

When pre-boot tasks need to be performed, DS sends a message to the client computer to restart in the automation environment. This includes a shutdown command issued from DS, and a modification to the MBR if using an automation partition. After the managed computer reboots, the automation environment is loaded from PXE, an automation partition, or from boot media. The deployment agent now contacts the Deployment Server. After a connection is established, the Deployment Server sends the client computer its assigned jobs and tasks. After the automation tasks run, a status message is sent to the Deployment Server indicating that all work is complete. The Deployment Server sends a message that the client computer should reboot back to the Production environment (the MBR is restored when using automation partitions). The following sections guide you through the process of setting up PXE, automation partitions, or media to boot your computers into the automation mode: Configuring PXE Configuring Automation Partitions Configuring Boot Media (DVD/CD, USB device, Floppy)
Configuring PXE
PXE is a server-based technology, and requires additional components on your DS server, and possibly other computers. Setting up and configuring PXE is covered in detail in a separate document, PXE in Deployment Solution.
Configuring Automation Partitions

DS provides two types of automation partitions: Embedded Partition A small embedded section installed on the production partition of a managed computer which contains the automation operating system. Depending on the operating system, the size varies from 5 to 200 MB (you can specify the size when the partition is created based on recommendations). A larger partition installed on the hard drive of a managed computer to contain not only the automation operating system, but to provide room to store images and other files. This partition is not normally viewable in the production operating system.
Hidden Partition
51
An embedded partition doesnt create an actual disk partition, it reserves space on an existing partition by marking the sectors on the disk as unusable. The target drive must have an existing partition before an embedded partition can be installed. A hidden partition creates an actual disk partition, but this partition is hidden from normal view within the production system, though it is still viewable by FDISK or by an administrator. The partition is listed as a non-DOS partition. When a computer using an automation partition is assigned jobs, the Master Boot Record (MBR) of the computer is modified to boot to this hidden partition. After the work is completed, the MBR is restored to the previous configuration. Hidden partitions are very useful for computers which are imaged often, such as those in a test lab or provided for general use (such as a hotel or a library). After the visiting person is done using this computer, you may want to quickly re-image to ensure that the next visitor finds the computer in good working order. In these circumstances, a hidden partition enables you to quickly restore an image without needing access to a high bandwidth network. Automation partitions can be installed using an installation package deployed from DS (windows only), or installed from a CD, USB device, or floppy. This is different than using boot media to access automation, because the automation partition media is used once per computer to install, later the partition is used to perform tasks. Using boot media to access automation doesnt leave any files on the computer, but the media must be used each time you want to access automation.
Configuring Boot Media (DVD/CD, USB device, Floppy)

Creating and using boot media is a straightforward process. Boot media boots a managed computer to automation without leaving any files on the computer, and can be installed to DVDs, CDs, USB devices, or floppy disks. Boot media is created directly from the Boot Disk Creator utility.
Deploying Automation to Managed Computers

Automation partitions and boot media configurations are created using the Boot Disk Creator utility. PXE configurations are created using the PXE configuration utility. This difference is due to the way in which the automation operating system is deployed to the managed computer. Automation partitions and boot media use install packages or boot disks, while PXE uses a configurable menu to provide boot options, with each option on the PXE menu linked to a specific automation configuration. This section contains guidelines to create PXE, automation partitions, or boot media configurations and deploy these configurations to managed computers.
Using Automation Partitions or Boot Media

1. 2. Install the automation operating systems you want to use, as explained in Obtaining and Installing Windows PE, Linux, or DOS. In Boot Disk Creator, Create a new configuration. The wizard is accessed by clicking File > New configuration.
52
This configuration contains the automation operating system files, network drivers, IP address of your server, and other settings which control how the managed computer communicates with your Deployment Server. This configuration does not specify how this automation configuration is installed. This is done using the Create Boot Disk wizard, which is launched automatically after you create a configuration. 3. The Create Boot Disk wizard provides three options: Creates an executable, or configures a CD, USB device, or floppy to install the automation environment. This process is executed once per device. After that, the computer uses the files from the automation partition. Select this if you are using automation partitions. For managed linux computers, you need to use a CD, USB device or floppy because no executable is provided for this platform. Create an automation boot disk Configures a CD, USB device, or floppy with the files necessary to boot a computer to automation mode. After booting, the computer executes any automation work previously scheduled, or waits for work to be assigned. Select this if you are using boot media to boot computers to automation. None of these files are installed, so the media must be used each time you need to access automation. Create a network boot disk Configures a CD, USB device, or floppy with the files necessary to boot to a prompt. This is useful if you have management task to perform that doesnt require interaction with DS, as your Deployment Server is not contacted in this scenario. None of these files are installed to the managed computer.
Create an automation partition install package
4.
After selecting how you want to install automation, complete the wizard. See the Boot Disk Creator help for additional details.
You can also uninstall an automation partition using an install package, or configure a CD, USB device, or floppy from Boot Disk Creator.
Using PXE
1. 2. Install the automation operating systems you want to use, as explained in Obtaining and Installing Windows PE, Linux, or DOS. In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services > PXE Configuration Utility), create a new menu item to correspond to the automation configuration you want to install.
53
3.
Click Create Boot Image to launch the configuration wizard. This wizard is identical to the wizard used when creating configurations for automation Partitions or boot media. When this option is selected from the PXE menu, the necessary files are loaded, the job is performed, the computer boots to the production operating system. None of these files are saved on the managed computer, they are downloaded each time the computer boots to automation.
4.
Provide any additional configuration options and click Save.
54
Chapter 10
Setting Up the Altiris PXE Server

What is PXE?
Preboot Execution Environment (PXE) is an open industry standard which enables computers to boot remotely using a network card. PXE uses standard network protocols to establish a communication channel between a computer and an Altiris PXE server during the boot process. Using this channel, an Altiris PXE server sends an execution environment to the computer so that work can be performed in a pre-boot state. In Deployment Solution, this pre-boot state is called the automation environment, and DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An overview of the automation boot methods and environments is contained in a separate document, Deployment Solution: Automation Preboot Environments. An advanced, tightly integrated PXE environment is provided with Deployment Solution. Deployment Solution leverages PXE to provide the following advantages: When a managed device needs to boot into automation, Deployment Solution restarts the computer and notifies the Altiris PXE Server. Altiris PXE Server now boots the computer into the automation environment indicated in the Deployment Solution job automatically. PXE can perform an initial deployment of a new system by checking to see if a computer exists in Deployment Solution. All PXE configuration is done using the PXE Configuration Utility from the Deployment Solution console, enabling you to remotely configure all PXE servers in your network.
Why Use PXE?

PXE is used in Deployment Solution to perform two tasks: Boot managed computers into the automation environment Perform initial deployment of new managed computers How you implement PXE is partially dependent on what you plan to do with it. Many organizations use PXE only on a subnet in a receiving department to deploy corporate images and initial configuration of new computers. After this computer is assigned to a user, PXE is not used in the normal production environment. This limits the extent of the PXE environment, but prevents you from accessing the automation environment to capture images and perform other automation-only tasks. Other companies which often use automation select PXE because it leaves no footprint on the managed computer, and has several other advantages such as image multicasting and tight Deployment Solution integration.
55
Regardless of how broadly you implement PXE, Deployment Solution provides tools and services to simplify management of PXE in your environment. This section contains the following topics providing an overview of PXE in Deployment Solution: PXE Services and Architecture How PXE Works
PXE Services and Architecture

PXE services use a tiered-architecture which enables you to provide global settings and boot options shared across all Altiris PXE Servers, override configuration and expand boot options on a local level. Boot options and PXE settings can be applied to a shared configuration. This shared configuration is inherited by all Altiris PXE Servers in your environment. Each Altiris PXE Server still has its own specific configuration, so you can override settings and add additional boot options as needed. New services have been provided to replicate settings and data automatically, making it unnecessary for you to individually configure each PXE server. The following table contains an overview of the PXE services:
Service
PXE Manager
Description
Provides all boot options and configuration settings for each Altiris PXE Server in your environment. Interfaces with the PXE Config Utility to replicate data and apply PXE configuration. Manages all communication between your Deployment Server and your Altiris PXE Servers. The PXE Manager Service is installed on your Deployment Server regardless whether or not you have also installed an Altiris PXE Server.
PXE Config Helper
Interfaces with PXE Manager to receive data and configuration. Configures, starts, and stops the additional PXE services on the Altiris PXE Server.
Altiris PXE Server
Provides the PXE listener and proxy DHCP to respond to PXE requests and send the location of bootstrap files. Sends bootstrap files to managed computers using TFTP.
MTFTP
The PXE Manager service interacts with Deployment Server, PXE Helper service, and the PXE config utility to perform centralized PXE management:
56
On each individual Altiris PXE Server, the Altiris PXE Server service and the MTFTP service are installed to perform the work of an Altiris PXE Server. These services are configured, started and stopped by the PXE Config Helper service. Clients connect directly to these services during the PXE boot process:
How PXE Works

Before a computer can boot over a network, it needs two things: an IP address to communicate, and the location of an Altiris PXE Server to contact for boot instructions. The following sections outline the PXE boot process: Part 1: DHCP Request and PXE Discovery Part 2: PXE Bootstrap
57
Part 1: DHCP Request and PXE Discovery

Request and Receive an IP Address
Initially, the boot agent directs the execution of normal DHCP operations by broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local physical subnet to discover a DHCP server. Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating their server IP. When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet that includes its MAC address and the IP address of the selected DHCP server. The DHCPREQUEST also contains option 60 to identify the client as a PXE client.
PXE Option 60
DHCP lets clients to receive options from the DHCP server indicating various services that are available on the network. A number of standard and custom options are available that can convey a vast amount of information to DHCP clients. Option 60 deals specifically with PXE related services. Both PXE clients and servers use option 60 to convey specific information about the PXE services they need or are providing.
Contacting the Altiris PXE Server

All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a different server, the IP address they offered is reclaimed. The DHCP server providing the accepted offer supplies a DHCPACK packet to the client to acknowledge the clients receipt of its IP. During this process, the Altiris PXE Server monitors the wire for DHCPREQUEST packets with an option 60 (PXE client). When a packet is recognized, the clients MAC address is used to find any pending automation work in Deployment Server. If no automation work is required, the Altiris PXE Server does not respond to the client and it boots normally. If there is work to do, the Altiris PXE Server responds with its address using a DHCPACK with option 60. At this point, the client has received a DHCPACK containing an IP address, and a DHCPACK with option 60 containing an Altiris PXE Server. If the Altiris PXE Server is located on the same server as DHCP, both are contained in the same DHCPACK packet.
Part 2: PXE Bootstrap

The client is ready to contact the Altiris PXE Server for boot files. After this request, clients are provided with a boot menu containing all boot options that the Altiris PXE Server can provide. Most of the time, the correct boot option has already been selected by the Deployment Server, so this is transfered to the client. After the selection is made, the client requests the necessary boot files using MTFTP. This consists of a .0 and a .1 file. The .0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the BIOS interrupt vectors, interrupt structures and hardware information tables to make the RAM disk function exactly like a typical floppy disk. This file copies the .1 file byte by byte into the newly created RAM disk.
58
The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and additional files which ultimately provide the automation environment on the managed computer. The following diagrams contain a basic outline of this process:
PXE Planning and Installation

This section contains an overview of the PXE deployment process, in the following sections: Enabling PXE on Managed Computers Installing and Configuring DHCP How Many Altiris PXE Servers Do I Need? Installing Altiris PXE Servers
59
Enabling PXE on Managed Computers

Each computer you plan to manage using PXE must have PXE boot enabled (sometimes called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea to apply the latest BIOS updates, especially if your network card is integrated on the motherboard. Deployment Solution also supports Wake on LAN to power on managed computers remotely. If this is enabled, a Wake on LAN signal is sent to the managed computer if the device is disconnected from Deployment Server when a job is scheduled to start.
Installing and Configuring DHCP

DHCP is an integral part of the PXE process, and must be installed and configured in order to use PXE. A DHCP server is not provided with Deployment Solution, you must obtain, install, and configure this component separately. After DHCP is set up and your Altiris PXE Servers are installed, you need to configure how your Altiris PXE Servers interact with the DHCP server. This is done using the PXE Configuration Utility.
How Many Altiris PXE Servers Do I Need?

Number of Client Connections
Altiris PXE Servers do not typically require a lot of resources. By using multicast, a single Altiris PXE Server can deploy a DOS boot image to up to 100 computers at a time, and not consume any more resources than it would while deploying a single image. If you are using WinPE or Linux however, multicast boot is not available. Usually a single Altiris PXE Server in a specific location is enough if you either use multicast to deploy images or spread out your image capturing jobs to be in line with the capabilities of your server. Additional Altiris PXE servers can easily be added if necessary.
Network Speed
Since the majority of the resources on an Altiris PXE Server are used for transferring files over the wire, the faster the network, the more work a single Altiris PXE Server can do. A single Altiris PXE Server on a gigabit network can capture and deploy several times as many images over a period of time than even multiple servers on a slower network.
Physical Layout of your Network

Your PXE configuration might be set up according to the physical layout of your network. If you have three offices in different locations, it might make sense to install an Altiris PXE Server at each location to reduce traffic and resolve routing issues (see PXE Request Routing). In these configurations, the deployment share can be mirrored to a local server, and images are usually taken from and restored to local file servers. See PXE Redirection (page 63) for an example of this type of configuration.
60
PXE Request Routing

PXE clients use broadcast packets to find DHCP and PXE services on a network, and multicast packets (MTFTP) to transfer files. These packet types can present challenges when planning a PXE deployment because most default router configurations do not forward broadcast and multicast traffic. Because of this, either your routers need to be configured to forward these broadcast and multicast packets to the correct server (or servers), or you need to install an Altiris PXE Server on each subnet. Routers generally forward broadcast traffic to specific computers. The source subnet experiences the broadcast, but any forwarded broadcast traffic targets specific computers. Enabling a router to support DHCP is common. If both PXE and DHCP services are located on the same computer, and DHCP packet forwarding is enabled, you shouldnt have any problem transferring broadcast packets. If these services are located on different computers, additional configuration might be required. If you are going to forward packets, ensure your router configuration lets DHCP traffic to access the proper ports and IP addresses for both DHCP and Altiris PXE servers. Once the broadcast issues are resolved, the routing of multicast traffic must be considered. Multicasting leverages significant efficiencies in transferring files but also introduces challenges similar to broadcast packet forwarding. Like the broadcasting solution, routers can be configured to support multicast traffic between PXE Clients and Altiris PXE Servers. Please consult the documentation provided by your router vendor for additional information on packet forwarding.
Installing Altiris PXE Servers

After you have determined the PXE needs of your network, you must to determine where to install these Altiris PXE Servers. An Altiris PXE Server can be installed on your Deployment Server, on your DHCP server, on another server in your network (such as a file server), or as a standalone server. You can also use a combination of these (example: an Altiris PXE Server on your Deployment Server and your DHCP server). The actual installation process is straightforward. You can install an Altiris PXE Server at the same time as you install Deployment Solution, or you can install one later by running the installation program and selecting the add additional components option. After these servers are installed an running, they are configured using the PXE Configuration Utility. See the following section.
Configuring PXE Settings

All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is used to create and modify two things: Global and local configuration settings. These settings include timeout values, replication and logging options, and so on.
61
Boot options. Each boot option corresponds to a specific configuration which includes an operating system, network and other drivers, utilities, mapped drives, and so on. This section contains a brief overview of selected PXE configuration and boot options. For complete details, see the help for the PXE Configuration Utility.
PXE Settings
Shared vs. Local
Deployment Solution provides a PXE settings hierarchy enabling you to provide shared and local PXE configuration values. All Altiris PXE Servers inherit the shared values unless they are overridden on the local server.
Session Timeout
The PXE configuration utility connects the PXE Manager service on Deployment Server. To ensure your changes are not overwritten by another instance of the PXE Configuration Utility, only one instance of PXE config can connect to PXE manager at any given time. If you attempt to launch PXE Configuration when another instance is running, you receive an error. To prevent you from being completely locked out for extended periods (example: an instance is inadvertently left open on another computer), a timeout has been added which terminates a connection after 30 minutes of inactivity after someone else attempts to connect. This timeout only applies if someone else is attempting to launch PXE Configuration. If no other connections are attempted, the timeout is never enabled and your session remains active.
DHCP Server Options

For most circumstances, you want option 1. If you have DHCP installed on your Deployment Server but it is not active, Deployment Server might still attempt to communicate with that instance. This is changed by selecting option 3. If you are using a 3rd party DHCP server which automatically sends the client 60 message, select option 2.
Boot Integrity Services

PXE is potentially vulnerable to hackers, especially in security-conscious business and government settings not willing to risk network boot ups unless safeguards are in place (example: it is important ensure that the boot image comes from a trusted source and has not been tampered with in transit). You can also designate and enforce which boot images can be installed on selected groups of platforms. Boot Integrity Services (BIS) addresses these security needs. BIS enhances the network boot environment by providing mechanisms to validate the source and integrity programs and data downloaded over the network prior to the time an operating system is installed. Using BIS firmware built into the client computer, BIS can validate (before executing a boot image) that the image came from a trusted source and was not tampered with en route.
62
Deployment Server supports the BIS technology. However, the BIS support from Altiris is only applicable when the computers being managed also supports BIS. Even if BIS is configured from the Deployment Server console, BIS will not work unless the physical computer supports it. At the present time, there are very few computers that support BIS.
Boot Integrity Services (BIS) Removal

With the advent of Deployment Solution 6.8 and 64-bit support the Boot Integrity Services (BIS) could no longer be managed. In the released version of Deployment Solution 6.8 the BIS configuration was removed from PXE Config utility. In SP1 the BIS CDSA database has been removed and is no longer supported. If you are currently running DS 6.5 with active BIS support, please remove the BIS support before upgrading to Deployment Solution 6.8 because when Deployment Solution 6.8 SP1 is installed all references to BIS are removed.
Boot Options
Boot options are the boot configurations provided to a client by an Altiris PXE Server. Each boot option has a corresponding automation operating system, network drivers, and other settings.
Shared vs. Local

Deployment Solution provides a PXE boot option hierarchy enabling you to provide shared and local PXE boot options. Shared boot configurations are available on all Altiris PXE Servers, while local boot options are available on a specific Altiris PXE server.
PXE Redirection
Lets you redirect a global PXE menu option to a local PXE menu option. Redirection settings are not available globally, they are always specific to an individual Altiris PXE Server. This is due to the role redirection plays in your PXE environment. Consider the following example: You manage computers in three locations: Two offices in Ontario, and one office in Alberta. To limit transfer between each site, each office has a local Altiris PXE Server, and a file server with a mirror of the deployment share. This enables clients at each location to contact the local Altiris PXE Server to boot and use the local deployment mirror to access the network tools and to store images. You need to create a job to capture an image of each managed computer on Friday evening, once a month. To create this job, you add an imaging task, select a PXE boot option, and set the schedule. Hold on. If you select the same PXE boot option for each office, you are going to have problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress, and stores captured images on alb1\images. The two Ontario offices use the ont1 and ont2 servers respectively. You could go ahead and create three global configurations and three different jobs, but that is confusing and could potentially cause problems if the wrong selection is made. If you took this route, on each Altiris PXE Server, two of the three global configurations could potentially cause problems (they are mapped to drives in remote offices). To avoid
63
problems, select a single global configuration for a job and update it based on the location of the Altiris PXE Server. This is exactly what redirection does. You create a global configuration (example: named Imaging Environment). On each Altiris PXE Server, you create a local configuration for each office with the correct server mappings. The Imaging Environment global option is redirected to the local option, and the process is simplified. Now the imaging job can be applied to all computers at once, simplifying the process and reducing the chance of errors.
64
Part III Using Deployment Solution

This section provides feature identification and basic procedures for deploying and managing computers using Altiris Deployment Solution software.
65
Chapter 11
Deployment Basics
Deployment Solution provides a graphical, object-based interface to manage computers. After you have installed the Deployment Agent and the computer has connected, the computer can be managed using the Deployment Console.
Computers
Each computer and computer group in your environment is represented in the computers pane:
Computers can be dragged into a group, or automatically assigned to a group when the agent is installed. Computers can belong to only one group. When a new computer connects, it is placed in the New Computers group.
Jobs
Jobs contain a sequence of tasks to perform work on managed computers. Example: a job might be install and activate Winzip 10. This job might have a condition specifying that it should only execute on Windows XP computers with 500 MHZ or greater processors.
66
Each job that can be assigned to a computer or computer group is represented in the jobs pane:
Computers are assigned jobs by dragging and dropping computers onto a job. Jobs can also be scheduled by right-clicking and selecting the Job Scheduling Wizard.
Creating Jobs and Tasks

Jobs are created by adding one or more tasks to a job. Tasks include create disk image, distribute software, manage SVS layer, and run script. These tasks run sequentially and can trigger other events, such as a stop job or execute other job depending on the return code of the task.
Context Menus (Right-click)

In the Deployment Console, you can right-click almost any object for a context-specific list of management options. Example: if you right click a computer or group, you are given the option of viewing computer details or job history, remote controlling or opening a chat session, renaming, power control, and several other options.
Find a Computer in the Database

This search filter lets you type a string and query specified database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. This search filter queries the property values appearing in the Computer Properties (page 124).
67
Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The computers that match the search will be highlighted in the Computers pane. 1. In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string will be compared with specified database fields. In the In Field box, select the field you want to search in the Deployment Database. Example: to find a computer by searching for its IP address, type the address in the Search For field and select IP Address from the In Field drop-down list.
2.
Name MAC Address IP Address ID Serial Number Asset Tag UUID Product Key Physical Bay Name
BIOS name of the computer. Example: 0080C6E983E8. Example: 192.168.1.1. Example: The computer ID. 5000001. Serial number installed in BIOS. A primary lookup key. Asset number in BIOS. A primary lookup key. A primary lookup key. Product Key for the operating system. The actual bay number. Example: 7x.
Computer Name Deployment Solution name of the computer.
Registered User Name entered when the operating system was installed. Logged On User Name of the user currently using the computer.
The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and lets wildcard searches using the *.
Using Lab Builder

Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a classroom or lab environment.
Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment.
68
You can set up jobs to:

Create Disk Image Deploy Lab Restore Lab Update Configuration Upload Registries Each job contains a default list of tasks. Lab Builder places these five new jobs under a folder (which you name) located under the Lab folder. All tasks in the jobs are assigned default paths and file names that let them use the same images and configuration information, registry data, and so on. We recommend that you do not change the file names and paths. If you change the default settings (Example: changing the image name), you must change it in all jobs where the image is used.
To use Lab Builder

1. 2. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder. Enter the name of the lab setup. Note The lab name must be unique because the program creates a default image file name based on the name, and the image file name must be unique. The default image name is synchronized in all lab jobs, so if you change the name later you must change it in all jobs that use the image. 3. 4. 5. Enter a lab description to help you differentiate the lab from others. This field is optional. Click OK. Identify an image in the Create Disk Image job. Set computer names and addresses in the Update Configuration job.
The following information describes the default jobs. To run one of these jobs, drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you to set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server.
69
Computer Import File

Use the following format to import new computers from a text file. You can easily create a computer import file by entering data in the provided Microsoft Excel spreadsheet (ImportComputers55.xls) located in the Samples folder of the Deployment Share. A semicolon as the first character denotes comment lines. Quotes around fields are optional. Leaving the job name blank does not assign the computer to any job. Leaving the start time blank makes an entry in the job for the computer, but does not schedule it for a specific time. Only the Name field is required. Quotes around fields are optional. You can populate your computer database using the format provided below. The Import Computers text file can be imported into Deployment Solution using the File > New Computer > Import or File > Import/Export > Import Computers.
Tips for creating a new computers import file

When using Boolean references, do not use quote marks. These fields are marked with a B: 1=On/True and 0=Off/False. For some fields, this input format supports multiple IP Addresses, delimited by a ; (semicolon) within the field. These fields are marked with a (;). Example: the gateway field could read, 30.11.11.2, for a single IP address or, 30.11.11.2;30.11.11.3;30.11.11.4, to support three IP addresses. All fields (up to and including site) must be present in the file, but all data except for Name is optional. To use optional fields for multiple network adapters, the preceding fields are required. Example: to use Nic3 fields, all fields for Nic2 are required. For Deployment Server to read the import text correctly, ensure there is a final hard return at the end of the file.
Format for the New Computers text file

Outlined below is the field order for the database input. Fields marked (ignored) are not used by version 5.5 and later, but are included to support previous versions. ;Name,MAC Address 1,Serial Number,Asset Tag,Computer Name,Domain(B),Domain/ Workgroup Name,Domain Controller Name(ignored),DHCP(B),IP Address(;),Netmask(;),Gateway(;),Preferred DNS(;),Alternate DNS,Alternate 2 DNS,Preferred WINS,Alternate WINS,Hostname,Domain Suffix,Use Preferred Tree(B),Preferred Server,Preferred Tree,Netware User,NDS Context,Run Scripts(B),User,Organization,Key,Password Never Expires(B)(ignored),Cannot Change Password(B)(ignored),Must Change Password(B)(ignored),Username(ignored),Full Name(ignored),Groups(ignored),Password(ignored),Contact,Department,Email,Mailstop ,Phone,Site,Computer Group,Job,Job Start Time,NIC2 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC3 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC4 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC5 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
70
Suffix,NIC6 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC7 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC8 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix
Example Import File

DB Computer 1,00a0c95c2640,6X18FHGZP21P,6X18FHGZP21P,Computer1,1,Altiris,,1,,,,,,,,,computer 1h,altiris.com1,1,server1,tree1,user1,context1,1,John Doe,"Altiris, Inc.",12345-OEM1234567-12345,,,,,,,,John Doe,Engineering,jdoe@altiris.com,111,(801) 8051111,Lindon,Test Group,Test Job,12/31/2001 17:30,00a0c95c2641,0,172.25.10.180,255.255.0.0,172.32.0.4,172.32.0.1;172.32.0.7, 172.32.0.4,altiris.com2,00a0c95c2642,1,,,,,,altiris.com3,00a0c95c2643,0,1.1.1.1;2.2.2 .2,255.255.255.255;255.255.255.0,1.1.1.2;2.2.2.1,3.3.3.3;4.4.4.4,5.5.5.5;6.6.6.6,alti ris.com4,00a0c95c2644,1,,,,,,altiris.com5,00a0c95c2645,0,1.1.1.1,2.2.2.2,3.3.3.3,4.4. 4.4,5.5.5.5,altiris.com6,00a0c95c2646,1,,,,,,altiris.com7,00a0c95c2647,0,5.5.5.5,4.4.4 .4,3.3.3.3,2.2.2.2,1.1.1.1,altiris.com8
71
Managing from the Deployment Console

Deployment Solution provides both Windows and Web user interface consoles to deploy and manage computer devices across local or wide area networks. It also provides a Thin Client view of the Deployment Console. As an IT administrator, you can manage all computer devices from one of these Deployment consoles: The Deployment Console is a Windows-based console with complete deployment and management features, including remote control, security, Altiris PXE Server configuration, image editing, and other deployment utilities and features. See Deployment Console Basics (page 73). The Deployment Web Console provides basic deployment and management functionality from a Web browser, including the ability to remotely access and manage computer devices, build and schedule jobs, and view multiple Deployment connections. The Thin Client View of the Deployment Console provides a simplified experience when dealing exclusively with Thin Clients. The functionality of the Thin Client Console is identical to that of the current Deployment Console. However, you can toggle from Full View to Thin Client View. Deployment from the Altiris Console combines management and reporting features across multiple Deployment Server systems and lets you integrate additional Web applications in the client and server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, Patch Management and Application Metering solutions.
To launch the Deployment Console, double-click the icon on the desktop, or click Start > Programs > Altiris > Deployment Solution > Console.
Features of the Deployment Console. The Windows console for Deployment Solution provides standard Computers, Jobs, and Details panes to drag and drop icons, view properties, and identify state and status of Deployment objects. In addition, the Deployment Console also includes a Shortcuts and Resources view and provides the tools, utilities and features required for complete computer resource management. See Deployment Console Basics (page 73). Set Program Options. From the Tools > Options dialog, you can set preferences for each Deployment Server system. See General Options (page 85). Set Security. From the Tools > Security dialog, you can set security rights and permissions for all Deployment consoles. See Security in Deployment Solution (page 89). Connecting to other Deployment Server systems. Connect to other Deployment Server connections from your current Deployment Console and manage computers beyond your current network segment or site. See Connecting to Another Deployment Server (page 95). Customize the Tools menu. You can add commands to the Tools menu to open commonly-used deployment programs and utilities. See Extending the Tools Menu on the DS Console (page 82).
72
Deployment Console Basics

The Deployment Console is your main portal to Deployment Solution. It is a feature-rich Win 32 program with real-time access to computer resources, deployment jobs, and package files, each represented with distinct icons to identify the status and settings. From the Deployment Console you can build simple or complex deployment jobs, assign them to a computer group, and verify deployment execution. Because the Deployment Console can reside on its own computer, you can have multiple consoles running from different locations. The Deployment Console needs to be running only while creating assignments or viewing information about the managed computers. You can turn on the console, run management tasks, and turn off the console. Scheduling information is saved in the Deployment Database and tasks are executed at their scheduled time. If an assignment to a managed computer is made from two different consoles at approximately the same time, the computer is assigned those tasks in the order they are received. See Console options (page 85) to set refresh intervals for the Deployment Console.
Features of the Deployment Console

Like all Deployment consoles, the Deployment Console is divided into several panes to organize computers, deployment jobs, and software packages and scripts. It gives you a graphical view of your network and provides features to build jobs, drag-and-drop icons to schedule operations, store and access jobs and packages, and report the status and state of your computer resources. The Deployment Server includes three main panes, plus toolbars, wizards, shortcuts, and utility programs.
Computers pane
Use this area to view and select managed computers for the Deployment Server system. You can select and right-click a computer in the Computers pane to run Remote Operations Using Deployment Solution (page 127), or view Computer Properties (page 124). You can also create computer groups to organize collections of similar computers.
Create computer groups by clicking Computer Groups on the toolbar, or right-clicking in the Computer pane and selecting Groups. Click View > Show Computers to display only computer group icons and not the individual computers.
When a computer or group is selected, a list of computers in the group appears in the Details pane and provides the basic information about each computer. The Filter detail bar appears in the Details pane that helps to view computers by a set criteria. When a computer is selected, you can view the computer status in the Details pane, including a list of jobs that are run or scheduled to run on the computer, and the status of each job. To get more details about all tasks that are run on computers, click Status Detail. Status Detail displays a more detailed breakdown of the processes that the job has executed and a status message indicating what has been completed. You can also import new computers from a text file or add security rights and privileges for a specified computer or group of computers. See Managing Computers (page 97) for
73
complete information about setting up, importing, and managing computers from the Computer pane.
Jobs pane
Use this area to create and build jobs with specific deployment tasks. You can select and right-click a job in the Jobs pane when Building New Jobs or running the New Job Wizard. You can also import new jobs from a text file or add security rights and privileges for a specified job or collection of jobs. Set up folders to organize and access jobs according to your specifications. Create a new folder by right-clicking in the Jobs section and select the New Folder option. You can also create folders by selecting File > New > Folder.
Click View > Jobs View to show or hide the Jobs pane.
When a job is selected, the Details pane displays a list of computers in the folder and gives a basic information about each job, such as its state and status. It also shows the computers or computer groups to which the job is assigned. The Conditions detail bar also appears, letting you assign jobs to computers. See Setting Conditions for Task Sets (page 153). In System Jobs, folders are created to store jobs that are created when running operations from the console. Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when you drag an .MSI, .RIP, or other package files from the Resources view to a specific computer or group. See Shortcuts and Resources View (page 75). Image Jobs. Jobs are placed in this folder when you create a Quick Disk Image. Restoration Jobs. Jobs are placed in this folder when you run a Restoring a Computer from its Deployment History job. From the Jobs pane you can drag job icons to computer icons to execute jobs, such as creating images, deploying computers, changing configurations, or installing software. Once a job is created, you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a particular time, or saved for a later time. See Building and Scheduling Jobs (page 147) for complete information about setting up, importing, and managing computers from the Jobs pane.
Details pane
The Details pane extends the user interface features when working in the Computers, Jobs, or Shortcuts panes. When you select a computer in the Computers pane, the Details pane changes to a Filters area (if you click a group icon) and displays the status of all jobs assigned to the selected computer.
74
When you select a job icon in the Jobs pane, the Details pane displays the information about the job to set up conditions; order tasks; and add, modify, or remove tasks. When you select a computer or computer group in the Computers pane, the Details pane displays the information about a computer, including IP address, MAC address, and status. When you select a batch file, you can click Modify to update the file. When you select a hard disk image file (.IMG), the Details pane displays a description of the image file, and information about the included partitions. When you click on the package files, the Details pane displays the title, description, version, creation date, and platform of a .RIP file or Personality Package.
Shortcuts and Resources View

The Shortcut and Resources pane provides easy access to the computers and job objects identified in the console and the software packages stored in the Deployment Share. In the Shortcuts view, you can drag computers, computer groups, jobs, and job folders to organize and access commonly-used console objects. In the Resources view, you can identify and assign package files.
Click View > Shortcuts to open the Shortcuts and Resources pane. You can drag the jobs and computer icons to this pane. Click Resources in the Shortcuts and Resources view, or click View > Resources or CTRL+R to open a filtered list of packages on the Deployment Share.
The Shortcuts view provides quick links to view and access computers, jobs and packages. It can act as a palette of Deployment Solution icons to drag to other working panes in the console, or as a storage to save commonly-used jobs and computer icons. The Resources view lets you see a filtered view of the package files.MSI files, .RIPs, image files, Personality Packages, and other resource packagesstored in folders in the Deployment Share. From the Resources view, you can drag packages directly to the computers in the Computers pane to deliver the software. This automatically creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the Jobs pane. The Resources view lets you identify packages assigned to each job and assign those packages to create new jobs.
Using Resources Directly

If you do not want to create a shortcut to a resource but still want to use a resource to assign work to a computer, you can move the resource to a designated computer. To do so: 1. 2. 3. Enable the Shortcut view. Click Resources at the bottom of the Shortcut window. Browse to the selected resource and drag it to the appropriate computer.
You can create a new script file from the Resources view, and use it directly to schedule it on a computer. See Creating New Script Files (page 191). See Console options (page 85) for options to set refresh intervals for Resources view.
75
Thin Client View of the Deployment Console

The Thin Client view of the Deployment Console provides a simplified experience when dealing exclusively with Thin Clients. The functionality of the Thin Client view is identical to that of the current Deployment Console. However, you can switch from Full View to Thin Client view. The Thin Client Console has four panes: Computers Resources Software Packages Inventory The Computers, Resources, and Software Packages panes are on the left side of the Thin Client view, while the Inventory pane is on the right side of the Thin Client view.
Installing the Thin Client View

During installation, you can install the Deployment Solution Thin Client view. By default, the traditional Deployment Console is installed. If you select Thin Client view, a Thin Client Jobs system folder is created. All the jobs created from the Deployment Solution Thin Client view are stored in this folder. During the installation process, the following folders are created in this hierarcy for the Thin Client resources: Configuration Packages Images Software Packages Deployment Solution for Thin Clients uses the same installation program as Deployment Solution. No licensing is required even if you select Thin Client Install.
To install Thin Client

1. On the Deployment Server Installation dialog, select the Install Thin Client option. The Thin Client view of the Deployment Console appears. or On the Deployment Server Installation dialog, select the Simple Install option. The Deployment Console appears. 2. Click View > Thin Client View. The Thin Client view of the Deployment Console appears.
Switching Between Two Views

When you switch between the traditional view and the Thin Client view, you can maintain the last state in which you viewed the console. This ensures that you open the console in the same view that you last closed it in.
To switch between the traditional and the Thin Client view

1. Click View.
76
2.
Select Show Thin Client View.
Note By default, the Thin Client view is visible if you select Thin Client Install. When you switch to the Thin Client view, all the menus and items not necessary for the Thin Client view are unavailable. These are visible when you switch to the traditional view.
Computers Pane
This pane is the same as that in the traditional view. However, only thin clients are displayed. You can right-click this pane to view a new menu. When you right-click a thin client, you can view the following options: Capture Configuration Capture Images Deploy Configuration Deploy Image Install Automation Partition Get Inventory Power Control Properties Remote Control Manage Inventory View If you select a Capture option, a text field appears, prompting you for the name of the captured resource. By default, the name is the same as the serial number on the thin client, that you can change. If you select a deploy option, a list of the available resources for the selected type appears, such as Configurations, Images, or Software Packages appears. You can select a resource from this list.
To create a job
You can create a job in one of the following ways: Select any of the first six options from the Computers pane. All these jobs are scheduled at the current time. Note The Schedule Computers for Job dialog does not have the Job Schedule tab. Also, all the automation jobs have the default option selected for boot image. Drag resources to the Computers pane or computers to the Resources pane to schedule jobs at the current time. Note Ensure that you have the required permissions to drag and drop resources.
77
All thin client job details are saved in the Thin Client Jobs system folder. You cannot delete or rename this new system folder from the console. All the above options, except Properties, are disabled when the client is not active. Note All the jobs on the thin clients are automatically created and scheduled by the console, and this is done only when the clients are active. When creating the jobs, the console refers to the operating system type (platform) of the client.
Resources pane
This pane is a tree view listing all the resources that you can drag and drop to the thin clients and vice versa. Three types of resources appear in this pane: Configuration Packages. Example: Captured Registry Settings. Images Software Packages. Example: HP Tools. Note All these resources reside in the express share in the ThinClient directory. When you click any of the three submenus corresponding to the subdirectories within the ThinClient directory, the tree expands and displays all the resources included in the directory. If the folder is empty, an appropriate message appears. You can rename or delete the resources.
Software Packages
The Software Packages pane displays the software packages that can be created for the available computers. You can drag and drop this resource to the thin clients and vice versa. When you right-click the Software Packages pane, you can view the following options: New folder. Select this option to create a new folder. Import. Select this option to import a job. See To import a job. Rename. Select this option to rename a folder. Note You cannot rename the Software Packages pane. You can only rename a folder. Delete. Select this option to delete folders. Find Software Packages. Select this option to find software packages.
To import a job
1. 2. Open the Thin Client view. Right-click the Software Packages pane and select Import. The Import Job dialog appears. 3. Browse to specify the file to be imported in the Job file to import field.
78
Note By default, the Import to Job Folder, Overwrite existing Jobs and Folders with the same names, and Delete existing Jobs in folder options are disabled. 4. 5. To preserve the source operating system file paths of Scripted Install, select the Preserve Scripted Install OS source paths option. Click OK.
You can delete the Software Packages pane from the Thin Client view through the Deployment Console view.
To delete the Software Packages option from the Deployment Console

1. 2. 3. Open the Deployment Console. In the Jobs pane, select System Jobs > Thin Client Jobs > Software Packages. Right-click Software Packages and select Delete. A confirmation dialog opens. 4. Click Yes to confirm the deletion. The Software Packages option is deleted from the Deployment Console view. Note The Software Packages option is automatically added in the Jobs pane in System Jobs > Thin Client Jobs when you switch from the Deployment Console view to the Thin Client view.
Inventory Pane
The pane displays a table, listing all the thin clients identified by the console. The following columns appear in the Inventory pane: Name Computer Status Action Status Product Name Operating System Image Version Flash Size Memory Size BIOS Version You can select which columns to view. The following columns are available, but do not appear: Automation Partition CPU Domain Name IP Address
79
MAC Address
To view Inventory columns

1. 2. 3. Right-click the Inventory pane. The Manage Inventory Column dialog appears. Add columns to either the Selected columns list or the Available columns list by clicking the required arrows. Click OK.
Toolbars and Utilities

The toolbars and menus on the Deployment Console provides major features and utility tools to deploy and manage computers from the console. From the Main toolbar, you can create new jobs and computer accounts and run basic deployment tasks. On the Tools toolbar, you can launch Deployment Solution administration tools and package editing tools. It also includes icons to quickly run commonly used Remote Operations Using Deployment Solution.
Deployment Solution Utility Tools

The Deployment Console lets you open utility programs from the Tools menu or from the Tools toolbar. You can launch Deployment Solution administration tools (Boot Disk Creator, PXE Configuration, Wise SetupCapture and Remote Agent Installer) and package editing tools (Wise MSI Editor, PC Transplant Editor, and Image Explorer) from the toolbar.
Administration tools
Boot Disk Creator. Use this tool to create boot disk configurations, and automation and network boot media to image client computers. The Boot Disk Creator can maintain several different boot disk configurations for different types of network adapter cards. See Altiris Boot Disk Creator help.
PXE Configuration. After installing the Altiris PXE Server, you can create and modify configurations, which make up the boot menu options that appear on client computers. This is another solution to boot computers to automation. See the Altiris PXE Configuration help.
Remote Agent Installer. Remotely install the Deployment Agent on client computers from the console. This utility lets you push the agent installation to client computers from the Deployment Console.
80
Carbon Copy. Remotely control managed computers to view and troubleshoot problems from the Deployment Console. This utility provides comprehensive remote access features beyond the Remote Control feature accessed by right-clicking a computer or computer group from the Deployment Console.
Package Editing Tools
PC Transplant Editor. Use this tool to edit a Personality Package to add or remove data. See the Altiris PC Transplant Help located in the Deployment Share.
Image Explorer. After a disk image is saved to the Deployment share, this tool lets you view and manage data in the image file. You can edit and split an image, create and index, and more. See the Altiris Image Explorer help file located in the Deployment Share.
Wise MSI Editor. Edit .MSI packages generated from the Wise Setup Capture tool or other .MSI files used to distribute software and other files.
SVS Admin Utility. Create, import, and manage virtual software layers. See Software Virtualization Solution (page 81).
Software Virtualization Solution

Altiris Software Virtualization solution (SVS) is a revolutionary approach to software management. SVS places applications and data into managed units called virtual software packages. Using SVS you can activate, deactivate, or reset applications to avoid conflicts between applications without altering the base Windows installation. The SVS Admin Utility is a part of SVS. It creates, imports and manages virtual software layers, which are part of the packages. For information on installing and using the SVS Admin Utility, see the Software Virtualization Solution Reference Guide. For information on the integration of the SVS Admin Utility with Deployment Solution, see Using SVS Admin Utility with Deployment Solution (page 81).
Using SVS Admin Utility with Deployment Solution

On a Deployment Solution computer, you can capture application and data files. The installed application, data files, and settings are captured into the virtual software layers. The Deployment Solution computer should have a clean installation of the Windows operating system. The computer should not have any background processes or programs running that can be captured into the layers. Your base computer should not be running an antivirus program or any other computer management program. If possible, the computer should not have an active Internet connection.
81
You can create layers on a virtual computer. (See Managing the SVS Layer on page 177) This lets you disconnect a computer from the network and reset the computer after each capture. This ensures that you have a clean operating system. You can also distribute .RIPs, .MSI files, scripts, personality settings, and other package files to computers or groups. See Distributing Software (page 175).
Extending the Tools Menu on the DS Console

You can add commands to the Tools menu on the Deployment Console to quickly access additional management applications. This lets easy access to applications commonly used with Deployment Solution. Commands are added by modifying or adding new .INI files. You can insert commands to the root ATools.ini file for the main menu or add new .INI files to create submenus. Place both types of .INI files in the same directory where the Deployment Console executable (eXpress.exe) is located (the default location is the Program Files\Altiris\ eXpress\Deployment Server). You can add up to eight menu items to the main menu, and eight menu items for each submenu. These .INI fields are included for each application added to the Tools > Altiris Tools menu:
[Application name or submenu declaration] MenuText=<the application name displayed in the menu> Description=<the name displayed when you mouse over the menu item> WorkDir=<directory set as default when executable is run> Executable=<path to the executable files>
The ATools.ini file extends the main Tools menu on the console. This sample file contains one submenu, Web Tools, and two additional menu items, Notepad, and Netmeeting. The .INI files are located in the Deployment Share.
[Submenus] Web Tools=wtools.ini [Notepad] MenuText=Notepad Editor Description=Simple Editor WorkDir=. Executable=C:\WINNT\notepad.exe [NetMeeting] MenuText=NetMeeting Description=NetMeeting WorkDir=. Executable=C:\Program Files\NetMeeting\conf.exe
82
Another Tools .INI file is wtools.ini. It is a submenu file referenced by the main ATools.ini file. On the main menu this is titled Web Tools (see Tools.ini) and contains two applications, Internet Explorer and Adobe Acrobat.
[Explorer] MenuText=Explorer Description=Windows Explorer WorkDir=. Executable=C:\Program Files\Internet Explorer\explorer.exe [Acrobat] MenuText=Acrobat Reader Description=Acrobat Reader WorkDir=. Executable=C:\Program Files\Adobe\Acrobat\acrobat.exe
Computer Filters and Job Conditions

Use this dialog while Creating a Computer Group Filter to filter only the specified computers in a computer group, or while Setting Conditions for Task Sets when running a job only on the specified computers in a group.
Creating Conditions to Assign Jobs

You can Set Conditions on a scheduled job to run only on the computer devices that match a defined criteria. As a result, you can create a single job with tasks defined for computers with varying properties, including the type of the operating system, network adapters, processors, free disk space, and other computer properties. You can now create task sets for each job that are applicable only to the computers matching those conditions.
Click a job in the Jobs pane. The Condition feature appears in the Details pane. Click Setup to add new conditions or edit existing conditions. When you are setting conditions to schedule a job, select from a list of predefined database fields or create custom tokens that key on other fields in the database.
Creating Custom Tokens

You can create custom tokens to set conditions based on the database fields not provided in the available preset conditions. in the Conditions dialog . Example: select User Defined Token from the drop-down list in the Fields box. Select contains in the Operation field, and enter Milo in the Value field. In the Token field, enter the following custom token:%#!computer@lic_os_user%.This filters out only the jobs with the registered license user named Milo. The job runs only on the computers that meet the specified criterion.
83
Filter Name
Active Computers Inactive Computers Computers With Failed Jobs Windows 98 Windows 2000/ 2003 Windows XP Windows CE (PDAs) Linux Windows XP Embedded Windows CE .NET Pocket PC (PDAs)
Description
Displays all the active computers. Displays all the inactive computers. Displays all the computers where jobs have failed to execute. Displays only the computers with Windows 98 operating systems. Displays only the computers with Windows 2000 or 2003 operating systems. Displays only the computers with Windows XP operating systems. Displays only the computers with Windows CE operating systems. Displays only the computers with Linux operating systems. Displays only the computers with Windows XP Embedded operating systems. Displays only the computers with Windows CE .NET operating systems. Displays only the Pocket PC computers.
Creating a Computer Group Filter

The Computer Filters dialog displays a list of all computers in a group according to the specified criteria. Example: you can create a filter to view all the computers in a particular group that have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter, you can view all the computers that meet the specified criteria in the Details pane of the Deployment Console.
Click a computer group in the Computers pane. The Filter feature appears in the Details pane for the selected computer group. Click Setup to add new filters, or modify, and delete existing computer filters.
To create or modify a computer filter

1. 2. Click the All Computers group or any other computer group. On the Filter bar in the Details pane, click Setup > New to create a new filter. Or Click Setup > Modify. 3. 4. Type a name for the filter, and click Add. The Filter Definition screen appears. Define the conditions you want to filter. Click the Field box to see a list of computer values stored in the Deployment Database. Select a computer value and set the appropriate operation from the
84
Operations list. In the Value box enter an appropriate value for the selected database field. Example: you can choose Computer Name as the Field, Contains as the Operation, and Sales as the Value. 5. Repeat to include other conditions. Click OK.
General Options
Use Program Options feature to set the general options for Deployment Solution. Click Tools > Options to view the Program Options dialog. Console options (page 85) Global options (page 85) Task Password options (page 86) Domain Accounts options (page 87) RapiDeploy options (page 87) Agent Settings options (page 88) Custom Data Sources options (page 88)
Console options
Set basic console features for miscellaneous refresh actions and warning messages. Scan resource files for changes every ____ seconds. Specify how frequently (in seconds) the Deployment Console updates its view of package files in the Resources view, see Shortcuts and Resources View (page 75). Warn user when no tasks are assigned to the 'default' condition. When a job is assigned to computers and the Default condition has no tasks assigned, a message appears. The job has no secondary default tasks assigned if a computer in the group does not meet the primary conditions. See Setting Conditions for Task Sets (page 153). Refresh displayed data every ____ seconds. Refresh the display of data accessed from the Deployment Database. This lets you refresh console data at defined intervals rather than updating every time the Deployment Console receives a command from the server, which can be excessive traffic in large enterprises.
Global options
Set global options for the Deployment Server system. Delete history entries older than _____ days. Specify the number of days an entry is kept in the history until it is deleted. Enter any number between 1 and 10,000. If you dont select this option, log entries remain in the history. Remove inactive computers after ____ days. Specify the number of days you want to keep inactive computers in the Deployment database before they are deleted. The default value is 30 days, but any number between 1 and 10,000 is valid. Synchronize display names with computer names. Automatically update the displayed name of the managed computer names in the console when the client computer name changes. If this option is not selected, changes to the computer names is not reflected in the console. Synchronization is off by default. The names do not have to be synchronized for the Deployment Server to manage the computer.
85
Reschedule failed image deployment jobs to immediately retry. Immediately retry a failed image deployment job. The program continues to retry until the job succeeds or until the job is cancelled. Client/server file transfer port: _____. Specifies a static TCP port for file transfers to the clients. The default value is 0 and causes the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamically assigned port. Automatically replace expired trial licenses with available regular licenses. Lets Deployment Solution to automatically assign a permanent license to the computer after the trial license expires. Note Be careful when using this option. Ensure that you do not give a permanent license to computers you do not want to manage after their trial license expires. Display Imaging status on console. Displays the status of the imaging job on the Deployment Console. Remote control ports. Specifies ports for using the Remote Control feature. You have the option to enter a primary port address and a secondary port address (Optional). Primary lookup key. Specifies the lookup key type used to associate a new computer with a managed computer. The options are Serial Number, Asset Tag, UUID, or MAC Address. Sysprep Settings. This lets you enter global values for Sysprep. See Sysprep Settings (page 86).
Sysprep Settings
View and configure the Sysprep settings for the Deployment Server.
OS Product Key tab

In the OS Product Key tab, select the suitable operating system from the Operating System drop-down list. After you select the operating system, a list of all product keys for the selected operating system appears. Select an operating system from the Operating System drop-down list, and click Add to type the Product Key. You can type up to 29 characters for the Product Key. The new product key is added to the list of available keys of the selected operating system. To modify a product key, select the product key to be modified, and click Edit. To remove a product key, select the product key to be deleted, and click Remove. Note If the product key is being used by another task, you cannot delete the product key. You are prompted with a message stating that the product key is being used by another task.
Task Password options

According to the network and security properties, the passwords for administrators and users change after a certain number of days. In such a scenario, the password becomes invalid and all jobs and tasks using the user name whose password changes must be
86
modified to use the new password. The Task Password option provides administrators with a simple option to manage all password changes from a centralized location. This feature lets you set or change user passwords from a central location, so you can modify the password for the Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks when creating or modifying jobs. However, this tab is enabled only to administrators and select users who have been granted the appropriate privileges. The Status field displays the results of password updates. Example: User As user name and password is used in ten tasks. If you want to update the password for these ten tasks, you can do so through the Task Password option. After the password is updated, the Status field displays the message: Password for 10 tasks updated.
Domain Accounts options

This sign-on feature retrieves the name of the administrator (or user with administration rights) and the password for each domain, avoiding the need to log on for each managed computer when completing imaging and configuration jobs. Click Add to enter the Domain name. The Add Domain account appears. Enter the name of the selected domain and provide the administrator credentials. Click OK. The administrator name and domain are listed in the Domain Accounts list box. Note To enter the administrator user name for a Windows XP domain, you need to add both the domain name with the user name. Example: instead of entering just the user name jdoe, you need to enter domainName\jdoe.
RapiDeploy options
This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server, letting you deploy images to a group of computers simultaneously, download an image from a file server, or access a local hard drive, and manage the imaging of several client computers concurrently. Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter driver, you can enter a range of IP addresses when using the multicasting feature to speed computer deployment and management. Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and operating system layers. However, because some network adapter cards do not handle multiple multicast addresses, you can also identify a range of ports to identify these computers. On the first pass Deployment Server accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server accesses the selected computers using the port numbers or higher level operating system ID's. Note Multicasting images are not supported when using the UNDI driver on PXE, and are disabled on the client. Click Reset to set the default values.
87
Agent Settings options

These are the default agent settings for new computers. Click Change Default Settings to change Windows Agents Settings for Windows and DOS. Set Deployment Agent Settings for new computer accounts or set Deployment Agent Settings for DOS for new computers. These default settings are applied only for new client computers that have never connected to the Deployment Server, and have no information stored in the Deployment Database. These settings are not for the existing managed computers nor are these settings applied when setting properties using the Remote Agent Installer. When the Deployment Agent connects, Deployment Server verifies if the computer is a new or an existing computer. If the client computer is new and if the Force new agents to take these default settings option is selected, the Deployment Agent on the client computer receives the default settings established in the Options > Agent Settings dialog. If the computer is recognized as an existing managed computer, it uses the existing agent settings. The same process occurs for automation agents if the Force new Automation agents to take these default settings option is selected. Force new agents to take these default settings. Select this option to force the default settings when adding a new computer. Force new Automation agents to take these default settings. Select this option to force the default settings when adding a new automation agent connects.
Custom Data Sources options

This option lets you set up credentials to authenticate to external Deployment Databases and other Microsoft SQL Server databases to extract data using custom tokens. Click Add to enter an administrator alias and other login information for the Microsoft SQL Server (or MSDE) hosting the desired Deployment Database. The information required to create a custom data source entry are listed below: Alias. The alias name you would like to use when referencing the external SQL database. Server. The name of the external SQL database server or IP address. Database. The name of the external database from which you want to extract data. Use Integrated Authentication. This option authenticates to the external database using the domain account you are currently logged on as. User name and Password. When the integrated authentication is not being used, you must provide a user name and password to authenticate to the external database. Click Allowed Stored Procedures to modify the existing list. See Allowed Stored Procedure List (page 88).
Allowed Stored Procedure List

Click Allowed Stored Procedures to identify the stored procedures from the selected custom data source. You can now select from the list of available stored procedures in the data source. This lets you call stored procedures outside of the Deployment Database (express database) using custom tokens within scripts or answer files.
88
Virtual Centers
You can keep a list of all VMware Virtual Center Web services. The hosts and virtual computers from each Virtual Center that have corresponding computers in the Deployment Database appear in the computer tree. These virtual computers appear under the Virtual computers node in the Computer pane. Click Add on the Virtual Center page, and enter the Server host name, display name, and user name. You can also set up a password for the selected user.
Security in Deployment Solution

Deployment Solution provides a security system based on associating job and computer objects with user and group permissions, letting IT personnel to be assigned to different security groups to manage operations on specific computer groups or job folders. Each security group can perform only a defined scope of deployment operations on each computer group or job folder. Additionally, each user can be assigned rights to access general console features. Note Security rights and permissions set in one console is enforced in all Deployment consoles.
To set general security rights, click Tools > Security and add a user name and password. You can create users and groups and set scope-based rights. To set feature-based permissions for specific computers or jobs, select the object in the console, right-click and click Security.
See also
Best Practices for Deployment Solution Security (page 89) Enabling Security (page 90) Setting Permissions (page 93) Groups (page 92) Rights (page 92)
Best Practices for Deployment Solution Security

Deployment Solution is based on defining groups of users and groups of computers and jobs, and associating one with another. Altiris recommends that you first create user groups based on administration duties or access to levels of deployment operations. Example: you will most likely set up a group with full Administrator rights. This group will have access to run all operations on all computers using all types of jobs. No permissions need to be set on each computer group or job folders for the Administrator group because they have full rights to all features and resources. However, you can also set up a Technician group that has only basic access and permissions limiting deployment operations. This prohibits members of the group from re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You
89
can explicitly Allow or Deny the group from running these operations for each computer group in the Computers pane or each job folder in the Jobs pane. After creating the Technician group, you can limit their rights to set General Options and set permissions on each computer groups and job folder for the group. You can select the computer group, right-click it and select Permissions. Select the group name in the left pane, and click Allow or Deny for a list of deployment operations. Example: you can select the Deny check box for Restore, Schedule Create Disk Image, and Schedule Distribute Disk Image. Additional groups can be created with different rights and permissions depending on the needs and responsibilities in the IT team. If users are assigned to multiple groups, the Evaluate Permission and Evaluate Rights features are sorted and display effective permissions and rights.
Enabling Security
You can enable security by first creating a group with Administrator rights, adding a user to the Administrator group, and selecting Enable Security. Note When the Administrator Right is selected, you do not need to select any other rights because the Administrator Right implies that all other rights are selected. 1. Click Tools > Security. The Security dialog appears. 2. 3. Click Manage User Groups tab and click Add. The Add User Group dialog appears. Select the authentication type. You can add a DS group or a group from the Active Directory. To add groups from Active Directory, see Adding groups from the Active Directory (page 92). Click DS Group Note The Browse option is disabled for Local Group. 5. Type a name and description in the Add User Group dialog. Click OK. The group name appears in the window. 6. 7. 8. Select the new group name and click Rights. Select Administrator in the Rights dialog. This assigns complete rights and permissions to the group. Click OK, and click Close. On the main Security dialog, click the Manage Users tab, and click Add. The Add User Account dialog appears. 9. Select the authentication type. You can add a DS user or a user from the Active Directory. To add users from Active Directory, see Adding users from the Active Directory (page 91).
4.
10. Click DS User in the Add User Account dialog. Note The Browse option is disabled for DS User.
90
11. Type user name, full name, and password. Retype the password, and provide a description for the user. Click OK. 12. Select the user name in the main Security dialog. Click Rights. 13. Click the name of the new Administrator group in the Groups window. This assigns the new user to the new group with Administrator rights. Click OK. Note You can assign the user Administrator rights directly, but we recommend you to assign users to groups. See Best Practices for Deployment Solution Security (page 89). 14. Now that you have a user with administrator rights, select the Enable Security box. Security is now enabled. You can now create users and groups and assign permissions to computer groups and job folders.
Adding users from the Active Directory

You can add users from the Active Directory. 1. 2. 3. In the main Security dialog, click Manage Users tab, and click Add. Click AD User in the Add User Account dialog. If you know the user name, type it in the User name box, or click Browse to select the user from the Active Directory. The password field is deactivated as the user is being added from the Active Directory. Note You can add only one user at a time. To import users, see Importing users from the Active Directory (page 91). 4. 5. Type a description for the user in the Description box. Click OK.
Importing users from the Active Directory

You can also import users from the Active Directory. To open a standard Windows Active Directory dialog, from the main Security dialog, click the Manage Users tab, and click AD Import. Add users from Active Directory, not groups. The users are added to the Deployment Database. However, you still need to assign the users to security groups with appropriate rights and permissions. Note When logging on with the imported AD account, Deployment Solution accessed the Windows Active Directory server to validate the user password.
Evaluate Rights
Click Evaluate Rights to identify the combined rights of the selected user and its user group(s). This feature identifies effective rights for each user by resolving any possible conflicts between multiple group settings.
91
Groups
Assign the user to previously created groups. If you are enabling security, you can assign the user to a group with Administration rights. To add groups, from the Security dialog, click the Manage User Groups tab, and click Add. Select the authentication type, and type the required details. You can view the members of any group by clicking the group in the Manage User Groups dialog and clicking View Members. See also Best Practices for Deployment Solution Security (page 89), and Enabling Security (page 90).
Adding groups from the Active Directory

You can add users from the Active Directory. 1. 2. 3. In the main Security dialog, click Manage User Groups tab, and click Add. Click AD Group in the Add User Group dialog. If you know the group name, type it in the Name field, or click Browse to select the group from the Active Directory. A list of groups, along with their descriptions, appears in a new dialog. Select a group from the list, and click OK. The Name, Domain, and Description gets automatically filled. However, you can modify the description. Click OK.
4.
The newly added group appears in the main Security dialog.
Importing groups from the Active Directory

You can also import users from the Active Directory. In the main Security dialog, click the Manage User Groups tab, and click AD Import to open a standard Windows Active Directory dialog. Add groups from Active Directory. You can choose a domain from the Domain List, and select a group from the displayed list. The group is added to the Deployment Database. However, you still need to assign the users to security groups with appropriate rights and permissions.
DS Authentication
If the user is already in the DS database, and tries to access the Deployment Console, Deployment Server checks the authentication with the logged on user, and upon matching does not prompt for user credentials. Similarly, if a group has already been added in the DS database, and if a system logged-on user, who is a part of the AD group, tries to access the Deployment Console, Deployment Server does not prompt for credentials.
Rights
This dialog lets you set general rights for a user or group. To verify, add or change the rights assigned to each console user, use the following steps: 1. 2. 3. 4. From the Security screen, select a user and click Rights. From the Set Rights For window, click the Rights tab. Select the check box for each right you want to grant. After selecting all applicable rights, click OK to save your changes.
92
A brief explanation of each Deployment Server right that can be assigned is detailed below: Administrator. Lets user access all features available on the Deployment console. You must have Administrator rights to enable security. See Enabling Security (page 90). Options Console. Lets you set Console options. If this check box is selected, you can set the view and set the console options. Options Global. Lets you to set Global options. If this check box is selected, you can view and set the global options. Options Domain Accounts. Lets you set Domain Accounts options. You can view and set the domain accounts option. Options RapiDeploy. Lets you set RapiDeploy options. You can view and set the RapiDeploy options. Options Agent Settings. Lets you set Agent Settings options. You can view and set the agent settings. Options Custom Data Sources. Lets you create Custom Data Sources options. You can view, create, and set database aliases. Manage Rejected Computers. Lets you view Rejected Computers in Deployment Solution and change status. Refresh Clients. Lets you Refresh Deployment Solution clients. You can use the View > Refresh clients <CTRL +F5> feature to disconnect and reconnect client computers. Allow scheduling on All Computers. Lets you schedule jobs on All Computers. If you have administrator rights, by default you have the rights to schedule job on all computers, irrespective of the check box state. You can grant this right to a specific user or a group. Import/Export. Lets you import and export jobs and import computers as well. See Importing and Exporting Jobs (page 192) and Importing New Computers from a Text File (page 102). Options Task Password. Lets you centrally update passwords for users and groups so they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating or modifying. You must have administrative rights to access this option. See Task Password options (page 86). Use PXE Configuration Utility. Lets you use the PXE Configuration Utility. Options Virtual Centers. Lets you view and add options for Virtual Centers. See Virtual Centers (page 89).
Setting Permissions
Set permissions for jobs, job folders, computers, and computer groups. See Best Practices for Deployment Solution Security (page 89) for additional design tips. 1. 2. Right-click on a computer group or job folder (or individual computers and jobs) and select Permissions. The Object Security dialog appears. Click the Groups tab and select a group name. Or click the User tab and select a user name.
93
3.
From the list in the right pane, select if you want to Accept or Deny permission to run the operations on the selected computers or job objects. These permissions include access to Remote Operations Using Deployment Solution and features for scheduling Deployment Tasks. Select the Allow or Deny check box to explicitly set security permissions for these Deployment Solution features for the selected objects. Note Administrators have access to all objects with unrestricted rights and permissions. You cannot explicitly deny permissions to computer or job objects for users with administrator rights.
4.
5. 6.
To assign permissions to multiple groups, click Set permissions on all child objects to assign the values without closing the dialog. Click Close.
Note You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers pane without selecting a job or computer object.
Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with Administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find and uses the same. If a console user does not have permissions to run all tasks the job contains, the user cannot run the job.
Evaluate Permissions
Click Evaluate Permissions to identify the combined permissions of groups and containers with contrasting permissions. This feature identifies effective permissions for each object by resolving any possible conflicts. If a job includes multiple tasks and one of the tasks does not have sufficiently assigned permissions, the whole job fails due to lack of access permissions. Note Permissions to schedule jobs also lets a user to delete jobs in the Details pane after a job runs. Example: if a job contains errors and does not run, no other jobs can be scheduled. The user must delete the job before scheduling a new job.
94
Connecting to Another Deployment Server

From the Deployment Console you can connect to other Deployment Servers on your LAN and manage computers beyond the network segment you are currently logged on to. Opening a connection requires that you connect to the Deployment Database of the preferred Deployment Server connection using the ODBC Data Source Administrator.
Click File > Connect to or press CTRL+O to open the Connect to Deployment Server dialog. Enter requisite information to connect to the external Deployment Server connections using an ODBC driver.
Note Although you are accessing another connection (another Deployment Database), Windows remembers the last place you browsed to, which would be the Deployment Share of the previous Deployment Server connection. You need to browse to the new connections Deployment Share to access its shared folder containing its RIPs, images, executables, and other resources.
Connecting to a new Deployment Database

1. 2. 3. Click New. The Define Connection Information dialog appears. Enter a name for the connection to be opened. Establish an ODBC data source. a. b. c. d. e. Click ODBC Administrator. Click the System DSN tab, and click Add. Select the SQL Server driver source and click Finish. In the Create a New Data Source to SQL Server dialog, enter a name and description for the data source. If an entry for your server already exists, select it from the menu. Otherwise, enter the name of the server hosting your remote SQL server in this box. Click Next. Click Next in the Create a New Data Source to SQL Server dialog to accept the default settings. Select the Change the Default Database to check box and select eXpress from the menu. Click Next. Click Finish. The specifications for the ODBC data source appears. Click Test Data Source to verify that the source is reachable. Click OK. You return to the main ODBC Data Source Administrator dialog with your new data source listed in the System DSN tab. Click OK.
f. g. h. i. j. 4. 5.
Using the menu in the ODBC Data source name dialog, select the new Data Source name you just created. In the Installation Directory path field enter the full UNC path (or path using any locally mapped drive) to the directory of the required Deployment Server, for example:
95
\\SalesServer\express or H: 6. Click OK.
Rejected Computers in Deployment Solution

When an unwanted managed client computers attaches to your Deployment Solution system, you can right-click the computer in the Computers pane and select Advanced > Reject Connection. You can view these rejected computers by clicking View > Rejected Computers. The rejected computers are prohibited from being active in the Deployment Database. They are identified and rejected by their MAC address. You can remove computers from the Rejected Computers list by selecting it and clicking Accept Computer(s). This lets the computer to attach again and be managed by the Deployment Solution system.
Refresh Deployment Solution

You can refresh the Deployment Console by clicking View > Refresh Console (or pressing <F5>) to update data from the Deployment Database. You can also click View > Reset Client Connections (or press Ctrl+<F5>) to disconnect and reconnect all managed computers in a Deployment Server system. When you refresh the managed client computers, you are asked if you want to disconnect all computers. Click Yes. This tells the Deployment Agent to shut down and restart. It also creates additional network traffic when all computers connect and disconnect. By refreshing the managed client computers, you ensure that you are viewing the current status and state of all computers resources in your system.
96
Managing Computers
From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage all computer resources across your organization, including desktop computers, notebooks, handhelds, network and Web servers, and network switches. You can quickly modify any computers configuration settings or view its complete management history. Or you can take on big projects, like completely re-imaging the hard drive, restoring software and migrating personality settings for a whole department. You now have management of all your computer resources available from a Windows or Web console from any location. All computer resources can be accessed and managed as single computers or organized into computer groups with similar hardware configurations or deployment requirements, letting you run deployment jobs or execute operations on multiple computers simultaneously. You can use search features to locate a specific computer in the Deployment Database, or set filters to sort computers by type, configuration, operating system, or other criteria. Manage with Computer icons. Major computer types are identified by a computer icon in the console, with a listing of scheduled jobs and operations associated with each computer. In the Deployment Console, you assign and schedule deployment jobs to computers or groups by dragging the computer icon to a job in the Jobs pane, or vice versa. See Viewing Computer Details (page 98).
Computer icons appear in the Computer pane of the Deployment console where they can be organized into groups. To assign and schedule a computer in the Deployment Server Console, drag a computer icon or group icon to a job icon.
Add new computers. Deployment Solution lets you add new computer accounts and set configuration properties for new computers before they are recognized by the Deployment Server system. Preset computer accounts automatically associate with new computers when they start up, or can be associated with pre-configured computers. See Adding New Computers (page 100).
Click New Computer on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer. When the new computer starts up you can assign it a preset account. Click New Group on the console to add a new group in the Computers pane of the Deployment console. You can also click File > New > Computer Group or right-click in the Computers pane and select New Group.
Deploy to groups of computers. Organize computers by department, network container, hardware configuration, software requirements, or any other structure to
97
meet your needs. You can deploy and provision computers on a mass scale. To filter computers in a computer group to schedule jobs only to the appropriate computer types, see Computer Filters and Job Conditions (page 83). Configure Computer Agents. See the property pages for modifying Deployment Agent settings. See Deployment Agents on page 112. View and configure computer properties. You can modify computer settings for each computer from the console. See Computer Configuration Properties (page 103). Or you can view the Computer Properties page for detailed access to a computers hardware, software, and network property settings. See Computer Properties (page 124). Run remote operations from the console. Perform operations quickly in real-time from a Deployment console. Restore a computer to a previous state, configure property settings, send a file, remote control, chat, set security, run deployment jobs or select from additional management commands. See Remote Operations Using Deployment Solution (page 127). Build and schedule jobs. Build deployment jobs with one or more management tasks to run on selected computers. Create jobs, add tasks, and assign the job to computer groups. Jobs can be organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling Jobs (page 147). Manage Servers. Deployment Solution also manages network or Web servers to administrate high-density server farms or server network resources across your organization. See the Deployment Solution Reference.
Viewing Computer Details

In Deployment Solution, a computer resource is identified in the console with a distinctive icon to display the computer type Windows desktop or notebook, handheld, server, or Linux operating system and its current status. These computer icons change to convey the state of the computer, such as the log on status, server waiting status, or user with a timed license status. You can also view the status of the jobs assigned to the selected computer in the Details pane of a Deployment console. See Viewing Job Details (page 147). The following is a sample list of computer icons displayed in each Deployment console, identifying computer type and state.
Computer connected to the Deployment Server with a user logged in.
Computer connected to Deployment Server but the user is not logged on.
Computer with a time-limited user license and a user logged on.
98
Computer not currently connected to the Deployment Server but known to the Deployment Database. A pre-configured computer with values defined in advance using the New Computer feature. As soon as the computer connects and the Deployment Server recognizes the new computer and changes the icon. See Adding New Computers (page 100). A managed computer waiting for user interaction before running deployment tasks. This icon appears if the Workstations check box is selected in Initial Deployment. See Sample Jobs in Deployment Solution (page 195). A master computer is identified as a computer used to broadcast images to other client computers.
A connected handheld computer.
A managed server connected to the Deployment Server with a user logged on. Additional icons identify different states of server deployment. A managed Linux computer connected to the Deployment Server with a user logged on. Additional icons identify different states of Linux computer deployment.
Physical view of Rack/Enclosure/Bay components for high-density server systems. These icons appear as physical representations to allow management of different levels of the server structure. In addition, server icons identify logical server partitions. See Bay (page 126) for properties and rules to deploy Rack/Enclosure/Bay servers.
Select the New Computers or All Computers group to run jobs or operations for these default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar computer types or to list computers of similar departments or locations. Click New Group or select New > Computer Group to create a new group.
99
See also Deployment Agents (page 112).
Adding New Computers

Computers can be added to the Deployment Database using three methods: Install the Deployment Agent. If you install the Deployment Agent to a computer with the operating system already installed, the computer is added automatically to the Deployment Database at startup. New computers with the Deployment Agent installed are added to the All Computers groups (unless otherwise specified in the Deployment Agent configuration). You can move the computer to another group if desired. Use Initial Deployment to configure and deploy new computers booting to automation. Starting up a new computer with the Automation Agent lets you image the hard drive, assign IP and network settings, distribute personal settings and software, and install the Deployment Agent for new computers. Using Initial Deployment you can associate new computers with pre-configured computer accounts. These newly configured computers appear in the New Computers group. See Sample Jobs in Deployment Solution (page 195). Create or import computer accounts from the Deployment console. You can add new computers using the New Computer feature or import computers using a delimited text file. You can pre configure computer accounts by adding names and network settings from the console. See Creating a New Computer Account (page 101).
About New Computers

When a new computer starts up, if Deployment Server recognizes the MAC address provided in a New Computer account or import file, it automatically associates the user account at startup with the New Computer icon. If this value is not provided, the computer appears as a pre-configured computer account, letting you associate it to a new computer.
The New Computer icon appears for a new computer if the MAC Address is provided when creating a new computer account using any import or new computer account feature. A pre-configured computer account icon appears if specific hardware data (MAC Address) is not known. As soon as the computer starts up and is associated with a pre-configured computer account, Deployment Server recognizes the new computer and the icon changes.
A pre-configured computer account can be associated with a new computer using the Initial Deployment feature. You can create multiple pre-configured computer accounts and associate the account with a new computer when it boots to automation. At startup, the configuration settings and jobs assigned to the pre-configured computer account can be associated with the new computer.
Pre-configured Computer Account

Deployment Solution provides features to create a pre-configured computer account to pre-define a computers configuration settings and assign customized jobs to that
100
computer even if you do not know that computer's MAC address. This type of computer is known as a pre-configured computer account. Pre-configured computer accounts offer a great deal of power and flexibility, especially when you need to deploy several computers to individual users with specific needs. The pre-configured computer account saves your time because you can configure the computer before it arrives on site. You can set up as much configuration information (computer name, workgroup name, and IP address, for example) you know about the computer and apply it to the new computer as it comes online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer using customized images, .MSIs and RIPs based on a user's specific needs. Example: a user might request Windows 2000 with Office 2000 and virus scanning software installed on the new computer. The user also might request that the computer personality (customized user settings, address books, bookmarks, familiar desktop settings) be migrated from the old system. You can build any job, including any of the available tasks, and assign it to a pre-configured computer account. When the new computer finally arrives, you are ready to deploy it because you have done all the work ahead of time. Boot the client computer to automation, and the new computer can connect to the server and become a managed computer. Now you can perform an Initial Deployment, or run a deployment imaging job on the new computer.
Creating a New Computer Account

You can create computer accounts for individual computers or for computer groups. When creating new accounts for computer groups, you can automatically assign new names and associate them with existing computer groups or the New Computer group.
Click New Computer on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer.
To create a new computer account

1. 2. Click Add. Enter names and configuration settings for each new computer account using the Computer Configuration screens. See Computer Configuration Properties (page 103) for a description of the configuration settings. Note If you do not enter a MAC address, the computer you create or import becomes a virtual computer. 3. 4. (Optional) Click Import to add new computers from a delimited text file. See Importing New Computers from a Text File (page 102). Click OK. A pre-configured computer account icon appears in the Computers pane. When a new computer starts up, you can assign it to this preset account.
101
To create and associate multiple computer accounts

You can create computer accounts and automatically assign predefined names. These computer accounts can be associated with computers in a selected computer group. 1. 2. Select a computer group, including the New Computers group (empty groups cannot access features). Right-click and select the Configure command. Enter names and configuration settings for each new computer account using the Computer Configuration screens. See Computer Configuration Properties (page 103). Click the Microsoft Networking category and click Define Range. This is optional. a. b. In Fixed Text box, type a base computer name. Example: enter Sales. Type a numeral or letter in the Range Start box to add to the Fixed Text name. This creates a unique name for a group of computers starting with the specified character. The range of numerals and letters is assigned to the computer name. Example: enter 3. Select Append to add the range of numerals after the computer name. Clear the check box to add names before the computer name. The example computer names begin with Sales3 and end with Sales7. d. 4. 5. Click OK.
3.
c.
Click Associate. You can now associate computers in a group (including the New Computers group) with the multiple computer accounts. Click OK.
Importing New Computers from a Text File

You can import computer configuration data using delimited text files (.txt, .csv, or .imp files) to establish multiple computer accounts in the Deployment Server database. This file contains all configuration data for a new computer, including all settings in the Computer Properties of a selected computer. 1. Click File > Import/Export > Import Computers. A dialog appears letting you select import files. These files can have .TXT, .CSV, or .IMP extensions. 2. Select the import file. Click Open. If a correctly formatted computer import file is selected, a message appears, informing you that the computer import is complete and identify the number of computers added. Click OK. New computers appear as pre-configured computer accounts in the Computers area of the console (as single computers or in groups), and any jobs imported from the import file are listed in the Jobs area. Note Jobs can be added to the import file. They can be created and associated with the new computers. If the computer import file is incorrectly formatted, a warning appears, stating that the computer import file is incorrect.
102
3. 4.
Edit computer settings by selecting a computer from the list and clicking Properties. The Computer Properties sheet opens to edit or add values not set in the import file, such as computer name, TCP/ IP settings, user name, and other configuration settings. Click OK. The imported computers appear in the Computers pane of the Deployment console.
5.
You can also import a computer to be placed in a sub-folder in the Computers pane and create a job to be associated with the imported computer. See the sample import file for additional information.
Referencing the Sample Import File

When creating an import file, use either the ImportComputers55.txt file or the ImportComputers55.xls file in the Samples folder of the Deployment Share. The ImportComputers55.txt file provides a sample import template you can access to test the Import feature. The ImportComputers55.xls file is a Microsoft Excel spreadsheet that lets you add values to each identified column and save the file as a delimited TXT file to import to the Deployment Database. The sample import file places a computer (DB Computer 1) in a computer group (Test Group) and adds a job (Test Job) that is associated with the imported computer. Note Altiris Deployment Solution 5.5 and later use the 5.5 format for importing computers. Previous versions of Deployment Solution use the 4.0 format.
Deploying New Computers on a Mass Scale

If you need to deploy large numbers of computers (100 to 5,000), consider using a barcode scanning system to collect user information (names, operating system, and application needs) and computer information (MAC address, serial numbers, asset tags). You can save this information to a file, which can be imported into the New Computers List View. Depending on the number of incoming computers, the amount of information you have about those computers, and the needs of individual users, you can use either the pre-configured computer account method (best for smaller numbers of new computers) or the Initial Deployment job (best when deploying generic setups by departments or groups). If you are using an import file, ensure you know the primary lookup key. This is the piece of information that Deployment Server needs to set up a unique computer. The primary lookup key can be the Serial Number, Asset Tag, UUID, or MAC address.
Computer Configuration Properties

These computer property settings can be viewed, set, and modified when performing the following computer management operations: Adding New Computers (page 100). Modifying Configuration (page 182). Create or edit property settings in a deployment job.
103
Sample Jobs in Deployment Solution (page 195) configuration settings. Click the configuration group icons to set additional computer property values. After you edit these computer property settings, the computer restarts so that the changes can take effect.
General Configuration Settings
Set the most important value from this property sheet. It includes the name of the computer in Deployment Solution, the NetBIOS name of the computer, the MAC address and other settings. Set the Windows name of the computer and the Workgroup or Domain settings. Set the TCP/IP addresses for one or more network adapters. Set Novell Directory Services client logon options. Set the registered user name and view the hashed installation license key for the installed operating system. Set the local Windows user account values.
Microsoft Networking Configuration Settings TCP/IP Configuration Settings NetWare Client Configuration Settings Operating System Licensing Configuration Settings User Account Configuration Settings
General Configuration Settings

The General category provides access to important property settings that are also listed in other configuration categories. Click other category icons to view and set additional configuration properties.
Field
Name
Description
Provides a name that appears in the Deployment console (not the BIOS name of the computer). Note The Name box is disabled for multiple computer configuration.
MAC address Serial Number Asset Tag Computer Name IP Address Registered User
The unique identification address of the network adapter. The serial number of the computers motherboard. The asset tag of the computer, if available. The Windows name of the computer. Current IP address of the computer. Multiple IP addresses are listed in this box. The name of the user who registered the operating system software
104
Field
License key User name Full name. Password
Description
The hash value rendered from the OEM key or 25-digit license key required when installing the operating system. The user name for the local Windows user account. The full name for the local Windows user account. The password for the local Windows user account. See also Computer Configuration Properties (page 103).
Microsoft Networking Configuration Settings

Enter the computer name and workgroup or domain property settings for the managed computer. If you are using Active Directory, you can add computers to a domain and a specified organizational unit (OU).
Use Sysprep to generate unique SIDs. This can be done by manually running the utility or selecting this feature while installing the Deployment Agent.
Field
Computer Name
Description
This is the NetBIOS name for the computer. The name must be unique in the network and is limited to 15 characters. Note The Computer Name box is disabled for multiple computer configuration.
105
Field
Use Token for computer name
Description
Select the check box to specify the computer name using tokens. Selecting this option enables the Select Token option and disables the Define Range option. Note This option is applicable for multiple computers and not for single computers.
Select Token: You can select one of the six tokens from the drop-down list. %NAME%- Complete computer name. %NICyMACADDR%- MAC address of the computer with NIC specific number. Selecting this option enables the NIC Number option. You need to specify the NIC number, which ranges from 1-8. %SERIALNUM%- Serial number from SMBIOS. %NODENAME%- First 8 characters of actual computer name. The NIC Number textbox is visible for NIC number input; the default value is 1. Define Range Click to create a sequential range of computer names. The Computer Name Range dialog appears. For new computers, set a range of names for multiple new computers: Fixed text. Enter the text portion of the name which you want associated with each computer, for example:
Marketing.
Range start. Enter a whole number to add to the fixed text, for example: 1. Append. Select this check box to add the range after the fixed text in the computer name. If you clear this box the number is added as a prefix to the fixed text. Result. View an example of the selected names that is assigned to each computer. Example: Marketing...Marketing6. Note When setting name ranges, do not set names using multiple Modifying Configuration tasks and assigning the names by Setting Conditions for Task Sets. If you set up two separate name ranges to be assigned by separate conditions, the computer names increment irrespective to the base name. See also Computer Configuration Properties on page 103. Workgroup Click and enter the name of the workgroup to place the managed computer.
106
Field
Domain
Description
Enter either the fully qualified domain name, the DNS domain name, or the WINS domain name. You can enter the fully qualified domain name (example: mjones.yourcompany.com), and specify the organizational unit (OU) using this format: OU/ newOU/users. The complete entry to place the computer in the users OU is the following:
mjones.yourcompany.com/OU/newOU/users internal.myServer.org/New Corporate Computer OU/ Mail Room/Express Mail Servers
TCP/IP Configuration Settings

Enter TCP/IP settings for one or more network adapters. Click Advanced to setup IP interfaces, DNS, and WINS. For computer groups, click Associate to assign a range of pre-defined IP addresses.
Field
Host name Network Adapter
Description
The DNS name of a device on a network. The name is used to locate a computer on the network. A list of all network adapters installed in the selected computer. The network adapter with the lowest bus, device, and function number is the first listed (NIC0 - zero based). If the bus, device, and function information cannot be determined for a network adapter, it is enumerated in the order it is detected. When configuring multiple network adapters, ensure that one network adapter is not using an Intel Universal NIC driver (commonly called UNDI driver) to connect to Deployment Server. If one network adapter uses the native driver and one uses an UNDI driver, your computer appears twice in the console. Add. Enter new settings for additional network adapters installed on the client computer. You can add virtual network adapter settings to send a job to a computer group containing computers with varying numbers of network adapters. If a computer in the group has only one network adapter, it is configured only with the IP settings listed first. If IP settings are provided for additional network adapters not present in the computer, they are disregarded. If you add a new network adapter, the Remove button is populated. You can remove the new network adapter by clicking Remove. See also Computer Configuration Properties (page 103).
107
Field
Description
Description
MAC Address. The MAC address is a unique number assigned to the network adapter by the manufacturer. You are unable to change this number. The MAC address appears in this box when viewing computer configuration settings. This box is disabled when creating a Modify Configuration task. DNS connection Suffix. Enter this to add domain suffixes to the root address. Obtain an IP Address automatically. Use the following IP address. Obtain DNS server address automatically. Obtain the following DNS server addresses. Reboot After Configuration. To restart the computer after configuration, select this option.
TCP/IP Advanced Options - IP interfaces

IP Interfaces (Linux and Windows type only). Click Add to set named interfaces for this network adapter. Use this tab to add TCP/IP addresses to an existing network adapter card on Linux or a Windows operating system.
Field
IP Address Subnet mask
Description
Add or modify an IP address common to all interfaces. Enter the appropriate subnet mask.
Field
Interface Name
Description
Establish Linux-specific IP interface settings. Ensure you use the eth syntax when naming new interfaces, for example: eth0:1 or eth0:new interface. Enter the Broadcast address for the specified IP interface. The default value of the interface state is Up, which denotes that the named interface is operating. You can shut down the named interface by selecting Down. See also Computer Configuration Properties (page 103).
Broadcast Address Interface State
108
TCP/IP Advanced Options - Gateway

View Gateway addresses. Click Modify to edit an existing IP address. Use the up and down arrows to move an address to the top of the list, which acts as primary address. Review all selection by clicking the TCP/IP option on the Configuration page.
Field
Gateway DNS
Description
Add additional gateways for this network adapter. DNS Server Address: Add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS Suffixes (in order): Add the name of the Domain Suffix, and use the up and down arrows to set the DNS suffix search order.
WINS
Add additional WINS settings for this network adapter. Select Enable or Disable NetBIOS over TCP/IP, or Use NetBIOS settings from DHCP server for this network adapter. Note You cannot edit this information in the Windows 98 operating systems. The Deployment Console disables the edit feature on those types of clients. See also Computer Configuration Properties (page 103).
Static Routes
This displays the static route information for the computer you are viewing. See also TCP/IP Advanced Options - Static Routes (page 110).
TCP/IP Advanced Options - DNS

Click Add to set a new DNS address. DNS Server Address: Add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS Suffixes (in order): Add the name of the Domain Suffix and use the up and down arrows to set the DNS suffix search order.
TCP/IP Advanced Options - WINS

Click Add to set a new WINS address. Add additional WINS settings for this network adapter. Select the Enable NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, or Use NetBIOS settings from DHCP server option for this network adapter. Note You cannot edit this information in the Windows 98 operating systems. The Deployment Console disables the edit feature on those types of clients.
109
TCP/IP Advanced Options - Static Routes

Field
Destination Netmask Gateway Interface Metric Flags (Linux)
Description
IP address of the destination Deployment Server. Subnet mask. Additional gateways required to reach the destination server. IP address for the interface over which the destination can be reached. Cost associated with the route Enter the flag associated with a linux specific operating system. Possible flags include: U (route is up) H (target is a host) G (use gateway) R (reinstate route for dynamic routing) D (dynamically installed by daemon or redirect) M (modified from routing daemon or redirect) A (installed by addrconf) C (cache entry) ! (reject route)
NetWare Client Configuration Settings

Set Novell NetWare client values for a new or existing computer. Select whether you want to log in directly to a NetWare server or to a NetWare tree in the Novell Directory Service (NDS). You can specify the preferred tree, server name, and NDS context.
Field
Ignore NetWare settings Preferred server
Description
Select to disregard all Novell NetWare client settings for this computer. Clear to specify the required information. Click and enter the name of the NetWare server, for example:
\\OneServer. This is the primary login server for the NetWare

client. Preferred tree NDS User name NDS Context Click and enter the name of the NDS tree. Click and enter the name of the user object for the NetWare client. Click and enter the organizational unit context for the user.
110
Field
Run login scripts
Description
Select this option to run the NetWare client login scripts. See also Computer Configuration Properties (page 103).
Operating System Licensing Configuration Settings

Enter or view the license information for your Windows operating system software (Windows 98, 2000, XP, and 2003 Servers).
Field
Registered user Organization License key
Description
Enter the name of the registered user. Enter the name of the organization. Enter the alpha-numeric license key. This is the hash value rendered from the OEM key or 25-digit license key required when installing the operating system. See also Computer Configuration Properties on page 103.
User Account Configuration Settings

Set up local user accounts for the newly imaged computer or when running a configuration task. Enter a user name, full name, and password; and set standard Windows login options.
Field
User name Full name Password Confirm Password Groups
Description
The user name for this local Windows user account. The full name for this local Windows user account. The password for this local Windows user account. Confirm the password for the local Windows user account. Specify the Windows groups that this user belongs to as a comma-delimited list, for example: Administrators,
Marketing, Management
111
Field
User must change password at next logon User cannot change password Password never expires
Description
Select to force the user to change the password after setting the configuration properties.
Prohibit the user from changing the password at any time.
Select to maintain the user password. See also Computer Configuration Properties on page 103.
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each computer in the Deployment Server system. Deployment Agents are provided for various computer types, including Windows, Linux, DOS, and PPC Handhelds.
To set or modify Deployment Agent settings from the Deployment Server Console, right-click a computer or group and select Change Agent Settings and click Production or Automation. To set or modify agent settings for new computers, click Tools > Options, click Agent Settings.
The following Deployment Agents reside on the client computer and communicate with the Deployment Server.
Deployment Agent on Windows Deployment Agent on Linux
The Deployment Agent runs on Windows computers, including desktops, notebooks, and servers. See Deployment Agent Settings (page 113). This Deployment Agent runs on Linux workstations and servers. See Deployment Agent Settings (page 113). The Automation Agent is used when you create configurations to boot client computer to automation. This is done through Boot Disk Creator. See Boot Disk Creator Help and Install Automation Partition (page 137). This agent runs on the HP T5000 computer devices running the CE .NET 4.2 operating system. See Deployment Agent for CE .NET (page 122).
Automation Agent
Deployment Agent on CE .NET
112
Notification Server Client
The NS client is an Altiris agent that runs on computers supported by Notification Server. This agent runs on the Deployment Server computer when running Deployment Solution on Notification Server. This agent runs on the Deployment Server computer when running Deployment on Notification Server.
Deployment Server Agent
Install Deployment Agent to add a managed computer

When a Deployment Agent is installed on a computer, it searches across the network for a Deployment Server to attach to. When a Deployment Server is located by the Deployment Agent, the client computer is added as a record to the Deployment Database.
When the Deployment Agent for Windows is running on a computer, the user sees a small icon in the system tray. When the icon is blue, the client computer running the Deployment Agent is connected to the Deployment Solution system. When the Deployment Agent for Windows icon is clear, it shows that the client computer is not connected to the Deployment Solution system. The agent may be configured incorrectly, the Deployment Server is down, or other network problems exist.
Automatically update to newer version of Deployment Agent

At times, Altiris may update versions of the Deployment Agent to enhance features. For best performance, we recommend that all managed computers run the latest version of the Deployment Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server, the managed computers automatically update the Deployment Agent. 1. From the computer where Deployment Server is installed, click Start > Programs > Altiris > Deployment Solution > Configuration. The Deployment Server Configuration utility appears. Click Options. Click Transport. Select the Automatically update clients option.
2. 3. 4.
Deployment Agent Settings

You can set the default agent settings for when new client computers are added to the system that the Deployment Server will manage.
113
You can also modify the properties settings for the Production or Automation Agent through the Automation Agent. To set or modify agent settings in the Deployment Server Console for Windows or Linux clients, right-click the computer and select Change Agent Settings > Production Agent Settings. To set or modify agent settings for the Deployment Agent, click Tools > Options. Click the Agent Settings tab. Select the Force new agents to take these default settings check box to set the Deployment Agent settings for all new computers. Click each agent setting tab to set properties. Click OK. To view or modify settings from the Windows client, right-click the Deployment Agent icon in the system tray (or double-click the client icon in the system tray and click Properties).
When the client agent is first started, the agent establishes a connection to the Deployment Server using the following general steps: 1. 2. 3. 4. 5. The agent service is started and initialized. A TCP socket is created. A connection is made to the Deployment server. The agent is updated, if required. A basic inventory of the client is sent to the Deployment Server.
After the initial connection process is complete, no additional data needs to be sent to or from the Deployment Server for the client agent to remain connected. Note If no Deployment Solution traffic is sent to the Deployment System agent, the TCP/IP protocols send an occasional watchdog packet (approximately every 24 hours) to ensure that the connection is still valid.
Deployment Agent Properties

Right-clicking the Deployment Agent icon gives you access to the following options: View status. Brings up the Altiris Client Service box to observe the current status of the Deployment Agent. You can also see the computer name, deployment server connected to, IP address, multicast address, and MAC address. You can also watch Deployment Agent communicate with the Deployment Server. Clicking Properties lets you edit the Deployment Agent properties. Passwords protect this option. About. Displays the version and licensing statement for Deployment Agent. Passwords have no effect on this option. View log file. View the Deployment Agent log file, if you have chosen the option to create a log file. Passwords have no effect on this option. Clear log file. Clear the log file that has been created.
114
Shutdown for imaging. Make an image of a computer without using a job. This makes the required preparatory changes to the computer before an image is made. Failure to do this breaks the reconfiguration phase when deploying the image using a job. Passwords protect this option. Change Name in Console. Change how this computer is listed in the deployment server console. This option does not change the NetBios name of the computer or the name of the computer in the database, but only changes the name of the computer displayed in the Computers window. Passwords protect this option. Remove. Uninstall Deployment Agent from the computer. Passwords protect this option. Exit. Stops all Deployment Agent services from running but does not uninstall Deployment Agent. Deployment Agent loads normally the next time you boot the computer. Passwords protect this option. User Properties. Quickly go to the User Properties page to view or make changes. Passwords protect this option. Admin Properties. Quickly go to the Admin Properties page to view or make changes. Passwords protect this option. Show Network Interfaces. View what network cards are in your computer. Passwords protect this option. The following configuration properties (organized using tabs in the dialog) are included in the Production Agent Settings dialog.
Server Connection Access Security
Log File Proxy Startup/Shutdown
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the Deployment Agent connects to the Deployment Server you selected to configure. Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server computer. Port. Enter the port number communicating with the Deployment Server. Enable key-based authentication to Deployment Server. Select this option to require that the client computers that are trying to connect to the Deployment Server. This helps keep rogue computers from connecting to unauthorized Deployment Servers. Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast address if they are on the same segment as the Deployment Server or if multicast is enabled on the network routers. Ensure that the multicast address and port match those set up on the Deployment Server. Try using defaults on both the client and Deployment Server if you are having problems connecting. Managed computers should use the Deployment Server IP address if multicasting is disabled on the network routers or if they are not on the same network segment as the Deployment Server. The port number must match the number set on the Deployment Server. Otherwise, your clients cannot connect.
115
Server Name. Enter the NetBIOS name of the computer running the Deployment Server. Port. Enter the port number distributing the multicast address. Multicast Address. Enter the group multicast address. TTL. Specifies the number of routers the multicast request can pass through. Change this setting if you need to find a Deployment Server that is more than 32 routers away (default setting) or if to restrict the search to a smaller number of routers, making it easier to find the closest Deployment Server. Refresh connection after idle. Select the Refresh Connection after idle check box and set the refresh time by hours or days. The Deployment Server closes the connection after the specified time and immediately tries to re-open the connection. This forces clients to realize the network is down. The default checking is of 28800 seconds or 8 hours. We recommend keeping this setting above 28800. Do not set this option too lowreconnecting to the Deployment Server increases bandwidth when connecting. If this option is set too low you can run into problems where it takes longer for your clients to connect than to refresh their connections. Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by selecting this option, which saves bandwidth when running deployment tasks on slower connections.
Access
Set these commands to control how the client handles requests from the server. Allow this computer to be remote controlled. Select to let the administrator to remote control the selected computer. The default setting is to NOT allow the computer to be remote controlled. Prompt the user before performing actions. Shutdown and Restart. Select for the user to be prompted before shutting down or restarting the computer. This feature overrides the Power Control option from the Deployment Server to Force applications to shut down without a message. Copy file and Run command. Select for the user to be prompted before running a program or executing file copy commands Remote Control. Select for the user to be prompted before running the Remote Control commands. You can set a default time before running or aborting the commands. Select the time for the user to respond and either continue with the operation or abort the operation. Time to wait for user response. If one of the Prompt the user before perform actions is selected and the user is not at the computer to respond, you need to decide whether to continue or abort. Select the amount of time you want to wait for a response, and select one of the following: Continue the operation. Click to continue without receiving a response from the user. Abort the operation. Click to not continue without receiving a response from the user.
116
Select when the Deployment Server is denied access to the Deployment Agent. Select the days and set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set a password so that the user on the client computer can only view and modify the User Properties of the Altiris Client Settings on the managed computer. Encrypt session communication with Deployment Server. Select to ALLOW encryption from this managed client computer to the Deployment Server. This lets encrypted data transmissions between the Deployment Server and the Deployment Agent on the client computer. If selected, the client computer can connect (but is not required to connect) using encryption. To enable encryption protocols, you must open the Deployment Configuration tool and select the Transport tab. Select the Allow encrypted sessions with the servers check box to let Deployment Server transmit using encryption protocols. Require encrypted session with any servers. Select to require encryption between the managed client computer and the Deployment Server. If this option is selected and the option to allow encryption in the Deployment Configuration tool is not selected, the Deployment Server does not communicate with the Altiris Client on the managed client computer. Note Selecting encryption options slows down the communication path between the agent and the Deployment Server. Password protect Admin properties from user. Select to let users on the managed computer to access the Admin properties only if they enter the set password. If the box is selected and the user does not know the password, they will have rights only to open the User Properties, which includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog. Enter the password in the Password field and reenter the password for confirmation in the Confirm Password field. Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer. If you hide the icon, you are required to run AClient.exe -admin to view and modify the complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system, letting you save different types and levels of information to the log files. You can save a text file with log errors, informational errors, and debugging data using this dialog. If the log exceeds the specified size, the older data is dropped from the files. You can maximize the size of the log file to save all selected data. Save log information to a text file. Click to save information to a log file. File name. Enter the name and path of the log file. The default is to save the log file to the \Program Files\Altiris\AClient\AClient.log file.
117
Maximum size. Enter the maximum number of bytes for each log file. Log errors. Select this option to save only the errors returned when running a job or operation between the Deployment Server and the Deployment Agent. Log informational messages. Select this option to save a list of procedural steps run on the client computer. Log debugging information. Select this option to list comprehensive debugging information in the text file. Use this tab to save the Deployment Agent log file. By default, the option Save log information to a text file is cleared. Select it to enter a file name for the log and the maximum size for the log file. Note If the log exceeds the specified size, the older data is dropped from the files, so it is recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake On LAN packets from the Deployment Server. Setting the managed computer as a proxy client computer forwards or re-creates the multicast packets. A managed client computer setup as a multicast proxy simply acts as a Deployment Server and advertises the servers name and IP address through multicasting. Or you can set the managed computer as a proxy to send Wake On LAN packets. Set these options to control how the managed computer acts as a proxy agent, identifying the type of traffic this managed computer forwards from the server. Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN packages. Forward Deployment Server discovery multicast packets. Select if you want to advertise the Deployment Server to client computers on another LAN segment or if the client computer is on the other side of the router. Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed computers to delay jobs until after system startup. Specify the Windows boot drive. Specify the drive that the client computer boots from. The default is the C drive. Force all programs to close when shutting down. Select this option to shut down applications when using Power Control features. The user is still prompted to Abort or Continue the shutdown. Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of managed computers with the time of the Deployment Server. Prompt for a boot disk when performing automation jobs. Select this option to prompt for a boot disk while doing any automation jobs. Advanced
118
Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication. Select this option to disable the direct disk access for Automation communication.
Deployment Agent for Linux

The Deployment Agent for Linux is an agent software that runs on managed Linux computers. The agent collects and sends data from the managed computer to the Deployment Server system, executes deployment tasks sent from the server, installs packages, and runs management processes as directed from a Deployment console. See Installing Deployment Agent on Linux (page 350) for additional information. A Linux managed computer is identified in the Deployment console by unique Linux icons reflecting deployment and process status, letting you deploy and manage computers just like the Deployment Agent for Windows, with the following exceptions: Deployment Task Create Disk Image Distribute Disk Image Scripted OS Install Distribute Software Capture Personality Distribute Personality Change Configuration Run Script Copy File Shutdown/Restart Deployment Agent for Windows Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Deployment Agent for Linux Yes Yes Yes Yes No No Yes Yes Yes Yes
Deployment Agent Settings for DOS

You can configure property settings for the Automation Agent for specified computers or computer groups. You can remotely maintain important agent settings and update settings as required from the console.
To set or modify agent settings for a specific computer, right-click the computer icon and select Change Agent Settings > Automation Agent in the Deployment Server Console. To set or modify agent settings for ALL computers, click Tools > Options, click Agent Settings > Change Default Settings.
When a new client computer connects, it receives the default agent settings from Deployment Server for drive mappings, authentication, and LMHost entries. Each client computer still has the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot Disk Creator. Automation Agent Settings include the following property settings:
119
Drive Mappings (page 120) Authentication (page 120) Network (page 120)
Drive Mappings
Set drive mappings used by the Deployment Agent for DOS to access hard disk image files and other packages from a specified network drive. It is required that the F Drive be mapped to the Deployment Share. You can also map other file server directories when storing large numbers of image files or deployment packages. Drive Mapping. Enter the drive letter and volume of a shared folder, for example:
F: \\WebDeploy\Image files.
Note You must select a shared folder in this field. From the browse window you can select any type of folder, but the Deployment Agent for DOS only maps to and accesses files from a shared folder. Path. Enter a UNC path. See also Deployment Agents (page 112).
Authentication
Provide the login credentials that Deployment Agent for DOS requires to map network drives. The associated credentials for each network drive must have the rights that the Deployment Agent for DOS requires administrative rights to access files. Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Deployment Agent for DOS uses to log on as to map the network drives. User name. Enter the name of the user that the Deployment Agent for DOS logs on as to map the network drives. Password. Enter the password. Confirm Password. Retype the password for confirmation. See also Deployment Agents (page 112).
Network
These settings let you match the IP address with the computer name, as maintained in the LMHosts file in the Deployment Agent for DOS partition. 1. 2. 3. Click Add. The Add LMHosts Entry dialog appears. Enter the Computer Name. Enter the name of a computer to associate with an IP address. Enter the IP Address. or Click Lookup IP. This automatically populates the field with the IP address of the entered computer name. 4. Click OK.
120
See also Deployment Agents (page 112).
Remote Desktop Connection Client

The option to remotely connect to a Vista computer using the Remote Control option has been disabled. You cannot use the Remote Control option for a Vista computer. However, a new option has been added. You can connect remotely using the Remote Desktop option for a Vista computer.
To remotely connect to a Vista computer

1. 2. Open the Deployment Console and right-click the Vista computer you want to remotely connect. Click Remote Desktop. The remote desktop window for the computer appears. The remote desktop connection is established to the Vista computer.
To remotely connect to multiple computers using the Remote Desktop option

1. 2. Open the Deployment Console and right-click the computer you want to remotely connect. Click Remote Desktop. The remote desktop window for the computer appears. The remote desktop connection is established to the computer.
To remotely connect to multiple computers

1. 2. 3. Open the Deployment Console and right-click the computers you want to remotely connect. Click Remote Control. The Remote Control Options dialog appears. Select Control each client separately in its own window to remote control each computer separately. or Select Control all clients together, in the same window, using the following master to remote control the selected computers together and select the master computer. 4. Click OK. The remote control connection is established for the computers.
Agent for Macintosh Management

The Agent for Macintosh management can be installed on Macintosh Platforms 10.2 and later. It lets the running of scripts, configuration changes and basic Deployment Solution inventory. The agent is installed on Macintosh platforms by the Deployment Console through an Agent Installer. The agent can also be removed through a script or a remote agent install/uninstall mechanism. Macintosh computers have the operating system already installed. You can install the agent on the Macintosh computers through the Deployment Console and the remote agent installer. After the agent is installed, you can schedule a job to copy files from the Macintosh computers to a remote file share.
121
You can run a script that makes a configuration change to the Macintosh operating system. You can also run a script that copies an install file from a remote share and another script that installs the package to that computer.
Deployment Agent for CE .NET

Deployment Solution manages Hewlett-Packard T5000 computer devices running the Windows CE .NET 4.2 operating system. These computer devices ship with the Deployment Agent for CE .NET already installed and appear in the Deployment Console as managed computers when attached to the network. The Deployment Agent performs the following limited tasks on the Windows CE .NET platform: Modify Computer Configuration (the computer name and TCP/IP Setting only) Distribute software (.cab and .exe files) Execute and run scripts (DOS and WIN batch files) *no VBS support Copy files and directories Create disk images Distribute disk images Remote Control clients (24-bit color depth only. No chat or send file features) Power Control (restart/shutdown/wake up jobs) Set computer properties Create conditions to run jobs and filter computers Modify client properties through Windows and Linux agent settings Additional features included with other Deployment Agents are not supported in the Deployment Agent for CE .NET.
To install the Deployment Agent for CE .NET if deleted

If the Deployment Agent for CE .NET is deleted on the managed computer, it can be installed from the Deployment Server \ Agents \ CEAgent folder in the Deployment Share. From the managed computer you can access the Deployment Share and launch the file to install the agent. Example: type this command from the client computer:
\\<computer name>\express\Agents\CEAgent\CEClient_6.1.xxx.exe install Notes for Deployment Agent for CE.NET

The default image on a CE .NET Thin Client with 32 MB of flash RAM leaves 4 MB free disk space. When trying to install an embedded automation package using the Distributing Software task, you may get the following Error 112: Not enough disk space for package. If you select Start > Settings > Control Panel > System > Memory tab and move the slider to let more than half of the memory to be allocated to Storage Memory, you can execute a job that copies an embedded automation package to the \Temp folder on the CE .NET device and execute a Windows Run Script task containing Start \Temp\<Embedded BootWorks Package.exe>. This installs the Automation Agent and leaves 1 MB of free disk space on the device. If the slider shows less than half the memory available allocated to Storage Memory, Windows CE may not restart.
122
Another option for freeing up additional disk space is to uninstall the pre-installed HP applications, letting you free up to as much as 10 MB of disk space. This lets you install an embedded automation package through a Distribute Software task. Again, if the slider is not placed around the middle of the Memory tab, an Error 112 may occur. See also Deployment Agents (page 112).
Managing Client Connections

The following utilities are provided for managing transmissions between the Deployment Server and Deployment Agents running on the managed client computers.
Reset a Client Connection

Resetting the connection that a managed computer has with the Server simply disconnects and reconnects the computer. This is useful for troubleshooting or if you suspect there is a bad connection. To reset a client connection, right-click a computer and click Advanced > Reset connection. When the computer disconnects, its icon turns gray. The computer should reconnect and its icon color returns to its original active status color.
Reject or Retrieve a Rejected Computer

If a computer you do not want to manage connects to your Deployment Server, you can reject it. This removes the unwanted computer from the Computers pane in the console. Further attempts by the computer to connect are denied. Although the computer is not deleted, any history or schedule information associated with the computer is deleted. 1. 2. 3. Right-click the computer you want to reject from connecting to the Deployment Server. Click Advanced > Reject Connection. Click OK.
Rejected computers are stored in a Rejected Computers list. Select View > Rejected Computers to view this list.
Accept a Previously Rejected Computer

If you now want to accept a previously rejected computer, you can retrieve it and reconnect it to the Deployment Server. 1. 2. 3. 4. Click View > Rejected Computers. From the list, select the computer you want to retrieve. Click Accept Computer(s) to remove the computer from the rejected list (this doesnt delete the computer, just removes it from the list of rejected computers). Click Yes to confirm the action, click Close.
This client computer may now be managed from within the Computers pane. Connection requests from this client computer are now allowed. See also Deployment Agents (page 112).
123
Computer Properties
View and edit the computer properties for each managed computer.
View and edit computer properties by double-clicking a computer icon in the Computers pane, or right-clicking and selecting Properties, or clicking the icon in the toolbar.
General
Services Devices Location Bay Lights-Out
Hardware Drives Network Configuration TCP/IP Applications
General
View or change the name of the computer as it appears in the console. You can view the following: logged in user names, operating system installed, name of the Deployment Server, whether or not an automation partition is installed, version of the Altiris Windows Client, and other client information.
See also Computer Configuration Properties (page 103).
Hardware
View processor make and type, processor count, RAM installed on the computer, display configuration, manufacturer, model, product name, MAC address of each network adapter installed, serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and configured.
Drives
View information about each drive on the computer. If you have multiple drives, you can select a drive from the list to view its settings, such as the capacity, serial number, file system, volume label, and number of drives installed.
124
Network Configuration
View Microsoft Networking, Novell Netware settings, and user information for the selected managed client computer.
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the selected computer. Click Change to open the configuration window to modify settings (see Configuring Computers on page 130).
Applications
View the applications that are installed on the computer, including description, publisher, version number, product ID, and systems components.
Services
View the services installed on the computer as well a description, start type, and path for each service.
Devices
View the devices installed on the computer, including display adapters, disk drives, ports, storage volumes, keyboards, and other system devices.
125
Location
View and edit user-specific properties such as contact name, phone number, e-mail address, department, mail stop, and site name. As the administrator, you can enter this information manually or you can let the user populate this screen using Prompt User for Properties.
Bay
View location information and other properties for Rack / Enclosure / Bay components for high-density and blade servers. Set rules for automatic re-deployment of blade servers based on physical location changes. This property is available only to systems using blade servers.
Server Deployment Rules

From the Bay property page, you can select rules to govern actions taken when a new blade server is detected in a selected bay. These rules are described below:
Rule
Re-Deploy Computer
Action
Restore a blade server using deployment tasks and configuration settings saved from the previous server blade in the bay. This lets you replace new blades in the bay and automatically run deployment tasks from its deployment history. (See Restoring a Computer from its Deployment History on page 129.) All deployment tasks in the bay's history are executed starting from the last Distributing a Disk Image task or Scripted OS Install task, or from any script (in a Run Script task) with this command: rem deployment start.
Run Predefined Job Ignore the Change
The server processes any specified job. Select a job to run automatically when a new server is detected in the bay. This option lets you move blades to different bays without automatically running jobs. The server blade placed in the bay is not identified as a new server and no jobs are initiated. If the server existed in a previous bay, the history and parameters for the server are moved or associated with the new bay. If the server blade is a new server (never before identified), the established process for managing new computers is executed. (default) No job or tasks are performed (the Deployment Agent on the server blade is instructed to wait). The icon on the console changes to reflect that the server is waiting.
Wait for User Interaction
126
Lights-Out
View information about the remote management hardware installed on the selected computer (most often a server) used to power up, power down and restart the computer remotely, or to check server status. You can also enter the password for the remote management hardware by clicking Password.
Note This feature is currently only available for selected HP Integrated Lights Out (ILO) and Remote Insight Lights-Out Edition (RILOE) features. See also Computer Configuration Properties (page 103).
Remote Operations Using Deployment Solution

The Operations menu in the Deployment console provides a variety of commands to remotely manage all computers in your site or network segment. Some operation commands, such as Restore, automatically create and schedule deployment jobs and place them in the Systems Jobs folder in the Jobs pane. Other commands, like Chat or Remote Control, open utility programs to access and remotely manage computers.
Open the computer operations menu by right-clicking a computer icon in the Computers pane, clicking Operations on the menu bar, or clicking the icons in the toolbar.
Restore
Reconfigure your computer to a former state. Select from a list of previous deployment tasks and select to restore only the ones you want. See Restoring a Computer from its Deployment History (page 129). View, print, delete, and save to file a history of deployment tasks. See Viewing a Computers History (page 129). Set network and local configuration properties for each computer, including computer name, IP address, domains, Active Directory context. See Configuring Computers (page 130). Select a computer and image its hard disk. This creates and stores the image to distribute now or later. See Quick Disk Image (page 130). Wake up, restart, shut down, and log off remotely. See Power Control (page 130).
History Configure
Quick Disk Image Power Control
127
Remote Control
Open a remote control window directly to a selected client computer. Investigate problems directly from your console. See Remote Control (page 131). Type and run commands remotely. See Execute (page 135). Copy selected files, directories, or entire directory structures and send them to the selected computer(s). See Copy File to (page 187). Start an individual chat session with one or more selected client computers. Communicate actions or query for symptoms during administration. See Chat on page 136.
Execute Copy File to
Chat
ADVANCED >
Clear Status Prompt User for Properties Reset Connection Install Automations Get Inventory Clear computer status as shown in the title bar of the List View. Query the user for personal information. This feature sends a form to the user to fill out. See Prompt User for Properties on page 136. Disconnect and reset the connection between Deployment Server and the Deployment Agent on the selected computer. Embed automation partitions onto the selected computers hard disk to enable a managed computer to run automation tasks. Update property settings for a selected computer. These inventory settings can be viewed in Computer Properties on page 124. Select it to ensure that you have the latest inventory of the computer. Set the timeout value in the General tab of the Deployment Server Configuration utility (in the Control Panel). Reject Connection Install BIS Certificate Remove BIS Certificate Apply Regular License New Job Wizard New Group New Computer Rename Delete Change Agent Settings Refuse communication with the selected computer. Install a BIS certificate for the selected computer. Remove a BIS certificate from the selected computer. Apply a permanent license if a client computer is using a timelimited license or requires an updated license. Open this to schedule deployment jobs for the selected computer. See New Job Wizard on page 148. Click to create a new computer group in the Computers pane. Create a new computer account. See Adding New Computers on page 100. Assign the computer or group a new name in the console. Rightclick a computer or group to edit in the Computer pane. Delete a computer, a computer group, or any combination of computers and groups from the database. Update property settings for the Deployment Agent running on selected computer(s). See Deployment Agents on page 112.
128
Security Properties
View security settings for the selected computer(s). See Security in Deployment Solution on page 89. View computer configuration and network properties. See Computer Properties on page 124.
Restoring a Computer from its Deployment History

Occasionally it is necessary to restore a computer to its original settings based on operations or deployment jobs previously executed on the computer. A computers past deployment history appears in the Restore Computer dialog, where you can restore a computer by selecting the tasks from its history file. You can rerun the deployment tasks to restore the computer.
Restore a computer by right-clicking a computer icon in the Computers pane and selecting Restore, clicking Operations > Restore on the menu bar, or clicking the icon in the toolbar. You can restore a computer using Remote Operations Using Deployment Solution or by creating and scheduling a job using the New Job Wizard.
1.
Right-click a computer and click Restore. The Restore Computer dialog appears with a list of previous tasks with check boxes.
2. 3. 4. 5.
Click the Show only list box and select the type of tasks to be displayed. Click the Since list box to filter tasks by date. This is optional. Click Next to view a summary of tasks selected to reschedule. Click Next to schedule the job (See Scheduling Jobs on page 155). Click Finish.
When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Restoration Jobs folder. The job name has a generic format of Restore: <computer name>.
Viewing a Computers History

You can view a history of deployment tasks for a specific computer. Users who do not have administrative privileges or the permissions to delete a computers history, cannot access this option. 1. Right-click a computer and click History. The History of <Computer Name> dialog appears with a list of previous tasks, including when the task was scheduled, its deployment status and other deployment information. 2. 3. 4. 5. Click Save As to save the file as a .TXT or .LOG file. This is optional. Click Print to print the History file. This is optional. Click Delete to delete the History file. Click Yes to the confirmation message. Click Close.
See also Remote Operations Using Deployment Solution (page 127).
129
Configuring Computers
From the Operations menu you can enter and modify configuration settings for computers. See Computer Configuration Properties (page 103) for complete information about configuration settings. 1. Right-click a computer and click Configure. The Computer Configuration Properties dialog appears. 2. 3. 4. Set basic configuration values in the General configuration group (default view). Click other configuration group icons in the left pane to set additional values. Click OK.
Quick Disk Image

This computer operation creates a disk image of the selected computer. This option is a quick and easy way to create a disk image of a selected managed computer from the Deployment console. To run a disk image job you must have an automation partition installed on the client computer, or it is PXE-enabled and can boot to automation by connecting to an Altiris PXE Server. 1. Right-click a computer and click Quick Disk Image. The Schedule Computers dialog appears. See Scheduling Jobs (page 155). 2. Schedule the job to run immediately or at a later time. You can also click the option to not schedule the job (this option places the job in the working area and does not run until you manually drag it to a selected computer and reschedule it). Click OK. When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Image Jobs folder. The job name has a generic format of Create Image: <computer name>. See also Remote Operations Using Deployment Solution (page 127).
3.
Power Control
This computer operation lets you wake up a computer, restart a computer, shut down, or log off as the current user for a selected managed computer. You can also power a computer on if Wake-On-Lan is supported.
Restore a computer by right-clicking a computer icon in the Computers pane and selecting Power Control, clicking Operations > Power Control on the menu bar, or clicking the icon on the toolbar.
1.
Right-click a computer and select Power Control. A secondary menu appears with these options:
130
Wake up
The Wake Up feature is hardware-dependent and is only available for inactive computers. Select this command to start a computer that has been turned off. Notes Your operating system and network adapter must be capable of recognizing and processing the Wake on LAN packets. Nonembedded network adapters must be properly configured. Example: 3Com NICs have an extra header cable that enables Wake on LAN. Check the documentation that came with your network adapter for more information about Wake on LAN. For NICs and operating systems that support Wake on LAN Power Management features, you need to go to Properties of the network adapter driver and select the Power Management tab. Click the Allow this device to bring the computer out of standby option for this device to bring the computer out of standby status. You have to enable this feature for some computers in their BIOS.
Restart
Click to reboot the selected managed computer. Select Force Applications to close without a message box to restart immediately without prompting the user. Click to shut down the selected managed computer. Select Force Applications to close without a message box to shut down immediately without prompting the user. Click to log off the selected managed computer. Select Force Applications to close without a message box to log off immediately.
Shut down
Log off
2.
Select a Power Control option. A Confirm Operation dialog appears. Select the Force application to close without a message option to shut down users without a warning. If you do not select Force application to close without a message, the user is prompted to save work before the power operation is continued. Click Yes.
3.
Remote Control
Remote Control is a computer management feature built in to the Deployment Server Console. It lets you control all types of computers to view problems or make immediate changes as if you were sitting at the managed computers screen and using its keyboard and mouse.
131
When a managed computer is being remote controlled, the Deployment Agent icon in the managed computers system tray flashes alternate icons. Remote Control also provides Chat, Copy File to, and CTRL+ALT+DEL features to assist in administrating managed computers from the console.
Note You cannot disable the flashing eye icon while the computer is being remote controlled. Before you can remote control a managed computer: The managed computer must have the Altiris Agent for Windows installed and properly set up. The client must have the appropriate Proxy option checked in Altiris client properties. The client and Deployment Server Console must be able to communicate to each other through TCP/IP.
To remote control a managed computer

1. Right-click a computer and click Remote Control. This opens the Remote Control window displaying the managed computers screen. Note If you cannot perform a remote control operation from the selected managed computer, you can change this client setting by using the Remote Control options in the Change Agent Settings command. The default setting is to not allow remote control of the managed computer. See Deployment Agent Proxy (page 118) options. 2. From the Remote Control window you can execute the following commands:
Toolbar Chat Click to open a chat session with the selected managed computer. This starts a chat session between the console computer and the managed computer. The chat session opens a chat window that lets you send messages back and forth between the Console and the managed computer. If you are controlling multiple computers in a single window and start a chat session, the chat session is only between the Console and the master client. Click to update the screen view of the managed computer. Click to select restart or logon options for the managed computer. Note The managed computer must be running Windows 2000/XP/2003 and have the keyboard and mouse driver installed for this feature to be available. Send File See Send Files during Remote Control (page 133).
Refresh CTRL+ALT+DE L
132
Toggle Control Control menu Disable Input from the Client Close Window View menu Refresh Fit to Window
Click to change between control access of the managed computer (default) or view access only of the managed computer.
Click to prohibit the user of the managed computer from using the keyboard or mouse during the remote control session. Click to close the remote control window of the managed computer.
Click to refresh the view of the screen. If this option is selected, the client display image becomes the same size as the Remote Control window. If this option is not selected, the image retains the size of the client display. See Remote Control Properties (page 133). See Remote Control Properties (page 133).
Color Depth Properties 3.
To end a Remote Control session, click Control > Close Window in the Remote Control window.
Send Files during Remote Control

Click to send files to the managed computer being remotely controlled. Enter the name of the source file to be copied and the destination path on the managed computer. Select required compression and encryption options. If you are controlling multiple clients within a single window, this dialog sends a file to the master client only. Source filename. Enter the name of the file to be sent. Destination path. Enter the path where you want the file to reside on the managed computer. Compress Data. Select to compress the file during the copy process to decrease network traffic. Encrypt Data. Select to encrypt data package for security. You can also drag entire folders from the Console computer to the remote control window, which copies the files to the remote client computer.
Remote Control Properties

Color Depth. Click to specify the color depth (number of colors) used by the Remote Control window. This setting applies only to the Remote Control window at the console, not the display of the managed computer. There is no benefit to setting a color depth on the Remote Control window greater than that of the managed computer. The benefit of lower colors is improvement in speed. Use specific image resolution. Click to specify the width and height of the image that represents the client display.
133
Update interval. Select to specify how often the image in the Remote Control window is updated (in milliseconds). The more frequently the display is updated, the more bandwidth is required. Only update foreground window. Select to refresh only the selected window in the remote control session.
Set Remote Control Permissions

Deployment Solution provides multiple features for ensuring privacy and security when a managed computer is remotely controlled. Before a managed computer can be remotely controlled, the Remote Control preferences on the Deployment Agent for Windows must be set to allow remote control access. You can also lock the keyboard and mouse of the managed computer or provide a message to the user asking for permission to initiate a remote session. This provides an opportunity for the user to allow or reject the request. In certain environments, such as a lab or classroom, using a prompt to ask for permission might not be preferred. To remotely set security options on each managed computer, use Change Agent Settings from the console or open Properties on the Deployment Agent on the client computer (you must access Admin properties). 1. 2. 3. After opening the Deployment Agent property page, select the Remote Control tab. Select Allow this computer to be remote controlled to provide access from the Deployment Server Console. To lock the keyboard and mouse during a remote control session, select the Enable keyboard and mouse driver box. This is optional. This option works only on Windows 2000/XP/2003. Note After selecting this option (either enabling or disabling the keyboard and mouse) you must restart the managed computer. This can be done using a Power Control operation. 4. If you want the user to be prompted before a remote control session begins, click the User Prompts tab. a. b. Under the Choose the commands you would like to be prompted before executing options, select the Remote Control commands option. Specify the number of seconds you want the prompt to wait. Also, specify what will happen after the prompt time is up. Click either Continue the operation or Abort the operation.
5.
Click OK.
Start Multiple Sessions

You can manage multiple computers using the Remote Control feature. However, the more computers you include in the session the larger the bandwidth over the network. Open a separate Remote Control window for each managed computer. Right-click each computer and select Remote Control. A new window appears for each selected computer.
134
Open a Remote Control window for a group of managed computers. Right-click a computer group icon and select Remote Control. The Remote Control Options dialog appears with options to Control each client separately in its own window or to Control all clients together. If you select to control clients separately, individual windows appear for each computer. If you select to control clients together, you are asked to select a master computer. The master computer is the computer that appears in the Remote Control window, however all actions taken from the console also run on the other computers in the group. All computers in the group should be similar in configuration to work properly. Note If you are controlling multiple computers in a single window, you can send a file only between the console and the master client. If you want to send a file to multiple clients at the same time, use the Copy File to feature. See Copy File to (page 187). To end a Remote Control session, click Control > Close Window. See also Remote Operations Using Deployment Solution (page 127).
Execute
Send a command from the Deployment console as if you were entering a command from the command-line prompt on the client computer.
Execute a command to a client computer by right-clicking a computer icon in the Computers pane and selecting Execute, clicking Operations > Execute from the menu, or clicking the icon in the toolbar.
1.
Type a command you would like executed on the selected remote computer(s), or select from a list of previously run commands. Example: type regedit to open the Registry on the computer. To run the command as another user on the managed computer, click User and enter the user name and password.
2.
User Account
Use this dialog to run a script using another local user account. You can log in with another user name and password with rights to run an execute command. Run with default security credentials. This option runs with the current user credentials. This is the default option. Run with the following credentials. Click this option to log on with another user name and password. See also Remote Operations Using Deployment Solution (page 127).
135
Chat
You can communicate with managed computers using the Chat text messaging system. From the Deployment Server Console, select an individual computer or a group of computers to open an individual chat session with each logged-in user.
Open text messaging with a user by right-clicking the computer icon in the Computers pane and selecting Chat, or clicking the icon in the Remote Control window.
1. 2. 3.
Open a chat session. The Chat with <computer name> window appears identifying the computer you are sending messages to. Type a message in the lower text box. Click Send or press <Enter>. The exchange of text messages appears in the upper text box.
Prompt User for Properties

This feature lets an administrator prompt a user for computer location and user information. The information supplied in this form appears in the Location properties in the Computer Properties dialog.
To prompt a user for location properties

1. In the Computers pane of the Deployment Server Console, right-click a computer and click Advanced > Prompt User for Properties. You can also select a computer and click on the Prompt User for Properties icon in the toolbar or click on Operations > Prompt User for Properties. A dialog appears in the Deployment Server Console with a list of properties. 2. Select the properties to prompt the user. The properties selected in this dialog are active on the property form sent to the user, letting the user type information for the selected properties. Note All properties are selected by default; you must deselect the properties you dont want included when the client is prompted. 3. Click OK. The properties form appears for the logged-on user of the computer, asking for location properties.
136
When the user enters information and selects OK, the Location properties in the computer properties fields is updated for the selected computer. If the user changed the computer name, the name in the Computers pane of the Deployment Console also changes. These settings are stored directly to the Deployment Database. See also Chat (page 136) and Remote Operations Using Deployment Solution (page 127).
Install Automation Partition

When the Deployment Server sends a deployment job to client computers, tasks within the job can be assigned the default automation pre-boot environment, or one of DOS, Linux, or Windows PE. With an embedded (recommended) or hidden automation partition installed on the client computers hard disk, deployment jobs can run automatically. You can have multiple tasks within a deployment job, and each task can be assigned to run in a different automation environment, depending on the task and end result you want. The following are the automation tasks you can add to the deployment jobs. Run script Create disk image Distribute disk image Scripted OS install
During the Deployment Server installation, the Pre-boot Operating System page appears for you to select a default pre-boot operating system, which is used by Boot Disk Creator to create the configurations that boot client computers to automation. You can install additional pre-boot operating system files through Boot Disk Creator. See Boot Disk Creator Help. If you are running Altiris PXE Servers, you do not need to install an automation partition on each client computers hard disk. When the Deployment Server sends a deployment job, PXE-enabled client computers search for an Altiris PXE Server to receive the boot menu options and the boot menu files that are required to boot to automation. See Automation Pre-boot Environment in the Deployment Server Reference Guide.
137
To install an automation partition

1. 2. 3. Right-click a computer and click Advanced > Install Automation Partition. Select the pre-boot operating system environment you want to install from the drop-down list. Click OK. The Automation Agent you selected installs as an embedded partition on the client computers hard disk. After the installation completes, the client computer reboots automatically. You can now run automation-specific deployment tasks this computer.
Change Agent Settings

This feature lets you modify most of the agent settings for a selected computer or computer group. You can set properties for the Production Agent (Deployment Agent), or for an Automation Agent.
To change agent settings

1. 2. 3. 4. From the Computers pane, right-click a computer and select Change Agent Settings. Select either Production Agent or Automation Agent. Edit the properties settings. Click OK.
Deploying and Managing Servers

Deployment Solution provides additional features to remotely install, deploy and manage network and Web servers. From the Deployment Server Console, you can configure new server hardware, install operating systems and applications, and manage servers throughout their life cycle. And because servers are mission-critical, you can set up a system to quickly deploy new servers or automatically re-deploy servers that have failed. Features like rules-based deployment, support for remote management cards, and quick server restoration from a deployment history give you new tools to manage all servers throughout your organization.
Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, or any Linux operating system), multiple processors, and specific vendor server models.
Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers.
138
Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides serverspecific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options (page 139).
Server Management Features

Deployment Server provides various features for deploying and managing servers. These features are supported for client and handheld computers as well, but are essential in deploying servers. Server icons. The Deployment consoles shows the icons to identify servers across the network. Like other computer icons in the console, server icons can be selected to view server properties or assign specific jobs and management tasks
Icon
Description
Indicates a server is active and a user is logged on.
Indicates a server is disconnected from the console.
Indicates a server is in a waiting state.
Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up operating system install files using a wizard. See Scripted OS Install (page 168). Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings (page 107). Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server.
Server Deployment Options

Deployment Server includes features to automatically reconfigure and redeploy new servers. If you are using Initial Deployment to automatically re-image new servers or run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2) run automatically for every server not identified as a managed computer in the database. These contrasting settings are based on polices you define for managing servers in your organization.
139
Example: if you rely on PXE to boot the new server and you want to deploy new servers automatically without halting the process, you must change the default settings in the PXE Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed (or waits a set time before proceeding) to avoid erroneous redeployment, you need to set the options in the Advanced section of Initial Deployment.
Halt the Initial Deployment of Servers

When a server boots from the Altiris PXE server or from Automation (if the option is set), Deployment Server recognizes it as a new computer and attempts to configure the computer with Sample Jobs in Deployment Solution. Initial Deployment includes a feature to prohibit servers from being deployed automatically. 1. 2. 3. Click Initial Deployment and select Properties. Click the Advanced tab. Click the Servers check box and click OK.
Initial Deployment does not run for any computer identified in the console as a server.
Change PXE Options for Initial Deployment

If installing a server using an Altiris PXE Server, the server attempts to install but does not run automatically using default settings. It waits until a boot option is selected from the client computer. You can change the default setting in the PXE Configuration Utility to allow Initial Deployment to run automatically and not sit at the prompt. 1. 2. 3. 4. Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility. Click the DS tab. Select a pre-boot operating system from the Initial Deploy boot option dropdown list. Click Execute Immediately. Initial Deployment runs automatically for every identified server. 5. 6. Click Save. Click OK.
Clear BootWorks Prompt for Remote Install

When you run a deployment job on a computer where the Deployment Agent has been remotely installed, a message appears stating that no BootWorks partition or PXE stamp is found. The message remains open until the user clicks OK on the message dialog, which delays executing the scheduled job as part of an automated redeployment process. To fix this delay: 1. 2. 3. 4. 5. 6. Select Tools > Options.The Altiris Program Options dialog appears. Select the Agent Settings tab. Select Change Default Settings. Select the BootWorks tab. In the lower section, select Never prompt me from the list. Click OK.
140
Following these steps ensures that the BootWorks message does not appear and things move forward when a job is scheduled.
Managing Server Blades

Deployment Solution lets you manage high-density server blades with Rack/Enclosure/ Bay (R/E/B) hardware and properties. From the Deployment Console you can deploy and manage these space-efficient server blades using the physical view to assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage each server blade directly from the logical view. See Bay (page 126) for properties and rules to deploy Rack/Enclosure/Bay servers.
Using Deployment Solution, you can employ rip and replace technology that lets you insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, letting you replace any downed server and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade.
Managing New Server Blades

Deployment Solution lets you automatically deploy, configure and provision new server blades using a variety of features, including Sample Jobs in Deployment Solution, and Server Deployment Rules.
New Server Blades in Newly Identified Bays

When new blades are identified in a Bay that has not been used previously (if it has been used previously, the Bay object is identified in the physical view), both the Initial Deployment and Virtual Bays features can be set up to automatically run configuration tasks and deployment jobs. To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid Deployment Pack installations of Deployment Solution. Initial Deployment setup: Clear the Servers check box in the Advanced dialog. If both new computer features are set up and a new server blade is installed in a Bay not previously identified by the Deployment Server, the Create Virtual Bay feature executes and Initial Deployment does not execute.
New Server Blades in Identified Bays

If a new HP server blade is installed in an identified Bay (one that has already had a server blade installed and is visible from the Deployment Console), both Sample Jobs in Deployment Solution and Server Deployment Rules can be set up. However, when both are set up the Server Deployment Rules executes and Initial Deployment does not execute.
Virtual Bays
Hewlett-Packard blade servers now have a Virtual Bay feature that lets you pre-assign deployment jobs to the Rack, the Enclosure, or to a specific blade server in the Bay. Any
141
HP blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. (This feature requires that the Hewlett-Packard Rapid Deployment Pack is installed.) The Virtual Rack/Enclosure/ Bay icons change from virtual icons to managed server icons in the Deployment console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the pre-configured computer account is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays are truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you need to recreate the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades (page 141).
Hewlett-Packard Server Blades

Hewlett-Packard high-density blade servers can be deployed and managed from the Deployment console. The following HP server blades are supported:
HP Proliant BL e-Class
Proliant BL 10e Proliant BL 10e G2
HP Proliant BL p-class
Proliant BL 20p Proliant BL 20p G2 Proliant BL 40p
HP blade servers let you employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/ rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server appears along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and appear in both the physical and server views within the Computers pane of the Deployment console. For HP blade servers in the physical view the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features (page 139) and Server Deployment Options (page 139).
142
Dell Server Blades

Dell high-density blade servers can be deployed and managed from the Deployment console. All Dell Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The following servers are supported:
Dell Rack Servers

All PowerEdge rack servers
Dell Server Blades

PowerEdge 1655MC
For Dell blade servers in the physical view, the Rack name is always Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example: Dell <enclosureName> <bayName> See also Server Management Features (page 139) and Server Deployment Options (page 139).
Fujitsu-Siemens Server Blades

Fujitsu-Siemens high-density blade servers can be deployed and managed from the Deployment console. All Fujitsu-Siemens Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/ Enclosure/Bay view. The following servers are supported:
Fujitsu-Siemens Rack Servers

All Primergy rack servers

Primergy BX300 blade servers
For Fujitsu-Siemens blade servers in the physical view, the Rack name is always Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features (page 139) and Server Deployment Options (page 139). Note If you have Fujitsu-Siemens Server blades managed by the Deployment Server, ensure that the SNMP service is running on the Deployment Server. Also, if the Deployment Server is installed on a Windows 2003 server, ensure that the security is set correctly to receive traps from remote computers. By default, Deployment Servers cannot receive traps from remote computers.
143
IBM Server Blades

IBM high-density Blade Centers can be deployed and managed from the Deployment console. All IBM blade servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. For IBM blade servers in the physical view, the Rack name is always IBM. All subordinate Enclosures are identified with custom names under the IBM rack name and Bays are identified by number. Example: IBM <enclosureName> <baynumber> See also Server Management Features (page 139) and Server Deployment Options (page 139).

This search filter lets you type a string and query specified database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. This search filter queries property values appear in the Computer Properties (page 124) pages.
Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The search begins at the top of the computer list and highlights the computer name in the Computers pane when a match is found. Press F3 to find the next computer that matches the search criteria until there are no more results, or the end of the computer list is reached.
1.
In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string is compared with specified database fields. From the In Field drop-down list, select the field you want to search in the Deployment Database. Example: to find a computer by searching for its IP address, type the address in Search For field and select IP Address from the In Field drop down list.
2.
Name Computer Name MAC Address IP Address ID Serial Number
BIOS name of the computer. Deployment Solution name of the computer. 0080C6E983E8, for example. 192.168.1.1, for example. The computer ID. 5000001, for example. Serial number installed in BIOS. A primary lookup key.
144
Asset Tag UUID Registered User Product Key Logged On User Physical Bay Name
Asset number in BIOS. A primary lookup key. A primary lookup key. Name entered when the operating system was installed. Product Key for the operating system. Name of the user currently at the computer. The actual bay number: 7x, for example.
The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and lets wildcard searches using the *. See also Computer Filters and Job Conditions (page 83).
Using Lab Builder

Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a classroom or lab environment.
Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment.
You can set up jobs to:

Create Disk Image Deploy Lab Restore Lab Update Configuration Upload Registries Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs under a folder (which you name) located under the Lab folder. All tasks in the jobs have been assigned default paths and file names that let them to use the same images and configuration information, registry data, and so on. We suggest that you do not change the file names and paths. If you change the default settings (example: changing the image name), you must change it in all jobs where the image is used.
To use Lab Builder

1. 2. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder. Enter the name of the lab setup.
145
Note The lab name must be unique because the program creates a default image file name based on the name, and the image file name must be unique. The default image name is synchronized in all lab jobs, so if you change the name later you must change it in all the jobs that use the image. 3. 4. 5. Enter a lab description to help you differentiate the lab from others (optional). Click OK. This is also optional. Identify an image in the Create Disk Image job. Set computer names and addresses in the Update Configuration job.
The following information describes the default jobs. To run one of these jobs, simply drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset the IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server.
146
Building and Scheduling Jobs

A job represents a collection of predefined or custom deployment tasks that are scheduled and executed remotely on selected client computers. You can build jobs with tasks to automatically create and deploy hard disk images, back up and distribute software or personality settings, add printers, configure computer settings, and perform all aspects of IT administration. Jobs can be run immediately for a specific computer, or stored and scheduled for daily or long-term administrative duties on multiple computer groups.
Job icons appear in the Jobs pane of the Deployment console. To assign and schedule a job in the Deployment Console, drag the job icon to selected computer icons. Job status icons also appear in the Details pane of the Deployment Console to indicate various deployment states. See Viewing Job Details (page 147).
The New Job Wizard guides you through common deployment and management jobs. It is an easy way to set up new users or migrate users to new computers, create and distribute images of computers on the network, distribute software packages, restore computers, and more. Jobs include one or more Deployment Tasks. You build jobs by adding tasks to a job and customizing the task for your specific needs. You can add tasks to capture and distribute images, software packages, and personality settings. Or you can write and run a script task, or run scripted installs, configure settings, copy files and back up registry settings. You can also modify existing jobs by adding, modifying, copy and pasting, or deleting tasks to fit your needs. See Building New Jobs (page 152). Set conditions on jobs to run only on computers with properties that match the criteria you specify. You can build one job to run on different computer types for different needs, and avoid mistakes by ensuring that the right job runs on the right managed computer. See Setting Conditions for Task Sets (page 153). Initial Deployment lets you run predefined jobs and configuration tasks on new computers when they start up. You can automatically deploy new computers by imaging and configuring TCP/IP, SIDs, and other network settings and installing basic software packages. See Sample Jobs in Deployment Solution (page 195). Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs pane. You can run many sample jobs as they are, or you can set environmental variables. See Sample Jobs in Deployment Solution (page 195).
Viewing Job Details

As jobs are assigned, scheduled and executed, it is helpful to know specific details about their status and assignments. The Deployment Console provides job icons to show state and status of the job in the Details pane:
147
Job status icons that update the state of the job in running deployment tasks. These icons are graphical symbols in the Deployment console used to identify the status of an assigned job. .
Indicates that a job is scheduled to run on a computer or computer group.
Indicates that a job is in progress.
In the Details pane, indicates that a job has executed successfully.
Indicates that a job is associated with a computer or group of computers but is not scheduled. Indicates error conditions when individual tasks run.
A description of the job, if available. You can also use Add or Modify in the main window to edit the description as well. If a job defines error conditions when individual tasks run, the Status field displays any errors incurred and the tasks that completed successfully. Job Schedule details. This is the job's run time, beginning when the job started and ending when it completed successfully. The currently applied conditions appear in a list box with a Setup option to add conditions to different task sets for different computer properties within a job. Conditions specify characteristics that a computer must have before the job will execute. See Setting Conditions for Task Sets (page 153). A list of tasks assigned to the job and task descriptions also appears. Change the order of the task execution with the up and down arrows. Tasks are executed in the order they are listed. See Deployment Tasks (page 156). Features to add, modify, and delete tasks for each job. A list of assigned computers and its deployment history. To sort jobs or computer details, just point and click on the category in the Details bar. Example: click the Status column heading to organize and display the progress status of the job. See also Viewing Computer Details (page 98).
New Job Wizard

The New Job Wizard provides integrated features to build, assign, and schedule common deployment jobs. It helps you build the most common jobs, and guides you through additional steps to assign and schedule the jobs to selected computers. It lets you quickly build image files and deploy new computers, distribute software packages, migrate users, and more.
148
Note When a software package or deployment job is scheduled to run on client computers, the Altiris Client Service Message dialog appears, warning them that a job is about to execute. If a user clicks Abort when the message appears, an event is logged to the client's history so that Deployment Solution administrators know when users abort a scheduled event.
Create a new job by clicking New Job Wizard on the Deployment Console, clicking File > New > Job Wizard, or right-clicking in the Jobs pane of the Deployment Console and selecting New Job Wizard. The New Job Wizard appears to guide you through basic deployment jobs.
1.
Select a job option: Create an image. This wizard guides you through the steps required to create an image of a computers hard disk and schedule the job. See Creating a Disk Image (page 158). Deploy and configure computers. This wizard guides you through the steps required to lay down a new disk image on a selected computer and install software and personality settings. See Distributing a Disk Image (page 163). Deploy software packages. This wizard guides you through steps required to install software packages. You can set conditions, select packages, assign to computers, and schedule the job. See Distributing Software (page 175). Restore a computer. This wizard guides you through the steps required to restore a computer to a known working state by re-imaging the hard drive and reinstalling software packages, personality settings, and defining configuration values. This option reschedules jobs saved in each managed computers history record, which contains all deployment tasks previously processed. See Restoring a Computer from its Deployment History (page 129). Migrate computers. This wizard guides you through the steps required to move a computer hard disk image, applications, and personality settings from a source computer to a destination computer. You can perform one or more migration operations using provided options.
2. 3.
Give the job a unique name. You can type a name with up to 64 characters. Follow the steps in each wizard to create a job (some New Job wizards build multiple jobs). After creating a job, the job appears in the Jobs pane of the Deployment console with deployment tasks listed in the Tasks list for each job selected.
Note You cannot define return codes when using the New Job Wizard. See Building New Jobs (page 152) to build customized jobs and set up return codes. See also Modifying Tasks in a Deployment Job (page 189).
149
Migrating Computers
From the New Job Wizard you can select Migrate computers to quickly distribute hard disk images, software, and settings from a users current computer to a new computer. You can image a new computers hard disk with a new operating system and install software and personality settings. Or perform different levels of migration to distribute only software or to simply capture and distribute personality settings to the new computer.
Migrate one computer to another separate computer

Click this option to migrate a user from a source computer (old computer) to another destination computer (new computer). Capture personality settings, distribute a new hard disk image, distribute software and redistribute the saved personality settings from the source computer to the new destination computer. Click the option to migrate only personality settings to one or more computers. Additionally, select Prepare destination computer with a disk image to distribute a disk image to the new computer and select Install software packages prior to applying the personality on the destination computer to install software packages on the new computer. Note This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job (Distribute). Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on page 179) to capture the personality of the source computer and a Modify Configuration task to rename the source computer to avoid naming conflicts (see Modifying Configuration on page 182). The source computer is named computerName (Old). Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page 163) if selected, a Modify Configuration task to update settings to the destination computer, and one or more Install Package tasks to update software (if selected) and migrate personality settings. See Distributing Software (page 175).
Migrate the same computer to another operating system

Click this option to upgrade the operating system on a computer and reinstall personality settings and software packages on the same computer. It creates jobs and tasks to capture the personality settings, distribute a new disk image, distribute software packages, and migrate the personality settings. Click the option to deploy a disk image and migrate the personality settings to the computer. Select Install software packages prior to applying the personality on the destination computer to install software packages on the computer. Note This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job (Distribute). Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on page 179) to capture the personality of the source computer.
150
Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page 163) and one or more Install Package tasks to update software, if selected (see Distributing Software on page 175).
Simply capture the personality of the computers

Click this option to capture and save, but not distribute, the personality settings of the selected computer(s). You can select a personality template and save Personality Packages to the Deployment Share, letting you distribute these personality settings later to new computers. Note This option creates a single job with a Capture Personality Settings task (see Capturing Personality Settings on page 179). See also New Job Wizard (page 148).
Selecting Computers in the New Job Wizard

The New Job Wizard provides steps to select and assign computers to the jobs created in the wizard, rather than requiring you to create a job and assign it to computers when Building New Jobs. The jobs created in the New Job Wizard appear in the Jobs pane, and can be saved and assigned to other computers at a later time. You can also schedule jobs for the specified computers in the wizard. See Scheduling Jobs (page 155).
Apply Computers to a Job

When deploying software in the New Job Wizard, you can select computers to assign the Distributing Software job created in the wizard. You can also select an option to simply store the job and use it at another time without scheduling the job. Regardless of the scheduling option selected, the job appears in the Jobs pane to use at another time. New Computers. Open an Adding New Computers dialog to create new user accounts to assign the job. See also Scheduling Jobs (page 155).
Associating Destination Computers

Use this dialog to associate source computers with destination computers when migrating personality settings. Depending on the computers selected in the previous Select Computers dialog, you can migrate personality settings captured from the source computers to new destination computers. Right-click a computer in the Source column to replace it with another source computer. Right-click a computer in the Destination column to replace it with another destination computer and assign it to a new source computer. To automatically assign multiple computers, click Automatic to assign source computers with destination computers using an alpha-numeric order. The associated computers share personality settings after running the jobs. See also Migrating Computers (page 150).
151
Setting up Conditions in the New Job Wizard

The New Job Wizard also provides steps to set up conditions, a step usually performed independently for each job during its build phase. Setting conditions lets you run selected tasks only on computers matching defined criteria. See Setting Conditions for Task Sets (page 153). Click Setup conditions for this set of tasks to open the Define Conditions dialog from the New Job Wizard.
Install Software Packages

The New Job Wizard provides steps to install software packages to the selected computer(s). You can install any type of software to the managed client computer, including .MSIs, .RIPs, and Personality Packages. If the selected package is not a .RIP or Personality Package, a message appears asking if you want to continue. See Distributing Software (page 175) for additional information.
Summary of Options
After selecting the options in the New Job Wizard, you can view a summary of the job names, assigned computers, conditions, and other selected choices. To change any options, click Back to return to the previous dialog. Click Finish to complete the steps in the wizard. See also New Job Wizard (page 148) and Job Scheduling Wizard (page 153).
Building New Jobs

A job can be a single task to distribute software or change computer property settings, or a job can be a series of tasks sequenced to migrate hard disk images, set postinstallation TCP/IP and SID values, and install software packages and personality settings.
Create a new job by clicking New Job on the Deployment Console. Click File > New > Job, or right-click in the Jobs pane of the Deployment Console, and select New Job. You can modify jobs by double-clicking the job or right-clicking, and selecting Properties. Add tasks to each job by clicking Add.
1.
Create a new job. Enter a unique name and description for the job. You can type a name with up to 64 characters. A new job is added to the Jobs pane in the Deployment console. You can group and organize jobs, and access and apply them to computers or computer groups from an index of prebuilt jobs.
2.
Set conditions to apply the job to specified computers meeting defined criteria. Order multiple conditions to run jobs on computers that match the first applicable condition. See Setting Conditions for Task Sets (page 153). This is optional. Click Add to open a list of possible deployment tasks to add to each job. See Deployment Tasks (page 156).
3.
152
4.
Set task options using the provided wizards. After you complete the steps to create a task, it is added to the task list box. Click Add to add another task. Use the up and down arrows to change the order of execution of the tasks in the Task list box. Tasks are executed in the order that they appear in the task list. As a result, ensure you do not run a task that overrides the previous tasks. Example: list Distribute Disk Image above Distribute Software or Distribute Personality, letting the hard disk to be imaged before installing applications and settings.
5. 6. 7.
Set Return Codes. The last action in each task wizard lets you set return codes for each deployment task. See Setting Up Return Codes (page 193). This is optional. After adding tasks, click OK. To schedule the job, drag it to a computer or computer group. The Schedule Jobs dialog appears. See Scheduling Jobs (page 155).
See also Importing and Exporting Jobs (page 192).
Job Scheduling Wizard

The Job Scheduling Wizard provides features to assign jobs to selected computers and computer groups, and to schedule the jobs to run without using a mouse. This new feature meets Section 508 requirements to improve disability access and lets integration of voice activation software and other user interface features.
Select Job(s)
Select the job(s) or group(s) of jobs to assign to computers or computer groups. Use the SHIFT and CTRL keys to select multiple jobs or job folders. Click Next.
Select Computer(s) or Computer Groups

Select the computer(s) or group(s) of computers to assign the jobs selected in the previous dialog. Use the SHIFT and CTRL keys to select multiple computers or groups. Click Next. New Computers. Click when Adding New Computers.
Setting Conditions for Task Sets

Setting conditions on a job lets you run selected tasks only on computers that match defined criteria. As a result, you can create a single job with tasks defined for computers with varying properties, including operating system types, network adapters, processors, free drive space and other computer properties. You can create task sets for each job that apply only to the computers matching those conditions. Note The default condition (named default) has no parameters or values associated with it. If this is the only condition that a job contains, the tasks associated with the default condition will always work on all computers to which the job is assigned. Default condition is like having no conditions.
153
In addition, if a task is associated with the default condition the task always executes when a computer does not meet any other conditions associated with this job. 1. 2. Select a job in the Jobs pane of the Deployment Console. The Job Properties dialog appears. Click Setup next to the Condition field. A menu appears with options to create a New condition, Modify a condition, or Delete a condition. To reorder conditions, click Order and reorder them using up or down. See Order Condition Sets (page 154). 3. 4. Click New in the menu to open the Condition Settings dialog. Enter a name for the condition up to 64 characters. Click Add to open the Condition dialog. Click the Field list and select a data field heading from the list. You can define conditions based on common client features such as operating system, software and hardware version, hard drive space, operating system language, RAM, and other characteristics. Click Operation and select a compare statement. In the Value box, type a string to search for in the selected database field. You can set conditions based on computer properties stored in fields in the Deployment Database. Example: you can set a condition to match a particular asset tag, Altiris agent version, or IP address. You can use wildcard characters and AND/OR operators. 5. 6. To set up custom conditions based on custom tokens, select User Defined Tokens from the Field list. Click OK.
The task set you create appears in the Task list for each condition. When you select a new condition, the tasks for that condition appear. You can set Condition A to distribute the XPImage.img file to Windows XP computers using a Deploy Image task. You can set Condition B to distribute the W2KImage.img file to Windows 2000 computers using another Deploy Image task. When the job is applied to a computer group, the conditions are evaluated for each computer and the appropriate task executes on the appropriate computer. Note When using User Defined Tokens to set conditions for some client property values, you may be required to use the decimal value rather than the hex value. Example: when setting conditions based on the NICS table on the nic_device_id and nic_vendor_id columns, you are required to use decimal values. See also Deployment Tasks (page 156).
Order Condition Sets

By specifying and ordering different sets of conditions, you can determine when a task executes based on defined computer properties. Each condition is processed in sequence until the computer matches the condition defined within a set. If the computer does not meet any of the defined conditions, it runs the default condition. Once a match is found, the set of tasks for this condition set is processed. See also Setting Conditions for Task Sets (page 153).
154
Scheduling Jobs
After a job has been created, and it has been assigned to multiple computers or computer groups, the Schedule Job dialog appears, letting you schedule the job to run immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected from the Jobs pane of the Deployment Console are scheduled in the order they were selected, even across multiple Deployment Servers.
To schedule a job
1. 2. Drag a job to a computer or computer group. The Schedule Job dialog appears. In the Schedule Job dialog, click the Job Schedule tab. The following options are available: Do not schedule. This option lets you apply jobs to computers but does not run the job until you return to the Schedule Job dialog and set a run time. Run this Job immediately. This option lets you run the job now. Schedule this Job. This option lets you type the date and time to run the job at a specified time and date. To run it at regular intervals, specify a time and date to repeat. Repeat this job every x. A job can be scheduled to execute by minute(s), day(s), hour(s), week(s). Allow this job to be deferred for up to x. A job can be deferred when the server is busy executing other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to five minutes. Schedule in batches of x computers at y minute intervals. This option lets you schedule computers in batches to maximize efficiency. 3. 4. 5. Click the Computer(s) Selected tab. This is a list of computers, their associated group, and IP address that the job is scheduled to run. Click the Job(s) Selected tab. The job name and folder located in the Jobs pane appear. Use the up and down arrows to change the order of the scheduled jobs. Click OK.
Note The Schedule Job dialog is the same for Rescheduling Jobs, New Job Wizard, and Job Scheduling Wizard.
To reschedule a job
1. From either the Computers or Jobs panes in the Deployment console, select a job or computer that has been previously scheduled. A job icon appears in the Details pane identifying the computers assigned or the name of the job. 2. Select the job icon, click the scheduled computers in the Details pane, right-click and click Reschedule. If you selected a computer icon, click the job icon in the Details pane, right-click and click Reschedule. The Schedule Jobs dialog appears. 3. To immediately start a scheduled job that has not yet run, right-click the job icon and select Start Now.
155
4.
To stop a repeating job, right-click the job in the Details pane and click Discontinue Repeat. At this point you need to schedule a new time to run the job or click the Do not schedule option.
To remove computers from a scheduled job

You can complete this task by removing a job assigned to a computer or removing a computer assigned to a job. 1. 2. Click a job in the Jobs pane. Click a computer in the Details view and press Delete or right click the job(s) and select Delete.
To remove tasks from a job

You can remove tasks assigned to a job by double-clicking the job and opening the Job Properties dialog. (Edit features also open in the Details view of the Deployment Console when you select the job from the Jobs pane). 1. 2. Select one of the assigned tasks in the Task list. Click Delete.
To remove scheduled jobs from a computer

1. 2. Click the computer. Select the scheduled job in the Details window, and press Delete or right click the job(s) and select Delete. To remove multiple jobs, hold down the SHIFT or CTRL key while you select the job(s), press Delete or right click the job(s) and select Delete. The icon for a scheduled job is yellow.
To run a job immediately from the Resources view

If you have a batch file, image file, .RIP, .MSI, or executable file assigned to a job or stored in the Deployment Share, these files and packages appear in the Resources view (see Shortcuts and Resources View on page 75). You can drag these files and packages from the Resources view to a computer or computer group to automatically create and run a job (or you can drag computers to a file or package in the Resources view). A job is created automatically for each assigned package in the Systems Jobs > Drag-n-Drop folder. See also Building New Jobs (page 152) and Modifying Tasks in a Deployment Job (page 189).
Deployment Tasks
A task is an action of a job. Jobs are built with tasks. Each task is executed according to its order in the task list contained in a job. You can resize the task pane by dragging the bottom pane (horizontal bar) that separates the task list and the scheduled computer list of the Deployment Console. This lets you view a greater number of tasks in a deployment job without using the scroll bar to navigate up and down. The Deployment Console has multiple tasks available from the Add menu, including:
156
Create Disk Image. Create a disk image from a reference computer and save the image file (.IMG or .EXE files) for later distribution. See Creating a Disk Image (page 158). Distribute Disk Image. Distribute previously created disk images (.IMG or .EXE files) or create a disk image from a reference computer on the network and simultaneously distribute it (.IMG or .EXE) to other managed computers on the network. See Distributing a Disk Image (page 163). Scripted OS Install. Run scripted (unattended) installs using answer files to install computers remotely over the network. See Scripted OS Install (page 168). Distribute Software. Distribute .RIPs, .MSI files, scripts, personality settings and other package files to computers or groups. See Distributing Software (page 175). Manage the SVS Layer. Instantly activate, deactivate or reset layers and completely avoid conflicts between applications, without altering the base Windows application. See Managing the SVS Layer (page 177). Capture Personality. Capture the personality settings of a selected computer on the network using the PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing Personality Settings (page 179). Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid Altiris packages and assign passwords and command-line options to Personality Packages. See Distributing Personality Settings (page 180). Modify Configuration. Modify the IP address, computer and user name, domains and Active Directory organizational units, and other network information and computer properties. See Modifying Configuration (page 182). Get Inventory. This lets you gather inventory information from client computers to ensure that the deployment database is up-to-date with the latest computer properties. See Get Inventory (page 183). Run Script. Create custom commands using scripts to perform jobs outside the bounds of the pre configured tasks. Use the Run Script dialog to select or define a script file to run on specified computers or groups. See Run Script (page 183). Copy File to. Copy a file from the Deployment Share or another source computer to a destination computer. See Copy File to (page 187). Power Control. Perform power control options to restart, shutdown, power off, and log off. See Power Control (page 189). Wait. Use the Wait dialog to retain a computer in automation mode after a task is performed. See Wait (page 189). Tasks are listed for each job in the task list box. Each task executes according to its order in the list. You can change the order using the up and down arrow keys.
Supported Live Task Types

Following is the list of the live tasks supported for the x64, IA64, and SPARC platforms.
Task
Restore Computer History
x64
Yes Yes
IA64
Yes Yes
SPARC
Yes Yes
157
Task
Configure Quick Disk Image Power Control: Wake Up Power Control: Restart Power Control: Shutdown Power Control: Log off Remote Control Execute Copy File Chat Advanced: Clear Computer Status Advanced: Prompt User for Properties Advanced: Reset Connection Advanced: Install Automation Partition Advanced: Get Inventory Advanced: Reject Connection Advanced: Uninstall Windows Agent Advanced: Install BIS Certificate Advanced: Remove BIS Certificate Advanced: Apply Regular License New Job Wizard New Group New Computer Rename Delete Change Agent Setting Permissions Job Scheduling Wizard
x64
Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Yes
IA64
Yes Yes Yes Yes Yes Yes No Yes Yes No Yes Yes Yes
SPARC
Yes Yes Yes Yes Yes No No Yes Yes No Yes No Yes
Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Creating a Disk Image

This task creates an image of a computers hard disk. You can save the disk image as an .IMG file, .EXE file, .WIM file, .DMG file, or as a .GHO file
Create an image file using the New Job Wizard or adding the task when Building New Jobs. You can distribute the disk image file using the Distributing a Disk Image task. This task will run Altiris RDeploy.exe from the console to capture and migrate hard disk images.
158
Note To create an image of a computer, you must boot to DOS, Linux, or Windows PE. This requires that you set up an Altiris PXE Server or install an automation partition.
To create a disk image

1. Select an imaging tool from the drop-down list. You can select RapiDeploy (Text mode), RapiDeploy (Graphics mode), RapiDeploy (Linux mode), ImageX, Mac Image or Ghost. The following are the RapiDeploy options for imaging. RDeploy Options RDeployT is the default imaging executable. This facilitates the imaging of thin client computers. Graphical Mode (RDeploy). Select this option to run the RDeploy in a GUI mode. Text Mode (RDeployT). Select this option to run the RDeploy in a text mode. Linux (RDeploy). Select this option to run the RDeploy in Linux mode. You can select the ImageX or Mac Image option for imaging. If you select ImageX, the image is created as a .WIM file. If you select Mac Image, the image is created as a .DMG file. For information on creating and deploying a Mac Image, see Creating a Mac Image (page 160). You can also select the Ghost option for imaging. If you select Ghost, the image is created as a .GHO file. For information on creating and deploying a Ghost Image, see Creating a Ghost Image (page 161). Important Linux (RDeploy) and Ghost options are available only when the ImageTools.ini file is stored in the eXpress folder. 2. Enter any additional parameters in the Additional Parameters field. You can add command-line options specifically for the RapiDeploy program to execute imaging tasks. See the Command-line Switches in the Deployment and Migration Guide. 3. Enter a path and file name to store the disk image file. You can store image files to access later when a managed computer is assigned a job that includes the image file. The default file name extension is .IMG. Saving image files with an .EXE extension makes them into self-extracting executable files (the run-time version of RapiDeploy is added in the file). You can also save ImageX files with a .WIM extension, a Mac image with a .DMG extension, and a Ghost image with a .GHO extension. 4. Select Disable image path validation if you want to store the image file outside of the Deployment Share file structure. If you do not select this option and do not specify a Deployment Share path, you can see a warning message indicating this and reminding you that your automation process must be configured to use the path indicated in the Name field. You can still save your image to a location outside of the Deployment Share file structure even when you do not select this option. This option only eliminates the warning message. You can use this option to store images locally on the managed computer's hard drive or to an additional server used to store images.
159
When storing images locally on the managed computer's hard drive, be sure to enter the path relative to the managed computer (Example: C:\myimage.img). When you store an image locally on a managed computer instead of a file server, you save server disk space and reduce network traffic. Prerequisite: To store images locally on the managed computers hard drive, you must have a hidden automation partition installed on the managed computer's hard disk with the required disk space to hold the images you want to store. Caution When imaging computers where images are stored on the managed computers hidden automation partition, use the option to remove the automation partition only when you want to clear all images from the computer. 5. Select Prepare using Sysprep to use Sysprep to prepare system for imaging and click Sysprep Advanced Settings. See Advanced Sysprep Settings for Creating a Disk Image (page 162). From the Operating System drop-down list, select the operating system. Note Click Add new to go to the Sysprep Settings dialog and select the OS Information. 7. 8. From the Product Key drop-down list, select the product key. From the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list, select the required pre-boot environment to perform the Create Disk Image task in the selected pre-boot environment. By default, the DOSManaged Boot Option type is selected. Note ImageX requires a Windows PE x86 pre-boot environment. 9. (Optional) To select Media Spanning and additional options, click Advanced. See Create Disk Image Advanced (page 162).
6.
10. Click OK (if you are using the New Job Wizard) or click Next. 11. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 12. Click Finish. The task appears in the Task list for the job. Tip If an imaging Job fails on a managed computer, the Deployment agent configuration page appears on the client. This screen displays a prompt to confirm if the user wants to configure the client or restore the original settings. On the client screen, select Cancel > Restore Original Settings. See also Deployment Tasks (page 156).
Creating a Mac Image

You can create a Mac Image using the Create Disk Image job.
To create a Mac Image

1. From the Imaging Tool drop-down list, select Mac Image (.dmg).
160
2.
Provide the disk number in the Additional Parameters field using the following format: -d[disk#] By default, all partitions of disk 1 are imaged. To image a different disk, provide the disk number in the Additional Parameters field using the same format.
3.
Enter the path and file name to store the disk image. Caution The captured disk image must be stored on an AppleTalk Filing Protocol (AFP) share.
4.
Specify the share using the following format: //server/sharepoint/path/filename.dmg If no credentials for this server are provided in the automation configuration, the guest account is used by default.
5.
Provide the account credentials as part of the path using the following format: //username:password@server/sharepoint/path/filename.dmg
6. 7. 8.
Click Next. The Return Codes dialog appears. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Mac image is created.
Note The Sysprep settings option is disabled if you select Mac Image as the Imaging Tool. The Automation pre-boot Environment for Mac Image is the Default Automation when capturing Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help.
Creating a Ghost Image

Symantec Ghost Solution Suite is a corporate imaging and deployment solution. It also provides operating system migration, software distribution, computer personality migration, hardware and software inventory, and secure system retirement. You can create a Ghost Image using the Create Disk Image job. Important To use the Ghost Solution for creating a disk image, you have to store the ghost.exe and ImageTools.ini files in the Program Files\Altiris\eXpress\Deployment Server directory.
To create a Ghost Image

1. 2. 3. 4. From the Imaging Tool drop-down list, select Ghost Image (.gho). Add any additional parameters in the Additional Parameters field. Enter the path and file name to store the disk image. (Optional) To disable the validation of the image path, select the Disable image path validation check box. This is useful if the image is stored locally, or if you are retrieving the image from a remote server.
161
5. 6.
To use Microsoft Sysprep, select the Prepare using Sysprep check box and specify the operating system and product key. From the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list, select the required pre-boot environment to create the disk in the selected pre-boot environment. By default, the Default Automation (Auto-select) type is selected.
7.
Click Next. The Return Codes dialog appears.
8. 9.
(Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Ghost image is created.
Advanced Sysprep Settings for Creating a Disk Image

You can use the Advanced Sysprep Settings dialog to specify Sysprep mass storage device support. By default, the Enable mass storage device support using built-in drivers option is selected. Disable mass storage device support. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = No. Enable mass storage device support using built-in drivers. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = Yes. Enable mass storage device support using the following: When this option is selected, the Sysprep.inf file contains the section [SysprepMassStorage] and is appended by contents of the file mentioned in the Mass storage section file field. You can also copy the drivers directory mentioned in the Mass storage drivers field.
Advanced Sysprep Settings for Creating a Disk Image in Windows Vista

You can use the Sysprep advanced settings dialog to specify the settings for any Windows Vista operating system. If you select Windows Vista as the operating system under Sysprep settings on the Create Disk Image dialog and click Advanced Settings, the Sysprep advanced settings dialog for Windows Vista appears. This dialog lets you select Plug-n-Play (PnP) drivers options, as well as Sysprep options, such as command-line options.
Create Disk Image Advanced

Media Spanning Maximum file size. The Maximum file size supported is 2 GB. To save an image larger than 2 GB, Deployment Server automatically breaks it into separate files regardless of your storage capacity. From the Maximum file size list, select a media type. Specify ___ MB. If the preferred type is not on the list, enter the file size you want in the field.
162
Additional Options Do not boot to Production. Select this option to create an image of the hard disk while booted to DOS without first booting to Windows to save network settings (TCP/IP settings, SID, computer name, and so on). If you select this option, these network settings are not reapplied to the computer after the imaging task, resulting in network conflicts when the computer starts up. Compression. Compressing an image is a trade-off between size and speed. Uncompressed images are faster to create, but use more disk space. Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to create a larger compressed image file with a faster imaging time. The default setting is Optimize for Speed. Note Configuration restoration after imaging a compressed drive is not supported for this release. Enter an image description (optional) in the Description field to help identify the image.
Distributing a Disk Image

Distribute an RDeploy, ImageX, or Mac image file to managed computers to lay down a previously created hard disk image.
Distribute a hard disk image using the New Job Wizard or adding the Distribute Disk Image task when Building New Jobs. You can create the disk image file using the Creating a Disk Image task.
Note If you deploy a Windows image over a Linux computer or a Linux image over a Windows computer, you must change the path of the Deployment Agent for the Windows log file.
To distribute a disk image

1. 2. 3. Open the New Job Wizard (page 148). From the job wizard, click Add > Distribute Disk Image. The Distribute Disk Image dialog appears. Click Select a disk image file to select a stored image file. This lets you set down a new image file from a previously imaged computer. Enter the name of an existing image file. If you do not want the Deployment Server to validate the selected path, select Disable image path validation. This is useful if the image is stored locally, or if you are retrieving the image from a remote server. 4. Click Select a computer on the network to image a source computer on the network. Enter the name and location of the source computer to both create an image and distribute the newly created image file.
163
This option saves an image of a selected computers hard disk in its current state each time the job executes. You can schedule the job to image a specified computer every time it runs, which updates the image each time. Select the Save the disk image as a file while distributing option to save the newly created image file to a specified disk drive. If you use a reference computer as the image source, you can also choose to save the image as a file for later use. Select the check box to save the image and type in or browse for the location where you want to store the file. 5. Select Prepared using Sysprep to use Sysprep to prepare the system for imaging. Then, click Advanced Sysprep Settings. See Advanced Sysprep Settings for Distributing a Disk Image (page 166). From the Operating System drop-down list, select the operating system. Note Click Add New to go to the Sysprep Settings dialog and select the OS Information. 7. 8. From the Product Key drop-down list, select the product key. Click Automatically perform configuration tasks after completing this imaging task to restart the computer and push the configuration settings to the imaged computer. (Optional) Click Advanced to resize partitions and set additional options. See Distribute Disk Image-Resizing (page 166). Click OK.
6.
9.
10. From the Automation pre-boot environment drop-down list, select the required pre-boot environment to perform the Distribute Disk Image task. The option reported by the PXE Manager is the default pre-boot environment option. 11. If you are using the New Job Wizard, click OK. Otherwise, click Next. 12. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 13. Click Finish. See also Deployment Tasks (page 156).
Distributing a Mac Image

You can deploy a Mac Image using the Distribute Disk Image job.
To deploy a Mac Image

1. 2. Select the Select a disk image file option. In the Name field, provide the path to the Mac (.DMG) image stored on an AppleTalk Filing Protocol (AFP) share by using the following format: //server/sharepoint/path/filename.dmg If no credentials for this server are provided in the automation configuration, the guest account is used by default. 3. Provide the credentials as part of the path using the following format: //username:password@server/sharepoint/path/filename.dmg 4. Select Automatically perform configuration task after completing this imaging task to run the configuration task after the imaging task is complete.
164
5. 6. 7.
Click Next. The Return Codes dialog appears. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Mac image is deployed.
Note The Image is stored locally on the client and the Sysprep settings options are disabled when you select a Mac image. The Select a computer on the network feature is not supported when using Mac Imaging. The Automation pre-boot Environment for Mac Image is Default Automation when deploying Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help.
Distributing a Ghost Image

You can distribute a Ghost (.GHO) image using the Distribute Disk Image task.
To distribute a Ghost image

1. 2. On the Distribute Disk Image dialog, select the Select a disk image file option. Browse and select a .GHO image. If you do not want the Deployment Server to validate a selected path, select Disable image path validation. This is useful if the image is stored locally, or if you are retrieving the image from a remote server. 3. 4. To use Sysprep to distribute the image, select Prepared using Sysprep. From the Operating System drop-down list, select the operating system. Note Click Add New. From the Sysprep Settings dialog, select the operating system information. 5. 6. 7. From the Product Key drop-down list, select the product key. Add any additional parameters in the Additional Parameters field. To restart the computer and push the configuration settings to the imaged computer, select Automatically perform configuration tasks after completing this imaging task. From the Automation pre-boot environment drop-down list, select the required pre-boot environment to perform the Distribute Disk Image task. By default, the Default Automation (Auto-select) type is selected. 9. Click Next.
8.
10. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 11. Click Finish. The Ghost image is deployed.
165
Advanced Sysprep Settings for Distributing a Disk Image

You can generate the Sysprep.inf file for the Distribute Disk Image task, depending on the option selected in the Advanced Sysprep Settings dialog. Use default answer file. When this option is selected, the Deployment Server generates the Sysprep.inf file depending on the data present in the database. Use the following answer file. When this option is selected, the Deployment Server picks up the contents of the file mentioned in the Sysprep answer file textbox and prepares the Sysprep.inf file from it.
Advanced Sysprep Settings for Distributing a Disk Image in Windows Vista

You can use the Sysprep advanced settings dialog to specify the settings for any Windows Vista operating system. If you select Windows Vista as the operating system under Sysprep settings on the Distribute Disk Image dialog and click Advanced Settings, the Sysprep advanced settings dialog for Windows Vista appears. This dialog lets you select Sysprep answer file options.
Distribute Disk Image-Resizing

By default, whenever you deploy an image, you have the option to resize the partition to take advantage of the available disk space. Drive Size gives you information about the size of the image, so you can determine if you need to change partition sizes. Minimum indicates the amount of space the image will use on the target computers. Original indicates the image source disk size. Fixed Size. Select this option and enter the desired partition size. Percentage. Select this option and enter the percentage of free space you want the partition to occupy. Min. View the minimum size of the partition. Max. View the maximum size of the partition. Note FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can be sized smaller than the minimum value). HP partitions remain a fixed size.
Distribute Disk Image-Additional Options

This option lets you specify operations for existing Automation Agents and OEM disk partitions. The options are as follows: leave the partition as it is, remove, or replace the existing partitions. If the image file does not contain any information for an automation or OEM partition, the option defaults to Leave the clients existing Automation or OEM partition as it is. RDeploy Options: Graphical Mode[RDeploy]. Click this option to choose the imaging executable as RDeploy.
166
Text Mode[RDeployT]. Click this option to choose the imaging executable as RDeployT. Text Mode or RDeployT is the default choice. Automation Partition:
Leave the client's existing BW partition as it is. If the image file contains no automation
partition information, by default, this option is selected. The automation partition remains unchanged when distributing disk images.
Delete the client's Automation partition [-nobw]. Select this option to delete the existing Automation partition from client computers. Replace the client's existing BW partition from image file [-forcebw]. Select this option to replace
the existing automation partition on the client computer with the automation partition from the image file. OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition information, by default, this option is selected. The OEM partion remains unchanged when distributing disk images. Delete the client's OEM partition [-nooem]. Select this option to delete the existing OEM
partition from client computers.

Replace the client's existing OEM partition from image file [-forceoem]. Select this option to replace the existing OEM partitions on the client computer with the OEM partition from the image file. Additional Command line switches. You can add command-line options specifically for the RapiDeploy program that runs imaging tasks.
Note The checkdisk command-line option should not be used from a Deployment console. The post-configuration task fails after an image restore. See also Deployment Tasks (page 156).
Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives)

Deployment Solution supports imaging clients from bootable USB Disk on Key (DOK) devices.
To image computers from USB Disk on Key Devices

1. 2. 3. 4. Format the USB DOK using HPs USB Disk Storage Format tool as FAT and make it a DOS startup disk. In Boot Disk Creator, create a new automation boot disk while creating a new configuration. Select Bootable disk-Removable disk to install on the USB Disk on Key. Copy HIMEM.SYS to the device.
Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment Server\RDeploy\DOS directory to the device. 5. Copy the <Filename>.img file to the device.
167
6.
Create an Autoexec.bat with the script and command-line option, rdeployt -md -
fc:\IMAGE.img -d2
Note The -d2 switch is the most important part of the script, as it specifies the flash drive. 7. Create a Config.sys with the following:
DEVICE=C:\HIMEM.SYS switches = /f DOS=HIGH,UMB SHELL=command.com /p /E:1024 BUFFERS=20 FILES=20 STACKS=0,0 FCBS=1,0 LASTDRIVE=Z
8. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and images correctly.
Scripted OS Install
The Scripted OS Install task performs remote, automated, and unattended operating system installations over the network using answer files to input configuration and installation-specific values. Scripted installs let you deploy server and client computers across the network from installation files and perform post-installation configuration tasks. You can run scripted installs for Windows or Linux computers. Note Scripted Install requires either an automation boot disk or an Altiris PXE Server. Using embedded automations causes the selected image (DOS, Linux, Windows PE) to load and halt. It does not let the scripted install to run. When running a Scripted OS Install task, you can identify the type of operating system to install for supported languages, run the scripted install, and update with service pack installations. This task provides easy-to-use features to create an answer file for each scripted installation. Scripted installs are flexible in performing post-configuring tasks, but much slower and bandwidth intensive. Complete network and Web server installation and configuration tasks profit most from scripted installs. Windows. Use complete unattended install features to copy Windows operating system source files quickly to the Deployment Share and easily create an answer file. Configured operating system install sets can be reused to build and run scripted install jobs as needed. See Scripted Install for Windows on page 169. Linux. Run scripted install jobs to remotely install different versions of Linux. You can customize sample scripted install jobs installed with the Deployment Server system and
168
create a kickstart answer file to remotely run a scripted install. See Scripted Install for Linux (page 174).
Scripted Install for Windows

1. 2. 3. After selecting Add > Scripted OS Install, click the Windows option. Select the type of Windows operating system to install. See Select Operating System Version and Language (page 170). Click Next. Select the required pre-boot environment from the Automation - PXE or BootWorks environments (DOS/Windows PE/Linux) drop-down list to perform the Distribute Disk Image task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. Select source files. Click the list to select the Windows operating system source files already copied to your Deployment Share. See Installation Source Files (page 171). Click Add New from the list to set up the new operating system installation files. See Operating System-Source Files (page 171). Click OK after entering a unique name and the path to the operating system installation source files. The source files will be copied over to the Deploy folder in the Deployment Share directory. The first source files added are given a generic name of WinOS001, with additional operating system source folders named to WinOS002, WinOS003 and so on. Service Pack source files are also stored as an WinSP00x.img file. This process could take a few minutes. Because the installation source files are copied over to the Deployment Share, when running subsequent scripted installs you do not need to add new source files for this version of Windows. They can be selected from the list of installation source files. See Installation Source Files (page 171). Note When importing Scripted Install jobs, you must edit the job files to point to the installation source files on the new Deployment Server system. This requires you to run the Scripted Install for Windows wizard and modify the path and name of the folder for the Installation Source Files for the exported jobs. This is required for both the main installation and service pack installation files. See also Importing and Exporting Jobs (page 192). 6. 7. After the source files are copied, select the newly created operating system source name from the Installation Source Files list. Click Next. Click to distribute a DOS disk image (default), or continue without distributing a DOS image and partition and format the hard disk of the destination computer using custom scripts or setup utilities. Click Advanced to set partition size, delete hidden partitions or set RapiDeploy command-line parameters. Click Next. See Operating System-Source Files (page 171). Note Before running a scripted install, you must install DOS. However, DOS is not required if you are using your own scripts or utilities to partition and format the client computer.
4. 5.
169
8. 9.
Import an answer file to the Deployment Database. See Import an Answer File (page 172). Click Next. Create the Answer file. See Answer File Setup (page 172). Click Next.
10. Set command-line options for cmdlines.txt files and for the WINNT installation program. See Command-line Switches for Scripted Install (page 173). Click Next. 11. View and modify the Deployment Agent for Windows configuration file from the dialog. See Deployment Agent Settings for Scripted Install (page 173). Click Next. 12. View the summary of the selected options. See Scripted Install Summary (page 174). Click Next. 13. Set up return codes for the Scripted Install task. See Setting Up Return Codes (page 193). Click Finish. See also Scripted OS Install (page 168).
Select Operating System Version and Language

Identify the operating system version to run in a scripted install. The selected version and language must correspond to your Windows installation files. We support multiple languages for the following Deployment Solution utilities. Boot Disk creator Image Explorer PXE Configuration Utility Remote Client Installer Control Panel Applet DS Info PW Util (Password utility) Switch Management Select the operating system version. Select the Windows operating system you want to install from the list. Click Template if you want to install another version or language of a Windows operating system not provided in the list. Select the operating system language. Select the language version of the operating system to install. The language must correspond to the operating system source files. If you selected the Template option, only the Multilingual language option can be selected (this is a generic language option). Automation (Pre-boot Environment). Select the required pre-boot environment from the Automation (Pre-boot Environment) drop-down list. The option reported by the PXE Manager is the default pre-boot environment option. List of supported multiple languages German French Spanish Japanese Simplified Chinese
170
See also Scripted Install for Windows (page 169).
Installation Source Files

If you copied installation files to the Deployment Share for previous scripted installs, the name of this install source configuration appears in the list box for each operating system type and language. To create new source configuration sets for additional operating system installs, select Add new source files from the list box. Select or add new operating system source files. Select the assigned name for each operating system source configuration in the list, or select Add new source files from the list to create a new install task. Previous scripted install jobs will create a WinOS00x.img file in the Deploy directory of the Deployment Share. The Operating System-Source Files dialog lets you identify the version of Windows install files and enter the path to the files (on the CD or other medium). Select or add new service pack source files. Run service pack updates immediately after installing the operating system during the scripted install process. Previous scripted install jobs will create a WinSP00x.img file. See also Scripted Install for Windows (page 169).
Operating System-Source Files

Name operating system source configuration, identify path and automatically copy Windows installation files to the Deployment Share. Enter a unique name for the operating system source files. Enter a name for the operating system source configuration files to assign an alias to associate with the install files for a specific operating system version and language. Enter path to operating system source files. Enter the path to the I386 folder on the CD where the Windows installation programs and support files are stored. Example: browse to the CD drive and select I386\WINNT.exe. Click Open. The Windows operating system identified previously in the Installation Source Files dialog must match the source files selected here. If the name and language of the operating system does not match the installation files, you receive an error. Click OK and the files will copy from the source CD (or other volume) to the Deployment Server\Deploy directory in the Deployment Share. This process will take a few minutes. Enter a short description. Enter a description of the Windows operating system source configuration, for example: W2K Advanced Server SP3 English. This is optional. See also Scripted Install for Windows (page 169).
Partition and Format Disk

Select a DOS disk image to distribute to the client computers before starting the Windows scripted install. A DOS image is provided in the Images directory in the Deployment Share (default path in the Name field). Select a DOS disk image. Click this option to distribute a DOS image from the Deployment Share. The Deployment Server system includes a DR DOS image file that is
171
selected by default. You can create your own MS DOS image from your Windows 98 CD and build a job. Advanced. Select advanced options to set the size of the partitions, or to remove hidden partitions and add command-line options. See Create Disk Image Advanced (page 162) and Distribute Disk Image-Resizing (page 166). Continue without distributing DOS image. Click this option to not install a DOS image from Deployment Server. Skip this step if you are installing DOS using custom procedures for your environment. See also Scripted Install for Windows (page 169).
Import an Answer File

Reference a previously created answer file for a Windows scripted install. You can also view a summary of the operating system source configuration. Import existing unattend.txt. Select to import a previously created answer file to the Deployment Database. The values for the answer file are imported from the delimited text file and appear in the Answer File Setup dialog. You can enter a path and select an answer file with any name. The answer file is imported to the database, edited in the console (if required), and distributed as an unattend.txt file to the client computer. See also Scripted Install for Windows (page 169).
Answer File Setup

Use these dialogs to enter values to create an answer file for a scripted install. These values are stored in the Deployment Database. An answer file is generated from the database (unattend.txt) and distributed to each managed computer when the job executes. In the Answer File Setup, select a value (a row) in the table. A list appears in the Values column to change values for each entry. You can add new variables to each section by selecting the bottom row named Add new Variable. To add a new section to the answer file, click the right arrow until the Add new Section tab appears (the last tab on the right). Required answer file values are selected automatically in the dialog with a gray check (you cannot clear these variables). Optional but selected values have a green check. Other optional values will be cleared. Select these optional values if you want to add them to the answer file when it is generated. The various tabs in the Answer File Setup dialog correspond to the general answer file sections. See the Microsoft Windows Unattended Setup Guide for specific values for an unattended setup file. See also Scripted Install for Windows (page 169).
Add a New Variable Value or Section

Use this dialog to add new values to each variable or to add new variable sections to the answer file.
172
Enter a name for the value or section. If you add a value, this name appears in the list and entered in the cell if selected. If you are adding a section, this name appears in the new tab in the Answer File setup dialog. Enter a value to be displayed instead of the real value. Enter an alias that appears in the cell or on the tab. See the Microsoft Windows Unattended Setup Guide for your specific operating system values for an unattended setup file. See also Scripted Install for Windows (page 169).
Add a New Variable

Use this dialog to add new variables to the answer file. This variable appears as a row in the Answer File Setup dialog. Name of the variable. Select a variable name. Type of new variable. Select a variable data type. The Default value and Displayed value boxes are enabled depending on the variable type selected. Default value of the variable. Enter values for a list, text, password, or IP address types. Displayed value of the variable. Enter an alias for list item types to appear instead of the real variable value. Description. Enter comments to describe the new variable. It appears in the Description column of the Answer File Setup dialog. See also Scripted Install for Windows (page 169).
Command-line Switches for Scripted Install

Use this dialog to enter Windows commands that are executed from the cmdlines.txt file. You can also add scripted install command-line options. Switches. Add or edit switch commands to this line for the install program for the scripted install. Additional commands in the cmdlines.txt file. Enter additional Windows scripted install commands in this dialog. The commands execute in the order they are listed. The provided command installs the Deployment Agent for Windows during the Install Component phase of the installation. You can view and edit Deployment Agent settings in the next dialog. See also Scripted Install for Windows (page 169).
Deployment Agent Settings for Scripted Install

View or edit Deployment Agent for Windows settings in this dialog. You can change agent settings using this text-edit dialog. See Deployment Agent Settings (page 113) for a list of the Deployment Agent properties. Save these settings globally. Select this option to apply these settings globally. This is to maintain consistency in the way agent settings are applied. See also Scripted Install for Windows (page 169).
173
Scripted Install Summary

View a summary of the selected options for the scripted install. Click Back to change any of these settings or click Finish to complete the Scripted Install task. See also Scripted Install for Windows (page 169).
Scripted Install for Windows Vista

The Scripted OS install for Windows Vista provides a wizard to help set up Vista installation files and run sample jobs. Follow the steps in the wizard to identify the type of scripted install as Vista. You can gather all the files for Vista for the job, but the server does not build any answer file. Instead, you are asked for the location of the answer file. Also, a sample answer file is provided.
To perform a Scripted Install for Windows Vista

1. 2. On the Answer File Setup screen of the Scripted OS Install dialog, select the Modify Product Key check box. Enter the product key. Click Next. From the drop-down list on the Scripted Operating System Installation screen of the Scripted OS Install dialog, select the following options: Windows Vista as the operating system Operating system language Automation pre-boot environment Click Next. 3. 4. From the Select or add new source files drop-down list on the Installation Source Files screen of the Scripted OS Install dialog, select Vista. From the Select or add new service pack source files drop-down list on the Installation Source Files screen of the Scripted OS Install dialog, select the none option. Click Next. Select the Select a DOS disk image\Diskpart tool option on the Partition and Format Disk screen of the Scripted OS Install dialog to partition and format the disk. Click Next. Note You can select the Continue without selecting DOS image\Diskpart Tool option to partition and format the hard disk using your own scripts and setup utilities. 6. The answer file is prepared using the information entered so far. On the Scripted Operating System Installation screen of the Scripted OS Install dialog, browse to select the path of the unattended .XML file. On the Scripted OS Install Commands screen of the Scripted OS Install dialog, set the command-line options for the cmdlines.txt files and enter the additional commands in the cmdlines.txt file. Click Finish.
5.
7.
Scripted Install for Linux

The Scripted OS install for Linux provides a wizard to help set up Linux installation files and run Sample jobs. Follow steps in the wizard to identify the type of scripted install
174
and locate the answer files. You can also modify and run Sample deployment jobs to remotely run a scripted install on Linux servers and workstations. Directory. Browse to or enter the path and name of the Linux answer file (Kickstart file). Command-line. Enter the command-line options. Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Select the required pre-boot environment from the Default Automation drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOSManaged Boot Option type is selected. See also Scripted OS Install (page 168) and Scripted Install for Windows (page 169).
Scripted Install Summary

View a summary of the selected options for the scripted install. Click Back to change any of these settings or click Finish to complete the Scripted Install task.
Distributing Software
Send .MSI Packages, .CAB, .EXE, and other package files to selected computers or computer groups, including EBS, and .RPM files for Linux computers. This task identifies valid Altiris packages and assigns passwords and command-line options.
Distribute software packages to managed computers using the New Job Wizard or adding the Distribute Software task when Building New Jobs.
1.
Enter the name and location of the package to distribute in the Name field. Note Information about the package appears in the Description area for valid packages. If no description appears, the file is not a .RIP or a Personality Package.
2. 3. 4.
For .RIPs, if you set the password option when you created the .RIP, you must enter the password for the package to run. Select Run in quiet mode to install the package without requiring user interaction. Specify the users to associate with the .RIP or the Personality Package. Click Apply to all users to run the package for all users with accounts on the computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: to install a .RIP for a specific user accounts on a computer add values to the Additional command-line switches field:
-cu:JDoe;TMaya;Domain\BLee
175
Note The command-line switches are specific to any package you are distributing that supports command-line options, such as .MSI and Personality Packages. For a complete list of command-line options, see the Wise MSI Product Guide and the Altiris PC Transplant Pro Product Guide. 5. If distributing an install package or other types of packages with associated support files, you can click Copy all directory files to install all peer files in the directory. Click Copy subdirectories to distribute peer files in the directory and all files in associated subdirectories. Note Some clients may have software installed on the client computer that, for protection against harmful software, only lets software programs on a list of "well-known" executables to run. Therefore, whenever the system administrator wanted to install a patch on client computers, he or she would have to update the well-knownexecutable list on all the client computers, which could be a lot of work. To save the work of updating that list, or of manually renaming distribution packages, the "RenameDistPkg" feature was added. Now, the system administrator may update the well-known-executable list once with a filename of their choosing. The well-known filename may be entered into the Windows registry of the Deployment Server computer (the computer running axengine.exe), as the "Value data" of a string value named "RenameDistPkg" under the "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options" key. If the RenameDistPkg registry entry is set, Deployment Server renames the installation files that are copied to the client computers. This feature only affects files that are temporarily copied to the client computer as part of a "Distribute Software" task. The file that is to be executed only during the installation, sometimes referred to as the "package", is the file that gets renamed, not the files that actually get installed to various locations on the target computer. If the Copy all directory files option is enabled task, only the main (installable) file is renamed. 6. Click Advanced to specify how files are distributed to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Software Advanced (page 177). Click Next. Provide additional command-line options for distributing software. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.
7. 8. 9.
Notes When a .RIP or Personality Package is executed through Deployment Server, the quiet mode command-line option is applied. This means the user cannot interact with the user interface on the managed computer.
176
If the Personality Package is configured to run only if a particular user is logged in and only if the user has an account on the managed computer, the package runs the next time that user logs in. If the user does not have an account, the package aborts and sends an error back to the console through the Deployment Agent. If the package is not run through Deployment Server, a message appears on the managed computer and the user is prompted to abort or continue.
See also Modifying Tasks in a Deployment Job (page 189).
Distribute Software Advanced

Copy files using Deployment Server then execute. Click this option to distribute packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. This option is run for Simple installs and is the default option. Copy directly from file source then execute. Click this option to copy packages directly from the Deployment Share if this data store is located on another server (a Custom install). It copies the file and runs it, avoiding running through Deployment Server and diminishing processor output. Execute directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File source access and credentials. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying.
Managing the SVS Layer

The Manage SVS Layer task lets you instantly activate, deactivate or reset SVS layers. This task helps in avoiding conflicts between applications, without altering the base Windows application. You can reduce the testing time for applications, as you can install different versions of an application on the layers at the same time, and activate or deactivate the layers as required. For more information on SVS Help, refer to the Software Virtualization Solution (page 81)section. Note This task runs only on Windows computers.
Manage the SVS Layer using the New Job Wizard or adding the Manage SVS Layer task when Building New Jobs.
177
1. 2.
After creating a job, click Add > Manage SVS Layer. Enter the .VSA file name in the Layer name drop-down list, or browse and select a .VSA file. You can also enter a .VSA file path in the Layer name drop-down list. The Console checks if the path entered is correct. If it finds that the file path is correct and it is a valid .VSA file, it replaces the path name with the layer name in the .VSA file. Note The console displays a list of the previously selected layers in the Layer name drop-down list. This makes it easier for you to select a layer from the list, instead of browsing or typing the .VSA file name again.
3.
Select Import Package to import the selected layer and apply the actions present in the Action drop-down list. The actions are:
Action Name
(none) Activate Activate on startup Activate and Activate on startup
Description
Only import package. Import package and immediately activate it. Import package and activate it on startup. Import package, and immediately activate it and activate it whenever the computer starts up.
4. 5.
Click Advanced to copy files using the Deployment Server or copy files directly from the file source. SeeImport Package Advanced (page 179). Select Manage Layer to manage the selected layer using actions present in the Action drop-down list. The actions are:
Action Name
Activate Activate on startup Activate and Activate on startup Deactivate Deactivate on startup Deactivate and Deactivate on startup Delete Reset
Description
Activate layer. Activate layer on startup. Activate layer and activate it whenever the computer starts up.
Deactivate layer. Deactivate layer on startup. Deactivate layer and deactivate it on startup.
Delete layer. Reset layer.
178
Action Name
Reset and Activate Reset and Deactivate 6. 7.
Description
Reset and activate layer. Reset and deactivate layer.
Select User defined action to enter a command line. Set Return Codes. See Setting Up Return Codes (page 193). This is optional.
Note SVS clients have an automatic 120-day license. To purchase a permanent license, please visit the Altiris Sales Web site (www.altiris.com/sales.aspx).
Import Package Advanced

Copy files using Deployment Server. Select this option to copy files using the Deployment Server. Copy directly from file source. Select this option to copy files directly from their source. If you select this option, you need to enter the following File source logon details: User name. Enter the user name in this field. Password. Enter the password in this field. Confirm Password. Reenter the password in this field. Click OK.
Capturing Personality Settings

The Capture Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can create a Personality Package that can be saved and distributed when migrating users. This task runs Altiris PC Transplant from the console to capture and distribute settings.
Capture personality settings using the New Job Wizard or adding the Capturing Personality task when Building New Jobs. See Distributing Personality Settings to migrate settings to another user.
1. 2.
After creating a job, click Add > Capture Personality. Enter the name of a personality template, or browse and select a template. A default personality template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). Enter the name of the folder where you want to store the package. The personality template lets you define the settings, files, and options to be captured during run time. Click Template Builder to open a wizard to build a custom template.
179
3.
In User account and folder login, enter the login credentials for the managed computer from which the personality settings are captured, and the file server where the Personality Package is stored. In Package login, enter a password for the Personality Package. This is a run time password that is required when the Personality Package runs on the destination computer. Click Advanced to specify additional features. Set the Advanced options and click OK. Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish. You have now captured a personality setting and saved it as a PCT file in the selected location (most often in the PCT folder on the Deployment Server shared directory on the Deployment Share). The Capture Personality task appears in the Task list. See Distributing Personality Settings (page 180). Notes To capture a personality on a Windows 98 computer, ensure that all users have Write access to the Deployment Server share (by default at C: Program Files\Altiris\eXpress\Deployment Server in a Simple install). Also, ensure that the User account and folder login fields are blank. A user must also be logged on at the client computer to capture the client profiles. An error is returned if you attempt to capture personality settings on Windows 9x computers that are not authenticated. We recommend that you don't capture personalities for mixed groups of Windows 98 and Windows 2000/XP/2003 computers. Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers to ensure that the appropriate Capture Personality task runs on the appropriate computers.
4.
5. 6. 7. 8.
Capture Personality Advanced

Domain users. Select this option to capture personality settings for all domain users on the computer. Local Users. Select this option to capture personality settings for all local users on the computer. Custom. Specify users or groups to capture personality settings. Select the Custom check box and enter the Users or Groups you want to capture personality settings. Also, instead of specifying names, you can also select users that have been either created or last accessed in a specified number of days. Additional command-line switches. You can add command-line options specifically for the PC Transplant program that migrates personality settings. See the Altiris PC Transplant Reference Guide in the docs folder of the Deployment Share.
Distributing Personality Settings

The Distribute Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can distribute Personality Packages to migrate personality settings. This task runs Altiris PC Transplant from the console to capture and distribute settings.
180
Distribute personality settings using the New Job Wizard or adding the Distribute Personality task when Building New Jobs. See Capturing Personality Settings to create a Personality Package.
1.
In the Name field, enter the file name and location of the PCT file. Note The information about the Personality Package appears in the Description area for valid Personality Packages (PCT files). If no description appears, the file is not a valid package. If you use a token, such as %COMPNAME% in this field, and you proceed with the job, when you apply the job to a Windows XP computer, the user must enter input before the job completes. Altiris recommends you enter a valid Personality Package name and use the Additional command-line switches fields for token values. See the Altiris PC Transplant Reference Guide for a complete list of valid commandline options.
2. 3. 4.
In the Password field, type the password set for the PCT file when created. Select Run in quiet mode to install the package without displaying the PC Transplant screens. Specify the users to associate with the Personality Package. Click Apply to all users to run the package for all users with accounts on the specified computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: to install a Personality Packages for a specific user accounts on a computer, add values to the Additional command-line switches field:
-user: JDoe; TMaya; BLee

Note The command-line options are specifically for Personality Packages. For a complete list of command-line options, see the Altiris PC Transplant Reference Guide. 5. Click Advanced to specify how Personality Packages are copied to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Personality Advanced (page 182). This is optional. Set Advanced options and click OK. Click OK (if you are using the New Job Wizard). or Click Next. 8. 9. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.
6. 7.
181
For more information about capturing a computer's personality settings, see the Altiris PC Transplant Help. See also Distributing Software (page 175) and Modifying Tasks in a Deployment Job (page 189).
Distribute Personality Advanced

Copy files using Deployment Server. Click this option to distribute software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file and runs it and avoids running through Deployment Server and diminishing processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. Run directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File Source Credentials. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the Modify Configuration dialog. The Deployment Agent updates the property settings and restarts the computer for changes to take effect. 1. 2. After creating a job, double-click the job, and click Add > Modify Configuration. Select the Reboot after Configuration check box to restart client computer after the configuration changes are complete. By default, the check box for Reboot after Configuration is selected. Enter or edit the property settings in the Configuration dialog. Click the category icons in the left pane to set additional values for each property setting group. See Computer Configuration Properties (page 103). Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.
3.
4. 5. 6.
Backing up and Restoring Registry Files

Note This feature has been deprecated and removed from the product in a later release.
182
Copy registry files of selected computers using the Back up Registry task and save the registry file settings to a selected directory. You can also create a Restore Registry task to copy the registry settings to a managed computer.
Copy registry settings by adding the Back up Registry task when Building New Jobs. Restore registry settings by adding the Restore Registry task.
1. 2.
Enter the directory path to back up or restore registry files. Select the required pre-boot environment from the Automation - PXE or Bootworks environment (DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in the selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. Select the required pre-boot environment from the Automation - PXE or lets you environments (DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOSManaged Boot Option type is selected. Click Advanced if Windows was installed on client computers in a directory other than the default. Enter the correct path to the root of the Windows directory. Select Include registry information for all users to back up registry keys for all user accounts. Note If you clear this check box, only the Administrator and Guest user accounts are backed up or restored.
3.
4.
5. 6. 7.
Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that the Deployment database is up-to-date with the latest computer properties information. You can view the history of the Get Inventory task in the Computers History pane. See Viewing a Computers History (page 129). Click Add, and select Get Inventory from the list.
Run Script
Select an existing script or write a new script file to run on selected managed client computers.
183
Run script files on client computers by adding the New Script task when Building New Jobs. See Script Information to identify how the script appears, script security, and an option for server-side execution of the script.
1.
If you have a script file defined, click Run the script from file and browse from the folder icon to select the file. To read or edit the script file, click Modify. Note To run scripts that call an executable, use the start command. Example: start C:\windows\notepad.exe opens the Notepad application on the client computer.
2.
To create a new script, click Run this script. Type the script in the provided text box, or click Import and select a script file to import. When a script is imported you can modify it in the text box. Specify whether the script should be run from DOS, Windows, or Linux. Click Next. Set Script Information. See Script Information (page 184). Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.
3. 4. 5. 6. 7. 8.
Notes When a computer is in an automation mode using a DOS configuration, it does not see DOS partitions. To run a script using the DOS Automation Agent, use FIRM (Filesystem Independent Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive. Deployment Server assumes a return code of zero (0) as a successful script execution. Some programs return a code of one (1) to denote a successful script execution. If a program returns a one (1), you see an error message at the Deployment console even though the script ran correctly. To modify the return codes, you can edit the script file to return a code that the console interprets correctly. See also Modifying Tasks in a Deployment Job (page 189).
Script Information
Click an option to run the script on a selected managed computer or to run the script on the Deployment Server computer. Script Run Location On the client computer. The option runs the script on the managed computer to which you assign the job. Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of the managed computer. In most cases you can create a serverside script task that runs in context with other tasks. Example: you can add a task to
184
image a computer and add a task to execute a server-side script to post the imaging return codes to a log file stored on the Deployment Server computer. Use the -id option for running scripts on Deployment Server when using the WLogEvent and LogEvent utilities. See Using LogEvent and WLogEvent in Scripts (page 186). Note Scripts requiring user intervention do not execute using this feature. The script runs on the Deployment Server of the managed computer, but is not visible. Example: if you run a DOS command locally on the Deployment Server, the Command Prompt window does not open on the Deployment Server computer when the script executes. When running the script on the Deployment Server, it executes specifically for the assigned managed computer. Example: if you create a job with a script to run locally on the Deployment Server and assign the job to 500 computers, the script runs on the Deployment Server 500 times. Client Run Environment Select the environment for your client. You can run in either production or automation mode. Production - Client-installed OS (Windows/Linux) This is the type of Security Context. This identifies the security options for running scripts. Default (local system account). Use the network security account established to administrate all managed computers. Specific user. If you have selected to run the task on the local Deployment Server, you are required to enter an administrator user name and password for that Deployment Server account. (In most cases Deployment Server does not have the Deployment Agent installed, prohibiting it from using a network security account.) Script Window. Select how you want the script window to appear: minimized, normal, maximized, or hidden. Script Options - (Windows/Linux) Additional command-line switches. Enter in commands to execute when the script runs in Windows or Linux. Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the automation environment. Select a pre-boot automation environment from the drop-down list. If you select Linux as the operating system type, the Locally on the Deployment Server option is disabled and only the Additional command-line switches under the Production Client installed OS (Windows/Linux) is enabled. If you select DOS as the operating system type, the Locally on the Deployment Server option and the Production - Client-installed OS (Windows/Linux) option is disabled. Example Script The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful completion. Here is an example of the file that is modified to return a code of 0 (which is the success code recognized by the Altiris Console and utilities). You can make similar changes to your script files as needed. CONVERT /FS:NTFS
185
if ERRORLEVEL 1 goto success goto failure :success set ERRORLEVEL = 0 goto end :failure echo Failed set ERRORLEVEL = 1 goto end :end
Using LogEvent and WLogEvent in Scripts

The logging features, LogEvent and WLogEvent, accommodates detailed logging to help debug complex scripts. These utilities include the following features: Logging is stored in the database instead of a log file. A DOS-based tool can be called from any script file to log status and error codes. The console displays and works with the new status messages. LogEvent posts status messages back to the Deployment Console, letting you view the status of the script. It is a light-weight reporting tool that can log both status strings and status codes to the history file and the console. LogEvent Use the LogEvent utility for DOS and Linux scripts. WLogEvent Use the WLogEvent utility for Windows scripts. The LogEvent and WLogEvent utilities are command-line driven only there is no user interface. Use both utilities with the following switches. LOGEVENT -c:code -id:%ID% -l:level -ss:message code is any number for a return code level. id is used for server-side scripting only. For server-side scripts you must add the id:%ID% switch. See the Locally on the Deployment Server option on Script Information to select a server-side script. level is the severity level. The following levels are used: 1 = Information message 2 =Warning message 3 = Critical failure message. Only this level can be used to set up a return code. See Setting Up Return Codes (page 193). The response does not execute for a return code unless a level 3 is specified when using the LogEvent and WLogEvent command in a script. message is the status string. If spaces exist in the message, the string must be contained in quotes. Specifying a severity level of 3 causes the script job to fail.
186
Example Scripts REM Bootwork unload Set ImageName=F:\Images\XPIntel.img rdeploy -mu -f%ImageName% -p1 logevent -l:1 -ss:Created %ImageName.
REM Execute WLogEvent.exe from CMD script REM This script requires WLogevent.exe to reside on the client REM in the temp directory .\WLogevent.exe -c:0 -l:1 -ss:Running Dir on %NAME%" dir .\WLogevent.exe -c:0 -l:1 -ss:Finished with the DIR command on %NAME%"
Copy File to
Copy all types of files to managed computers. You can send selected files or directories to a computer or computer group.
Send files to client computers by adding the Copy File to task when Building New Jobs. Use the Copy File to operation (see the Remote Operations Using Deployment Solution menu) to copy files quickly from Computers pane in the console.
1. 2.
Click either the Copy File or Copy Directory option. Click Copy Subdirectories to copy all subdirectories. Enter the directory path and name of the file or directory. The Source path defaults to the Deployment Share, but you can type or browse to a file or directory. To copy files or directories through Deployment Server from the Deployment Share, you can enter a relative path in this field. To copy files or directories directly from the Deployment Share to the managed computer, you must enter the full UNC path name. See Copy File to Advanced (page 188). Note When entering the source path for copying files through the Deployment Server, you can only access the shared directories through an established user account. Specifically, you can only use UNC paths when you have sufficient authentication rights established.
3.
Select the Allow to run in automation check box to run this task in automation mode.
187
Note This option is only applicable for Linux and WinPE automation. 4. Type the destination path. The Destination path field automatically enters a sample path, but you can enter the directory path you require. If the destination path does not exist on the destination computer it is created. Click Advanced to specify additional features to copy files through Deployment Server or directly from a file server. See Copy File to Advanced (page 188). Click Next. Set Return Codes. See Setting Up Return Codes (page 193) (Optional). Click Finish.
5. 6. 7. 8.
Using Location Variables

Location variables are being added to Deployment Server for the Copy Files feature, letting you enter a token variable rather than requiring a complete location path when copying files to a managed computer (a client computer running the Deployment Agent). The current variables include: Temp. Enter Temp in the Destination path to set the Temp directory (identified in the system path) for the managed computer. Example: instead of entering C:\windows\temp\setup.exe in the Destination path, just enter temp:setup.exe.
Copy File to Advanced

Select options to copy files directly from the Deployment Share. This option is for files stored on another network server in a distributed Deployment Server installation. Copy files using Deployment Server. This option distributes software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. You can use a relative path name entered in the Source Path field in the Copy Files dialog. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file directly to avoid running through Deployment Server and diminishes processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. File Source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying.
188
Power Control
Start the computer using Wake on LAN or run standard power control options to restart the computer, shut down, or log off the current user.
Wake up, shut down or log off client computers by adding the Power Control task when Building New Jobs. See the Power Control operation to send commands quickly from the console.
1. 2. 3. 4. 5. 6. 7.
Create a job. Click Add > Power Control. Select an option: Restart, Shut down (if available), Log off or Wake up (Send Wake-On-LAN). Select Force application to close without message, if applicable. Click Next. Set Return Codes. See Setting Up Return Codes (page 193) (Optional). Click Finish.
Wait
Use the Wait task to boot a computer in the automation mode and wait for user interaction. 1. 2. Create a job. Click Add > Wait. The Wait Information dialog appears. 3. 4. 5. 6. From the Select automation pre-boot environment (DOS/Windows PE/Linux), select the appropriate pre-boot environment. Click Next. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.
Modifying Tasks in a Deployment Job

You can build jobs by adding or modifying deployment tasks. When you modify the tasks in a job, any computer already scheduled to run the job runs the modified job.
To add a task to a job immediately

If the task (image, batch file, executable, and so on) is saved in the product directory, it appears on your Resources list in the Shortcuts pane. Simply drag it to an existing job and it is added.
To add a task to a job

1. Double-click the job you want to modify in the Jobs pane.
189
2. 3. 4. 5.
Click Add and select another task from the menu. Follow the basic instructions on each dialog provided for each task. Select the type of task you want to add and follow the directions. After finishing task configuration, a new task appears in the Jobs list. Change the order of the tasks using the up and down arrows. The tasks execute in the order listed.
To copy and paste a task

Use the steps below to copy and paste tasks within the same job, or from one job to another. You can use CTRL+C and CTRL+V to copy and paste tasks. 1. 2. Click the job that contains the task you want to copy in the Jobs pane. In the Details pane, right-click the task, and select Copy Task. (To copy multiple tasks, press the CTRL key and select the desired tasks. The tasks that are highlighted are copied when you select Copy Task.) In the Jobs pane, click the destination Job where you want to paste the task. Right-click in the Details pane and select Paste Task. The tasks appear at the bottom of the task list, and use the condition settings of the current job. Change the order of the task using the up and down arrows. The tasks execute in the order listed.
3. 4. 5.
To modify a task in a job

1. 2. 3. Double-click the job you want to modify in the Jobs pane. Select the desired task from the list. Click Modify and follow the directions to make your changes. Click OK.
To remove a task from a job

1. 2. 3. Double-click the job you want to modify in the Jobs pane. Select the task you want to remove from the task list. Click Delete. Click OK.
To copy and paste tasks

Use the steps below to copy and paste tasks within the same job or from one job to another. You can also use CTRL+C and CTRL+V to copy and paste tasks. 1. 2. Click the job that contains the task you want to copy in the Jobs pane. In the Details pane, right-click the task, and select Copy. (To copy multiple tasks, press the CTRL key and select the desired tasks. The tasks that are highlighted are copied when you select Copy.) In the Jobs pane, click the destination Job where you want to paste the task. Right-click in the Details pane and select Paste. The tasks appear at the bottom of the task list and use the current condition settings of the destination job. Change the order of the task using the up and down arrows. The tasks execute in the order listed.
3. 4. 5.
190
To add a new task to an existing task list

1. 2. 3. Select a job from the Jobs pane. Click on one of the tasks within the job and add a new task. The new task is inserted above the task you highlighted, and all other jobs shift down one position. Use the up and down arrows to change the order of the tasks within the job.
Modifying Multiple Change Configuration Tasks

If you have scheduled multiple Modifying Configuration tasks to a computer group, you can double-click Change Configuration in the task list of the Details pane to modify each computers configuration settings independently. 1. Click the job in the Jobs pane with a Change Configuration task. Double-click the Change Configuration task. A message appears. Click YES to modify configuration settings individually for each scheduled computer. Click NO to modify the Change Configuration task when the job is scheduled again (the current job sends modified configuration files already created). If you click YES, a Modify Job wizard appears with a list of each managed computer scheduled to change configuration settings. Select one or more computers and click Next. 2. 3. 4. In the Computer Configuration Properties property page, modify settings. Click Next. Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.
Creating New Script Files

You can create script files and directly schedule the script file to run scripts on any computer or computer groups.
To create new script files

1. 2. 3. Go to View > Shortcuts View. Click Resources in the Shortcuts view to move the focus to the Resources view. Go to File > New > Script File. Note The Script File option is activated only if the focus is on the Resources view. A script file is created by default at the root of the resources. The default file name is Batch.bat. 4. Right-click the Batch.bat file, and select Modify. Note You can rename the batch file, by right-clicking the file, and selecting Rename. 5. Type the script in the open file, and save it.
191
6. 7.
Drag the Batch.bat file to a computer or computer group where you want to schedule the job. Specify the scheduling options, and click OK. See Scheduling Jobs (page 155).
Copy and Paste Jobs and Job Folders

Jobs or job folders (including their subfolders) can be copied to any other job folder in the left pane of the Jobs pane of the Deployment Console. A Job folder can only be copied to a root level folder, which has a limit of 30 subfolders, and cannot be copied to a child level folder. If you copy a job or folder with the same name as the destination job or folder, the copied job or folder is automatically named Copy of <job or folder name>. This feature can only be performed by administrators or users who have been granted permissions to create jobs, or job folders.
To copy jobs and job folders

1. 2. In the Jobs pane, right-click a job or job folder you want to copy, and click Copy. Right-click the destination job folder in the Jobs pane and click Paste.
Importing and Exporting Jobs

Jobs can be exported to back up Deployment Server data or to share jobs between Deployment Server installations.
To import jobs
1. Right-click in the Job pane, and select Import or Click File > Import/Export > Import Jobs. 2. 3. 4. 5. Browse to or type the path and name of an existing import file (a .BIN file). Select Import to Job Folder to import the jobs to an existing folder in the Jobs pane. If you have a folder already selected, it appears in the edit field. Select Overwrite existing Jobs and Folders with the same name to replace identical jobs and folders. Select Delete existing jobs in folder to overwrite and replace all jobs in the selected Jobs folder. Click OK to import the job(s).
To export jobs
1. Right-click the job or Jobs folder you want to export and select Export. or Click File > Import/Export > Export Jobs. 2. 3. 4. Select the destination folder and enter a file name. Click Export subfolders to export all folders subordinate to the selected job folder. Click OK.
192
Setting Up Return Codes

When you create a task in a job, you can define a response to specific return codes generated from that task after it runs. You can determine the response if the task runs successfully or if the task fails. You can also set up custom return codes generated from scripts or batch files that are unique to your environment or deployment system. Note Return code handling cannot be set up for jobs created in the New Job Wizard. When creating a task, the Return Codes dialog appears so you can set a response if the task was successful or to determine a default response if the task failed. Because Deployment Server returns a 0 (zero) if the task runs successfully, any other return code value denotes some type of failure in running the task. As a result, in the Success field you can select an action if the return code is 0 (zero), or select an action in the Default field if the return code is not a 0 (zero). Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as successful, it runs the action in the Success box. If it is not successful, it determines if the return code has been assigned a custom code value. If the return code is defined as a custom code, the selected action for that custom code is executed. If no custom code is assigned to the return code, the action set in the Default is executed. Note If you are using LogEvent and WlogEvent in Scripts, you can generate return codes only when the level 3 message is specified. Specifying a severity level 3 causes the script job to fail and lets you respond using this return code feature.
Return Code Actions

For both successful tasks (in the Success field) and failed tasks (in the Default field), you can determine these specific actions: Stop. This action stops the job after the task runs. Subsequent tasks do not run. Continue. This action continues with subsequent tasks in the job after the task runs. Select a job. This action lets you select existing jobs to run after the task completes. These actions also apply to custom return codes designed specifically for your system.
Custom Return Codes

In the Other return codes area, you can view custom return codes set specifically for your system. You can add return codes by clicking Add below the Other return codes area, or by clicking Master Return Code. Type a custom code in the Code field, select a response action from the Response list, select the status from the Status list to specify the interpretation of this return code as Success or Failure, and provide a message in the Message field. These custom codes can respond to any return codes set up in scripts or batch files in the Run Scripts task, or these custom codes can respond to system return codes thrown from Deployment Server or external codes generated when distributing applications, personality settings, or disk images. Any task can have custom codes that respond to different return code values.
193
Master Return Codes. This is a list of all the return codes existing in the Deployment database. You can add, modify, and delete the codes and their values so that setting codes for other tasks is easier. Add. This lets you add a new custom return code for the task. You can also add the return code to the Master Return Codes list. Modify. This lets you modify the return codes listed in the Other return codes area. The changes you make do not update the Master Return Codes list. Delete. This lets you delete return codes listed in the Other return codes area, but not from the Master Return Codes list.
To set up Master Return Codes

The Master Return Code List dialog lets you: Add, modify, and remove return codes in the master list. Select return codes for the current job from the drop-down list. To add Master Return Codes 1. 2. Select a job from the Jobs pane. Click Add in the right pane to add a task. Select the task. The task dialog appears. Note You can add Master Return Codes for all tasks except Get Inventory. 3. 4. 5. 6. Click Next until the Return codes page appears. Click Master Return Codes. The Master Return Codes List dialog appears. Click Add. The Add Return Code dialog appears. Enter the return code in the Code field and click OK. The code is added to the master list.
To modify Master Return Codes

1. 2. Click Modify. The Modify Return Code dialog appears. Enter data in the Response, Result, and Status fields and click OK. The code is modified.
To delete Master Return Codes

1. 2. Click Delete. A warning message appears to confirm the deletion. Click OK to delete the return code from the Master list. Click OK.
Note The OK and Cancel options apply to the return codes selected. If no return codes are selected, or none exist in the list, OK is disabled. Click OK on the Master Return Codes List dialog to add the selected return codes to the current job.
To set up return codes

To set up return codes, you need to determine how to respond to the Deployment Server success return code (zero) in the Success box, how to respond to a failure
194
return code (a non-zero) in the Default box, and how to respond to a custom or externally generated return code defined in the Other return codes box. The example below describes how to set up a simple process to deal with custom and system return codes, and how to interpret the status of user defined return codes: 1. 2. 3. 4. 5. In the Success list box, keep the default value Continue. This lets the job continue running additional tasks in the job after successfully completing this task. Click Add to add custom return codes. The Add Return Code dialog appears. In the Code field, enter a value of 10 (ten). Click the Response drop-down arrow and select Continue from the list. Click the Result drop-down arrow and select Success from the list. Even if the return code was not zero, which is success by default, the task is considered a success as per the users choice. Enter a description for the return code in the Status field. This is the message that appears when the task within a selected job, executes. Select the Add to Master return code list check box to add the custom code to the master return code list. The code is listed in both, the Other return code and Master Return Codes list. This is helpful if you want to use the return code again. Click OK. The return code is added to the list of Other Return Codes. If the code you added already exists, a message dialog displays the return code and asks if you want to replace it. Click Yes to replace the return code, and click No to return to the Add Return Code dialog.
6. 7.
8. 9.
10. Select Select a job from the Default box to select a job to be executed when a default condition is reached. The Select a Job dialog opens, letting you select an existing job that runs if the task returns a failed system return code (non-zero) or a return code not defined as a custom return code. Note The status of the tasks executed in a job also appears in the history of a computer.
Sample Jobs in Deployment Solution

Sample jobs are installed with each Deployment Server system, letting you quickly modify or add parameters, or to run the sample jobs as they are. During installation, jobs are automatically imported from the samples.bin file to the Deployment Server system where they can be viewed in the Samples folder in the Jobs area of the Deployment console. Click each job and identify its features in the Description field of the Details pane. Jobs in each folder marked with an asterisk (*) require input parameters or other minor modifications added before running on your system. These modifications let you add parameters to the job, such as user name and password or other required data for the job to be functional. Jobs requiring input parameters or customizing do not function properly if you do not edit the job with the information specific to your environment. All files without an asterisk (*) can be used to perform the identified functions without modification. However, if the job conditions are not met or are not consistent with the computer type, you may get an error. Example: if the Repair Office XP job runs on a computer without MSOffice XP, you get an error when running the job.
195
Note When upgrading versions of Deployment Solution, we recommend that you copy and rename modified sample jobs to avoid overwriting by new sample jobs.
Initial Deployment
Initial Deployment is a default job designed to help in the process of setting up computers that do not exist in the Deployment Database. Initial Deployment lets you define how computers are initially set up after being identified by the Deployment Server. You can define various computer configuration sets and deployment jobs for the user during startup, letting the user select the computer settings and hard disk images, software, and personality settings for their specific needs and environment. New computers appear in the New Computers group in the Computers pane of the Deployment Console.
To access Initial Deployment, double-click Initial Deployment from the Jobs pane or right-click Initial Deployment and click Properties. The Properties of Initial Deployment dialog appears.
Notes Initial Deployment is ideal for small-scale deployments, from 1 to 10 computers. We do not recommend this feature for large deployments -- from 10 to 100 computers - or mass deployments -- from 100 to 5000 computers. We also do not recommend this feature where you use virtual computers, customized jobs, and the computer import feature. Although Initial Deployment is commonly used on computers that support PXE, you can also configure a boot disk to run Initial Deployment. In this case, the image you deploy must include automation pre-boot environment so that post imaging tasks can run successfully. Installing an Automation Partition on the client computers hard disk ensures that future imaging deployment jobs run successfully. Note To completely deploy and configure a computer using Initial Deployment, you must define at least one Configuration and one Job. Initial Deployment consists of a dialog with three tabs with separate features to deploy new computers: Configurations Jobs Advanced
Configurations
Click the Configurations tab on the Initial Deployment dialog to configure different sets of computer properties. Each configuration set is presented to the user as a menu. The
196
user can select the configuration set designed for their environment. Compare the Configuration tab with the Jobs tab. Note If you do not create any configuration sets, the deployment process automatically sets TCP/IP information to use DHCP and names the computer to match the computers asset tag, serial number or MAC address -- in that order, depending on what is available. 1. 2. 3. 4. Double-click Initial Deployment in the Jobs pane drop-down list. The Properties of Initial Deployment dialog appears. Click the Configurations tab. Click Add. Enter values to set computer and network properties for new computers. See Modifying Configuration (page 182) for a list of property categories. Click Add again to configure another set of property settings. You can add multiple configuration sets for the user to select from a menu after connecting to Deployment Server. After setting the properties, click Apply. Click the Default Menu choice drop-down list and choose a configuration set as the default configuration. Click the Timeout after ___ seconds and proceed check box to specify that the default job runs automatically after a specified time. Click OK, or click the Jobs tab to define a task.
5. 6. 7. 8.
Advanced Configuration
Click Advanced on the Configurations tab to open the Advanced Configuration dialog. This dialog lets you set advanced configuration settings for client computers and provides different options for processing jobs for client computers. Select Process this job as each client becomes active. This job is processed only when clients become active. Select Process this job in batch mode. This job is processed for a batch of clients after specifying Minimum clients and the Timeout in minutes. Select Hold all clients until this time. You can specify the Start time for this job, which runs for all clients at the specified time. Click OK.
Jobs
Click the Jobs tab on the Initial Deployment dialog to add existing jobs or create new jobs to run on the new computer. The jobs you add or build using this dialog are listed in a menu and presented to the user during startup. The user can select the deployment jobs to image the computer and install applications and personality settings. Compare the Jobs tab with the Configurations tab. The conditions on jobs are limited to the data that can be accessed at the DOS level (Example: serial number, manufacturing number, NIC information, manufacturing name). 1. Double-click Initial Deployment in the Jobs pane drop-down list. The Initial Deployment dialog appears.
197
2. 3. 4. 5. 6.
Click the Jobs tab. Click New to build a new job. See Building New Jobs (page 152). Click Add Existing to add an existing job. Click the Default menu choice drop-down list to select the job as a default. Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the computer automatically starts the default job. The default setting is 60 seconds. Click OK, or click the Advanced tab to stop servers or workstations from running configuration task sets and jobs automatically.
7.
See also Sample Jobs in Deployment Solution (page 195).
Advanced
Click the Advanced tab to set options to stop Initial Deployment from running the default configuration task sets and jobs automatically. This avoids accidental re-imaging or overwriting of data and applications for either workstations, such as desktop, laptop, handheld computers, or servers, such as Web and network servers identified by Deployment Server. When a computer not yet identified by the Deployment Database is first detected, it is placed in the New Computers group and run an Initial Deployment configuration set and job. However, in many cases you do not want Web or network servers to be automatically re-imaged without confirmation from IT personnel. Select Servers. Stops servers from automatically running Initial Deployment configuration jobs. Servers are identified as the managed computers running multiple processors or identified as a specific server model from specific manufacturers. Example: both an HP Proliant and a Dell computer with multiple processors are identified as servers. Identifying a computer as a server by the operating system cannot be accomplished for new computers until the server operating system has been installed. Select Workstations/Clients to force desktop, laptop, and handheld computers to stop before automatically running Initial Deployment.
198
Part IV
Best Practices
This section provides details on many of the management tasks available in Altiris Deployment Solution software.
199
Chapter 12
Securing Deployment Solution

To effectively manage computers, Altiris Deployment Solution software requires access beyond the files and database owned by the application. Example: Deployment Solution requires rights to install software on managed computers and rights to join computers to a domain during configuration. The broad range of tasks performed by Deployment Solution enables simplified management but also introduces a greater need for strong security policies. This guide walks you through the phases of security planning, including setting access rights, database security, and securing communications. This guide is divided into the following parts: Deployment Server Accounts Administrator Accounts and Role and Scopebased security Database Security Securing Communication Appendix A: Agent Installation Rights Appendix B: Managing Task Passwords Appendix C: Managing Key-based Authentication Contains instructions to set up the accounts you use to run Deployment Server services, join domains, and connect to the Deployment Share in automation. These security policies control administrator access to computers, jobs, and settings within the Deployment Console. Provides the information you need to secure and control database access. Explains how to secure communication between your Deployment Server and Agent. Explains the privileges needed to rollout the Deployment Agent. Explains how to manage the passwords associated with specific tasks. Contains information on backing up authentication keys and enabling server redirection when using key-based authentication.
Part 1: Deployment Server Accounts

To run the Deployment services, perform domain tasks, and provide automation access to the Deployment Share, we recommend creating separate accounts with minimal privileges to perform each of these tasks. This minimizes security risks while still allowing Deployment Solution to manage computers. We recommend creating the following accounts:
Account
Service
Description
The main account used to run the Deployment services, manage the database, and mange the Deployment Share.
200
Account
Domain Join Deployment Share Read/Write
Description
Used to join computers to a domain during configuration. Provides access to the Deployment Share in the automation environment.
These accounts should not be part of any group, and should not posses interactive login privileges. The following sections outline each Deployment Server account: Service Account (page 201) Domain Join Accounts (page 202) Deployment Share Read/Write Account (page 202)
Service Account
This account executes the Deployment Server software and manages the Deployment Database. This is the account provided when you install Deployment Solution:
If your Deployment Database, Server, and Share are on the same computer, create a local account or optionally use the local system account. If your Deployment Database or Share is on a different computer than your Deployment Server, create a domain-level account, or create local accounts with the same credentials on each computer hosting a Deployment Solution component. This account requires the following rights:
Rights
Services
Description
This account executes the following services: Altiris Deployment Server Console Manager Altiris Deployment Server Data Manager Altiris Deployment Server DB Management Altiris eXpress Server Altiris PXE Manager If this account is provided during installation, these services are already configured with the proper credentials. If not, this can be changed using the Services applet.
201
Rights
File System
Description
This account requires full control of your Deployment Share, and does not require administrative privileges on the computer hosting your Deployment Share. This account requires the db_owner role on your Deployment Database. See Part 3: Database Security (page 205) for more information.
Database
Domain Join Accounts

These accounts provide the privileges required to join computers to a domain during configuration. You need a separate account for each domain in which you manage computers. Grant the rights recommended in the following table:
Rights
Domain
Description
Grant privileges to add computer to domain.
After these accounts are created in Active Directory, complete the following procedure to add them using the Deployment Console.
To add domain join accounts

1. 2. In the Deployment Console, click Tools > Options > Domain Accounts. Provide the accounts you created:
Deployment Share Read/Write Account

This account provides read/write access to the Deployment Share. This account is used to access files in the automation environment, and optionally in some tasks if it is more
202
efficient to access the Deployment Share directly rather than accessing it through the Deployment Server. Grant the rights recommended in the following table:
Rights
File System
Description
Grant read/write privileges to your Deployment Share.
This account is provided when creating boot configuration using Boot Disk Creator:
Part 2: Deployment Administrator Accounts

Deployment administrators are the people who perform day-to-day work in Deployment Solution. These accounts are tied to people, have interactive login, and usually have additional rights across your network. You should select a group of administrators to grant full administrator rights and determine how to grant rights and privileges to other administrators as necessary. We recommend creating groups in Active Directory to manage these rights, adding and removing accounts from these groups as necessary. Note Each Deployment administrator needs to be granted public access to your Deployment Database. See Rights Required for Deployment Administrators (page 207).
Role and Scope Based Security

Role and Scope-based security controls who has access to what in the Deployment Console.
203
One major advantage of the Deployment Solution security model is that administrators do not need to be granted explicit rights on any managed computers. All access is filtered through the integrated role-and-scope based security in the Deployment Console. Example: if you grant an administrator rights to install software on a managed computer in the Deployment Console, it does not allow him to log in to that computer and install software. All actions must go through the Deployment Console. Implementing a strong policy to manage the access granted to your Deployment administrators protects managed computers from unauthorized access.
Deployment Console Security

By default, the Deployment Console can be used on your Deployment Server by any user who possesses rights to log in and run applications. This works well in situations where you already have policies in place to control server access, and you have a group of administrators who will have full access to deployment functionality. If you want to provide more granular access to configuration options, jobs, and computers, you can enable security.
To enable security
You must add at least one user or group to enable security. 1. 2. In the Deployment Console, click Tools > Security. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly. Security is automatically enabled after a user or group is added.
3.
Additional users or groups can be added using this same method.
Manage By Exception
The Deployment Solution role and scope-based security model uses the concept of managing by exception. To manage permissions, you make an assignment at a container level that applies to most of the members of the container and you manually add exceptions where needed. We recommend planning administrator, computer, and job groups so that all permission assignments can be made at the group level.
Rights and Permissions

The Deployment Console separates privileges into two categories: Rights Provide access to console settings, database connections, domain accounts, and other options. Typically, you restrict most rights to one or more main administrators. Controls access to jobs and managed computers. These permissions are usually distributed across all administrators who perform work in Deployment Solution.
Permissions
204
Grant Rights to Administrators

1. 2. 3. In the Deployment Console, click Tools > Security. Select a user or Group and click Rights. Enable the rights you want granted.
Grant Permissions to Administrators

1. 2. Right click a Computer, Computer Group, or Job and select Permissions. Select a user or group and enable or disable the permissions you want granted.
Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find and uses the same. If a console user does not have permissions to run all tasks the job contains, the user is not allowed to run the job.
Part 3: Database Security

Securing your Deployment Database is tied directly to securing the account you use to connect to the database. Deployment Server requires only one account to have non-public access to the database (the Service Account (page 201)). This account should be secured by a central Deployment or domain administrator. If you follow this process outlined in this document to create accounts and separate privileges, you can greatly reduce the risk of your database being compromised.
Example
Your domain or central Deployment administrator creates a new domain-level account with no interactive login, file system ownership of a single folder (Deployment Share), and ownership of the Deployment Database. The password is provided to run the Deployment Solution services and is stored securely. No additional Deployment administrators need this password, and an intruder would need to compromise a higher level administrator account in order to access these credentials.
205
Required Database Rights

This section contains a list of the database rights that need to be granted to use Deployment Solution, and covers: Rights Required to Install (page 206) Rights Required for the Services Account (page 207) Rights Required for Deployment Administrators (page 207)
Rights Required to Install

To create the Deployment Database during the Deployment Solution installation, you need to grant the System Administrators database role to the administrator installing Deployment Solution. These rights can be revoked after the installation completes. 1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:
3. 4.
Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. Click the Server Roles tab, and enable System Administrators:
5.
Click OK and verify that the role was added.
206
Rights Required for the Services Account

The account used to run your Deployment Services needs to have database owner rights: 1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:
3. 4.
Double-click the account you are using to run the Deployment services. If the login is not listed, add it. Click the Database Access tab, select the eXpress database, and enable the db_owner role:
5.
Click OK and verify that the change was successful.
Rights Required for Deployment Administrators

Each Administrator with console access must be granted public rights to your Deployment Database. The best way to do this is by assigning public access to the Active Directory groups containing your Deployment administrators.
207
This prevents you from manually granting this access to individual administrators as they are added or removed from Deployment management responsibilities. 1. 2. 3. 4. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins. Add each user or group that will manage computers using Deployment Solution. For each user or group, on the Database Access tab, grant the public role for the eXpress database:
Part 4: Securing Communication

This section contains guidelines to secure Deployment Solution communication between the Deployment Server and Deployment Agent, and discusses the following: Deployment Agent Authentication (page 208) Additional Agent Security (page 210) Keyboard Locks in Automation (page 210)
Deployment Agent Authentication

We recommend providing a Deployment Server hostname rather than using multicast, and implementing key-based authentication if additional security is needed. Key-based authentication prevents agents from connection to un-trusted Deployment Servers if hostname resolution is somehow compromised.
Key Authentication
Key authentication is enabled on the Server Connection agent configuration page. After you enable this option, you are prompted to provide the server.key file containing the server public key for your trusted Deployment Server. This key is located on your Deployment Share. After enabling this option the Agent connects only to the trusted Deployment Server.
208
To enable server connection security

1. 2. 3. In the Deployment Console, right-click a computer or group and select Change Agent Settings > Production Agent. Select Connect directly to this Deployment Server and provide the hostname. Select to Enable key based authentication to Deployment Server and provide the path to your server.key file on your Deployment Share:
209
Additional Agent Security

The Security tab on the Agent Settings screen provides additional security options, including the ability to encrypt communication and password protecting admin settings on the managed computer:
Keyboard Locks in Automation

Lock the keyboard whenever possible in automation. This prevents the session from being broken manually on the managed computer. If you set up your account according to the instructions in this document, this risk is greatly reduced as the account you are using has only read/write access to the Deployment Share. However, if you are using an account with broad network privileges this could potentially introduce a large security risk.
210
To lock the keyboard, enable the lock option when creating boot configurations in Boot Disk Creator:
Appendix A: Remote Agent Installer Rights

To initially install the agent on managed computers using the Remote Agent Installer, you need an account with Local User rights. You only need access to this account when performing the one-time agent installation, so either use your domain administrator, a domain account with local user rights, or any other account with local rights. After the agent is deployed, you no longer need access to this account. To determine whether you have sufficient rights, browse to:
\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights.
Appendix B: Managing Task Passwords

When a task executes, it remembers information about the administrator who executed it as part of the history. Next time the job executes, these credentials are used. If the password for the account used to execute the job changes, you need to update the jobs for a specific account: 1. 2. 3. In the Deployment Console, click Tools > Options. Select the Task Password Tab. Provide the username and old and new passwords for the administrator who executed the task.
211
4.
Click Update.
Appendix C: Managing Key-Based Agent Authentication

Key authentication is configured and ready to be enabled after installation. This appendix contains information on backing up your authentication keys and enabling redirection to another Deployment Server.
Backing up the Server Private Key

During installation, a private key is generated on the Deployment Server and stored in the registry at the following location:
HKLM\Software\Altiris\Altiris eXpress\Options\Security\ServerSecurity
This security key should be backed up to a secure location in case this Deployment Server needs to be re-installed. If you re-install without this key, each agent using key authentication needs to be updated to use the newly generated server.key file. The public key is located on your Deployment Share and should be backed up as well.
Enabling Key-based Authentication with Redirection

If your Deployment Server is set up to redirect Agents to another Deployment Server, you need to import the server.key from each additional Deployment Server to the server which clients initially connect. 1. 2. In the Deployment Configuration tool, select Options > Authentication. Copy the public key file from each additional Deployment Server and use the Add Key to add each server to the list.
212
Chapter 13
Migrating Application Data and User Settings

To perform migration, Deployment Solution uses an integrated technology called Altiris PC Transplant. A complete guide to PC transplant can be viewed by launching the PC Transplant Editor (Deployment Console > Tools > PC Transplant Editor).
213
Chapter 14
Capturing and Deploying Disk Images

What is a Disk Image?
A disk image is a file containing the complete contents and structure of a hard drive, or one or more of the partitions on the hard drive. This file can be used to restore the structure and contents of the imaged hard drive.
Imaging in Deployment Solution

Deployment Solution provides several tools to simplify the imaging process, including tools to perform hardware independent imaging using sysprep. Tokens Database tokens are used throughout the imaging process. When you schedule an imaging job using the sample imaging job (Jobs > Samples > Imaging > Create Disk Image), the image is stored as %COMPNAME%.img, and the image description contains the name of the operating system. File Systems RapiDeploy, the imaging engine used by Deployment Solution, understands the Windows file system and captures just the data. So, an image of an 80 GB hard drive only requires as much space as the data on the disk.
How Imaging Works

1. Computer boots to automation. 2. The rapideploy executable creates the disk image and transfers it to a remote location or reads the disk image and restores the target partition or hard drive.
File Systems
Hard disks are imaged differently depending on the file system that is used. The source disk or partition is not changed. FAT, NTFS, EXT2, and EXT3. Imaging is file-based. RapiDeploy copies real data file by file, resulting in a clean, defragmented image that can be resized and restored to a disk of a different size. Other File Formats. For other file systems, the disk is read sector by sector regardless of which sectors are in use. The image mirrors the contents of the disk. These formats are not resizable.
214
Partitions
When you create an image, you can image a partition, a group of partitions, or an entire hard disk. Any partition on a hard disk can be imaged. When a computer receives an image, you can select which partitions to download. The default setting is to restore all partitions, which would overwrite any existing partitions. To keep an existing partition, you can specify which partitions to download and which to ignore. You can also use command-line switches to keep existing partitions. Partition slots on the target computer will be, by default, the same as the image source PC. A partition occupying slot 3 in the image file will be by default in slot 3 on the target computer. By default, the following partition types will not be overwritten: Automation partitions OEM system partitions The default behavior can be overridden.
Partition Size
When you are restoring an image to a computer, the destination hard disk may be a different size than the disk imaged. If there are multiple partitions, the partition size percentage of the Client PCs will, by default, be the same as the image source. Example: If you image a 100 GB hard disk where 40% (40 GB) of the disk is a Windows XP partition and 60% (60 GB) is a data partition, a Client PC with a 200 Gigabyte disk will use the same percentages. The size of the Windows XP partition will be 80 GB and the data partition will be 120 GB. RapiDeploy also offers a partition resize feature that allows you to manually resize the partitions to a size you specify.
Spanning Media
The maximum size for a single image file is 2 GB. Images which exceed this amount are automatically split into multiple files. Example: If you named your image file basepc.img, and the image is split into four files, the following files are created: basepc.img basepc.002 basepc.003 basepc.004 You can set the split image file size to be between 1-2040 MB.
215
Multicasting
How Multicasting Works
The Master PC manages the multicast session. The multicast transmission is synchronized by the Master PC, so it will only go as fast as the slowest computer in the group. If a single computer fails, it will drop out of the session and the session will continue. The Master PC can multicast images to Client PCs in the following three ways: While the Master PC downloads an image from a file server and manages the simultaneous imaging of the Client PCs While the Master PC creates an image on a file server and manages the simultaneous imaging of the Client PCs While using its own hard disk as the source and sending the contents to Client PCs
HTTP Imaging
When capturing or deploying an image, you have the option of providing a URL as the path to an image file. This is non-typical interaction, and requires some configuration on your Web server. Your Web server needs the following: Unlimited keep alives enabled. Upload access if you want to upload images In Apache 2, enable unlimited MaxKeepAliveRequests in your httpd.conf file. You also need to obtain and install mod_put module to enable image uploading. In IIS, consult your documentation for information on enabling keep alives and uploads. Basic authentication is supported, Windows digest authentication is not supported. You might also need to specify a file type of application/octet-stream for your images to prevent errors.
Capturing Images
See Creating a Disk Image on page 158.
Deploying Images
Distributing a Disk Image on page 163.
Post-Imaging Configuration
Because images contain a generic operating system, you will probably want to set up unique configurations such as operating system license, networking, TCP/IP, and user account settings on each computer that receives an image. This section briefly describes the options that are available in the Post-Imaging Configuration wizard page.
216
Important To use this feature, you must ensure that the Deployment Agent is installed on the computer you will create the image from. After a computer has received an image, the Deployment Agent applies the configurations you set, and reboots the computer so the changes take effect.
Managing Images
You can view and make changes to RapiDeploy image files (*.img) using the Altiris ImageExplorer. For more information, see Altiris ImageExplorer on page 313.
217
Chapter 15
ImageX Imaging
Deployment Solution provides native support for imaging computers using ImageX. Windows Vista and Windows XP are currently supported.
Obtaining and Installing ImageX

Before using ImageX, you must download and install the Microsoft Windows Automated Installation (WAIK) toolkit. This is available as part of the Business Desktop Deployment (BDD) Workbench. After installation, copy the following directory:
C:\Program Files\Windows AIK\Tools

to the WAIK directory on your Deployment Share. After copying, the WAIK directory will contain a Tools subdirectory. WinPE must be used in automation for for all ImageX jobs.
Capturing and Distributing ImageX Images

As ImageX is a 3rd party tool, limited support is provided in the imaging wizard. To access the full functionality of ImageX, customize the ImageX Imaging sample jobs for your environment. When using the Create Disk Image task, the following restrictions apply: Only the C drive is imaged. The default capture mode is fast. When using the Distribute Disk Image task, the following restrictions apply: The target disk is formatted before the image is deployed. If there is a problem with the deployed image, the computer might be left in an unusable state. See the release notes for additional information.
218
Mac Imaging
Deployment Solution supports native imaging of Mac PowerPC and Intel-based computers. Using an OS X Server to provide the boot image, Deployment Solution can capture and deploy images to most Mac computers.
Requirements:
A Mac computer running OS 10.4 to provide the source for the automation image. Instructions for creating this image are contained in Creating an Automation Image (page 219). A separate image is required for PowerPC and Intel-based computers. OS X Server. Instructions for enabling NetBoot to provide the boot image are contained in Configuring NetBoot (page 221). One or more AppleTalk Filing Protocol (AFP) shares to host disk images. Mac PowerPCs. Intel-based Macintosh computers are not currently supported. Use of OS X is subject to the Apple license agreements, see your operating system documentation for information.
Process Overview
The following provides a basic overview of the Mac imaging configuration process: 1. Create an automation image. This image is a standard OS X operating system with the Deployment Agent installed and configured for automation. 2. Enable NetBoot. This is an OS X Server feature that enables network booting similar to PXE Server. 3. Add your automation image as the default NetBoot image. When an imaging job is assigned to a Mac computer, the Mac agent in the production operating system shuts the computer down and instructs it to restart and contact your NetBoot server. When the NetBoot server is contacted, the automation image is loaded, and then the Deployment Agent inside this image starts and contacts your Deployment Server. The computer then receives any automation jobs assigned.
Creating an Automation Image

The automation operating system is a basic OS X image with the Deployment Agent installed. To create an automation image, complete the following procedures: Step 1: Configure a Source Computer (page 219) Step 4: Image the Source Computer (page 221)
Step 1: Configure a Source Computer

In this step, a basic OS X system is prepared to provide the source for your automation boot image.
219
1. 2. 3.
Configure a computer with OS 10.3.x. Optionally, you can create an additional volume on an existing computer to store this operating system. Start the operating system you installed in the previous step, and then log in using the Administrator account you created during installation. Change any settings that might require user interaction. For example: Enable automatic login (System Preferences > Accounts). Disable the Sleep option (System Preferences > Energy Saver). Disable software updates (System Preferences > Software Update).
4. 5.
In network options select Using DHCP. Verify Apple Remote Desktop 2.2 is installed by browsing to /System/Library/ CoreServices/RemoteManagement. If this folder is not present, download and install from apple.com/support/downloads/appleremotedesktop22client.html. Install the Altiris Agent. For instructions see Installing The Mac Deployment Agent (page 260). After the installation completes, open /etc/altiris/deployment/agentinstall.conf in a text editor. Change the following:
6. 7.
export OS_TOOLBOX=darwin
To:
export OS_TOOLBOX=automation
8. Re-install the Deployment Agent.
Continue to Step 2: Provide Root Password for Automation (page 220).
Step 2: Provide Root Password for Automation

1. From the source computer you are configuring, connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. Browse to the techsup/macintosh folder. Extract and run the program contained in AutomationImageEssentials, providing the password for the Administrator account you created during installation.
2. 3.
Continue to Step 3: Provide Credentials to Access Images (page 220).
Step 3: Provide Credentials to Access Images

Images are retrieved and stored on AFP Servers. (see Configuring AppleTalk Filing Protocol Shares to Host Disk Images (page 222).) Complete the following procedure to store the credentials required to access these servers. Credentials can also be provided directly in imaging tasks. 1. From the source computer you are configuring, connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. Browse to the techsup/macintosh folder.
2.
220
3.
Extract and run the program contained in AddCredentialstoKeyChain, providing the username, password, and hostname for each AFP share hosting images.
This computer is ready to be imaged. In Step 4: Image the Source Computer (page 221), we use the imaging utility, hdiutil, to capture and store an image of this computer.
Step 4: Image the Source Computer

1. Connect to your NetBoot Server and mount a NetBoot share, typically NetBootSP0. (If using a different share, replace NetBootSP0 with the share you are using in these instructions). Connect (command + K) using a command similar to the following:
afp:\\server_ip\NetBootSP0
Replacing server_ip with the IP address of your server. 2. From the terminal on the source computer, run the following command to capture and store the disk image:
hdiutil create -srcfolder / /Volumes/NetBootSP0/SystemRO.dmg

3. Convert the existing read-only image to read-write using the following command:
hdiutil convert /Volumes/NetBootSP0/SystemRO.dmg -format UDRW o /Volumes/NetBootSP0/System.dmg

When this operation completes, you can delete SystemRO.dmg 4. Add an additional 1 GB padding to the image using the following command:
hdiutil resize -size newsize /Volumes/NetBootSP0/System.dmg

Replacing newsize with the current size of your image plus 1 GB. You are now ready to configure NetBoot.
Configuring NetBoot
NetBoot provides Mac computers with the automation operating system. To configure NetBoot complete the following procedures: Step 1: Configure the NetBoot Image (page 221) Step 2: Start the NetBoot Service (page 222)
Step 1: Configure the NetBoot Image

1. 2. 3. 4. 5. On your NetBoot server, double-click /Volumes/NetBootSP0/System.dmg to mount the captured image as a volume. Run the System Image utility (Applications > Server > Network (OS 10.3) or System (OS 10.4) Image Utility). In the upper pane, select New Boot. Provide Automation as the image name. Provide an image ID. Example: 1300
221
6. 7. 8. 9.
Leave the default NFS option selected. On the Contents tab, select disk image, then browse to the image file volume you mounted in step 1. Click Create. Provide Automation as the folder name and save it to the /Library/netboot/ NeBootSP0 folder. If that location is unavailable, save the folder to a different location and then copy it to the correct location after the operation completes.
Your NetBoot server should now have a folder at /Library/netboot/NetBootSP0/
Automation.nbi containing the following:

System.dmg booter mach.macosx (10.3 only) mach.macosx.mkext NBImageInfo.plist You are now ready to start the NetBoot service.
Step 2: Start the NetBoot Service

1. 2. 3. 4. On your OS X Server, open the Server Admin utility. Expand the services on the localhost. Start the AFP service (if not already started). Start the DHCP service. It is not necessary to click enable. Running the service but not enabling any adapters prevents your NetBoot server from responding to DHCP requests on your network, but allows your NetBoot server to provide IP address when booting clients. 5. 6. 7. Select the NetBoot service. On the General tab, select the volume containing your images. On the Images tab, select the Automation image and: Enable the image. Enable the diskless option. Select it as default. NetBoot is now configured. Continue to the next section to configure network shares to host disk images.
Configuring AppleTalk Filing Protocol Shares to Host Disk Images

Images captured and deployed to Mac computers must be stored on an AppleTalk Filing Protocol (AFP) share. Follow the instructions provided with your OS X Server to create AFP shares to host images.
222
Chapter 16
Symantec Ghost Imaging

Important Deployment Solution does not include the Ghost executable or a license to use Symantec Ghost. You must provide a copy of the ghost.exe and/or ghost32.exe imaging executable to enable this support. Customers currently using Ghost imaging solutions have the option of copying the Ghost executable to the Deployment Server to enable Ghost imaging from the Create Disk Image and Distribute Disk Image tasks.
To add support for Symantec Ghost

1. On the Deployment Share, create a folder called ghost. Copy ghost.exe (for DOS support) and/or ghost32.exe (for WinPE support) to this folder.
Symantec Ghost is now available for selection in the Create Disk Image and Distribute Disk Image tasks. A configuration file called ImageTools.ini, located in the root of your Deployment Share, contains settings you can change to customize the behavior of Ghost. For example, the default command-line in DOS is:
CreateImageCommandLine=clone,MODE=create,SRC=1,DST=%IMAGE_FILENAME% -sure
This setting and others can be customized by modifying ImageTools.ini.
223
Chapter 17
Software Packaging
Deployment Solution includes the robust Wise Packager for Altiris Deployment Solution. This article presents an overview of the Wise Packager, including a walk-through of the software capture and distribution process. Information for users migrating from RapidInstall to the Wise tools is provided as well.
Why Use Software Packaging?

Installing and managing software is a major part of successful computer management. Often, a software package you require does not provide options for remote or automated installation, and might require additional configuration after installation. These situations can require you to manually install and configure software, or include a large number of programs in your standard images which can require frequent updates. The Wise Packager repackages and customizes your existing installations to create consistent, flexible software installation packages. These packages use the Windows Installer format (MSI), which provides many benefits over traditional installations. This format is explained in Appendix B: Windows Installer Format Explained (page 226). Other reasons you might want to repackage include: Supporting corporate standards by customizing the way applications are installed. Creating silent installations or limit the options available to end users. Creating transforms for the repackaged installations. Changing the source paths in the installation to UNC paths. Building complex launch conditions using Windows Installer runtime properties that test aspects of the destination computer. These software packages can be as simple as a single file copy or a registry change, all the way up to a pre-configured, silent installation of a complete application.
Overview of the Software Packaging Process

The software packaging process uses the tools that compromise the Wise Packager: Wise SetupCapture, and Wise MSI Editor. Wise SetupCapture records changes made to a computer by an installation program, bundles these changes into a Windows Installer package (.MSI). Wise MSI Editor lets you customize and create MSI installation programs. To repackage software, you use Wise SetupCapture to create a snapshot of the files and settings on a computer execute an existing installation. SetupCapture records the changes made by the installation and compares these changes to the initial snapshot. Any changes detected are added to an installation package. You can use Wise MSI Editor to customize the installation.
224
The following sections provide additional details on this process:
Step
Setting up a Reference Computer (page 225) Capturing a Software Package (page 225) Customizing a Software Package (page 226) Distributing a Software Package (page 226)
Description
This computer hosts the capture process. Using Wise Setup Capture to capture changes to the reference computer. Adding and removing files, registry settings, and other installation options. Getting your package to the right managed computers.
Setting up a Reference Computer

To host the capture process, we recommend setting up a computer with just the basic operating system and no additional software. This helps prevent situations where the necessary changes are not captured due to pre-existing software or other conflicts. The capture process is not resource intensive, so any recent desktop computer should work fine as the reference computer.
Accessing Wise SetupCapture

After the operating system is installed, you need to provide the reference computer access to Wise Setup Capture. This tool does not need to be installed; in fact, it can be executed directly from the Deployment Share. The easiest way is to first install AClient and use the Create Wise Packager Shortcuts sample job to add shortcuts to execute the software from the Deployment Share. (Shortcuts are placed at Start > All Programs > Altiris > Deployment Solution.) You could also copy the Wise Packager folder from your Deployment Share to the reference computer, or create the shortcut manually (use the sample job as a starting point). After you have a way to execute Wise Setup Capture on the reference computer, continue to the next section, Capturing a Software Package (page 225).
Capturing a Software Package

What Can I Capture?
Depending on the complexity of the installation, certain programs are better candidates for repackaging than others. Installations that perform simple file copies and registry changes, such as WinZip, Adobe Reader, and others, are simple to repackage. As the complexity of the installation increases, additional customization is often required. Client/server applications, and applications that make API calls (such as antivirus software) can be very difficult to repackage. Fortunately, many of these applications already provide their own tools for automated and remote installations. Installations already using the MSI format should not be repackaged because remote installation and other advanced features are already supported. Making modifications to
225
vendor-supplied MSIs is not recommended since it could introduce incompatibilities with future updates. Hardware drivers, operating systems and updates should not be captured, due to their complexity and Windows File Protection.
The Capture Process

Before you begin, review the guidelines in Appendix C: SetupCapture Guidelines (page 229). Copy the installation programs you want to repackage to the reference computer or to an accessible share and launch Wise SetupCapture. (If you added shortcuts, Start > All Programs > Altiris > Deployment Solution > Wise SetupCapture. Ensure you run it on the reference computer, not the server.) After providing a name, select options for this capture. The default options should work fine, though if you want to capture file and registry deletions you need to select these options. Complete details on these options are in the Wise Packager\Help\WisePackager.chm help file on your Deployment Share. The remaining on-screen prompts guide you through performing an initial scan, capturing changes, and completing the process. After this process completes, review the captured changes and add stand-alone files and registry settings in the next section, Customizing a Software Package (page 226).
Customizing a Software Package

Open the Wise MSI Editor and open the MSI you captured. (If you added shortcuts, Start > All Programs > Altiris > Deployment Solution > Wise MSI Editor.) Complete details on using Wise MSI Editor are in the Wise Packager\Help\WisePackager.chm help file on your Deployment Share. At a minimum, you should review and update the properties on the Installation Expert pages.
Distributing a Software Package

After you have created a software package, use the powerful automation tools provided by Deployment Solution or Software Delivery Solution to distribute this package to managed computers.
Appendix A: Migrating From RapidInstall

We recommend migrating from RapidInstall to the Wise Packager to leverage the benefits of the MSI format, including self-healing, automatic uninstall and rollback. To convert existing RIP packages to MSI format, use the RiptoMSI.exe migration utility. This utility is in the RInstall folder on your Deployment Share.
Appendix B: Windows Installer Format Explained

To create a streamlined process for installing and managing applications, Microsoft developed the Windows Installer service. It consists of the following:
226
A set of guidelines. An Application Programming Interface (API). A runtime service that makes application installation and management part of Windows services. Windows Installer is not a installation authoring tool, but rather an installation engine and rule set. The Windows Installer engine resides on the destination computer as part of the operating system. Instead of an installation executable (such as setup.exe), the Windows Installer executable (msiexec.exe) reads the installation database (.MSI) which contains instructions and installation files. The .MSI uses highly structured, uniform data tables. There is 100% accountability of where each file installs and a thorough log of which files belong to which applications, so individual files are restored to repair damaged applications. Each table contains different installation information such as Class, Components, Features, Files, Execution Sequence, and Registry. Logic built into the Windows Installer engine prompts for a reboot, checks disk space, and follows file-version-replacement rules. When opening an .MSI, msiexec.exe reads the database and builds a transaction list that it follows to complete the installation. If the installation fails, Windows Installer performs a rollback, which returns the computer to its previous state.
Advantages of Windows Installer

Before Windows Installer, every software application had its own setup executable file (usually setup.exe or install.exe). Although many software manufacturers used common installation tools like Wise Installation System, others used highly proprietary installation technologies. This made the users experience inconsistent from one installation to the next, and the operating system had to contend with redundant code in different applications. Applications could not be administered after installation, except to rerun the setup program. Windows Installer implements a single built-in execution engine and replaces the installation executable with a database file (.MSI). The database stores the applications program files and setup instructions and can readily access this information if the application requires maintenance. Using Windows Installer results in a solid, robust installation that reduces the total cost of ownership and enables compliance with the Microsoft rules for software installation. Because Windows Installer is part of the operating system, it provides benefits that are unavailable in traditional installation technology.
227
Windows Installer Benefits

Self-healing
Description
With self-healing (also called automatic repair and selfrepair), the application repairs missing components. When an application starts, Windows Installer checks a list of key files and registry entries. If it detects any problems, Windows Installer repairs the application using a cached database that contains key paths to application components. Applications appear in the Add/Remove Programs applet and can be installed to the destination computer by the user. When the installation fails, the installation reverts to the previously installed state. This prevents having an incomplete or broken application. Also called install-on-demand, advertised features do not install but appear installed to the user. When the user selects an advertised feature, the installation occurs. Components group resources together so they move as a unit, which gives you more control during installation. Applies rules to installed application files that look at a files version and its shared .DLLs to prevent conflicts between applications. Decides whether to install a file to a directory by looking at a files date, language, version, and the modified date on a non-versioned file. Tracks which applications have installed every file and registry key on the computer on the component level, so the Windows Installer service always knows exactly what is needed for an application to run, and what is no longer used during uninstall. Transforms customize an .MSI to a particular user groups needs. Runs an installation using administrative rights. This invokes the systems security rights, restricts data and commands, and enforces rules when running the installation. Msiexec.exe and the Windows Installer service approve the elevated privileges request. Assigns advertised or installed applications to a users profile so when the user logs in, these applications appear on the destination computer. Lets you choose from a variety of authoring software and allows you to customize previously created installations. Windows Installer makes installations easier to install, maintain, and support.
Publishing
Rollback
Advertisement
Componentization Standardization
Version Rules
Reference Counting
Customization Elevated Privileges
Assignment
Open Architecture Total Cost of Ownership
228
Windows Installer Benefits

Dynamic Source List
Description
Provides sources for the MSI to repair from and enable advertising. Multiple possible locations for the MSI package are listed, ensuring access even between different networks. Sets privileges to control the user and application rights, and provides a more secure environment. Defines a users privileges. Lets you set policies on a per-computer basis, which lets you run an entire installation in elevated privileges and define only those rights users have while an installation runs.
Group Policy and Security User Policy System Policy
Appendix C: SetupCapture Guidelines

Run SetupCapture on a clean reference computer. Do not run SetupCapture from the Deployment Solution Console; run it on a client computer. During a capture, SetupCapture attempts to convert computer- and user-specific data in the registry to generic data that will work on any computer. It does this by searching for standard paths (example: C:\Winnt) and replacing them with Windows Installer properties (example: [WindowsFolder]). Part of this process includes searching for the computer name and currently loggedon user name. To make the search for computer and user names as accurate as possible, ensure the computer name and user name on the capture computer are set to unique names 4 or more characters in length. Avoid having the user name or computer name set to any common file or folder names. An example of a unique user name is: repackage-1-user. Before you run SetupCapture, exit all other applications, including background services or applications. (Example: Norton AntiVirus.) During SetupCapture, changes to an .INI file are recorded as changes to an .INI file only if the .INI file follows standard .INI file format. Otherwise, the changes are recorded as a file change. Do not capture an .MSI-based installation. Instead, open the .MSI directly in Wise MSI Editor. To customize it for specific workgroups, create a transform. SetupCapture does not monitor any internal logic within the installation and it does not replicate the user interface of the original installation. SetupCapture creates a separate feature for each .EXE that's installed that has a shortcut. Isolating .EXE components into features results in more efficient repairs, because if there is a problem with a component, only the problem component and the .EXE are reinstalled instead of the entire feature containing the problem component. To capture an uninstall, you must mark Include files deleted during capture and Include registry keys deleted during capture in SetupCapture Configuration General Settings. In Wise MSI Editor, deleted items are located in the RemoveFile and RemoveRegistry tables in Setup Editor > Tables tab.
229
Registry keys that define an environment variable are converted to an environment variable in the repackaged installation.
230
Chapter 18
Deploying Scripts
Altiris Deployment Solution provides a number of pre-defined tasks you can combine to create complex management jobs. When you need to perform a management task that isnt covered effectively by the predefined tasks, DS provides an environment to pre-process, deliver, and execute VBScripts, batch files, and shell scrips. These scripts have access to the full processing capability of the operating system command processor, as well as several additional features provided by Deployment Server: Access to your eXpress share and any other network resources available in the production or automation environment. Intelligent access to values stored in your DS database. DS retrieves values based on the computer currently running the script, so a single script can provide unique values for 1000s of computers. Firm, logevent, and other Altiris tools. The following diagram illustrates how scripts are processed by DS. Each step of this process is discussed in greater detail in this section:
When creating a script, you target it for the automation or production environment, and specify the operating system for the script. When a scripting task runs, the server preprocesses the script for database tokens, delivers and executes the script, returns any error messages generated by the script.
231
Using the flexibility of tokens and the processing power of the command processor of your OS, you can develop and deploy scripts ranging from a simple file search to a full system customization. This chapter discusses how to effectively create and deploy scripts in your DS environment.
Writing a Script
Scripts can be deployed to the DOS, WinPE, and Linux automation environment, or to the Windows or Linux production environment. Unlike other tasks, the scripts you write vary greatly depending on the target environment and OS. The core of each script you write uses the functionality provided by the command processor of your OS. There are utilities and commands for each environment to perform a broad range of management tasks. One of the biggest advantages to deploying scripts using DS is that a script is processed independently for each computer. Database values specific to each computer can be retrieved using the same token in your script, saving you from polling the computer and executing a database query before you can perform a task. The same %COMPNAME% token can provide a unique value for each computer that runs this script. When a script is processed, DS first parses each script for two things: tokens, and predefined server scripting commands. Tokens are replaced, additional action might be taken based on the commands found before the script is delivered to the target. The predefined server scripting commands are keywords defined for replacing tokens in other files, running vbscripts, performing scripted installs, unloading BootWorks, and a special deployment command for Blade servers. These additional keywords are discussed in the Server Scripting Commands section.
Server Scripting Commands

DS provides several predefined commands you can use when deploying scripts. These commands are processed before a script is deployed to a client. Each of these scripting commands must be marked by the correct comment flag to prevent them from being processed by the OS: The following table contains the comment flags for each scripting environment:
Comment Flags Flag Location Used

Batch files.
REM
REM [servercommand] #
Linux shell scripts.
# [servercommand]
Visual Basic scripts.
[servercommand]
232
The following table contains the predefined server scripting commands:
Server Scripting Commands Command Description

Unloads BootWorks to provide additional memory for complex scripts. BootWorks is unloaded automatically when you specify ScriptedInstall.
BootWorks Unload
BootWorks Unload ReplaceTokens

Tokens are replaced automatically in your scripts. This command replaces tokens in additional files, such as those used when configuring a computer. Source represents the source file containing the tokens you want replace, and destination represents the output file after tokens are replaced.
ReplaceTokens [source] [destination] ScriptedInstall Indicates that this script is launching a scripted install. 394k of free
memory is required for the Windows scripted install to run. BootWorks is automatically unloaded for scripted installs.
ScriptedInstall Deployment Start

When using blade servers, this option places a note in the history to mark a starting point. If a redeployment is later executed on this computer, the computer is restored from the deployment start mark in the history.
Deployment Start vbscript

Indicates that this script contains vbscript. If this appears anywhere in your script, the entire script is executed as a vbscript (you cannot execute batch commands and vbs commands in the same script). The comment flag is always used with the vbscript server command when writing Visual Basic scripts to ensure that it is ignored by the VB processor.
vbscript
Retrieving Database Values Using Tokens

Any tokens contained in a script are replaced automatically. A server command is also provided to replace tokens in other files, called ReplaceTokens. Example: to deploy a custom sysprep.inf file to several computers, the ReplaceTokens command could be contained in a script to replace tokens in sysprep.inf, this file could be copied with the correct database values to the production drive of the computer. A script to perform this task might look similar to the following:
REM ReplaceTokens .\temp\sysprep.inf .\temp\%COMPNAME%.txt Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf

When replacing tokens, the server creates a temporary file in the \tmp folder, named machinename with the same extension as the original script. This file contains a copy of the script with all token replacements made by the server, and is a valuable tool for troubleshooting.
233
After replacing tokens in the script itself, the server processes the next command in this script: ReplaceTokens. Since the token replacement process already replaced the compname token, the ReplaceTokens command works as expected and creates a unique system.inf file for each computer, containing values unique to that computer. The script is delivered to the client, and the Firm utility finds the correct file on the eXpress share to copy to the production drive. A similar process can be used to deploy configuration files to Linux computers, as a large number of Linux configuration files are text-based. If you perform Linux configuration often, you might want to set up an additional database containing common configuration values you can retrieve using tokens.
Running Scripts on the Server

Scripts can optionally execute on the server on behalf of the client. This is very important to understand, because token replacement and other commands are based on the client assigned the job, not the server. Example: consider the script we reviewed in the previous section:
REM ReplaceTokens .\temp\sysprep.inf .\temp\%COMPNAME%.txt

Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf If we marked this script to execute on the server, the initial token replacement still contains the name of the computer targeted by the scripting task. However, the command in the second line fails because the server looks for the paths specified by Firm on the server, not the client. This is valuable when you want to retrieve tokens specific to a number of computers, but the script can execute successfully on the server. This can relieve network traffic and prevent interruptions on managed computers. However, when a script runs server-side, the script is executed separately for each computer assigned to the task. A task assigned to 500 computers causes any serverside scripts in the task to execute 500 times on the server. If you have processor intensive commands, you might want to avoid server-side execution to prevent disruptions on your server, or perform the task during off-hours. Also, when running scripts server-side, avoid commands that require interaction. The DS service does not have interaction with the desktop, so there is no way to provide even simple feedback in scripts that run server-side.
Reporting Errors
One of the biggest challenges when running scripts is implementing effective error reporting and feedback. In DS, every task has the ability to handle error codes returned from a job, and take action based on this code. By default, a scripting task returns a 0 for success, and a 1 if the script fails to execute. This might be sufficient for a simple script, but scripts can often execute successfully yet still fail to perform the intended tasks. Additionally, if you create a batch file with three commands, the status reported on completion is the status of the final command in the script. The first two commands might return errors, but if the final command is successful you receive a status of success.
234
To provide additional feedback when running scripts, Altiris provides an error logging utility, called logevent, for DOS, Windows, and Linux. This utility lets you send error, warning, and informational messages back to your server from within scripts, and job execution can be stopped based on the messages you return. When executing scripts, it is important to note that DS cannot stop script execution directly; DS delivers the script and returns the execution status, but the operating sytem handles the actual execution. DS does not automatically stop script processing when an error is encountered, you must provide that logic in your script.
Usage:
LOGEVENT
[-c:#] [-l:#] [-ss:Msg] [-n:Prog]
Logevent Parameter
[-c:#] [-l:#] [-ss:Msg] [-n:Prog]
Description
A ReturnCode between -32768 and +32767. Default = 0 Additional indicator of type of message.Where # = 0-3; 0 = Unknown, 1 = Information, 2 = Warning, Any string enclosed in double quotes. Default = "No Message" Name of the program that was executed. Default = "User Defined"
DOS/CMD Error Handling

In the DOS automation environment, the logevent utility is called LOGEVENT, and is available on your eXpress share. Since this is the default directory in the automation environment, LOGEVENT can be executed directly in your scripts. In the Windows production environment, the logevent utility is called WLogevent.exe. In order to use WLogevent.exe, you must make the executable available to the Windows client, either by providing it with an image, a software deployment, or by simply copying the file directly before your script executes. On DOS, events are queued until the script completes and they are returned to the server. The Windows and Linux utilities return messages as soon as they are encountered. The following script uses GOTO commands to control how a script is processed based on the outcome of executed commands, and uses logevent to return the script status:
@ECHO OFF REM Call requestNewHardware.exe. This fails and returns an error.
requestNewHardware.exe
IF ERRORLEVEL 2 GOTO TWO IF ERRORLEVEL 1 GOTO ONE GOTO END
:TWO
235
LOGEVENT -c:2 -l:3 -ss:Bad command or file not found. GOTO END
:ONE LOGEVENT -c:1 -l:1 -ss:Error 1.
:END
Visual Basic Error Handling

By including the 'vbscript server command in a script deployed to a Windows or DOS environment, DS executes the script using Visual Basic. Visual Basic has a powerful, integrated method to handle errors. In these scripts, use WLogevent.exe to report script status to the server after you have used the built-in mechanisms to retrieve errors. The following script contains an example of error handling in Visual Basic script:
On Error Resume Next Set WSHShell = Wscript.CreateObject("Wscript.shell")
' look on the local computer strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") ErrNum = Err.Number If ErrNum = 0 Then Set colNetCards = objWMIService.ExecQuery _ ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True") 'cycle through all of the nics For Each objNetCard in colNetCards ' if it is the nic we are looking for change the dns For Each objAddress in objNetCard.IPAddress If objAddress = "%NIC1IPADDR%" Then ' Set up the array of DNS entries for the NIC arrDNSServers = Array("172.17.0.202", "172.17.0.201") objNetCard.SetDNSServerSearchOrder(arrDNSServers) WSHShell.Run ".\WLogevent.exe -c:0 -l:1 -ss:""Changing DNS for NIC1""", 1, true
236
End If Next Next Else WSHShell.Run ".\WLogevent.exe -c:" & ErrNum & " -l:3 ss:""Error:" & _ Err.Description & """" , 1, true Err.Clear End If
Linux Shell Error Handling

The logevent command is provided in the Linux agent, so any Linux computer with the agent installed has local access to logevent. Similar to Visual Basic script, Linux provides a powerful method to track error values. When running scripts on Linux, use logevent to report the status to the server after you have used the built-in mechanisms to retrieve errors. The following script contains an example of error handling on Linux:
#!/bin/sh export PATH=$PATH:/opt/altiris/deployment/adlagent/bin grep foo foo.txt ERRVAL = $? if [ $ERRVAL -ne 0 ]; then logevent -c:$ERRVAL -l:3 -ss:error executing grep" fi;
237
Chapter 19
Creating an Image Distribution Framework

Why Use an Image Distribution Framework?
In distributed networks, your ability to effectively manage computers is often limited by the speed of your network link to remote locations. In Deployment Solution, computer imaging can often require file transfers in excess of several gigabytes, even when multicasting. This can cause centralized management to become a major bottleneck, limiting your ability to manage computers at these remote locations. The following diagram outlines a typical network topology that can benefit by implementing an image distribution framework. It consists of a distributed network with several remote locations and subnets connected using routers over permanent, reliablebut-slow WAN links:
Typically, managed computers at remote locations would be required to access image files often over several gigabytes over this LAN link. Implementing an image distribution framework enables you to replicate your images to a local image store for use during imaging tasks.
238
PXE Redirection
PXE solves this problem by enabling you to redirect a shared PXE configuration to a configuration on a local PXE server. This lets you assign a job across multiple locations, and have computers at each location boot using a local PXE server with configuration specific to this location. Within this configuration, you can map local file shares containing disk images. Important: If PXE is available, we recommend using up PXE redirection instead of following the process outlined in this document.
What if I Am Not Using PXE?

If you are not using PXE, Deployment Solution provides a set of tools to let computers automatically retrieve the correct image file locally. Using these tools is described in this document.
Tools
The tools referenced in this document, such as getsrv.bat and server.lst, are available on your Deployment share in the TechSup\DOS\getsrv folder.
Creating a Distribution Framework

The following provides a basic outline of an image distribution framework: Each subnet has a file server to host a local image store. All managed computers, regardless of location, connect to the local image store to retrieve images. This eliminates downloading an image over the WAN link before an imaging operation. The location of each managed computer is determined automatically based on IP address using a custom utility. Using this method, the same distribute image task can be used to image one or more computers regardless of location. Complete the following tasks to implement an image distribution framework: Step One: Set Up Local Image Stores (page 239) Step Two: Replicate Images (page 240) Step Three: Configure the Server Lookup Utility (page 240) Step Four: Create a Boot Disk Creator Configuration (page 241) Step Five: Distribute an Image (page 242)
Step One: Set Up Local Image Stores

A local image store should be set up on a file share at each remote location. Each share hosting an image store should have the same name and folder structure. In other words, the path to your images must be identical with the exception of the server name. To control access to these shares, we recommend creating a domain-level account with read/write access to each share, or alternately, a local account with the same username
239
and password on each server. This account should not possess group membership, interactive login privileges, or any additional rights. This account is specified when creating the boot configuration in Boot Disk Creator, and the username and password must be the same for each share.
Step Two: Replicate Images

Before an image can be used, it must be replicated to the image store file share at each location. There are a number of file replication solutions available, and most companies already have a process in place for replicating data between remote sites. Before attempting an imaging job, ensure the necessary image files have been replicated to the local image store.
Step Three: Configure the Server Lookup Utility

To simplify the process of accessing images at remote locations, a tool called getsrv.exe was developed to retrieve the IP address of each managed computer and compare it to a lookup file to find the local image store.
Create a Configuration
Open getsrv.bat in a text editor. This batch file calls getsrv.exe to populate the server name variable. Getsrv.bat should look similar to the following:
copy F:\server.lst c:\tools\server.lst C:\tools\getsrv.exe /s c:\tools\server.lst /v SERVERNAME > call C:\tools\srvenv.bat
c:\tools\srvenv.bat
This example copies the server lookup file, server.lst, from the Deployment Share to the automation drive. Getsrv.exe is called with these parameters set correctly. To use this example in your environment, place your server lookup file in a tools folder on your deployment share and name it server.lst. If you are using PXE, change the drive references from C: to A:, since PXE uses a virtual boot floppy represented by A:. This modified file is added to your boot configuration in a later section.
Create a Server Lookup File

Each server in the lookup file consists of two entries: the IP address/subnet entry and the corresponding server name. The IP address and subnet are separated by a slash ( / ), and the corresponding server name is separated by a comma (,). For example:
172.16.0.0/255.255.0.0,SERVER1 192.168.1.0/255.255.255.0, SERVER 2 192.168.2.0/255.255.255.0, SERVER 3

Create entries in this file for each IP segment to which you might deploy images.
240
GetSRV.EXE Parameter Descriptions

The following table contains descriptions of the getsrv.exe parameters:
Parameter
/s [filename]
Description
File containing the list of servers hosting local image stores. This file is typically placed in the deployment share. See Create a Server Lookup File (page 240). Environment variable containing the selected server. This token is used when creating the boot configuration, and is set to SERVERNAME in these examples.
/v [variablename]
Step Four: Create a Boot Disk Creator Configuration

After you have configured getsrv.bat, you need to create and modify a boot configuration. This configuration is used to boot managed computers to the automation environment for imaging. 1. 2. In Boot Disk Creator, create a new boot configuration using your selected automation boot method and environment. Create a drive mapping for your image share, using the %SERVERNAME% variable rather than an actual servername. (The name of this environment variable is specified using the /v flag of getsrv.exe. We recommend using SERVERNAME). This drive mapping should look similar to the following:
\\%SERVERNAME%\[share]
Replace [share] with the share name of your local image stores. 3. Managed computers must be able to resolve the name of the central Deployment Server. If using DOS automation, NetBIOS is used to resolve names, so we recommend adding your Deployment Server to the lmhosts file. We also recommend adding the name and IP address of each server hosting an image store. After the wizard completes, within the configuration, create a folder named Tools and copy the following files: getsrv.exe getsrv.bat
4.
241
Modify Mapdrv.bat to call Getsrv.bat

Mapdrv.bat is called to map drives in the automation environment. This file is modified to call the getsrv.bat file you modified in a previous step. After this executes, the server name variable is available to map the drive to your local image store. 1. 2. 3. Launch Boot Disk Creator. Expand the configuration you created in the previous section. Modify mapdrv.bat to add the following line after the first line of the file:
call c:\tools\getsrv.bat
The completed file should look similar to the following:
net use F: \\[your_ds_servername]\eXpress /yes call \tools\getsrv.bat net use [drive]: \\%SERVERNAME%\[share] /yes
Deploy the Boot Configuration

This configuration is now ready to be deployed using PXE, installed to an automation partition, or copied to boot media. Computers must boot this configuration when performing imaging tasks.
Step Five: Distribute an Image

You are now ready to test your configuration by deploying an image. Use the standard deploy image task in the Deployment Console, keeping in mind the following: Images must be replicated before the task executes. The path to the image file specified in the Deploy Image task should be based on the image store drive you mapped when creating your boot configuration. Example: if you selected G and mapped \\%SERVERNAME%\ds_images, and your images are located in the root folder of that share, the path is G:\imagename.img. The server lookup file must be accessible.
242
Chapter 20
Deploying and Managing Servers

Deployment Solution provides additional features to remotely install, deploy and manage network and web servers. From the Deployment Server Console, you can configure new server hardware, install operating systems and applications, and manage servers throughout their life cycle. And because servers are mission-critical, you can set up a system to quickly deploy new servers or automatically re-deploy servers that have failed. Features like rules-based deployment, support for remote management cards, and quick server restoration from a deployment history give you new tools to manage all servers throughout your organization.
Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, or any Linux OS), multiple processors, and specific vendor server models. Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers. See Server Management Features on page 243. Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides serverspecific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options on page 244.
Server Management Features

Deployment Server provides various features for deploying and managing servers. These features are supported for client and handheld computers as well, but are essential in deploying servers.
243
Server icons. The Deployment consoles display icons to identify servers across the network. Like other computer icons in the console, server icons can be selected to view server properties or assign specific jobs and management tasks
Icon
Description
Indicates a server is active and a user is logged on.
Indicates a server is disconnected from the console.
Indicates a server is in a waiting state.
Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up the operating system install files using a wizard. See Scripted OS Install on page 168. Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings on page 107. Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server.
Server Deployment Options

Deployment Server includes features to automatically reconfigure and redeploy new servers. If you are using Initial Deployment to automatically re-image new servers or run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2) run automatically for every server not identified as a managed computer in the database. These contrasting settings are based on polices you define for managing servers in your organization. Example: if you rely on PXE to boot the new server and you want to deploy new servers automatically without halting the process, you must change the default settings in the PXE Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed (or waits a set time before proceeding) to avoid erroneous redeployment, you need to set the options in the Advanced section of Initial Deployment.
Halt the Initial Deployment of Servers

When a server boots from the PXE server or from BootDisk (if the option is set), Deployment Server recognizes it as a new computer and will attempt to configure the
244
computer with Sample Jobs in Deployment Solution. Initial Deployment includes a feature to prohibit servers from being deployed automatically. 1. 2. 3. Click Initial Deployment and select Properties. Click the Advanced tab. Click the Servers check box and click OK.
Initial Deployment will not run for any computer identified in the console as a server.
Change PXE Options for Initial Deployment

If installing a server using a PXE Server, the server will attempt to install but will not run automatically using default settings. It will wait until a boot option is selected from the client computer. You can change the default setting in the PXE Configuration Utility to allow Initial Deployment to run automatically and not sit at the prompt. 1. 2. 3. Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility. Click Altiris BootWorks (Initial Deployment). Click Edit. Select Execute Immediately. Initial Deployment will run automatically for every identified server. 4. Click OK.
Clear BootWorks Prompt for Remote Install

When you run a deployment job on a computer where the Deployment Agent has been remotely installed, a message will appear stating that no BootWorks partition or PXE stamp is found. The message will stay open until the user clicks OK on the message dialog, which delays executing the scheduled job as part of an automated redeployment process. To fix this delay: 1. 2. 3. 4. 5. 6. Select Tools > Options.The Altiris Program Options dialog appears. Select the Agent Settings tab. Select Change Default Settings. Select the BootWorks tab. In the lower section, select Never prompt me from the list. Click OK.
Following these steps will assure that the BootWorks message will not come up and things will move forward when a job is scheduled.
Managing Server Blades

Deployment Solution allows you to manage high-density server blades with Rack/ Enclosure/Bay (R/E/B) hardware and properties. From the Deployment Console you can deploy and manage these space-efficient server blades using the physical view to assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage each server blade directly from the logical view. See Bay on page 126 for properties and rules to deploy Rack/Enclosure/Bay servers.
245
Using Deployment Solution, you can employ rip and replace technology that allows you to insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, allowing you to replace any downed server and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade.
Managing New Server Blades

Deployment Solution allows you to automatically deploy, configure and provision new server blades using a variety of features, including Sample Jobs in Deployment Solution, Virtual Bays, and Server Deployment Rules.
New Server Blades in Newly Identified Bays

When new blades are identified in a Bay that has not been used previously (if it has been used previously, the Bay object will be identified in the physical view), both the Sample Jobs in Deployment Solution and Virtual Bays features can be set up to automatically run configuration tasks and deployment jobs. To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid Deployment Pack installations of Deployment Solution. Initial Deployment set up: Clear the Servers check box in the Advanced dialog. If both new computer features are set up and a new server blade is installed in a Bay not previously identified by the Deployment Server, the Create Virtual Bay feature will execute and Initial Deployment will not execute.
New Server Blades in Identified Bays

If a new HP server blade is installed in an identified Bay (one that has already had a server blade installed and is visible from the Deployment Console), both Sample Jobs in Deployment Solution and Server Deployment Rules can be set up. However, when both are set up, the Server Deployment Rules execute and Initial Deployment does not execute.
Hewlett-Packard Server Blades

Hewlett-Packard high-density blade servers can be deployed and managed from the Deployment console. The following HP server blades are supported:
HP Proliant BL e-Class
Proliant BL 10e Proliant BL 10e G2
HP Proliant BL p-class
Proliant BL 20p Proliant BL 20p G2 Proliant BL 40p
HP blade servers allow you to employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/ servers/rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server is displayed along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and displayed in both the physical and server views within the Computers pane of the Deployment console.
246
For HP blade servers in the physical view the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features on page 243 and Server Deployment Options on page 244.
Virtual Bays
Blade servers now have a Virtual Bay feature that allows you to pre-assign deployment jobs to the rack, the enclosure, or to a specific server blade in the bay. Any blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. The Virtual Rack/Enclosure/Bay icons will change from virtual icons to managed server icons in the Deployment console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the virtual computer is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays will be truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you will need to recreate the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades on page 246.
Dell Server Blades

Dell high-density blade servers can be deployed and managed from the Deployment console. All Dell Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The following servers are supported:
Dell Rack Servers

All PowerEdge rack servers
Dell Server Blades

PowerEdge 1655MC
For Dell blade servers in the physical view, the Rack name will always be Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example:
247
Dell <enclosureName> <bayName> See also Server Management Features on page 243 and Server Deployment Options on page 244.

Fujitsu-Siemens high-density blade servers can be deployed and managed from the Deployment console. All Fujitsu-Siemens Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/ Enclosure/Bay view. The following servers are supported:
Fujitsu-Siemens Rack Servers

All Primergy rack servers

Primergy BX300 blade servers
For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features on page 243 and Server Deployment Options on page 244.
IBM Server Blades

IBM high-density Blade Centers can be deployed and managed from the Deployment console. All IBM blade servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. For IBM blade servers in the physical view, the Rack name will always be IBM. All subordinate Enclosures are identified with custom names under the IBM rack name and Bays are identified by number. Example: IBM <enclosureName> <baynumber> See also Server Management Features on page 243 and Server Deployment Options on page 244.
248
Part V
Operating System and Platform Reference

This section contains operating system and platform-specific information you need to consider when managing computers.
249
Chapter 21
64-bit Platforms
Deployment Solution has been designed to make managing different platforms as seemless as possible. This section walks you through the enhancements added to support 64-bit, and includes tips to more effectively manage these computers.
64-bit Job Conditions and Filters

Functionality has been added to let you set conditions and filters based on the computer architecture. These conditions and filters let you set up your jobs to make decisions based on the architecture so you dont have to re-organize your tree around architecture. Example: when distributing software, you can have 32- and 64-bit comptuters in the same group and use conditions to ensure each receives a different version.
64-bit PXE Boot Images & Configurations

Deployment Server 6.8 uses the same process to create automation boot configurations as Deployment Server 6.5. There are two differences for 64-bit: When you create a PXE boot configuration (example: an item on the PXE boot screen), you select the architectures you want to include when you create the configuration. When a managed computer boots this configuration, PXE automatically detects the architecture and sends the correct boot image. If you attempt to boot an x64 computer without an x64 boot image, it will use the x86 version. An Itanium will attempt to boot only an Itanium boot image. When you create an automation partition or boot disk from a Boot Disk Creator configuration, you are asked which architecture you want to use. Boot Disk Creator automatically gathers the correct files for that architecture.
Adding Files to a Boot Disk Creator Configuration for 64-bit

For the most part, Boot Disk Creator configurations are independent of architecture. However, if you manually add executables to a configuration which supports multiple processor types, you need to ensure you provide a version of the file for each architecture you have included. Example: if you have x86 and x64 versions of the Linux preboot environment selected for a configuration, and you add an executable, Boot Disk Creator checks the file header to see which architectures the executable supports. If not all architectures you have installed are supported by the file you added, this screen appears prompting you to add additional files or ignore the warning.
250
Chapter 22
Linux and Unix Systems

Altiris Deployment Solution has several tools to effectively manage Linux and Unix computers, including: A native Linux and Unix agent, called ADLAgent, in the Linux production and automation environments. Fedora Linux automation environment Support for deploying KickStart scripted installs Native imaging support for ext 2 and 3 filesystems Native imaging support for LVM This section contains considerations you must be aware of when managing Linux and Unix systems, and contains the following topics:
ADLAgent
ADLAgent is the client software which provides connectivity to Deployment Server from Linux, Unix, and Solaris.
Installing and Configuring ADLAgent

For basic instructions on installing ADLAgent, see Installing Deployment Agent on Linux on page 350. Installing ADLAgent on your Linux and Unix computers involves copying the necessary binaries to the client and running the installation script. You can configure the agent using the configuration script, modifying the configuration file directly, or by modifying the configuration directly in the Deployment Console. If you need to install ADLAgent on multiple computers, you can copy the installation files to an NFS or other share on your network, use standard remote access tools to run the installer. This might involve using ssh to log in remotely, or adding a line to a standard script. You might also modify the ADLAgent configuration file once and copy it to each computer.
The software distribution task now supports a number of Linux and Unix file types. When using this task with these formats, the file is copied to the system, extracted, The configure script is executed (./configure) and the make install command is executed. A large number of software packages can be installed using this process. If you have software which requires configuration beyond this, or if you are using a package management system, use a file copy task along with a shell script to install the software.
251
Imaging Linux and Unix Filesystems

RapiDeploy provides native imaging support for EXT2 and EXT3 file systems. Other file systems can be imaged, but you need to use the -raw switch.
Linux Bootloaders
There are a few considerations you must use to preserve the functionality of Linux bootloaders. First, if your bootloader is located on a reiserfs partition, you must use the -raw switch when imaging this partition to preserve the structure. Second, if you are using an automation partition, your MBR is modified to boot this partition. If you install a new version of a bootloader, your MBR is modified and you might not be able to access your automation partition. If this occurs, you can reinstall the automation partition. To prevent this, do not update any software which modifies your MBR without uninstalling the automation partition first. The automation partition can be reinstalled after the software update.
252
Chapter 23
Managing Thin Clients

Thin clients are a low cost, low maintenance solution for organizations that want to perform tasks or access programs such as: Web browsing, Java-based applications and terminal emulation, or line of business (LOB) applications. Example: users can range from receptionists and data entry workers to users accessing systems from kiosk locations commonly found in call centers or health care environments. Thin clients provide users a reliable server-based environment without the complexity or maintenance of a PC. Thin clients connect to any current or legacy network and can be managed from a centralized location. Thin clients do not contain any moving parts and data is stored in RAM, which increases their manageability, security, and reliability.
Thin client operating systems

The Deployment Agent is the Production Agent and can be installed to thin clients running Windows XP Embedded from the Deployment Console. However, if you have thin clients running either CE. NET, or the proprietary version of Linux from HP or Neoware, you cannot remote install (push) the Deployment Agent from the Deployment Console. Rather, you must install the Deployment Agent on the thin clients (pull) directly. See Thin Client Operating Systems (page 254).
Production versus Automation Agent

Deployment Solution requires that a Production Agent be installed to each thin client you want to manage from the Deployment Console. Thin client computers come pre-installed with the Deployment Agent so when they are added to a Deployment Server system, communications between the server and client are established right away. The client computers MAC and IP addresses are added to the Deployment database, which lets you begin managing the device. See Installing Deployment Solution Agents (page 344), Deployment Agents (page 112). The Automation Agent boots thin clients to automation mode so they can run deployment jobs, such as run script, create and distribute disk images, and more. Altiris recommends using a PXE Server to boot thin clients to automation, instead of installing an embedded automation partition. See Automation Agent Settings (page 379).
Supported Deployment Solution Functionality

Deployment Solution supports full functionality for thin client running XPe and Linux. However the there is limited functionality for thin clients running CE .NET. The following is a list of the supported functions for thin clients running CE .NET. Modify Computer Configuration (the computer name and TCP/IP Setting only) Distribute software (.CAB and .EXE files) Execute and run scripts (DOS and WIN batch files) *no VBS support Copy files and directories Create disk images
253
Distribute disk images Remote Control clients (24 bit color depth only. No chat or send file features) Power Control (restart/shutdown/wake up jobs) Set computer properties Create conditions to run jobs and filter computers Modify client properties via Windows and Linux agent settings
Supported Thin Client Manufacturers

Currently, Altiris supports Fujitsu-Siemens, HP, and Neoware thin clients.
Manufacturer
Fujitsu-Siemens
Model
Futro B, S, and C series thin clients running the Windows XP Embedded operating system. Currently, Deployment Solution does not support Futro thin clients running Linux. Futro S series thin clients come pre-installed with the Deployment Agent and a license for Deployment Solution. However, the Futro B series requires that you install the Deployment Agent before obtaining a Deployment Solution license from Altiris. See Managing Licenses (page 352)or the Altiris Getting Started Guide for more information.
HP
HP t5000 thin client series, which includes the t5300, t5500, and t5700 clients. Thin clients come pre-installed with Windows XP Embedded, Windows CE .NET, or Linux, depending on the model of the device. All HP thin clients come pre-installed with the Deployment Agent. CapioOne G150 and Eon E100 series thin client models. The thin clients come pre-installed with Windows XP Embedded, CE. Net 4.2 or 5.0, or NeoLinux. All Neoware thin clients come pre-installed with the Deployment Agent, but if your device is missing the agent, contact Neoware for a Snap-In.
Neoware
Thin Client Operating Systems

Thin clients come pre-installed with an operating system and the Altiris Deployment Agent. This lets you easily add new devices to the network and establish communications with the Deployment Server. See Windows XP Embedded (XPe) (page 254), Windows CE .NET (page 257), and Linux (page 257).
Windows XP Embedded (XPe)

Microsoft Windows XP Embedded (XPe) is a powerful, rapid, and reliable operating system that runs on PC architecture hardware with x86 processors. Windows XP Embedded is a componentized technology based on the Windows XP Professional operating system, with full Win32 Application Program Interface (API) capabilities.
254
Because application developers can choose from over 10,000 individual feature components, the image footprint is smaller and can boot basic images as small as 8MB. The Deployment Agent used for computers running 2003\XP\2000 is the same agent that is installed on thin clients running the Windows XP Embedded operating system. There are no limitations when installing the Deployment Agent to thin clients from the Deployment Console. However, you must turn off The Enhanced Write Filter on the thin client before installing the Deployment Agent, so that the agent will be saved to the clients memory. See also: Installing Deployment Solution Agents (page 344)and Deployment Agents (page 112).
The Enhanced Write Filter

The Enhanced Write Filter (EWF) is a unique feature of the Windows XP Embedded operating system that protects data from being written to the Hard Disk (RAM) storage area on a thin client. With EWF enabled, any data writes will be redirected to an alternate storage area called an overlay. The data stored in the overlay gives users the appearance that files, programs, or any other data installed to the thin client, will be permanently saved. However, all data written to the overlay storage area will be deleted when the thin client reboots. The Enhanced Write Filter is an IT managing feature that helps control the data stored on a thin clients hard drive. Some of the tasks Deployment Solution tasks that are impacted by the Enhanced Write Filter are certain deployment jobs, and installing the Deployment Agent for Windows. Other tasks such as, creating and distributing images, and modifying the configuration (computer name or IP address) already have scripts to handle EWF. These jobs disable EWF first, run other scripts or tasks, and re-enable EWF as the last step of the deployment job. This ensures that data written to thin clients during the deployment job will not be lost when clients reboots. Example: from the Deployment Console in the Jobs pane, located in Samples > Windows XP Embedded, is a job called Create Disk Image. The script reads as follow:
Notice that the first line item disables the Enhanced Write Filter, and the second line item checks to verify that EWF is disabled. The Create Image task creates a copy of the thin clients image and stores it in the Images folder on the Deployment Share. When the image task completes, the Enhanced Write Filter is re-enabled, and the thin client reboots. Because this script handles EWF automatically, thin clients can be managed from the Deployment Console without concern that data tasks will not be saved to managed thin clients. When creating your own Deployment jobs, use the Samples in the Job pane of the Deployment Console to help you create your own scripts to handle EWF automatically. If
255
EWF is not disabled and enabled properly, after you run a Deployment job, the next time a thin client reboots, data will be lost. See also: Building and Scheduling Jobs (page 147), Deployment Agents (page 112).
Using the EWFMGR Utility

HP and Fujitsu-Siemens thin clients can enable or disable the Enhanced Write Filter, using a Windows XP Embedded utility named ewfmgr.exe, which is stored in the C:\Windows\System32 folder. Although there are many switches that can be used with this utility; however, you typically will only use the following three or four. Note Neoware thin clients use a different method of enabling and disabling the Enhanced Write Filter. See the Sample Jobs folder in the Jobs pane in the Deployment Console for examples, or contact Neoware.
Switch
-all
Description
Performs a specified command (such as disable or enable) on all protected volumes. The default command is to display protected volume information. Disables the overlay on the specified protected volume.
-disable
-enable
Enables the write filter so that data written to the protected media is cached in the overlays. The current overlay level becomes 1 as soon as EWF is started, and a new overlay is created at level 1.
-commitanddisable
Commits all current level data in the overlay to the protected volume and disables the overlay.
The following are a few examples of how to use the ewfmgr.exe program.
256
Example
ewfmgr -all
Description
This displays the current Enhanced Write Filter settings.
ewfmgr c: -disable ewfmgr c: -enable
This disables the Enhanced Write Filter on the C: volume. This enables the Enhanced Write Filter on the C: volume.
Although the enhanced Write Filter manager can be run from a thin client, it is more efficient to include it as part of your Deployment Job.
Windows CE .NET
Microsoft Windows CE .NET is designed for a broad range of intelligent hardware devices that require a small-sized operating system, and usually run disconnected from other computers. Window CE .NET can run on multiple processors, supports Win32 Application Program Interface (API), and runs in Realtime right out of the box. Application developers can choose from a wide range of modules and components, creating small image footprints booting the basic image from 350KB. Deployment Solution lets you mange thin clients running Windows CE .NET from a centralized location, but the Deployment Agent for Windows CE .NET must be installed on each device. Many of the thin clients supported by Deployment Solution come preinstalled with the Deployment Agent and can be managed after they are connected to the network. However, due to limitations of the Deployment Console, you cannot push the Deployment Agent for CE .NET to thin clients running the Windows CE .NET operating system. Rather, you must run the Deployment Agent installation from the thin client directly. See Deployment Agent for CE .NET (page 122).
Linux
HP and Fujitsu-Siemens distribute their own proprietary versions of Linux for thin clients supported by Altiris. Contact the manufacturer for more information.
Licensing Thin Clients

HP and Fujitsu-Siemens thin clients do not require a license, but Neoware thin clients must purchase a standard license. See Managing Licenses (page 352).
257
Chapter 24
Windows Vista
Installing the Deployment Agent on Vista
The installation program is contained in the Agents folder on the Deployment Share. To install, launch the installation MSI on the computer using and admininstrator account and complete the prompts. To perform a silent installation, use a command similar to the following:
DAgent.msi -qn server_tcp_addr= 172.19.17.180 server_tcp_port=402.

To remotely install combine the above instructions for a silent installation with a login script or group policy object.
Vista Remote Control

Deployment Solution uses the Remote Desktop feature of Vista to perform remote control. Remote Desktop must be enabled on the remote computer and you must have the required credentials to use remote control.
Vista Software Distribution

Due to increased security in Vista, software must meet the following criteria before it can be distributed using Deployment Solution: The software you are distributing must be Vista compliant. The installation is set to run as completely silent. No user input is required by the installation prcess. If the package requires additional files, the "copy all directory files" and/or "copy all subdirectories" options are selected to provide these files. If you are attempting an installation from a remote location or UNC path, only one setup executable is required to complete the installation. In the Distribute Software Task, you have left the advanced option on the default selection, "Copy files using Deployment Server then Execute," or you have provided appropriate domain credentials to perform a remote installation. See the release notes for additional information.
Vista Run Script Tasks

Due to increased restrictions placed on services in Vista, scripts executed by Deployment Solution cannot display anything to the user. Scripts requiring user interaction, including pause statements, will not execute correctly.
258
Deployment Agent UI on Vista

When installing the Deployment Agent on Vista computers, you now have the option of installing a client-side agent configuration utility. This interface is similar to the configuration interface for the Deployment Agent on other Windows operating systems. To install, select the Control panel applet & UI component option during the DAgent installation. The configuration utility is launched by selecting Start > Altiris > Deployment Solution > DAgent Configuration.
Vista Imaging
RDeploy fully supports imaging Vista computers similar to other Windows operating systems. Additionally, support is provided for the WIM format using ImageX. See ImageX Imaging (page 218).
259
Chapter 25
Power Mac
Installing The Mac Deployment Agent
1. 2. 3. 4. Connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. Browse to the Agents/ADLAgent folder. Extract and run the program contained in altiris-adlagent-x-darwin.zip. Complete the prompts, providing the IP address of your Deployment Server and the IP address of your NetBoot Server.
When the installation completes the computer appears in the Deployment Console.
Removing the Mac Deployment Agent

An uninstall script is contained in the /opt/altiris/deployment/adlagent/bin folder.
260
Part VI
Reference: Deployment Solution Help Files

This section contains the help files that are launched from the Deployment Console, Web Console, and other Deployment Solution utilities. Translated versions of these help files are available in the product.
261
Deployment Server Configuration Utility

The Altiris Deployment Server Configuration Utility provides general preferences for the Deployment Server. You can use the Deployment Server Configuration Utility to: Set up an account for Deployment Server. See Logon Account (page 263). Stop, start, and restart Deployment Server. View server activity and statistics. Map drives to file servers in your Deployment Server system (if you have images stored in more than one place). See Drive Mappings Option (page 264). Set the communications protocol (multicast or TCP) and set the imaging multicast threshold. See Transport Option (page 265). Filter connections from the Deployment Server by IP addresses or network adapter interface. Connections Option (page 268). Set debug and log file options in the Debug Option (page 269).
Log in to the Deployment Server you want to manage. Open the Deployment Server Configuration Utility by clicking Start > Programs > Altiris > Deployment Server > Configuration.
From the main view of the Deployment Server Configuration Utility, you can view Deployment Server statistics, start and stop the Deployment Server, access Deployment Server configuration options, and more.
Item
Server activity and statistics Start Stop Restart
Description
Lists the number of Deployment Server sessions (clients) and Deployment Server Consoles currently running on the network. Starts the Deployment Server on the local computer. Stops the Deployment Server on the local computer. Restarts the Deployment Server on the local computer.
262
Account
Opens the Server Login Account dialog, which lets you specify the account used by the Deployment Server service. The LocalSystem account requires a simple install that runs Deployment Server services on the local computer, prohibiting access to network shares or components. With the LocalSystem account selected, you can click the Allow service to interact with desktop box to place an icon in your system tray. This icon lets you quickly shut down the Deployment Server services or to view server statistics (just as you can do from the Manage > Services and Applications > Services > Altiris eXpress Server service). The default setting is to provide a user name and password during installation. With this option you can install the service on different computers and access components across the network.
Options
Opens the Deployment Server Options dialog, which lets you specify Deployment Server options.
Logon Account
This Service Logon Account dialog is used to set up the user account used by Deployment Server.
Item
Use the Local System account
Description
Specifies that the LocalSystem account should be used by the Deployment Server service. You can use this option if your Deployment Server directory is located on the same computer as the Deployment Server and if you don't need to access any other file servers. Specifies that a user-defined account should be used by the Deployment Server service. If this option is selected, you must supply the appropriate username and password. The account must have Administrator equivalent rights on the Deployment Server computer. You must use this option if your Deployment Server directory is located on a different server than the Deployment Server.
Use the following account and password
To specify or change the Deployment Server service account

1. 2. 3. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Account. Choose whether you want to use the LocalSystem account or a user-defined account. If you choose a user-defined account, you must enter the username and password. Click OK.
4.
263
General Option
Update Inventory on active computers. Inventory provides software and hardware information about a client computer. You can update inventory on active computers at specified intervals. The Deployment Agent or any other agent sends the inventory when it connects to the server for the first time. It also updates the inventory according to a specified schedule. Click Schedule to schedule updated inventory. Update active client connections. Due to network glitches, the console may show the client active, when it is inactive. The Deployment Server sends a CACK (Client Acknowledgement) request to client computers. It waits for a response from the client for a specified timeout value. If it does not receive a response from the client within that specified time, it terminates the connection. Click Schedule to schedule updated active client connections. Reset inactive client connections. Due to network glitches, the console may show the client inactive, whereas the client is active. If this option is selected, inactive client connections are reset according to a specified schedule. Click Schedule to schedule the resetting of the inactive client connections. Encrypt communication between IIS and Data Manager. Select this option to encrypt all communication between IIS and the Data Manager. Send Wake on LAN to inactive computers when scheduling. Select this option to send a Wake on LAN request to the client computer. You can retry sending this request through the Retry every _______ minutes option.
Drive Mappings Option

The Drive Mappings tab is used to add, edit, and delete drive mappings used by the Deployment Server. Any drive mappings used to reference files need to be duplicated here. Example: if you create a job that distributes software packages from a drive on another file server using a mapped G: drive, you need to create a G: drive mapping on the Deployment Server using this dialog.
Item
Drive Letter and UNC Path Add
Description
Displays the drive mappings with the mapped drive letters and the corresponding UNC paths. Opens the Map Drive dialog, which lets you create a drive mapping. Driver Letter. Drive letter to which the drive mapping is mapped. UNC path. UNC path to which the mapped drive points.
Modify Remove
Opens the Map Drive dialog, which lets you edit the drive letter or UNC path of the selected drive mapping. Removes the selected drive mapping.
264
Data store path
Specifies the path to stored packages and files and other DS functions (such as license verification). The default path is
C:\Program files\Altiris\express\Deployment Server.

Note Do not use this setting to change the path to the Client Access Point. Modifying this setting does not automatically let you use another shared directory other than the express share. To change the Client Access Point shared directory, run a Custom install to establish another location for the Client Access Point.
To create a drive mapping

1. 2. 3. 4. 5. 6. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Drive Mappings tab. Click Add. Specify the Drive Letter and UNC Path. Click OK.Click OK. Click Yes to restart the service.
To edit a drive mapping

1. 2. 3. 4. 5. 6. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Drive Mappings tab. Select the drive mapping you want to edit and click Edit. Modify the Drive Letter and UNC Path as desired. Click OK.Click OK. Click Yes to restart the service.
To remove a drive mapping

1. 2. 3. 4. 5. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Drive Mappings tab. Select the drive mapping you want to remove and click Remove. Click Yes to confirm your decision. Click OK. Click Yes to restart the service.
Transport Option
The Transport tab lets you specify settings for the Deployment Server transport protocols.
265
Item
Disable multicast support (agents must connect using TCP) Multicast Address Multicast Port Multicast TTL
Description
Disables multicast support, which means clients must connect to the Deployment Server using TCP.
The multicast address. This is used only if multicast is not disabled. Port used for the multicast. This is used only if multicast is not disabled. Specifies the number of "hops" or hubs that the client can go through to multicast. This is used only if multicast is enabled. The TCP port. This is used whether multicast is enabled or disabled. Automatically updates the Altiris Client for Windows on managed computers if there is a difference (older or newer) between the client available in the Deployment Server directory and the managed client. Note If any agent is upgraded to the Deployment Solution 6.8 version, this agent does not downgrade automatically if it connects to a Deployment Server of an earlier version. To downgrade any agent, install the older version of the agent manually.
TCP Port Automatically update clients
Allow Encrypted Sessions
Allows encrypted sessions between the Deployment Agent and Deployment Server. If the Deployment Agent data encryption is turned on, this Deployment Server option must also be turned on to pass encrypted data between client and server.
To specify the Deployment Server transport

1. 2. 3. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options, and click the Transport tab. Do one of the following, depending on the transport you want to use: If you want to use multicast, do not select the Disable multicast support check box. If you want to use TCP, select Disable multicast support and supply the Multicast Address, Multicast Port, Multicast TTL, and TCP Port. 4. Click OK.
266
Disk Imaging Option

The Disk Imaging tab lets you specify when image multicasting is used and how much bandwidth is used during multicasting. Note When multicasting a disk image using the PXE Server, the boot disk on the PXE Server cannot be configured with an Intel Universal NIC driver (also known as an UNDI driver). The multicasting feature is disabled for multicasting because of continued data corruption problems inherent with the Intel Universal NIC driver. This unreliability results in random files being corrupted in the image file, a problem that may appear immediately or go undetected until accessing the files later. As a result, if the computers being imaged are booting to PXE boot files configured with an Intel universal driver, multicasting is disabled and all computers are imaged using direct connections.
Item
Use disk image multicast threshold of n clients
Description
Specifies the number of clients that must be involved in a job before image multicasting is used. If the number of clients is less than or equal to the number specified, multicasting is not used. Set this value to 0 to disable multicasting. If this option is not selected, multicasting is used whenever there are two or more clients. When multicasting is not used, all clients become Masters and read from the image server independently. This option can be used if your clients can read an image file from the server faster than trying to coordinate masters and clients. Limits the bandwidth used in a multicasting session to a user-defined number of Mbps. This option prevents the multicasting operation from using all available bandwidth on a network, so other network traffic can take place at a reasonable rate.
Limit each disk image multicast to n Mbps
To set when multicasting is used

1. 2. 3. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Disk Imaging tab. Select one of the following depending on when you want to use multicasting: If you do not want to use multicasting, select the Use disk image multicast threshold of n clients check box and set n to 0. If you want to use multicasting whenever there is more than one client, do NOT select the Use disk image multicast threshold of n clients check box. If you want to use multicasting only when there are more than a specific number of clients, select the Use disk image multicast threshold of n clients check box and set n to the number of clients there must be more than before multicasting is used. 4. Click OK.
267
To set the maximum bandwidth used during multicasting

1. 2. 3. 4. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Disk Imaging tab. Select the Limit each disk image multicast to n Mbps check box and set n to the maximum bandwidth you want a multicasting operation to use. Click OK.
Authentication Option
The Authentications tab lets you authenticate to an existing SQL Server database, to the NetWare Server as a file access point, and to Deployment Solution.
Database Authentication To access and authenticate to a specified Microsoft SQL Server database
1. 2. 3. Click the Use SQL Server account authentication check box. Enter the username for the specified database. Enter the password.
NetWare Server Authentication To access and authenticate to a Novell NetWare Server

1. 2. Enter the username for the selected server. Enter the password.
DS Authentication To access and authenticate to Deployment Solution

1. 2. 3. Click Add Key. You can add a security key for the server to which you want to connect. Click Delete Key. You can delete the security key for a Deployment Server. Click Export Key. You can export and save the security key for your Deployment Server to a file.
Connections Option
The Connections tab lets you allow or reject connections from the Deployment Agents based on the IP subnet, IP address, and local interfaces.
Define Subnets
Select the Allow/reject agents based on their IP subnet box and click Define Subnets. Click Add or Modify to enter or edit a network IP address and the corresponding mask.
268
Define IP Addresses
Select the Allow/reject agents based on their IP address box and click Define IP Addresses. Click either the Allow or Reject option. Click Add or Modify to enter or edit a specific a range of IP addresses to connect to the Deployment Server.
Define Interfaces
Select the Allow/reject agents based on their IP address box and click Define IP Addresses. Select from the list of network adapter cards to allow or reject when connecting to Deployment Server.
Debug Option
The Debug tab lets you set debug options for Deployment Server and communication between managed computers. Engine Debug Logging. Select this option to set the name and location of the logging report and the logging level for Deployment Server. The Engine Debug Log is a single report that captures debug information for Altiris support personnel. Log File Name: Set the path and name for the log text file. The default name is axengine.log in the Deployment Server shared directory. Max File Size: Set the size of the text file by entering the maximum file size allowed. Logging Level: Enter the logging level. This number can be from 1 to 9, with nine the deepest logging level and one the most cursory logging level. Altiris support can instruct you on the required logging level for your issue. Log Agent Communication with Engine. Select the directory path and name to log error messages between managed computers and the Deployment Server. Log Directory. Set the path of the folder to collect the client error messages. Each managed computer has its own log file in this directory named <the computer ID of the managed computer>.log. Max File Size. Set the size of each log file by entering the maximum file size allowed.
269
Introduction to Altiris Boot Disk Creator

Altiris Boot Disk Creator (BDC) is a utility that comes with Deployment Solution and lets you create configurations for pre-boot environments. You can create DOS, Linux, and Windows Preinstallation Environment (Windows PE) configurations, which gives you greater flexibility in managing client computers. The configurations you create can be assigned to automation tasks within deployment jobs that boots client computers to the automation environments. The Deployment Solution automation tasks include the following: Run Script Create Disk Image Distribute Disk Image Scripted OS Install Backup Registry Restore Registry The Deployment Server sends a message to the client computer that the type of task within a deployment job requires an automation environment. The client computer boots to the automation environment you created using Boot Disk Creator and connects with the Deployment Server to run the tasks that have been assigned by the deployment job. This feature lets you create a single deployment job with multiple tasks that boots to the automation environment you want when each task runs. The Boot Disk Creator Utility gathers data as you create new configurations. The base pre-boot operating system files, disk drivers, files you add to the Additional Files folder (in the treeview of Boot Disk Creator), and all the settings you selected in the New Configuration Wizard are added to the boot image. Based on the type of preboot environment you are creating, the appropriate Automation Agent is also added. Boot Disk Creator creates the type of bootable media you want to use when booting client computers to automation. Boot Disk Creator supports the following bootable media: Floppy disks Bootable CDs and DVDs with an ISO image, or with network connectivity to retrieve an image from the Deployment Server USB flash drives Windows installation packages See Create Boot Disk (page 280), Automation Partitions, Network and Automation Boot Disks (page 280). Before creating configurations, you must first install the pre-boot operating system files for the types of pre-boot configurations you want to create. When the Deployment Solution gets installed, you have the option to install the pre-boot operating system files at that time. If there are no files installed, you can use the Install Pre-boot Operating System Files feature within Boot Disk Creator to install the necessary pre-boot operating system files.
270
Example: You can install DOS, Linux, or Windows PE operating system files so you can create any type of configuration any time you want. Or, you can install only DOS and Windows PE system files and install Linux later. You can only create configurations for the type of pre-boot operating system files you have installed. This feature also lets you update pre-boot operating system files when you receive new releases of software and makes it easy to install system files any time you want. See Install Pre-boot Operating System Files (page 285). The New Configuration Wizard is the main process of Boot Disk Creator. This is how you select the type of pre-boot environment configuration you want to create, along with other settings such as, the type of network adapter, network server information, TCP/IP information, and more. After the wizard completes, the Create Boot Disk Wizard automatically appears. This is the production process of Boot Disk Creator that lets you select the boot disk creation method for how you want to implement the configuration you created. You can create floppy boot disks, which are use for DOS configurations since Linux and Windows PE system files are too large to fit on a floppy. Network and automation boot disks can create ISO images, which you can save to bootable CDs using your own third party CD burning software, or you can select a flash drive from the Bootable drive drop-down list. You can also create a Windows Installation package to run in a Windows production environment, which installs an embedded (recommended) or hidden automation partition on the client computers hard drive. See Automation Partitions, Network and Automation Boot Disks (page 280). If you create an Automation boot disk, the Automation Agent is added to the configuration so that when you boot client computers, they try to connect to the Deployment Server. If you select Network boot disk, client computers boot to the network server you specified in the New Configuration Wizard, displaying only a users prompt. See New Configuration Wizard (page 272). Boot Disk Creator can also be accessed from the PXE Configuration Utility, so that you can create boot menu options using the New Configuration Wizard. You can also create boot configurations directly from Boot Disk Creator, and import the boot images into the PXE Configuration Utility. The PXE Configuration Import feature lets you import images that have been created by Boot Disk Creator or any other third party imaging software, but you cannot edit the boot images after they have been imported. See PXE Configuration Utility Help. To help you manage the configurations you create, Boot Disk Creator uses colors to inform you which type of pre-boot configuration you are editing. The colors on the display change when you select a configuration in the treeview of the utility. The colors indicate the following: Black: No configuration has been selected or there are no configurations to select. Blue: DOS configuration Green: Linux configuration Red: Windows PE configuration See Edit Configurations (page 278). The Boot Disk Creator Utility is easy to use because each process guides you through the settings and options you can select to create pre-boot environment configurations to help manage automation tasks used by the Deployment Server.
271
To start the Boot Disk Creator tool, open the Deployment Console and click the icon on the toolbar, or click Tools > Boot Disk Creator.
Toolbar Description
The icons on the toolbar help you navigate to the tasks you want to perform within Boot Disk Creator in one click. The options are:
Buttons
Description
New Configuration Wizard (page 272): Creates new configurations that is used when booting client computers to automation or a network prompt. Create an Automation Install Package (page 281): Creates and installs an embedded automation partition to a client computers hard disk, using an installer package. Remove Automation Partition (page 283): Removes an automation partition from a client computers hard disk. Create Automation Boot Disk (page 282): Creates automation boot disks to manually boot client computers to automation. Create Network Boot Disk (page 283): Creates network boot disks to manually boot client computers to a specified network server.
New Configuration Wizard

You can create as many configurations as needed to support varying types of computer environments. Before you begin, you must install the pre-boot operating system files that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating System Files (page 285).
To start the New Configuration Wizard, click the icon on the toolbar of the Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or Windows PE. You must enter a name of for the configuration to make the Pre-boot Operating System for this Configuration fields active. The description field is optional but helps you to know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add.
272
Field Definitions
Name: The configuration name you enter appears in the Configurations treeview after the wizard is completed. Description: Enter a description for the configuration. (Example: enter the type of computer, operating system, network adapter, and any other characteristics that help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the treeview, the description you entered for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and Windows PE operating systems to create pre-boot environments. Select the pre-boot operating system and click Install Pre-boot Operating System Files (page 285) to install pre-boot operating system files.
File Server Type (DOS)

The Deployment Share stores image files, packages, and data files. By default, the Deployment Share is installed to the Deployment Server, but it can be on another server, depending on the whether you selected a Simple or Custom Deployment Solution installation. Field Definitions Microsoft Windows: Select this option to store images on a Microsoft server using TCP/IP network communications (recommended). However, if you use IPX to communicate with a Microsoft server, select the IPX check box at the bottom of the page. Create multi-network adapter configuration: Select this option to add multiple network adapter drivers to a single PXE boot file configuration. This feature lets you build configuration files to boot multiple computers that contain different types of network adapter cards. See Multi-Network Adapter Configurations (page 273). Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using IPX network communications. Novell NetWare (Client32): Select this option to store images on a NetWare server with 32-bit clients. Use IPX to communicate with Netware: Select this check box if IPX is the network protocol for the Novel NetWare (Client32) server.
Multi-Network Adapter Configurations

If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported drivers appears. You can select Multi-NIC drivers to be included in the configuration by pressing Shift-Click or Ctrl-Click. After a client computer boots using a multi-network adapter configuration, Boot Disk Creator applies the driver that matches the first network adapter card that it detects. Example: If you are going to use the multi-network adapter configuration for several different client computers, this option can save you time and effort in booting different computers. However, if a client computer has 2 NIC cards and you use the multinetwork adapter configuration to boot the computer, the first NIC card is detected and can potentially be the wrong network adapter required to connect to the Deployment Server.
273
Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk (page 274) button lets you install network adapter drivers from a disk, CD, or network folder. The Internet (page 275) button lets you connects to an Altiris supported Web site to download and install network adapter drivers. The Advanced (page 275) button lets you further define network adapters and their drivers.
Multiple Network Adapters Load Order

This option is for DOS and Windows PE configurations only. This lets you specify which order the physical network adapters can be detected when the client computer boots. Example: If most client computers have a Broadcom Ethernet adapter, but some computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and Down to move the Broadcom Ethernet adapter to the top of the list. See Also: Network Adapter (page 274)
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you are creating. You can install pre-boot operating system files for DOS, Linux, or Windows Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 285). Example: After installing the pre-boot operating system files for Windows PE, the Windows NIC drivers that are available to create a Windows PE configuration appear, and are automatically added to the new configuration. If you select Auto-detect network adapter, Windows PE determines which network adapter driver to use. Select a driver from the network adapters driver list. You must create a new configuration for each type of network adapter that is installed on client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations (page 273). If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced (page 275). If the network adapter you want; does not appear in the list, you can click Have Disk, Internet, or Advanced (if they are available for the type of configuration you are creating) to add additional drivers. See Have Disk (page 274), Internet (page 275), Advanced (page 275). Field Definitions Auto-detect network adapter: Select this to have Windows PE auto-detect the type of adapter that is in a client computers when the boot image runs.
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be installed later. New network adapters come with a floppy disk or CD to install the appropriate drivers.
274
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want and unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded is added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they work correctly when using DOS configurations. If you are creating a Linux or Windows PE configuration, this option is not available. From the Network Adapter page, click Advanced. Refer to the following properties and values.
Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file.
Novell VLM clients

Emm386 memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (config.sys): Add parameters to the NIC section of the net.cfg file.
Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file.
TCP/IP Protocol Settings

This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default protocol when client computers boot to automation on a Windows network. If you are using the IPX protocol, Deployment Server uses its own IP stack to work on IPX networks. Field Definitions Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an IP address from a DHCP server. Use a static IP address: Select this option if you want a client computer, using this configuration, to be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can also enter a primary and secondary WINS address if you
275
need to resolve IP addresses and naming conventions. This option also requires that you create a configuration for each client computer, so that the IP address is not the same for all computers.
Altiris Deployment Server Communication

This option lets you set communication properties for the Deployment Server. The Deployment Server IP address, and Port fields are critical because they define how client computers establish communications with the Deployment Server. Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk configuration is set to 502. This would result in client computers not being able to communicate with the Deployment Server, because the port numbers do not match. To establish communications between client computers and the Deployment Server, change the Port field in the Boot Disk configuration to 402. Note The settings on this page are only used if you create an automation boot image where the Automation Agent needs to know how to find the Deployment Server. If you intend to create a network boot disk, you can ignore this page by clicking Next, as none of the properties are used to create a network boot image.
To set the TCP port on the Deployment Server

1. 2. 3. From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration applet > Options > Transport tab. Enter the TCP port number. Click OK.
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet is broadcast across the network to find where the Deployment Server is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server. Port: This option defines which port client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet is broadcast to the server you specify. If you leave this field blank, the client computer connects to any server responding to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation or call the manufacturer or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required.
276
Port: This option defines which port client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more.
Lock Keyboard
Select this option for additional security. This prevents someone on the remote computer from ending the automation session and possibly accessing your network.
This option lets you define how client computers connect to the Deployment Share or a file server where image files are stored.
Window
Workgroup: Enter the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different than the default value of 802.2. User name: Enter the authorized user name that was set up when the Deployment Share directory was created. If you did not assign a User name and Password when for the Deployment Share or file server was created, leave this and the Password field blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name as confirmation that you entered the proper password in the Password field.
Network Drive Mappings and Mount Points

This option lets you set up drive mappings (for DOS and Windows PE) or mount points (for Linux) so that when client computers boot to automation or a network prompt, they connect to the appropriate server. You can create multiple drive mappings or mount points. However, if you are creating a DOS configuration, the first mapped drive you specify must connect to the Deployment Share. Field Definitions Manually create drive mapping: Select this option if you want the drive mappings to be included in the autoexec.bat file when client computers boot to automation. Drive: By default, the mapped drive that appears is F: \\<Deployment Share server>\eXpress. Click the drop-down arrow and select a different drive letter if F: is already in use. Path: Enter the path for the Deployment Share. The path you enter maps to the drive letter you selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are unsure of the directory path or if the image files are store on a file server. Example: Windows users: \\server\share
277
NetWare users: server\volume:directory Linux users: //server/mount point Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where image files are stored. Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings.
WinPE Boot Option Settings

Select the boot model and optional components to include with this configuration. Typically, you can use the default boot model unless you are experiencing driver detection problems. If you plan on executing VB scripts, running HTML applications, or connecting to an SQL Server database using ActiveX, select the necessary components.
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If you find a setting mis-entered or not what you want, click Back to re-select the option. When you click Finish, the Create Boot Disk Wizard automatically appears for the next process to begin. See Automation Partitions, Network and Automation Boot Disks (page 280) and Edit Configurations (page 278). If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configurations (page 278).
Edit Configurations
This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that have already been created. As you select files and folders from the treeview in the left pane, the configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Black: You have not selected or created any configurations. Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux preboot environment. Red: The configuration you selected or created is based on the Windows PE pre-boot environment. To change configuration settings, right-click on a configuration folder and select Edit Configuration, and click Back until you find the page for the options you want to change. You can also make text edits to files (selected from the treeview) in the right pane.
278
All other files within a configuration can be edited as needed. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat See also: New Configuration Wizard (page 272), Install Pre-boot Operating System Files (page 285)
Additional Files
Boot Disk Creator lets you add additional files to folders that either apply to a specific configuration or to all configurations of the same type of pre-boot operating system. However, any files you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder is the same name as a file in a specific configuration folder, it is overwritten. Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file 5684_Drivers exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected. Add files to all configuration When you install a pre-boot operating system, a new folder is added to the bottom of the treeview on the main page of Boot Disk Creator. If you install pre-boot operating system files and the <OS> additional files folders do not appear, press F5 to refresh Boot Disk Creator. The folders that appear are as follows: DOS additional files Linux additional files WinPE additional files Boot Disk Creator copies the files from the <OS> additional files folders to all corresponding operating system configurations and is added to the boot images. These folders are considered global, since they can affect configurations of the same type. Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE additional files folder. Each WinPE configuration you create adds the files in the WinPE additional files folder to the boot image.
Add files to a specific configuration

If you want to add files to a specific configuration only, and do not want to use the global feature of the <OS> additional files folders, do the following: 1. 2. 3. Right-click a configuration in the treeview and select New > Folder. A new subfolder is created in the treeview. Enter a name for the folder so that you know they are added files. To add files to the <OS> additional files folder, do one of the following methods: Copy files from a network folder and Paste them into the configuration folder.
279
Right-click a configuration and select Add File. A browser dialog appears to navigate to the file you want to add. Right-click on a configuration and select File > Text file. A new empty text file is added to the treeview. Enter a name for the file and write text as needed in the left pane.
Create PXE Boot Image Files (PXE)

This option is for Boot Disk Creator configurations created from within the PXE Configuration Utility. Because PXE Servers download boot image files to client computers, after you select all the properties for a New Configuration, Boot Disk Creator must know what type of image file to create. Field Definitions Automation PXE image: The automation agent for the type of pre-boot operating system configuration you created is added to the settings you selected throughout the New Configuration Wizard. Network PXE image: The configuration you created does not contain an automation agent. When client computers boot with this image file, they are mapped to a network server and are at a users prompt. Force 2.88 MB PXE image: Select this option to increase the size of PXE boot images.
PXE Boot Image Creation Complete

This page lets you know when the PXE boot image file is completed. Click Back to change the new configuration settings for the boot menu option. When you click Finish, the boot menu option appears in the Boot Menu tab.
Automation Partitions, Network and Automation Boot Disks

After you create a New Configuration, the Create Boot Disk (page 280) dialog automatically appears. This process lets you select and create the method of booting a client computer to the automation environment. If you install an automation partition on a client computers hard disk, deployment jobs can run automatically. However, you can create bootable media to manually boot client computers to automation, and run deployment jobs as needed. See New Configuration Wizard (page 272).
Create Boot Disk

This dialog lets you create 3 different types of bootable media: an automation partition install package, automation boot disks, or network boot disks. Each type of bootable media guides you through a wizard to gather specific information required for the type of media you want to create. The Create Boot Disk step numbers appearing at the top of the dialog page vary depending on: How the Create Boot Disk dialog was started The type of media you selected to create
280
The pre-boot environment you specified in the configuration you created However, based on your selections, Boot Disk Creator shows the appropriate dialog pages when creating bootable media. Example: if you right-click on a configuration in the treeview and select Install automation partition, the number of dialog pages thereafter are different than if you select the option, Create an automation partition install package, from this page. Both options achieve the same result even though the dialog steps may be different. Choose this dialog and return to the editor: Select this option to close the Create Boot Disk dialog without creating an automation boot disk, installer package, or network boot disk. You can select any of these options from the Boot Disk Creator toolbar or from the File menu. Create an automation partition install package: Select this option to create an automation install package that installs an embedded automation partition to any client computer on the network. See Create an Automation Install Package (page 281). Create an automation boot disk: Select this option to create automation boot disks so you can manually boot a client computer to automation. See Create Automation Boot Disk (page 282). Create a network boot disk: Select this option to create network boot disks so you can manually boot a client computer to a network server. See Create Network Boot Disk (page 283).
Create an Automation Install Package

This feature lets you create an automation installation setup package that installs an embedded automation partition on a client computer when it executes. The installer package runs in a production environment even though the New Configuration is based on the different pre-boot operating system. Example: You can create a DOS configuration but select to install the automation partition using an installation setup package that runs in a Windows production environment.
Field Definitions
DOS bootable disk: Select this option to install the automation partition using a DOS bootable disk. Linux bootable disk: Select this option to install the automation partition using a Linux bootable disk. Windows setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows CE .NET production environment. Create an embedded DOS automation partition (recommended): Select this option to install an embedded partition to a client computers hard disk. Create a hidden DOS automation partition (for partitions greater than 50 MB): Select this option to install a hidden automation partition. Partition size in MB: The default partition size value changes, depending on the type of operating system you selected. Example: If you are creating an automation partition
281
for a Windows PE configuration, the partition size is 150-200 MB. However, the partition size for a DOS configuration would range is only 5-50 MB. Installer package file path: By default, installation packages are stored in the Deployment Share bwpkgs folder. The name of the configuration you selected before starting the Create Boot Disk process is the name of the setup package unless you define it otherwise. Click Browse to navigate to the folder where you want the setup package stored. Run silent install: Select this option to install the automation partition without user input. Install the Altiris Deployment Agent for Windows (Aclient): Select this option to install the Deployment Agent on client computers in the production environment after the automation partition is installed. Advanced: If you selected to install the Deployment Agent (above), click this button to set limited properties for the Deployment Agent. Creating automation partition installer: This is a progress page to display the automation installation package process. The process does the following: Copying files to production area, Creating the FRM files, Preparing install environment, Inserting into the installer package. The setup package is located at: After the automation partition installation package is created, the Boot Disk Creation Complete page appears, and confirms where the installer package is located.
Create Automation Boot Disk

This feature lets you create automation boot disks to manually boot a client computer to the automation environment so deployment jobs can run. Automation boot disks give you greater flexibility because you can physically go to any client computer on the network and boot to automation, so long as the client computer can connect to the Deployment Server.
Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to automation or manually install an automation partition. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to rescan the physical drives that are attached to the server. A list of available drives is updated in the drop-down list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.
282
Create Network Boot Disk

This feature lets you create a network boot disk you can use at any client computer on the network. The properties you defined when creating the New Configuration map a drive to a specified server when a client computer uses a network boot disk. You have access to the network servers system to execute and manipulate files manually.
Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to a network server. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to re-scan the physical drives that are attached to the server. The list of available drives is updated in the dropdown list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.
Remove Automation Partition

This feature lets you remove an automation partition on a client computers hard disk. You can create bootable CDs, flash drives, and floppy disks to use manually at the client computers, or you can create a Windows uninstall package that can be distributed to a client computer through a deployment job. You could also create a network boot disk, connect to a specific server where the Windows uninstall package is stored and run the executable from the client computer.
Field Definitions
DOS bootable disk: Select this option to remove an automation partition using a DOS bootable disk. Linux bootable disk: Select this option to remove an automation partition using a Linux bootable disk. Windows setup package: Select this option to remove an automation partition using an installation setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to remove an automation partition using an installation setup package that runs in a Windows CE .NET production environment. Bootable ISO CD Image: Select this option to create an ISO CD boot image that removes an automation partition. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD.
283
Bootable disk: Select this option to create a boot disk that removes an automation partition from a client computer. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to re-scan the physical drives that are attached to the server. The list of available drives is updated in the dropdown list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.
Import Configuration Files

The configuration format has changed from all previous versions of Boot Disk Creator. This is because of increased support and functionality that Boot Disk Creator now provides. However, you can save previously created configurations by using the Import Previous Version Configuration Files dialog to convert the configurations format to this release. Configuration files that are successfully imported can be used to support automation and imaging on client computers. Note There may be some instances when older configuration files cannot be converted to the new file format. Files that do not import successfully must be recreated configurations using the New Configuration Wizard in this version of Boot Disk Creator.
Field Definitions
Directory: Enter a path to where the configuration files you want to convert are located. Browse: Click to navigate to the directory path where configuration files are located. Config File Name: This is the name of the old configuration files you have selected to convert and import into this release of Boot Disk Creator. Description: This is the description for the old configuration files.
To import configuration files

1. 2. Open the Boot Disk Creator Utility. Click File > Import.
Missing Files for Processor Types

For the most part, Boot Disk Creator configurations are independent of architecture. However, if you manually add executables to a configuration which supports multiple processor types, you need to ensure you provide a version of the file for each architecture you have included. Example: If you have x86 and x64 versions of the Linux preboot environment selected for a configuration, and you add an executable, Boot Disk Creator checks the file header to see which architectures the executable supports. If not all architectures you have
284
installed are supported by the file you added, this screen appears prompting you to add additional files or ignore the warning.
Install Pre-boot Operating System Files

Boot Disk Creator requires that you install the pre-boot operating system files for at least one pre-boot environment before you can create new configurations. Boot Disk Creator uses these files when creating configurations and boot images. You can install all supported pre-boot operating system files at the same time, or you can select to install only those pre-boot environments you want to use. You can install FreeDOS and MS-DOS, but you must select which DOS version you want to run since you cannot run both versions at the same time. Example: You can install the DOS and Windows PE pre-boot operating system files to start creating configurations to support your infrastructure, which currently does not have a need for Linux boot images. After working with Deployment Server and Boot Disk Creator, you decide you want to create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating System Files dialog at any time to install the Linux system files, or of the other pre-boot operating system files. When you install the pre-boot operating system files for DOS (page 285), Linux (page 286), or Windows PE (page 286), a checkmark next to the operating system name indicates that the files have been successfully installed. The operating system version number appears (except for MS-DOS), and the Install option changes to Update. If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files. However, any existing operating system files are deleted before the newer files are installed. Example: If you installed Windows PE, and Altiris supports a newer version that becomes available, click Update to install the new files. All existing Windows PE files are deleted from the hard disk before the new files are installed. If you experience any problems with the new version of Windows PE, you must install the older version to restore Boot Disk Creator functionality for Windows PE.
To install pre-boot operating system files

Click Install next to the pre-boot operating system you want to install.
DOS
You can install FreeDOS (page 285), MS-DOS (page 286) or both. However, you can only run one version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Altiris Solution Center Web site and saved to any location on the network. When newer versions of FreeDOS become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases.
285
Note FreeDOS may not support newer motherboard chip-sets.
MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly. Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator only installs DOS files from the A drive. If you select BFloppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator. Boot Disk Creator requires the following MS-DOS files.
Required
HIMEM.SYS EMM386.EXE SMARTDRV.EXE SYS.COM XCOPY32.MOD
Optional
EDIT.COM MEM.EXE ATTRIB.EXE MODE.COM FORMAT.COM FDISK.EXE
Note The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Altiris Solution Center Web site and saved to any location on the network. When newer versions of Linux become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you install Windows PE, you are asked to supply 2 CDs: Windows PE 2005 and Windows Server 2003 SP1.
286
In most instances, the Welcome to Microsoft Windows Server* 2003 page appears after inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows Server. There are two dialog pages to complete the Windows PE installation. You first are asked to provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating system CD you need to enter for each of these pages. Example: On the Windows PE CD page, the text Windows PE 2005 (Windows Server 2003- SP1) appears, while the Windows CD page displays Windows Server 2003SP1 (Windows PE 2005). The first operating system listed on each page is the CD you want to use.
287
PXE Configuration Utility

Altiris PXE Configuration Utility integrates with Altiris Deployment Solution and lets you manage all PXE Servers across the network. PXE Configuration has been completely rewritten to give you more capability in working with Deployment Server, which allows administrators greater flexibility when performing the following tasks: Creating boot menu options Installing BIS Certificates Creating boot disks, and network PXE images Assigning pre-boot environments to tasks within deployment jobs Setting properties to customize specific PXE Server Setting the boot menu option order for client computers PXE Server has also been added to Role Based Security to ensure that only those users authorized can make changes to boot menu options. If you select Deployment Solution Simple Install and Install PXE Server, they both install to the same server. If you select Custom Install and Install PXE Server, you can choose to install them to separate servers. However, regardless of the PXE install options you select, PXE Manager always installs on the Deployment Server. See the Deployment Solution Product Guide.
PXE Manager
PXE Manager is a service that synchronizes Deployment Server and all PXE Servers installed and configured across the network. It keeps track of all PXE Server boot menu options, and whether they are Shared or Local. PXE Manager also gathers data from all PXE Servers and stores the information in the PXE Manager.ini file. Whether you are in Use Shared properties or select a server to Customize PXE Server (Shared Configuration), the changes you make to the properties settings are saved to the PXE Manager.ini file when you click Save. Then, when you close the PXE Configuration Utility, PXE Manager creates and distributes the appropriate PXE.ini file for each PXE Server on the network. See PXE Manager (page 309).
Shared or Local boot menu options

When you start the PXE Configuration Utility, you can select which properties you want to set. The Use Shared properties option lets you create Shared boot menu options that can be used by all PXE Servers on the network. When you select a specific PXE Server from the File menu, you can select the Customize PXE Server (Shared Configuration) option that lets you change any of the shared properties for that specific server. By default, PXE Configuration always starts in the Use Shared properties mode. See Boot Menu Tab (page 290). The boot menu options you create appear as a menu list on client computers when a PXE boot operation is performed. You can set the order of the boot menu options and select which menu option you want as the default. Previous users of Altiris PXE Server notice that Initial Deployment and ManagedPC are no longer boot menu options. You can still perform an Initial Deployment, but now you can select DOS, Linux, or Microsoft Windows Preinstallation Environment (Windows PE) as the pre-boot automation
288
environment. By default, the pre-boot operating system selected at install time is set for Initial Deployment. See DS Tab (page 306).
Boot Disk Creator and PXE Configuration

Boot Disk Creator is now integrated with the PXE Configuration Utility, so that you can keep track of the boot menu options you create, edit, and delete. When you select a boot menu option to edit or delete using the Boot Disk Creator method, the Summary page displays the MenuOption<number>, so you always know which boot menu option you are working with. See Boot Menu Tab (page 290) and Edit Shared Menu Option (page 293). Altiris PXE Server provides three different methods of creating boot menu options: the New Configuration Wizard from Boot Disk Creator, importing Direct from floppy, and User supplied, which is for more advanced users. For each boot menu option created, there is a boot image stored on the Altiris PXE Server. A boot image consists of a file or set of files. When client computers perform a PXE boot, a menu list appears for users to select a boot menu option. The Altiris PXE Server downloads the boot image that corresponds with the boot menu option that the user selects. See New Shared Menu Option (page 292). Automation Tasks Only Shared boot menu options can be assigned to a task in a deployment job. The tasks the can run in automation are: Run script Create Disk Image Distribute Disk Image Scripted OS Install Backup Registry Restore Registry. When a client computer performs a PXE boot, the Deployment Agent verifies if there is work to complete. If so, the client computer boots to automation and performs the deployment jobs that have been assigned. If there are no deployment jobs for the client computer, the Local Boot menu option is automatically selected. Example: if a deployment job contains the task Create Disk Image, and the Automation - PXE or Bootworks environment (DOS/Windows PE/Linux) field is assigned to DOS - Broadcom, when the client computer executes the task, it uses DOS - Broadband as the automation environment. Additional tasks within the same job can be assigned a different boot menu option, yet each task executes in the automation environment you want. See the Deployment Solution Product Guide.
See also: Boot Menu Tab (page 290), PXE Server Tab (page 304), DS Tab (page 306), MAC Filter Tab (page 307), Multicast Tab (page 308), BIS Tab (page 310), Data Logs Tab (page 310), Remote PXE Installation (page 311).
To open PXE Configuration

Option 1: From the Deployment Console, click the PXE Configuration icon on the toolbar. You can also click Tools > PXE Configuration. Option 2:
289
1. 2.
Click Start > Programs > Altiris > PXE Services > PXE Configuration Utility. Click each tab to set the category in the PXE Server properties.
Boot Menu Tab

This lets you create, edit, and delete boot menu options, set the boot menu order, define the prompt for users, append the server name to the prompt, and set the users time-out response when the boot menu list appears on client computers. PXE boot menu options can be either local or shared, depending on whether you select Use Shared properties or Customize PXE Server. When you manage all PXE Servers (Shared) across the network, Boot Menu Option for PXE Server: (Shared Configuration) appears at the top of the page and above the list of configurations. When you select a specific server (Local) from the File menu, Boot Menu Option for PXE Server: (name of Server) appears. This helps you identify which mode you are working in. By default, PXE Configuration Utility opens to the last saved action, which could be either Shared Configuration or Custom PXE Server mode. The boot menu options listed are for all Altiris PXE Servers, so the Scope is always Shared. The operating system field indicates the type of pre-boot operating system files used to create the boot menu option. If you select an Altiris PXE Server from the File menu, a window displays the boot menu option for the selected Altiris PXE Server. The Scope field displays both Shared and any new boot menu options you create displays Local. The operating system field is the same as in the Shared mode. If an existing DS job uses a boot menu item, Yes appears in the In use by DS field. The following colors are used to denote which automation operating system is used by each configuration: Blue: DOS configuration Green: Linux configuration Red: Windows PE configuration Note: When an item is in use by the Deployment Server, you cannot delete the item from the PXE Configuration Utility. You can delete an item only when it is not in use by the Deployment Server. To delete an item, you have to disable the boot menu item from the DS job. After the boot menu item is disabled, restart the PXE Config Utility. In the In use by DS field Yes does not appear, and you can delete the boot menu item. To identify the boot menu items used in the jobs 1. Double-click a task in the job. Example: Create Disk Image. The Create Disk Image dialog opens. 2. Click the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list. If a PXE boot menu item is used by the job, it appears in the drop-down list. You can perform the steps given above to view if the other boot menu items are used by the other jobs.
View Area
When you are in Shared Configuration mode, only configurations you create for all Altiris PXE Servers appear in the view area. When you are in Customize PXE Server <server
290
name> mode, both Shared and Local configurations appear. You cannot create a configuration named the same as any other configuration in the view area, regardless of the mode you are in. Example: if you are in Customize PXE Server <server name> mode, you can view both Shared and Local configuration. You can create a Local configuration named DOS Clients since there are no other configurations with the same name. Now, change to Shared Configuration mode and create a configuration named DOS Clients because the Local configuration of the same name does not appear in the view area. When you change back to Customize PXE Server <server name> mode, both DOS Clients configurations appear in the view area. When client computers perform a PXE boot, both configurations appear and users cannot know which boot menu option to select. See Redirect Shared Boot Menu Option (page 293).
Boot Menu Options for PXE Server: <Shared Configuration>

Name: This is the name of the PXE item that appears on client computers after a PXE boot operation is performed. Scope: Shared indicates that the configuration is available on multiple Altiris PXE Servers in an environment where they are all serviced by a single Deployment Server. Local indicates the configuration was created for a specific Altiris PXE Server. OS: The operating system that the configuration uses to boot on client computers. Up and Down: Select to order boot options. The top boot option is the default that runs automatically if no other option is selected from the Altiris PXE Server menu. New: Click to open a dialog to add a new boot menu option. See New Shared Menu Option (page 292). Edit: Click to modify properties for boot menu options. See Edit Shared Menu Option (page 293). Delete: Select a boot menu option from the list and click Delete. You cannot delete boot menu options if they are assigned to a task within a deployment job. Go to the Deployment Console, open the appropriate deployment job, and delete the task or change the Automation - PXE or Bootworks environment (DOS/Windows PE/ Linux) field before you delete the boot menu option.
Boot Menu Properties

Use Shared properties: You can select this option to set the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting the properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Prompt: This is the user prompt for the PXE boot menu list when it appears on client computers. You can change the text message but not the <F8> command, as it is still required to perform a PXE boot option. Append server name: Select this option to have the Altiris PXE Server name listed following the prompt on client computers when the boot menu list appears. This helps users know which Altiris PXE Server is servicing their client computer. Time-out: This is the length of time the prompt appears before the boot process starts. If the user does not press the <F8> key within the time-out period, the default boot option runs.
291
Save: Click to save all changes you made to the PXE Manager.ini file. When you close the PXE Configuration Utility, PXE Manager creates and sends PXE.ini files to each Altiris PXE Server on the network. You can view the status of these updates on the Status tab.
New Shared Menu Option

The PXE Configuration Utility lets you create up to 23 boot menu options that can be selected from client computers. When a PXE-enabled client computer makes a request to an Altiris PXE Server, the Altiris PXE Server downloads a boot menu list for users to select a boot option. This dialog also integrates with Boot Disk Creator as it lets you create new automation configurations from within the PXE Configuration Utility. However, all the configurations you create from this dialog, are meant for the Altiris PXE Servers and the client computers that use PXE as their primary boot option.
Menu Item Properties

Name: This is the name of the PXE configuration that appears as a boot item when the PXE menu downloads to client computers after a PXE boot operation is performed. Allow as default PXE boot option: Select this option to move the configuration you are creating to the top of the boot menu, so that it becomes the default boot option on client computers. If you do not select this option, the Up is active to move the configuration up the menu list but becomes inactive if you try to move the configuration to the default boot position. Pre-boot Image Properties: Select the operating system and processor type for the configuration you are creating and select the method you want to use to create the configuration. If an operating system has an asterisk next to it, the pre-boot operating system files must be installed before Boot Disk Creator starts the New Configuration Wizard. See Install Pre-boot Operating System Files (page 294). Final Location on PXE Server: This field can help you identify which PXE item you are configuring. PXE configurations are stored in the default directory of C:\Program Files\Altiris\eXpress\Deployment Server\PXE\Images\MenuOption<number>. The MenuOption number increments each time you create a new configuration.
Image creation method

Boot Disk Creator: This lets you start the New Configuration Wizard from Boot Disk Creator. Any configurations you create or edit using this method are for PXE boot menu items only. New Configuration Wizard (page 296). Direct from floppy: Select this option if you want the Altiris PXE Server to read a configuration file from a floppy. See Import Boot Menu Options (page 294). User supplied: This is for advanced users. If you select this option, you must select Other in the Operating System area. The Location field shows the path where the new configuration is stored. The folder MenuOption<Number> is created as a subfolder of MasterImages, but no configuration files are stored there until advanced users add the configuration files manually. See Import Boot Menu Options (page 294). Create Boot Image: You must enter a descriptive name for the PXE configuration in the Name field before this option is enabled. The New Configuration Wizard from Boot Disk Creator starts unless you have not installed the pre-boot operating system files for the type of configuration you want to create. The Install Pre-boot Operating System Files dialog appears before the New Configuration Wizard starts if you need to install the
292
pre-boot operating system files. See Install Pre-boot Operating System Files (page 294) and New Configuration Wizard (page 296).
Edit Shared Menu Option

When you are in Shared Configuration mode, only Shared configuration appears in the view area of on the Boot Menu tab. The Edit option is enabled when you select any of the Shared boot menu options. However, if you are in Customize PXE Server: <server name> mode the Edit option is enabled when you select any Local boot menu options, but the Redirect option is enabled when you select a Shared boot menu option. See Redirect Shared Boot Menu Option (page 293).
To edit Shared or Local boot menu options

Select a boot menu option from the view area on the Boot Menu page, and click Edit. If you selected Boot Disk Creator as the Image Creation Method, click Edit Boot Image. The Edit Configuration page from the New Configuration Wizard only displays the MenuOption<number> you selected from the Boot Menu page. To make changes, right-click the MenuOption<number> and select Edit Configuration, or click Edit on the Edit Configuration page until you find the options you want to change. See also: Edit Configurations (page 302) and Boot Menu Tab (page 290).
Redirect Shared Boot Menu Option

This option lets you select a Shared configuration from the Customize PXE Server <server name> mode and redirect it to a Local configuration, which gives you greater flexibility in managing all deployment jobs. Example: your main office is in Utah and there are 2 satellite offices, one in Los Angeles and the other in New York, you can send a single deployment job to all client computers and have each satellite office use its own Local configuration to boot to automation and access images. Deployment Server lets you select the Automation - PXE or Bootworks environment (DOS/Windows PE/ Linux) configuration from the drop-down list when setting up imaging jobs. However, only Shared configurations appear in the list. When the Deployment Server sends the job to client computers, the Deployment Agent receives a message that it must boot to automation. Client computers that are PXEenabled find the nearest Altiris PXE Server and receive the boot image files needed to boot to automation. When Redirect is used, the Shared configuration selected for the automation task within the deployment job, can point to a Local configuration so that when client computers are booting to automation, the Local configuration is used to access local network servers and images.
To redirect a Shared boot menu option

1. 2. 3. 4. From the PXE Configuration Utility, click File. Select a PXE Server. (This is the Customize PXE Server <server name> mode.) Click on a Shared configuration, and click Redirect. Click the drop-down arrow and select a Local configuration from the list.
293
5.
Click OK. The Shared configuration displays the redirected configuration in the list.
Import Boot Menu Options

This option lets you import boot menu options that were created using Third Party imaging software, or previous versions of Altiris PXE Server.
Option 1:
1. 2. 3. 4. From the New Shared Menu Option dialog, select Direct from floppy and click Import Boot Image. Insert a floppy disk. The path and name of the new MenuOption<number> appears. Click Next. A progress bar displays the PXE boot file image being read as it is imported. Click Finish.
Option 2:
1. 2. 3. From the New Shared Menu Option dialog, select User Supplied. Copy the PXE files you want in the MenuOption<number> folder. Click OK.
Regenerate Boot Images

This lets you regenerate all PXE configurations which are using the selected operating system. If you make updates to the core automation operating system, such as installing a new version of Linux, this lets you apply those updates without re-creating the affected configurations.
Install Pre-boot Operating System Files

Boot Disk Creator requires that you install the pre-boot operating system files for at least one pre-boot environment before you can create new configurations. Boot Disk Creator uses these files when creating configurations and boot images. You can install all supported pre-boot operating system files at the same time, or you can select to install only those pre-boot environments you want to use. You can install FreeDOS and MS-DOS, but you must select which DOS version you want to run since you cannot run both versions at the same time. Example: you can install the DOS and Windows PE pre-boot operating system files to start creating configurations to support your infrastructure, which currently does not have a need for Linux boot images. After working with Deployment Server and Boot Disk Creator, you decide you want to create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating System Files dialog any time to install the Linux system files, or of the other pre-boot operating system files. When you install the pre-boot operating system files for DOS (page 295), Linux (page 296), or Windows PE (page 296), a checkmark next to the operating system name indicates that the files have been successfully installed. The operating system version number appears (except for MS-DOS), and the Install option changes to Update.
294
If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files. However, any existing operating system files are deleted before the newer files are installed. Example: if you installed Windows PE, and Altiris supports a newer version that is available, click Update to install the new files. All existing Windows PE files are deleted from the hard disk before the new files are installed. If you experience any problems with the new version of Windows PE, you must install the older version to restore Boot Disk Creator functionality for Windows PE.
To install pre-boot operating system files

1. 2. From the Boot Menu tab, click New. Click Add pre-boot and follow the prompts.
DOS
You can install FreeDOS (page 295), MS-DOS (page 295) or both. However, you can only run one version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of FreeDOS become available, an updated .FRM file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations. Note: FreeDOS may not support newer motherboard chip-sets.
MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly. Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator only installs DOS files from the A drive. If you select BFloppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations. Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator.
295
Boot Disk Creator requires the following MS-DOS files.
Required
HIMEM.SYS EMM386.EXE SMARTDRV.EXE SYS.COM XCOPY32.MOD
Optional
EDIT.COM MEM.EXE ATTRIB.EXE MODE.COM FORMAT.COM FDISK.EXE
Important: The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of Linux become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you install Windows PE, you are asked to supply 2 CDs: Windows PE 2005 and Windows Server 2003 SP1. In most instances, the Welcome to Microsoft Windows Server 2003 page appears after inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows Server. There are two dialog pages to complete the Windows PE installation. You are first asked to provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating system CD you need to enter for each of these pages. Example: on the Windows PE CD page, the text Windows PE 2005 (Windows Server 2003- SP1) appears, while on the Windows CD page Windows Server 2003-SP1 (Windows PE 2005) appears. The first operating system listed on each page is the CD you want to use. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations.
New Configuration Wizard

You can create as many configurations as needed to support varying types of computer environments. Before you begin, you must install the pre-boot operating system files that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating System Files (page 294).
296
To start the New Configuration Wizard, click the icon on the toolbar of the Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or Windows PE. You must enter a name for the configuration to make the Pre-boot Operating System for this Configuration fields active. The description field is optional but helps you to know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add.
Field Definitions
Name: The configuration name you enter appears in the Configurations pane after the wizard is completed. Description: Enter a description for the configuration. (Example: enter the type of computer, operating system, network adapter, and any other characteristics that can help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the treeview, the description you entered for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and Windows PE operating systems to create pre-boot environments. Select the pre-boot operating system and click Install Pre-boot Operating System Files (page 294) to install pre-boot operating system files.
File Server Type (DOS)

The Deployment Share stores image files, packages, and data files. By default, the Deployment Share is installed to the Deployment Server, but it can be on another server, depending on whether you selected a Simple or Custom Deployment Solution installation.
Field Definitions
Microsoft Windows: Select this option to store images on a Microsoft server using TCP/IP network communications (recommended). However, if you use IPX to communicate with a Microsoft server, select the IPX check box at the bottom of the page. Create multi-network adapter configuration: Select this option to add multiple network adapter drivers to a single PXE boot file configuration. This feature lets you build configuration files to boot multiple computers that contain different types of network adapter cards. See Multi-Network Adapter Configurations (page 298). Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using IPX network communications. Novell NetWare (Client32): Select this option to store images on a NetWare server with 32-bit clients. Use IPX to communicate with Netware: Select this check box if IPX is the network protocol for the Novel NetWare (Client32) server.
297
Multi-Network Adapter Configurations

If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported drivers appears. You can select Multi-NIC drivers to be included in the configuration by pressing Shift-Click or Ctrl-Click. After a client computer boots using a multi-network adapter configuration, Boot Disk Creator applies the driver that matches the first network adapter card that it detects. Example: if you are going to use the multi-network adapter configuration for several different client computers, this option can save you time and effort in booting different computers. However, if a client computer has 2 NIC cards and you use the multinetwork adapter configuration to boot the computer, the first NIC card is detected and can potentially be the wrong network adapter required to connect to the Deployment Server.
Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk (page 299) button lets you install network adapter drivers from a disk, CD, or network folder. The Internet (page 299) button lets you connects to an Altiris supported Web site to download and install network adapter drivers. The Advanced (page 299) button lets you further define network adapters and their drivers.
Multiple Network Adapters Load Order

This option is for DOS and Windows PE configurations only. This lets you specify which order the physical network adapters will be detected when the client computer boots. Example: if most client computers have a Broadcom Ethernet adapter, but some computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and Down to move the Broadcom Ethernet adapter to the top of the list.
See Also: Network Adapter (page 298)
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you are creating. You can install pre-boot operating system files for DOS, Linux, or Windows Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 294). Example: after installing the pre-boot operating system files for Windows PE, the Windows NIC drivers that are available to create a Windows PE configuration appear, and are automatically added to the new configuration. If you select Auto-detect network adapter, Windows PE determines which network adapter driver to use. Select a driver from the network adapters driver list. You must create a new configuration for each type of network adapter that is installed on client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations (page 298). If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced (page 299). If the network adapter you want does not appear in the list, you can click Have Disk, Internet, or Advanced (if they are available for the type of configuration you are
298
creating) to add additional drivers. See Have Disk (page 299), Internet (page 299), Advanced (page 299).
Field Definitions
Auto-detect network adapter: Select this option to have Windows PE auto-detect the type of adapter that is in a client computers when the boot image runs.
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be installed later. New network adapters come with a floppy disk or CD to install the appropriate drivers.
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want and unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded is added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they work correctly when using DOS configurations. If you are creating a Linux or Windows PE configuration, this option is not available. From the Network Adapter page, click Advanced. Refer to the following properties and values.
Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file.
Novell VLM clients

Emm386 memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (config.sys): Add parameters to the NIC section of the net.cfg file.
Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file.
299
Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file.
TCP/IP Protocol Settings

This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default protocol when client computers boot to automation on a Windows network. If you are using the IPX protocol, Deployment Server uses its own IP stack to work on IPX networks.
Field Definitions
Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an IP address from a DHCP server. Use a static IP address: Select this option if you want a client computer, using this configuration, to be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can also enter a primary and secondary WINS address if you need to resolve IP addresses and naming conventions. This option also requires that you create a configuration for each client computer, so that the IP address is not the same for all computers.
Altiris Deployment Server Communication

This option lets you set communication properties for the Deployment Server. The Deployment Server IP address, and Port fields are critical because they define how client computers establish communications with the Deployment Server. Example: the TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk configuration is set to 502. This would result in client computers not being able to communicate with the Deployment Server, because the port numbers do not match. To establish communications between client computers and the Deployment Server, change the Port field in the Boot Disk configuration to 402. Note The settings on this page are only used if you create an automation boot image where the Automation Agent needs to know how to find the Deployment Server. If you intend to create a network boot disk, you can ignore this page by clicking Next, as none of the properties are used to create a network boot image.

Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet broadcasts across the network to find where the Deployment Server is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server.
300
Port: This option defines which port client computers use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet broadcasts to the server you specify. If you leave this field blank, the client computer connects to any server responding to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation or call the manufacturer or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required. Port: This option defines which port client computers will use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more.
This option lets you define how client computers connect to the Deployment Share or a file server where image files are stored.
Window
Workgroup: Enter the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different from the default value of 802.2. User name: Enter the authorized user name that was set up when the Deployment Share directory was created. If you did not assign a User name and Password when the Deployment Share or file server was created, leave this and the Password fields blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name as confirmation that you entered the proper password in the Password field.
Network Drive Mappings and Mount Points

This option lets you set up drive mappings (for DOS and Windows PE) or mount points (for Linux) so that when client computers boot to automation or a network prompt, they connect to the appropriate server. You can create multiple drive mappings or mount points. However, if you are creating a DOS configuration, the first mapped drive you specify must connect to the Deployment Share.
301
Field Definitions
Manually create drive mapping: Select this option if you want the drive mappings to be included in the autoexec.bat file when client computers boot to automation. Drive: By default, the mapped drive that appears is F: \\<Deployment Share server>\eXpress. Click the drop-down arrow and select a different drive letter if F: is already in use. Path: Enter the path for the Deployment Share. The path you enter maps to the drive letter you selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are unsure of the directory path or if the image files are store on a file server. Example: Windows users: \\server\share NetWare users: server\volume:directory Linux users: //server/mount point Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where image files are stored. Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings.
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If you find a setting mis-entered or not what you want, click Back to re-select the option. When you click Finish, the Create Boot Disk Wizard automatically appears for the next process to begin. If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configurations (page 302).
Edit Configurations
This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that have already been created. As you select files and folders from the left pane, the configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux pre-boot environment. Red: The configuration you selected or created is based on the Windows PE preboot environment.
302
To change the configuration settings, right-click a configuration folder and select Edit Configuration and click Edit until you find the page for the options you want to change. You can also make text edits to files (selected from the treeview) in the right pane. All other configuration files can be edited as needed. If PXE Config is launched and exited without any changes, no updates are made to the Altiris PXE Server. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat The edited configuration settings are saved to the PXE Manager database. The PXE Server is updated in the background. To view the updated status of the Altiris PXE Server, go to the PXE Status Screen tab. See also: New Configuration Wizard (page 296), Install Pre-boot Operating System Files (page 294)
Additional Files
Boot Disk Creator lets you add additional files to folders that either apply to a specific configuration or to all configurations that are of the same type of pre-boot operating system. However, any files you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder is the same name as a file in a specific configuration folder, it is overwritten. Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file 5684_Drivers exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected.
Add files to all configuration

When you install a pre-boot operating system, a new folder is added to the bottom of the left pane on the main page of Boot Disk Creator. If you install pre-boot operating system files and the <OS> additional files folders do not appear, press F5 to refresh Boot Disk Creator. The folders that appear are as follows: DOS additional files Linux additional files WinPE additional files Boot Disk Creator copies the files from the <OS> additional files folders to all corresponding operating system configurations and are added to the boot images. These folders are considered global, since they can affect configurations of the same type. Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE additional files folder. Each WinPE configuration you create adds the files in the WinPE additional files folder to the boot image.
303
Add files to a specific configuration

If you want to add files to a specific configuration only, and do not want to use the global feature of the <OS> additional files folders, do the following: 1. 2. 3. Right-click a configuration in the left pane and select New > Folder. A new subfolder is created in the left pane. Enter a name for the folder so that you know they are added files. To add files to the <OS> additional files folder, do one of the following methods: Copy files from a network folder and Paste them into the configuration folder. Right-click a configuration and select Add File. A browser dialog appears to navigate to the file you want to add. Right-click on a configuration and select File > Text file. A new empty text file is added to the left pane. Enter a name for the file and write text as needed in the left pane.
Create PXE Boot Image Files (PXE)

This option is for Boot Disk Creator configurations created from within the PXE Configuration Utility. Because Altiris PXE Servers download boot image files to client computers, after you select all the properties for a New Configuration, Boot Disk Creator must know what type of image file to create.
Field Definitions
Automation PXE image: The automation agent for the type of pre-boot operating system configuration you created is added to the settings you selected throughout the New Configuration Wizard. Network PXE image: The configuration you created does not contain an automation agent. When client computers boot with this image file, they map to a network server and be at a users prompt. (This option is not available in Shared Configuration mode.) Force 2.88 MB PXE image: Select this option to increase the size of PXE boot images.
PXE Boot Image Creation Complete

This page lets you know when the PXE boot image file is completed. Click Back to change the new configuration settings for the boot menu option. When you click Finish, the boot menu option appears in the Boot Menu tab.
PXE Server Tab

This lets you set response times for the Altiris PXE Servers and specifies how the DHCP Server will be discovered. By default, Altiris PXE Servers inherit the shared properties from the Shared Configurations mode. Client computers use the information defined on this page to locate the Altiris PXE Server that provides their services.
Altiris PXE Server properties

PXE Server IP address: By default, the IP address for both Shared Configuration and Customize PXE Server modes are already entered. If, for some reason, you need to change the IP address on a PXE Server, enter the same IP address in this field.
304
Enter the IP address for the specific Altiris PXE Server you selected from the File menu. When client computers perform a PXE boot, the IP address helps them communicate with the Altiris PXE Server. Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific Server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Response Time: This lets you set the Altiris PXE Server response time for when client computers request a PXE boot. Example: if you have three Altiris PXE Servers, you can set the first Altiris PXE Server to Short delayed response (1/2 second), the second to Immediate response, and the third to a Delayed response of your choice. This helps control which Altiris PXE Servers will respond to client computers when they perform a PXE boot. In this example, the second Altiris PXE Server would respond to client computers before the first server. PXE Server image update: This lets you control options for how updated PXE boot images are distributed to your Altiris PXE servers. Limit bandwidth throttles the amount of network bandwidth consumed by the transfer, but might result in your images taking longer to update. Enable checkpoint restart enables the Altiris PXE server to resume a transfer if connectivity is lost. DHCP Server discovery: Auto detect Microsoft DHCP Server and configure for PXE: Select this option for an Altiris PXE Server to auto detect the ports used for DHCP when Deployment Server and the Altiris PXE Server are installed to the same server. Third party DHCP Server installed on PXE server (Do NOT use DHCP port): Select this option if you are not using a version of Microsoft DHCP Server. Note: If Microsoft DHCP Server is installed on the Altiris PXE server, but is not active and non-functioning, the Altiris PXE Server sets option 60. This can cause conflict with client computers. Select the No DHCP Server installed on PXE Server (Use DHCP port) instead. No DHCP Server installed on PXE Server (Use DHCP port): Select this option if DHCP is installed to a different server than the one where Altiris PXE Server is installed. The Altiris PXE Server uses only one port for DHCP. Enable Automation Only: This lets you send a selected PXE boot image to the managed computer that has a job actively assigned. You can do this by selecting the Only managed computers with active assignments will be processed check box. If this check box is selected, and Deployment Solution has reported to the Altiris PXE Server that a specific MAC address (a selected managed computer) should be put into Automation mode with a specific PXE Menu Option image. Only that specific MAC address PXE booting client is processed. Scenario: There are 1000 computers known to Deployment Solution as managed computers and only one of those computers has an active job assigned. Deployment Solution relays this information to the Altiris PXE Server. If all 1000 computers are restarted, 999 computers are not given any PXE boot instructions from the Altiris PXE Server. They are ignored and the one computer that has a job actively assigned is sent the selected PXE boot image.
305
DS Tab
This lets you set properties so that all Altiris PXE Servers can communicate with the Deployment Server. Altiris PXE Servers and the Deployment Server work together to perform tasks, such as creating and distributing an image, scripted OS installs, and more. The Altiris PXE Server must access the Deployment Server and the Deployment Database to retrieve the information required to carry out these tasks on client computers. The Deployment Server IP address, the Engine Port, and the Data Manager Port are critical fields because they define how the Altiris PXE Server establishes communication with the Deployment Server. Example: the TCP port on the Deployment Server is set to 402 and the Engine port on the Altiris PXE Server is set to 502. This would result in the Altiris PXE Server not communicating with the Deployment Server because the port numbers do not match. To establish communication between the two servers, change the Engine port field on the Altiris PXE Server to 402.

Deployment Server properties

Deployment Server IP address: This is the IP address of the Deployment Server that controls the Altiris PXE Servers. This value is automatically entered when Deployment Solution is installed. However, because the Deployment Server IP address can change, you have the option to edit this field. Engine port: This option defines which port the Altiris PXE Servers use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Data Manager port: This is the port that PXE Manager uses to communicate with the Deployment Server. Default boot option: This is the default boot menu item that Deployment Server uses to execute jobs. Disable Initial Deployment: By default, this option is enabled. Clear the check box if you do not want to use Initial Deployment. Initial Deploy boot option: The boot menu item that was set as the default pre-boot operating system at install time is selected. If no boot menu items were created, the first boot menu item (shared) is selected. Go to the Boot Menu Tab (page 290) and create a Shared Configuration if there are no items in the list. When the boot menu appears on client computers, the default boot option you select for Initial Deployment moves to the top of the boot menu, even if the boot option is not at the top of the list on the Boot Menu Options for PXE Server: (Shared Configuration) page. Execute immediately: Select this option for Initial Deployment to run on new client computers without any user interaction following a PXE boot. From the Deployment Console, in the Initial Deployment Advanced properties, there is a default time-out value
306
of 5 minutes. If you select this option, PXE responds immediately but Initial Deployment still waits 5 minutes before running. Wait indefinitely: Select this option so that a user must press <F8> to start the Initial deployment job. Use default timeout: Select this option to use the time-out value set in the Initial Deployment Advanced properties from the Deployment Console. Timeout: Select this option to enter a time-out value of your choice. The boot menu appears on new client computers for the length of time you set before booting to Initial Deployment.
MAC Filter Tab

This feature lets you control the service load of the Altiris PXE Servers by creating a list of MAC addresses you want to be serviced by either a specific Altiris PXE Server or by all Altiris PXE Servers associated to a Deployment Server. You can also select to not service the list of client computers. Example: if you had three Altiris PXE Servers that Deployment Server integrated with and you were setting properties for a Shared Configuration, you could create a list of MAC addresses, select Service listed addresses so that all three Altiris PXE Servers would respond to the listed client computers. Or, you could create a list of MAC addresses for a specific Altiris PXE Server configuration, select Do NOT service addresses so that the Altiris PXE Server you selected would not download a boot menu to any of the client computers listed. This allows you flexibility to select the Altiris PXE Servers that provide services for specific client computers across the network.
MAC addresses filter properties mode

Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Use MAC Address Filtering: Select this option to use MAC filtering. If this check box is not selected, the entries in the MAC Address Patterns area are ignored. Service listed addresses: Select this option if you want the Altiris PXE Server to service the list of MAC addresses in the MAC Address Patterns area. Do NOT service addresses: Select this option if you do not want the Altiris PXE Server to service the list of MAC addresses in the MAC Address Patterns area.
MAC address patterns

MAC addresses are listed in this view box. Add, edit, or delete the addresses. You can also import or export MAC address text files. New: This lets you enter MAC addresses. When you click this button, the Define MAC Addresses dialog appears. See Define MAC Addresses (page 308). Edit: This lets you modify addresses previously added to the MAC address list. When you click this button, the Define MAC Addresses dialog appears. See Define MAC Addresses (page 308).
307
Delete: Select a MAC address from the list and click this button. Import: This option lets you import comma-separated text file MAC address list. You can create the import text file manually, or you can import a file that has previously been exported from any Altiris PXE Server on your network. When the Windows navigation dialog appears, go to the folder or disk drive where the text file is located and click OK. Export: This option lets you export the MAC address list to a comma-separated text file. You can use the export feature to save a large MAC address list and import the file to another Altiris PXE Server or to the same Altiris PXE Server in the event you need to uninstall and install Altiris PXE Server. You can export all or part of the list by selecting the MAC addresses. When the Windows navigation dialog appears, go to the folder or disk drive where you want to save the text file and click OK.
Define MAC Addresses

Add or edit MAC addresses to the MAC address patterns area of the MAC Filter tab. This determines whether Altiris PXE Servers will include or exclude the client computers listed. See MAC Filter Tab (page 307). Single address: Select this option and enter a single MAC address. This address appears in the MAC Address Pattern area. Address range: Select this option to enter a range of MAC addresses. Enter a MAC address to start the range in the From box and an end range MAC address in the To box.
Multicast Tab
This option lets you set properties for the way Altiris PXE Servers download the boot image to client computers. Altiris PXE Servers communicate with client computers using the Multicast Trivial File Transport Protocol (MTFTP) and support larger transport packets, which reduces the time it takes to download files. The PXE Manager multicast properties lets you set a beginning multicast address, the number of multicast addresses available, and the number of addresses available for a single Altiris PXE Server. A multicast address is automatically assigned to the files an Altiris PXE Server uses to download the boot menu to client computers. A PXE boot menu option consists of two files. The MenuOption<number>.0 file is the boot menu, and the MenuOption<number>.1 file is the additional file needed to execute whichever menu item is selected by the user. Example: the PXE.ini file consists of information gathered by PXE Manager and includes a section called MTFTP\Files. This section lists the MenuOption files and their assigned multicast addresses.
[MTFTPD\FILES]
BStrap\x86pc\BStrap.0=224.1.1.0 MenuOption128\x86pc\MenuOption128.0=224.1.1.1 MenuOption128\x86pc\MenuOption128.0.cr-1005309736=224.1.1.2 MenuOption128\x86pc\MenuOption128.1=224.1.1.3 MenuOption129\x86pc\MenuOption129.0=224.1.1.4
308
MenuOption129\x86pc\MenuOption129.0.cr-1005309736=224.1.1.5 MenuOption129\x86pc\MenuOption129.1=224.1.1.6
Notice that the multicast address increments by 1 for each file that is created when a new PXE configuration is added and the boot image is created. These are the files that an Altiris PXE Server downloads when a user selects a boot menu option from the menu list on a client computer.
PXE Manager
PXE Manager creates a PXE Manager.ini file, which gathers data from all Altiris PXE Servers on the network. The PXE Manager.ini file creates and sends a PXE.ini file specific to each Altiris PXE Server. PXE Manager.ini and PXE.ini are both used by the PXE Manager service to synchronize the boot images across all Altiris PXE Servers and Deployment Servers on the network. Important: Do not edit the PXE Manager.ini or PXE.ini files. If these files are edited, you lose the ability to access the boot images stored on all Altiris PXE Servers, and the PXE Manager service does not function properly. See PXE Manager in the Automation & Imaging section of the Deployment Solution Product Guide.
TFTP/MTFTP properties
Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Enable MTFTP: Clear this option if you do not want to use MTFTP to download the boot menu from the Altiris PXE Server to client computers. If an Altiris PXE Server is going to service client computers on the same subnet, you can select this option to communicate. If you disable MTFTP, TFTP is used to communicate. PXE-enabled client computers listen for broadcast messages sent by the Altiris PXE Server through MTFTP. If an Altiris PXE Server is going to service client computers across subnets and this option is enabled, the Altiris PXE Server tries to communicate with clients using MTFTP. If the router is not configured to pass a multicast packet, an error message appears on client computers, stating that MTFTP is unavailable. The Altiris PXE Server tries to connect to client computers using TFTP. Enable larger packets for TFTP/MTFTP: Select this option to increase the packet size transport. Packet size: Enter the transport packet size if your infrastructure does not have the capability of handling the default packet size of 768. Do not allow IP fragmentation: Clear this option to use IP fragmentation. This is helpful if you have a narrow bandwidth on the network and want to Enable Larger packets for TFTP/MTFTP when downloading files from the Altiris PXE Server to client computers. IP fragmentation allows larger packets to be broken up into smaller packets during transport. However, you must use a Third Party application to reassemble the smaller packets into the original packet size.
309
PXE Manager multicast properties

Beginning Multicast address: Enter a multicast address between the range of 224.1.1.0 -- 225.255.255.255. Number of Multicast Addresses Available: Enter the number of addresses available for the Altiris PXE Server. Limit: 128,000. Maximum Addresses Available to Single PXE Server: Enter the maximum addresses available on a single Altiris PXE Server.
BIS Tab
PXE configurations always create a .0 and .1 file, which are an open source on the network when PXE downloads these boot items to client computers. With Boot Integrity Services (BIS), you can encrypt the files to ensure that the Altiris PXE Servers communicating with the client computers are secure. You can use BIS Certificates if you meet the following requirements: Client computers must be PXE and BIS compliant. PXE must be installed on your Deployment Server system. You must Enable BIS on this page first, go to the Deployment Console and right-click on a computer or group of computers, and select Advanced > Install BIS Certificate. The client computers receive their certificate from the Altiris PXE Server. The next time BIS installed client computers try to boot to the Altiris PXE Server, the BIS Certificates must validate before any files can be downloaded. Note: If you have BIS enabled in Deployment Server 6.1, you must remove all BIS certificates before upgrading to Deployment Server 6.8.
Boot Integrity Services (BIS) properties

Enable BIS: Select this option to use BIS Certificates. Certificate owner: The default owner is Altiris. New certificate password: Enter a password. Confirm certificate password: Re-enter the password.
Data Logs Tab

This option lets you enable data logs to help you troubleshoot incidents on the Altiris PXE Servers. You can enable log files to help isolate issues with the network traffic, communication protocol, the Altiris PXE Server, and more. You can specify a filename for each of the logs, and you can enter a directory path where you want the log files stored. Each log file lets you select a log level, such as errors, warnings, information, debug, or all. This is a valuable tool that should be used only for troubleshooting purposes as it could impact the network in a production environment due to the amount of data being written to the logs.
310
Data Log properties

Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Log File Location: This is the folder where all log files are stored. If no directory path is entered, log files are stored in the default Deployment Share folder of C:\Program Files\Altiris\express\Deployment Server\PXE. Log Files: These log files are specific to Altiris PXE Servers and if enabled, log information to the filename you specify and store it in the PXE folder on each Altiris PXE Server across the network. PXE Server Log PXE MTFTP Log Packet Parser Log DS Traffic Log Config Service Log The PXE Manager Log writes data to the filename you specify and stores it in the PXE folder on the Deployment Server. Level: Select the type of data you want to write to the log files. Each level in the list writes out more details to the log files the previous level. Filename: Enter a name for the log file you enabled if you do not want to use the default name.
Status Tab
View the status of the Altiris PXE servers in your environment and track whether updates have been applied to each Altiris PXE server.
Remote PXE Installation

You can install an Altiris PXE Server to any remote location on your network using this feature. However, all remote installs must be pushed from the Deployment Server. Example: your business home office is in Washington and you have two smaller offices in Los Angeles and Australia. You can install an Altiris PXE Server to both locations from the Deployment Server in Washington using the Remote PXE Installation Wizard. Note: DHCP services is required on the network to make the Altiris PXE Server function correctly.
To install a remote Altiris PXE Server

1. Browse to the location where axInstall.exe is installed. The default location is C:\DSSetup.
311
2. 3. 4. 5. 6. 7. 8. 9.
Run axInstall.exe. Select Component Install, and click Install. Click Yes to accept the licensing agreement. Enter or Browse to the Deployment Share folder. Select Install an additional Altiris PXE Server. Select Yes, I want to install PXE Server on a remote computer. Enter the computer name or Browse the network to select a remote Altiris PXE Server. Enter the PXE Server IP address.
10. Enter the Altiris PXE Server install path, and click Next. 11. Click Install.
312
Altiris ImageExplorer
Altiris ImageExplorer provides features to view and edit image files. Image files are created using the RapiDeploy utility, a tool used most commonly in Deployment Solution to create and distribute hard disk image files, an .IMG or .EXE file containing a replication of the source computers hard disk. Using ImageExplorer, you can modify an image fileadd or delete data files, folders and applicationsbefore distributing and restoring its contents to a client computer. You can view properties and perform operations, such as extracting and saving files to another destination volume, or excluding files from being restored when distributing the image file to a client computer. You can also print the contents of a folder or edit a file using its associated application. See also: Using ImageExplorer (page 318)
ImageExplorer Features
Add new files and folders Command line mode Convert images Create image indexes Extract files and folders Exclude (or include) volumes, folders, and files from being restored Find files in an image Open a file with its associated program and edit Make self-extracting images Print image tree structure of files, folders, and volumes Replace files Revert back to original image file contents Split images View, add, or change the image description View properties of files, folders, and volumes in an image
ImageExplorer User Interface
Click the ImageExplorer icon on the toolbar or select Tools > ImageExplorer. This opens the ImgExpl.exe program located in the Deployment Share. You can open and edit image files in the native .IMG file type or image files with packaged rdeploy.exe runtime versions in an .EXE file type.
313
Altiris ImageExplorer provides the following features to view, manage, and modify the volume, folder, and file elements of an image file.
Feature
Add File
Description
Adds a new file to the image file. See Add New Files (page 320). Add File is available when you rightclick a volume, folder, or a file in the treeview. When you right-click a file and select Add File, the new file is added to the same folder.
Button
Access
Option 1: Ctrl-A
Option 2: Select Edit > Add File
Option 3: Rightclick an item and select Add File Option 1: Ctrl-D
Add Folder
Adds a new folder to the image file. Click any item to add a folder to the container object. Add Folder is available when you right-click a volume, folder, or a file in the treeview.
Option 2: Select Edit > Add Folder
Option 3: Rightclick an item and select Add Folder Convert Image Converts image files from file format 4 to the format most currently used by RapiDeploy. See Convert an Image (page 320). Option 1: Ctrl-T
Option 2: Select File > Convert Image Option 1: Ctrl-C
Copy
Copies a file or folder from one location and lets you paste it to a destination image file. Note Copying large amounts of data and large numbers of files between image files can take several minutes.
Option 2: Select Edit > Copy
Option 3: Rightclick an item and select Copy Option 1: Ctrl-I
Create Image Index
Creates an image index to make the process of restoring images easier. See Create an Image Index (page 321).
Option 2: Select File > Create Image Index
314
Feature
Exclude
Description
Marks volumes, folders, and files not to be included when deploying the image file to client computers. Note You can also exclude a file by clicking the check box next to the file in the Details pane. The the check box. icon replaces
Button
Access
Option 1: Del key
Option 2: Select Edit > Exclude
Option 3: Rightclick a file and select Exclude File(s) Option 1: Ctrl-E
Extract
Extracts a complete volume, a folder (with its sub-folders), or a file from the image file. It lets you select a destination volume or directory to save the folders or files. See Extract a Folder (page 322). Note Extracting large amounts of data and large numbers of files can take several minutes.
Option 2: Select Edit > Extract
Option 3: Rightclick an item and select Extract File(s) Option 1: Ctrl-F
Find
Search for files or folders within an image file using specific names or wildcard characters. You can use ? as a variable for a single character or * (asterisk) for multiple characters. See Find Files (page 322).
Option 2: Select Edit > Find
Option 3: Rightclick a container object and select Find Include Allows volumes, folders, and files that were previously marked Excluded to be included in the image file when it is deployed to a client computer. Note You can also include a previously excluded file by clicking the next to the file in the Details pane. A check box will reappear. Option 1: Insert key
Option 2: Select Edit > Include
Option 3: Rightclick an excluded item and select Include
315
Feature
Make SelfExtracting
Description
Creates a self-extracting file from an existing image file. See Make SelfExtracting Images (page 323).
Button
Access
Option 1: Ctrl-M
Option 2: Select File > Make Self-Extracting Open File (available for files) Opens a file using its associated application, if the application exists on the computer where ImageExplorer is being run. Option 1: Doubleclick
Option 2: Select Edit > Open
Option 3: Rightclick the file and select Open Open File with Lets you open a file with a selected program. If the file is already associated with a program you can simply double-click to open. Use Open file with to change the program or select the default Quick Open feature. Note Image files created with IBMaster 4.5 do not open. However, you can use the Convert an Image (page 320) feature to convert image files to the current RapiDeploy file format. Open Image File Opens image files created with RDeploy.exe or IBMaster.exe. Files created with IBMaster are Read-only; however these files can be viewed and extracted. You need an older version of ImageExplorer (Deployment Solution 5.5 or earlier, or RapiDeploy 4.5 or earlier) to edit files created with IBMaster.exe. Places a file or folder from one location to another. Option 1: Doubleclick (if not associated)
Option 2: Select Edit > Open with
Option 3: Rightclick the file and select Open with Option 1: Ctrl-O
Option 2: Select File > Open
Paste
Option 1: Ctrl-V
Option 2: Select Edit > Paste
Option 3: Rightclick an item and select Paste
316
Feature
Print
Description
Folders: Prints the folder structure. Includes sub-folders and files with their modification date, time, and size. Files: Prints the actual file. You must have the associated application program installed to print the file (example: MS Word to print DOC files). See Print Folder Contents (page 324) and Print a File (page 325).
Button
Access
Option 1: Ctrl-P
Option 2: Select File > Print
Option 3: Rightclick an item and select Print
Properties
Provides general information about the folder or file, such as size, modification dates, and attributes. Properties appear differently for images, volumes, folders, or files. See View Properties (page 318).
Option 1: AltEnter
Option 2: Select File > Properties
Option 3: Rightclick an item and select Properties Replace Files (available for files) Provides a way to update a file in the image with a file from another source. Both files must have the same name. Option 1: Ctrl-L
Option 2: Select Edit > Replace
Option 3: Rightclick a file and select Replace File(s) Revert (available for files) An undo feature for the Replace File option. This reverts a previously changed file to its original file. Option 1: Ctrl-R
Option 2: Select Edit > Revert
Option 3: Rightclick an item and select Revert File(s)
317
Feature
Split Image
Description
Splits an image file of one size to be the segment size of another. See Convert an Image (page 320).
Button
Access
Option 1: Ctrl-S
Option 2: Select File > Split Image
Using ImageExplorer
With the ImageExplorer running, open the image file you want to view or modify by selecting Files > Open from the program menu bar. Note Older image files created with IBMaster.exe instead of the current RDeploy.exe cannot be modified with the version of ImageExplorer that ships with Deployment Solution 5.6 or higher. However, image files created with IBMaster can be viewed and files can be extracted. The ImageExplorer always displays the files created with IBMaster as Readonly even when the file attributes are Read-write. To modify older image files you will need to use the version of Altiris ImageExplorer that ships with the earlier versions of Deployment Solution. See also: View Properties (page 318), Add New Files (page 320), and Extract a Folder (page 322).
View Properties
After opening an image file with ImageExplorer, basic information about the image file and its elements can be viewed by selecting a file or volume (partition) name and clicking Properties. You can open the properties page for an image file, volume, or file by right-clicking and selecting Properties, clicking File > Properties, or typing AltEnter. Depending on the type of image element, a property page opens with the appropriate tabs:
General Properties for an Image File

This page displays data for image files. After selecting Properties for a selected image, click the General tab to view the image items and additional property data, such as size, location, and attributes. The Image property page includes the name of the image file and its associated image data. Example: the Size field displays the amount of room that the image used on the hard drive of the source computer. The Size on disk field displays the actual size of the compressed image file before it is deployed. You can modify the password of the image file in this dialog.
General Properties for a Volume

This page displays data for a volume. After selecting Properties for a selected folder in an image file, click the General tab to view its property data, such as size, location, and attributes.
318
General Properties for a Folder

This page displays data for a folder. After selecting Properties for a selected file in an image, click the General tab to view its included files and additional property data, such as size, location, and attributes.
General Properties for Files

This page displays data for files. After selecting Properties for a selected folder in an image file, click the General tab to view its included files and additional property data, such as size, location, and attributes.
Description Properties for an Image

This page displays the constituent volumes within the image file. It provides a count of the volumes in the image and lists the name of each volume in the Volumes pane. If the image file has Read-write access, you can modify the image description.
Disk Partition Properties

The Miscellaneous property page provides a comprehensive list of system attributes for each volume in the image file. It includes volume data and statistics, including data imported from the partition table.
Open a File
To open a file in an image, double-click the file in the Details pane of the ImageExplorer or right-click and select Open. The file opens with its associated program. If no associated program is located, an Open with dialog appears, allowing the user to select and associate a program for the file. Note You can also associate a file with a program by right-clicking the file and selecting the Open with command. The Quick open feature lets you select a default program to open files without associated programs (Microsoft Notepad is the default program). You can change the default program for the Quick Open feature by clicking View > Settings and editing the Open with program box. See also: Print a File (page 325) and Settings (page 326).
Opening Split Image Files

If an image is too large or if you are trying to meet size restrictions to store an image (such as dividing image files to 600 MB to fit on multiple CDs), you can use the features in RapiDeploy to split the image file into multiple files. When editing, ImageExplorer keeps track of these split image files and prompts you to locate any additional linked image files not stored in the same directory.
Find Missing Split Image Files

If multiple files from a split image are kept in different folders or on separate CDs, this dialog appears to help you locate the missing split image files. Enter a path in the field
319
or browse to the missing files. ImageExplore keeps track of all files in a split image and prompts you for any missing split image files if they are not located in the same folder.
Add New Files

1. 2. 3. 4. Open Altiris ImageExplorer. Select File > Open. Select an image file. Click OK. Right-click the preferred volume or folder in the image and select Add File. The Select Files to add dialog appears. Option 1: Locate a file and click OK. The new file appears in the image. Option 2: Drag a file from Windows Explorer to the selected folder or volume in an image file displayed in ImageExplorer, or copy and paste the file. If the option is selected (see the Paste / Drop operations in the Settings (page 326) dialog), a message appears confirming your decision to copy a file to the image file. Note You can access and edit text files by double-clicking the file in the Details pane of the ImageExplorer dialog.
Convert an Image
The internal file format for images changed from file format 4 in Deployment Server version 5.5 and earlier, to file format 6 in Deployment Server 5.6 or later. File format 6 has remained the same since its release, but minor changes have been made to improve the overall format structure. This feature lets you select any previously created image file and convert it to the current file format that RapiDeploy uses today. If the file format changes in future releases of Deployment Server, when you convert an image file, it will always be to the most current file format. When converting image files, be aware of the following: If an old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code is removed and the image is restored to a .IMG file. You do not receive a message warning that the embedded self-extracting code was removed. If an old image has a password, the new image file created does not have a password. However, the user receives a message indicating that the password has been removed. File conversions may vary in length of time because ImageExplorer reads each segment in the image before converting it to the new image file. If you have large files with many segments, this process takes longer.
Field Definitions
Image File to Convert: Select the image file you want to convert.
320
Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: The number of segments in the image file. New Output Image File: Select a folder and filename for the image file you want to convert, based on the new segment size. New segment size (MB): Select a size for image segments from the drop-down list. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is converted. Estimated segment count: The estimated number of segments in the file you selected to convert.
To convert an image file

1. 2. 3. 4. 5. Click File, and select Convert Image File. Click Browse to navigate to a folder, and select an image file to convert. Click Browse to navigate to a folder. Enter a new filename for the converted image. Click the drop-down arrow and select a segment size from the list. Click OK.
Create an Image Index

This feature lets you create an index file for image files so that when you copy the images to CDs, the index file, along with the first segment of the image, can give the file information to RapiDeploy when restoring the image file. Example: if you have an image with multiple segments, such as .IMG, .002, .003, and .004, ImageExplorer creates a table of contents at the end of segment .004, which identifies the file information for each segment of the image. With this feature, a new index file named .IMX is created. Then, as you copy the segments to CDs, you can select .IMG and .IMG to be on the same CD. The other segments, .002, .003, and .004, can be copied to additional CDs as needed. When you use the CDs to restore an image, the first CD that contains the .IMG and .IMX files give RapiDeploy the information needed to restore the image. This makes restoring images easier because you are not required to insert the first CD, the last CD, back to the first CD just for RapiDeploy to restore the image. You can also index images as you create them by selecting the Make an image index (.imx) file option in RapiDeploy. See the RapiDeploy Reference Guide.
Field Definitions
Image File to Index: Select the image file you want to index. Output Folder for Index (optional): If you do not select a folder for the index output, the .IMX file is created in the same folder as the image you selected to index.
To create an index image

1. 2. 3. Click File, and select Create Image Index. Click Browse to navigate to a folder, and select an image file. Click Browse to navigate to a folder for the index file output.
321
4.
Click OK.
Extract a Folder
Use this feature to save a folder or file from an image to an external destination folder: 1. 2. 3. 4. 5. 6. Open Altiris ImageExplorer. Select File > Open. Select an image file. Click OK. Select a folder in the image, right-click, and select Extract Folder. The Browse dialog appears. Select a folder on your local disk or on the network to place the extracted folder. Click OK.
Note Extracting large amounts of data and large numbers of files can take several minutes.
Find Files
To search for files or folders in an image file, enter a string or characters (alpha and numeric) in the Find what box. You can use the ? (question mark) as a variable for a single character, or use the * (asterisk) for multiple characters. To search for a file, select the image file, volume name, or folder name from the treeview to set a search domain. You can change the search domain before clicking Find.
Field Definitions
Include folders: Select this option to include matching folders in the search results. Include files: Select this option to include matching files in the search results. Files and folders meeting specified search criteria are listed in the results box, organized by File Name and Location.
Filter Results
Click Filter on the Find Files dialog to open an advanced search for files based on associated system attributes (Read-only, Hidden, System) and ImageExplorer attributes (Added, Excluded, Replaced).
Field Definitions
Find What: Enter the string or characters to find a file based on system attributes or ImageExplorer attributes of the file or folder. Click Include matching files to select files. Click Include matching folders to select folders. Note To search in a specific directory, select that directory in the treeview pane and open the Find dialog. The following attributes use three-way check boxes with these features:
322
A solid checkmark means the item must contain the attribute. An empty box means the item must not contain the attribute. A dimmed checkmark means the value is NULL and the item can either have the value or not. Attributes: These are the system attributes of the files assigned by the operating system when the image was created. Flags: These are the attributes assigned by ImageExplorer.
Make Self-Extracting Images

This lets you create a self-extracting file for an existing image file so you can run the executable at a client computer. This is helpful when you need to restore an image to a computer that does not have access to the Deployment Server and RapiDeploy for imaging through the network. You can select image files that have been created with RapiDeploy, which was used to create images beginning with Deployment Server 5.6 or later. If you have images that were created with Altiris IBMaster 4.5 or earlier, you cannot use this feature. However, when you navigate to a folder to select an image, all .IMG files appear. You can use the Convert an Image (page 320) feature to convert the image to the latest RapiDeploy file format. The self-extracting file is comprised of a valid image file and RapiDeploy, which is embedded into the executable. You can copy the self-extracting file to a folder or removable media and manually run it on any computer, or you can create a deployment job on the Deployment Server and distribute the self-extracting file to multiple computers. When new versions of RapiDeploy become available through Deployment Server upgrades, you can re-make any self-extracting file by re-running Make Self-Extracting. The image files embedded RapiDeploy code is replaced with the latest version of RapiDeploy. This process may vary in length of time because ImageExplorer reads only the .IMG segment. If your file is 2 GB, the file will take more time than if the .IMG segment is 700 MB. RapiDeploy and only the first segment of the image file (.IMG) are combined together to create the executable that restores images. However, all other segments that make up the entire image, including the index (.IMX) are required when restoring an image. See also: See Create an Image Index (page 321).
Field Definitions
Current self-extractor type: The image file you selected is of this operating system type. Keep original image file: Select this check box for ImageExplorer to make a selfextracting image file without affecting the original image file. Note If you clear this check box and the Make Self-extracting process fails, the original image file may become damaged or corrupted, and you can no longer use the original image file to create a self-extracting file.
323
Image file size: The size of the current image selected. Remove existing self-extractor: Use this option to remove the .EXE code from a self extracting image. The image file will return to its original state with a .IMG file extension. This option is available only if the image file has self-extracting code, otherwise, this option is unavailable. DOS: This mode uses the RapiDeploy graphical user interface to display the image files progress while it is running. DOS text mode: This is a text version user interface. You can view the progress bar at the bottom of the client computers display while the image file is running.
To create a self-extracting image file

1. 2. 3. 4. 5. Click File, and select Make Self-Extracting. Click Browse to navigate to the location of the image file. Clear Keep original image file if you want to make the original image file a selfextracting image file. Select Change self-extractor type. See Field Definitions (page 323). Click OK. The self-extracting file is created in the same directory as the original image file. If the Not enough free space dialog appears, see Not Enough Free Space (page 324).
Not Enough Free Space

The image file you selected to make into a self-extracting file cannot be created because there is not enough free disk space. The Not enough free space dialog lets you select an alternate location to create the self-extracting file. Enter a directory path or click Browse to navigate to a location with more disk space. Click OK.
ImageX Sample Scripts

These are sample scripts that let Deployment Solution run ImageX imaging jobs from the Deployment Console. These sample scripts include documentation so you can put the name and location of the .WIM files. You can use ImageX to capture several different images into a single .WIM file. You can open the sample job and specify the location of the .WIM file with the correct passwords and network locations. You can run the job against the server, which launches the ImageX utility and captures an image of the target computer.
Print Folder Contents

You can print a list of the files and sub-folders within an image file, a volume (partition), or a folder. Depending on the options selected, you can print a report that includes the constituent files and subfolders and includes fields with the modified date, time, size, and other attributes for each file. When printing the contents of an image file, volume, or folder, click OK to view a Print Preview (page 325) of the report file.
Field Definitions
Title: Enter a title for the top of the report page.
324
What to print Just this folder: Print only the files in the selected image, volume, or folder. This will not print the subfolders. This folder and subtree: Print the files in the image, volume, or folder and all the subfolders and files. Print excluded items: Print the files that were marked previously as Excluded. Print < . > entries: Print an entry in each folder identified as < . > (a dot notation). Attributes and date/time properties will be saved for this hidden folder in the image file. Fields to Print Include modified date and time: Print the date and time that the file or folder was modified. Include size: Print the size of the file. Include attributes: Print the Read-only, Archive, Hidden, System, or Compressed system attributes (Read-only, System, Hidden) and the ImageExplorer attributes (Added, Excluded, Replaced). Include file number: Print the file number associated with each file. See also: Print a File (page 325).
Print Preview
View an online display of the print report for image files, volumes, or folders. The name of the report will appear at the top of the page with details in a table that were selected in the Print Folder Contents dialog.
Field Definitions
Save: Click to save the report to a text file. Lines: View the number of lines in the report. Print: Click to print the report.
Print a File
From the ImageExplorer dialog, you can select and print an actual file using its associated program. If your file is not associated with a program, you can associate it by selecting from a provided list of installed programs on the computer. You can also attempt a Quick print to open the file using a standard program, such as Microsoft Notepad.
Field Definitions
Quick print: Click this button to run a default program to open and print the selected file. The default program is Microsoft Notepad. You can change the default program to print files using the Print With program box in the Settings dialog. See also: Print Folder Contents (page 324)and Open a File (page 319).
325
Setting a Password on an Image File

Right-click an image file and select Properties. In the Attributes section, select Password. The Set / Change Password dialog appears.
Field Definitions
Current password: Enter current password. New password: Enter new password. Confirm password: Type the password again to confirm that is was correctly typed in.
Settings
You can set preferences for the Altiris ImageExplorer by clicking View > Settings. The Settings dialog appears to set options to confirm specific operations using message boxes in the user interface, to set options for displaying items or excluding items, or to select default programs when using the Quick print (see Print a File (page 325)) or Quick open (see Open a File (page 319)) options.
Confirmations
Read-only Open operations: Present a confirmation message to the user when opening a file in a Read-only state, and as a result any changes cannot be saved. Example: if an image file created in RapiDeploy 4.5 or earlier is opened, it is Read-only and any operation performed cannot be saved. As a result, when opening this file a confirmation box appears reminding the user that the file cannot be saved. File Overwrite operations: Present a confirmation message to the user when extracting a file from an image file and overwriting an existing file on a destination drive. File Revert operations: Present a confirmation message when executing a Revert operation that returns the image file to its original file structure and content after replacing files. Paste & Drop operations: Present a confirmation message when dragging a file to a new folder in an image file, when using the copy and paste operation to move files to another folder, or when using the Add New Files command. Exclude operations: Present a confirmation message to the user when assigning the Exclude option to a file (to not distribute the selected file as part of the image). This message appears when clicking the check box on the file or folder or selecting the Exclude operation. Folder Overwrite operations: Present a confirmation message to the user when extracting a folder from an image file and overwriting an existing folder on a destination drive.
Display Settings
Keep help on top: Select to keep open help file on top of the ImageExplorer user interface. This lets you view the help side-by-side with the program rather than allowing it to be sent behind the ImageExplorer user interface. Show file numbers: View the associated file numbers in the image. In NTFS the files are numbered automatically. In FAT, EXT2, EXT3, and other file systems the files are numbered by RapiDeploy when creating the image file.
326
Show excluded items: View the files marked as Excluded in the image. Files will be shown after refreshing the screen. Extract excluded items: Allow the Excluded files and folders to be extracted from the image file to a destination folder. This setting lets you include all files previously marked as Excluded to be saved to an external destination folder when running the Extract command. Color added items: Select this option to mark files/folders added to the image with blue text. See Add File (page 314) and Add Folder (page 314). Color replaced items: Select this option to mark files/folders replaced to the image with magenta text. See Replace Files (available for files) (page 317). Color excluded items: Select this option to mark files and folders added to the image with red text. See Exclude (page 315).
Default Programs to Open and Print Files

These settings are default settings for the Quick Open and Quick Print options that appear with the Open with and Open features. Use to associate files to a common program, such as Microsoft Notepad. Open with program: Set the default program to run with a selected file. The default program is Microsoft Notepad. See Open a File (page 319). Print with program: Set the default program to print a selected file. The default program is Microsoft Notepad. See Find Files (page 322).
Split Image
This feature lets you select an image file to split (rewrite) into a new image file based on the segment size you select. While Convert an Image (page 320) changes the file format of an image to be the current format used by RapiDeploy, split an image keeps the format of the original image but changes the size of its segments. Example: if you have a 2 GB image file, and you wanted to split the image so it could fit on CDs, you could select 650 MB or 700 MB as the new segment size and the result would be one image file with multiple segments. You could copy the segments to CDs and use them to restore the image file at client computers. When splitting image files, be aware of the following: If the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If this occurs, a message appears to verify if this is what you want to do. If you proceed, all the principles of Convert and Image apply. If an old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code remains, and the new image contains the same version of RapiDeploy as when it was originally created. However, if the image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If you proceed, the self-extracting code is removed. If an old image has a password, the new image file has the same password. However, if the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If you proceed, the password is removed.
327
Field Definitions
Image File to Split: Select the image file you want to split. Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: The number of segments in the image file. New Output Image File: Select a folder and filename for the image file you want to split. New segment size (MB): Select a size for image segments from the drop-down list. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is split. Estimated segment count: The estimated number of segments in the file you selected to split, based on the new segment size.
To split an image file

1. 2. 3. 4. 5. Click File, and select Split Image File. Click Browse to navigate to a folder, and select an image file to split. Click Browse to navigate to a folder, and enter a new filename for the image. Click the drop-down arrow, and select a segment size from the list. Click OK.
Command Line Switches

This feature can be use to create Deployment Server Run Scripts or batch jobs to help you manage images from the command line. At the end of some switches, select options are listed to indicate that the additional commands are allowed.
To access the online command line options

1. 2. 3. 4. From the Windows environment, select Start > Run. In the Open field, enter the command CMD. Enter C:\Program Files\Altiris\eXpress\Deployment Server\ (default installation path). Enter imgexpl /? to view the command-line switches page.
Command line
Parameters
Description
Image files to open or operate (can be repeated, such as w2k.img, xp.img).
328
Command line
Switches
Description
-register: register file types in the Windows Registry. -unregister: unregister file types in the Windows Registry. -add <src> <dst>: add file, folder, or volume to an image. Accepts the <-overwrite> option. You can use wildcards when entering the source (src). -extract <scr> <dst>: extract a file, folder, or volume from an image. Accepts the <-overwrite> and <-size> options. -convert <dst>: convert an old format image to the current image format used by RapiDeploy. Accepts the <-overwrite> and <-size> options. -split <dst>: split an image into new size file segments. Accepts <-overwrite> and <-size> options.
Options
-lang <lang code>: *specify the Language code for the user interface. -silent: *do not display confirmation or errors. -password <pwd>: *passwords for image files being opened. -overwrite: when in silent mode, do not confirm actions. -size <size in MB>: size of the new image segment in MB. * Indicates the options that can be used with any command.
Process exit codes
0 2 4 6 8
Success. Command line syntax error. Error registering or unregistering file types. Operation cancelled by the user. Attempted to write to a Read-only image.
10 Invalid password. 12 Error performing an operation. 14 The Image file was not found or an error occurred opening an image. 16 The Source was not found, or an error occurred option the source. 18 The destination was not found or an error occurred opening the destination. Examples: Open a W2k.img that requires the password develop. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop Open two image files that each have different passwords, password and sales.
329
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop f:\w2k.img -password sales Add all *.txt files in e:\to the temp folder of the volume in slot 1 of w2k.img. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -add e:\*.txt 1:\temp Extract kernal.dll from the Windows folder of the volume sys in w2k.img to e:\dump. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -add e:\*.txt 1:\temp Convert the old format image file, w2k.img, to the new image, new2k.img, in 650 MB segments. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -convert f:\new2k.img -size 650
330
Installing Deployment Server

Deployment Server is a flexible, scalable computer deployment and management system that can be installed and configured on a single computer, or installed across several computers to distribute processing for large enterprise environments. You can run a Simple install to position all Deployment Server Components on a single computer (most frequently used), or plan and perform a Custom install to distribute installation of components across separate computers in the site. The Deployment Web Console can be installed as part of the Deployment Server installation on any computer running Microsoft IIS. After installing Deployment Server components, you can remotely install Deployment Agents on all types of computer resources across your organization: laptops and handhelds, LAN and Web servers, network switches, and so on. Windows computers, Linux computers, and handhelds can be managed as a unified environment, with each client communicating through its own Deployment agent to update inventory data and react to Deployment Server commands and deployment tasks. Select one of the following methods for installing a Deployment Server system: Simple Install for Deployment Server on page 337 Custom Install for Deployment Server on page 340 Thin Client Install for Deployment Server on page 343 Component Install for Deployment Server on page 343 To install Deployment Agents on the client computer, see Installing Deployment Solution Agents on page 344. Note You can also install the Deployment Server components remotely from the Altiris Console.
Deployment Server Components

The Deployment Server system includes the following components: Deployment Console on page 332 Deployment Server on page 332 Deployment Database on page 333 Deployment Share on page 334 Altiris PXE Server on page 334 DHCP Server (not an Altiris product) Deployment Web Console on page 335 Installing Deployment Solution Agents on page 344 Sysprep on page 365
331
All these components can be installed on the same computer or distributed across multiple computers as per your environment.
Deployment Console
The Deployment Console is the Win32 user interface for Deployment Solution. You can install this Windows console on computers across the network to view and manage resources from different locations. In addition, from this console, you can access the Deployment Database on other Deployment Server systems to manage sites across the enterprise. See Connecting to Another Deployment Server on page 95. Deployment Console communicates with the Deployment Database and Deployment Server services. In a Simple Install for Deployment Server, the Deployment Console is installed on the same computer as all other components. In a Custom Install for Deployment Server, you must ensure that a connection is available to these computers and security rights are set. You must have administrative rights on any computer running the Deployment Console. See also Deployment Web Console on page 335, Managing from the Deployment Console on page 72, and Deployment Server Components on page 331.
Deployment Server
Deployment Server controls the flow of the work and information between the managed computers and the other Deployment Server components (Deployment Console, Deployment Database, and the Deployment Share). Managed computers connect and communicate with the Deployment Server to register inventory and configuration information and to run deployment and management tasks. The computer and deployment data for each managed computer is stored in the Deployment Database. Note To view, start, or stop Deployment Server, go to the Altiris Server services in your Windows Manager. Managed computers require access to the Deployment Server at all times, requiring that you have administrative rights on the computer running the Deployment Server.
Create a user account to run the Deployment Server. The service runs as a logged-onuser, not as a system account. You must create this account on all Deployment Server computers. The account must have full rights to the Deployment Share. The account must have a non-expiring password. Assign a static IP address to the Deployment Server computer. Other components cannot connect to the Deployment Server if you use DHCP and dynamically change the IP address. To install the Deployment Server on a remote computer, the default administration shares must be present. Restore any shares that have been removed before you install the Deployment Server.
332
Note Creating an administrative account using the same name and password on each computer is easier to remember than using the names and passwords of existing accounts. Most packages (.RIP, Personality Packages, and .MSI files) are passed through the Deployment Server. Therefore storing these files on the same computer as the Deployment Server can speed up the deployment of these packages. Image files, however, are sent directly from the Deployment Share to the client computer when executing an imaging task. See also Deployment Server Components on page 331.
Deployment Database
The Deployment Database can be installed on Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000. See Deployment Server System Requirements on page 336. Note In Deployment Solution 6.0 and later, if you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific instance using this format: <database instance>\express. Example: if you have a clustered Microsoft SQL Server named SQLClusterSvr to manage multiple Deployment Solution systems on different network segments, you can enter the name SQLClusterSvr\salesSegment or
SQLClusterSvr\marketingSegment during the Deployment Server setup depending on the previously established database instance. This feature is
supported in the silent install .INI file and the GUI install executable. The database maintains the information about the managed computers, such as: Hardware. RAM, Asset tag, and Serial numbers General Information. Computer name and MAC address Configuration. TCP/IP, Microsoft Networking, and User information Applications. The applications installed and information about these applications, such as the name of the application, Publisher, and Product ID Services. Windows services installed Devices. Windows devices installed such as network adapter, keyboard, and monitors Location information. Contact name, phone, E-mail, Department, Mail Stop, and Site The Deployment Server Database also contains jobs and other data used to manage your computers. Note You can install a single Deployment Database per Deployment Server systemyou cannot have two databases storing data for a single computer. If the computer you are installing the database to has an existing Microsoft SQL Server, the Deployment Database is added to that instance of the database engine.
333
Support for Multiple Database Instances

In Deployment Solution 6.0 and later, you can identify a named instance of the Microsoft SQL Server when installing Deployment Solution. You can now identify other named instances of Microsoft SQL Servers rather than accessing only the default instance. This feature lets you identify and run multiple databases from one clustered Microsoft SQL Server to manage multiple sites or network segments. This feature is supported in the silent install .INI file and the GUI install executable. See Custom Install for Deployment Server on page 340. The 6.8 release of Deployment Solution also supports a different name for the Deployment database other than the default eXpress. See also Deployment Server Components on page 331.
Deployment Share
Deployment Share is a file server or shared directory where Altiris program files and packages are stored. The Deployment Share can be a shared directory (default Simple install in Program Files\ Altiris\eXpress\Deployment Server) or another file server (in the Custom install you can assign a Microsoft Windows or Novell NetWare file server). Deployment Share is where you store image files, registry files, .MSI packages, Personality Packages, script files, and more. When a computer is being deployed or managed, Deployment Server stores and retrieves these packages from the Deployment Share as needed.
If you are installing Deployment Solution on a remote file server (not the computer where you are running the install program), create a share (or give Read/Write rights for NetWare) on the file server where Deployment Server can be installed. The share must allow access to all other components, including managed computers and the user account that runs the Deployment Server. This share must be created before you begin installing. If you are not installing to a remote computer, you can select the option to create the share during install.
Note You can install only one Deployment Share per Deployment Server system. However, if the Deployment Share's hard drive gets full, other computers can be used as additional, backup storage points. In some cases, other systems emulating a Microsoft or NetWare environment can be used as the Deployment Share. Note for NetWare users: If you have trouble using the Novell NetWare server as a Deployment Share, install the Novell Client rather than the Microsoft NetWare Client. See also Deployment Server Components on page 331.
Altiris PXE Server

The Altiris PXE Server provides service to client computers on a subnet. When the Deployment Server sends a deployment job, the client computer receives a request to boot to automation and the PXE-enabled computers connect to the first Altiris PXE
334
Server they discover, which communicates with the Deployment Server and the client computers. You can install an Altiris PXE Server on a Microsoft Server 2003, Windows 2000 Server and Advanced Server. The Altiris PXE Server also functions on the same protocols as a standard DHCP Server so you can place the Altiris PXE Server anywhere you would place a DHCP server. You can also install as many Altiris PXE Servers as required in your system, but you must also install a DHCP Server. The Altiris PXE Server sends a boot menu option list to the client when the computer performs a PXE boot. The deployment job, which contains at least one automation task, uses the default automation environment or the environment specified by a user who has the persmissions to create a deployment job. The boot menu options the request boot menu files from the Altiris PXE Server and are downloaded from the Altiris PXE Server to the client computers RAM storage. The client computer always boots according to the request and reply communications taking place between the Deployment and Altiris PXE Servers. Altiris supports DOS, Linux, and Windows PreInstallation Environment (Windows PE) as pre-boot environments. These options let you create a single job, but may contain multiple automation tasks. The default automation environment (the first pre-boot operating system files installed during the Deployment Solution installation) is used for Initial Deployment, unless you specify otherwise. Using an Altiris PXE Server to boot client computers to automation, saves you from having to install an automation partition on each client computers hard disk, or manually start computers using Altiris supported bootable media. See Boot Disk Creator Help. See also Pre-boot Operating System (Simple) on page 361, Install Automation Partition on page 137, and PXE Configuration Utility Help.
DHCP Server
The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/ IP address to the client computers. This server is not an Altiris product, but it is required if you intend to use the Altiris PXE Server. We recommend that you use DHCP to manage the TCP/IP address in your network regardless of whether you use PXE or not. This greatly reduces the amount of time it takes to set up and manage your computers. See also Deployment Server Components on page 331.
Deployment Web Console

The Deployment Web Console remotely administrates a Deployment Server installation from a Web browser. It deploys and manages Windows and Linux computers (both client and server editions) in real time with many of the features present in the Deployment Console. The Deployment Web Console can be installed on any computer running the Microsoft IIS Server, including a computer running Deployment Server, Notification Server, or a remote computer running only Microsoft IIS. Note If Microsoft IIS is running, the Deployment Web Console is installed automatically during the Windows installation.
335
Note The DS Installer does not detect the version of MDAC that is installed. The Deployment Web Console requires MDAC version 2.71 or later to install. If the version of MDAC is earlier than 2.71, the Web console displays a target of invocation error. See also Deployment Console on page 332 and Deployment Server Components on page 331.
Deployment Server System Requirements

The following are the system requirements for Deployment Server components and the network environment.
Network
TCP/IP is used for communication between all Deployment Server components. If you have a NetWare file server for your Deployment Share, IPX can also be used to communicate with this component. For Windows 2000 systems, you must set up Active Directory with the Permissions compatible with pre-Windows 2000 option. If you select the Permissions compatible only with Windows 2000 servers option the Deployment Server cannot manage domain accounts for you. If you are using Windows 2000 only permissions, change them to the pre-2000 option from the Windows Start menu. Open a DOS prompt to add the group Everyone by typing the following:
net localgroup Pre-Windows 2000 Compatible Access Everyone / add

Restart all domain controllers for the change to take effect.
Deployment Server
RAM: 256 MB Disk Space: 200 MB
Component
Hardware
Software
All components require Pentium III processors Deployment Server RAM: 256 MB Disk Space: 200 MB RAM: 128 MB
Disk Space: 3.5 MB
Windows 2000 Server and Advanced Server Windows Server 2003 (SP1)
Deployment Console
Windows 2000 Professional, Server and Advanced Server Windows XP Professional Windows Server 2003 (SP1)
336
Component
Altiris PXE Server
Hardware
Memory: 128 MB Disk Space: 25 MB (for boot files)
Software
DHCP server (must be on the network, but does not have to be on the same computer as an Altiris PXE server) Windows 2000 Server or Advanced Server Windows Server 2003 (SP1)
Deployment Database
Memory: 128 MB Disk Space: 55 MB (for program files), plus space for data. Memory: 128 MB Disk Space: 100 MB for Deployment Server program files plus space for storing files (image, boot, .RIP, and so on) Memory: 128 MB
(Microsoft SQL ServerTM 2000 (SP3) or MSDE 2000 (SP3)
Deployment Share (File server for storage)
Windows 2000 Server or Advanced Server Windows Server 2003 (SP1) NetWare (File server only. Cannot be used for any other components). Windows 2000 Professional, Server or Advanced Server Windows XP Professional Windows Server 2003 (SP1) MS IIS 5.5 MDAC 2.71 or later.
Deployment Web Console
Deployment Agents
Deployment Agent requirements are the same as the target operating system. The Deployment Agent requires around 5 MB disk space. See the following sections for additional information: Installing the Deployment Agent on page 346 Installing Deployment Agent on Linux on page 350 Installing the Automation Agent on page 352 Managing Licenses on page 352
Simple Install for Deployment Server

The Simple Install places all Deployment Server Components Deployment Server, Deployment Console, Deployment Share, and Deployment Databaseon the same computer. You can install the Deployment Server with a Microsoft Desktop Engine (MSDE) from the Simple Install. The Deployment Web Console is installed during a Simple Install (and during a silent install) if the Microsoft IIS services and .NET frameworks are running on the selected computer.
337
You can download the Altiris Deployment Solution either from the Altiris product CD or from www.altiris.com.
AltirisDeploymentSolutionWin_6_8 installs all Windows components of Deployment Solution. Using the Simple Install option, you can install MSDE 2000 on a local computer if a database is not already installed.
Note Simple installation works only with a default Microsoft SQL 2000, SQL 2005, or MSDE install.
To run a simple install

1. 2. Start the server and log on using the administrator account you created for the Deployment Server. See Deployment Server System Requirements on page 336. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Deployment Server self-extracting install dialog appears. 3. Click the Use current temp folder option to use the current temporary folder to download installation files or Extract to a specific folder option to set a path to an existing folder to download installation files. Click Extract and Execute App to extract and execute the application immediately. Note The default installation directory is DSSetup on C drive. 4. 5. 6. 7. Click Simple Install. Select Include PXE Server. This option installs the Altiris PXE Server. See Altiris PXE Server on page 334. This is optional. Click Install. Click Yes to the Software License Agreement. Enter the following information in the Install Information screen: a. In File Server path, enter the drive letter and the path to install the Deployment Server program files. (The default path is C:\Program Files\Altiris\eXpress\Deployment Server.) Select Create eXpress share to create a Deployment Share on the computer. The Deployment Share lets you store files on the computer and run Deployment Server system applications. See Deployment Share on page 334. Click License File and browse to locate a license file (.LIC file). This is the activation key you received when you registered your Altiris software. Click Upgrade using existing license to upgrade the installation using an existing license. If you do not have a license file, click Free 7 day license. The installation continues and lets you use a free evaluation license file. See the Altiris Getting Started Guide for further licensing information.
b.
c.
338
Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. d. Enter an administrator user name and password for the Deployment Server system. This account must already exist. By default, the name you are currently logged on as appears. If you use a domain account, enter the domain and the user name (Example: Domain1\administrator). Click Next. The Installation Information dialog displays the selected Deployment Server components to be installed. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears, stating that the share is already in use and you need to manually set the share to point to the correct directory. Click OK to this message. 8. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins and can take several minutes to complete. The Installation Information dialog appears asking if you want to install clients. Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Remote Install Clients. Select this option if you want to push the Deployment Agent to computers running the Windows 2000, XP, and Windows Server 2003 operating systems. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. 10. After the installation is complete, click Finish. You have successfully completed a Simple install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all computer resources running Deployment Agents configured for your Deployment Server. Note Antivirus applications can delete service .EXE files or can disable services. For example: when you run the Deployment Server Win32 Console, the Unable to connect to the Altiris Deployment Server DS Management Server. Please ensure this service is started and running currently. error appears. This occurs because the service files are deleted by the antivirus application during scanning. To resolve this issue, disable the antivirus software and reinstall Deployment Server. See Custom Install for Deployment Server on page 340.
e.
9.
339
Custom Install for Deployment Server

The Custom Install lets you distribute all Deployment Server Components Deployment Server, Deployment Console, the Deployment Share, and the Deployment Databaseon different computers. You can install Deployment Server with Microsoft Data Engine (MSDE) or install it to an existing SQL Server. You can download the Altiris Deployment Solution either from the Altiris product CD or from www.altiris.com.
AltirisDeploymentSolutionWin_6_8 installs all Windows components of Deployment Solution. Select the Custom install option to add new components or to install Deployment Solution to an existing database.
To run a custom install

1. 2. Start the server and log on as the administrator account you created to run Deployment Server. See Deployment Server System Requirements on page 336. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Deployment Server self-extracting install dialog appears. 3. Click the Use current temp folder option to use the current temporary folder to download installation files, or click the Extract to a specific folder option to set a path to an existing folder to download installation files. The default path is the DSSetup directory in the C drive. Click Extract and Execute App to extract and execute the application immediately. Click the Custom Install option if any of the following conditions exist: You are using the NetWare file server as a Deployment Share. You are managing many computers and require a distributed architecture to meet bandwidth restrictions and other design requirements. 5. 6. Click Install. Click Yes to the Software License Agreement. Install the Deployment Share and enter the license file location: In File Server path, enter the drive letter and the path to install the Deployment Server program files. The default path is C:\Program Files\Altiris\eXpress\Deployment Server. Select Create Deployment Share to create a Deployment Share in the system. The Deployment Share lets you store files on the computer and run Deployment Server system applications. The Deployment Share can be on a Microsoft Windows server or Novell NetWare server. (You can only create the share if it is on a Microsoft Windows Server; the Novell share should already be set up.) See Deployment Share on page 334. Click License File and browse to locate the license file (.LIC file). This is the activation key you received when you registered your Altiris software. Click Upgrade using existing license to upgrade the installation using an existing license. If you do not have a license file, click Free 7 day license. The
4.
340
installation continues and lets you use a free evaluation license file. See the Altiris Getting Started Guide for further licensing information. Click Next. Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. 7. Enter the Deployment Server information. Select the computer to install Deployment Server, the services that controls the flow of the work and information between the managed computers and Deployment Server components. Install the Deployment Server on this computer or on a remote computer. Enter a static IP address for the Deployment Server computer to ensure that the IP address remains constant. Type the port information in the Port field. Enter the path where the Deployment Server should be installed. Provide the account information that already exists on the Deployment Share and the Deployment Server. Click Next. See Deployment Server on page 332. 8. Enter the Deployment Database information. Identify where you want to install the database, or select an existing Microsoft SQL Server from the list of computers. See Deployment Database on page 333. Note If you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific database instance in this field using the format: <SQL Server Name>\<database instance>. Depending upon the selection of SQL Server instance, the default port at which the selected instance is listening appears in the SQL Port Number field. You can edit the port number if you have manually entered the SQL Server name or if the port number does not appear automatically due to some firewall restriction. You can select a different name other than eXpress for your Deployment Database. Type the alternate name in the Database Name field and click Next. 9. Identify the type of Deployment Database authentication to be used. Enter the user name and password if SQL Server authentication is used. Click Next. If a previous installation of the Deployment Database is detected, a message appears asking whether you want to preserve or overwrite the existing database. Note You cannot use the remote SQL database with NT authentication on a remote computer if you don't have administrative rights on the computer. 10. Enter the Pre-boot Operating Systems information required for Boot Disk Creator. Select any one of the four options from FreeDos, MS-DOS, Linux, and Windows PE. Click Browse to select the FIRM file (for FreeDos and Linux operating systems) or enter the path for the location of the operating system files (for MS-DOS and Windows PE). Note If you are using a free evaluation license you cannot use the WinPE Add On Packages.
341
11. Enter PXE Server information. Click Next. See Altiris PXE Server on page 334. Select the pre-boot operating system to use as the default PXE boot menu item. You can select DOS, Linux, or Windows PE. If you want to use the previously installed pre-boot operating system, select the Keep Default option. 12. Enter information on how you want to connect your managed computer to the Deployment Server. Click Connect directly to Deployment Server and provide the DS IP address and Port or click Discover Deployment Server using TCP/IP multicast and provide the Server name. If the Server name field is left blank it finds the first Deployment Server that responds. 13. Enter Deployment Console information. Select whether you want to install the Deployment Console on the computer you are working or on a remote computer. 14. Provide information for installing the Deployment Web Console on the computer you are currently installing from. This computer must be running Microsoft IIS .NET framework. You must provide information about the path where you want to install the Deployment Web Console and also valid user credentials. Click Next. See Deployment Web Console Information on page 364. Note This option is disabled if Microsoft IIS is not detected. 15. The Installation Information dialog displays the selected Deployment Server components to be installed. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears stating that the share is already in use and you need to manually set the share to point to the correct directory. Click OK. 16. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins, and can take several minutes. 17. Install Deployment Agent to the client computers. The Installation Information dialog appears asking whether you want to install clients. Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Remote Install Deployment Agent. Select this option if you want to push the Deployment Agent to computers running the Windows 2000, XP, and Windows Server 2003 operating systems. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. 18. After the installation is complete, click Finish.
342
You have successfully completed a Custom install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all the computer resources running Deployment Agents configured for your Deployment Server. See Simple Install for Deployment Server on page 337.
Thin Client Install for Deployment Server

The Thin Client installation option lets you install the Thin Client view of the Deployment Console on your computer.
To install Thin Client

1. 2. 3. 4. 5. 6. Double-click axinstall.exe. Select the Thin Client Install option on the Deployment Server Install Configuration dialog and click Next. (Optional) Select Include PXE Server. This option installs the Altiris PXE Server. See Altiris PXE Server on page 334. Enter the user name and password of the Deployment Server service on the Deployment Share Information dialog and click Next. Select a default pre-boot operating system or select None and click Next. Click Install on the Installation Information screen.
The Thin Client is installed.
Component Install for Deployment Server

The Component installation option lets you add selected Deployment Server Components Deployment Console, Deployment Web Console, Altiris PXE Server, and Deployment Agents to the existing Deployment Share. Additionally, you can also add Microsoft Sysprep files.
To install components
1. 2. Start the server and log on with the administrator account you created to run Deployment Server. See Deployment Server System Requirements on page 336. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Deployment Server self-extracting install dialog appears. 3. 4. 5. 6. 7. Click Extract and Execute App. Click Add Component. Click Install. Click Yes to the Software License Agreement. Enter a path for the Deployment Share. Click Next. Select the Components to install. Install an additional Deployment Console. Click this option to install another Deployment Console (a Windows executable) on another computer. You can add as many Deployment Consoles as required to manage from multiple consoles across your system, but you can install only one at a time.
343
Install an additional Deployment Web Console. Click this option to install an additional Deployment Web Console on the local computer. The Web console is installed on the local computer if the computer is running Microsoft IIS. See Deployment Web Console Information on page 364. Install an additional Altiris PXE Server. Use this option to add additional Altiris PXE Servers across a network segment to handle boot requests for large environments. Master PXE Server. When you add another Altiris PXE Server, the Altiris PXE Server installed initially is designated as the Master PXE Server. The Master PXE Server works concurrently with any additional Altiris PXE Server to handle boot requests across the network segment, but it also allocates additional blocks of IP addresses to other Altiris PXE Servers in the system. For all the available options for installing Altiris PXE Server, see Altiris PXE Server Install on page 363. Install additional Deployment Agents. Click this option to install additional Deployment Agents on client computers, setting up managed computers in the Deployment Server system. Add Microsoft Sysprep files. Click this option to install the Microsoft Sysprep files, if you did not install them earlier. See Sysprep on page 365. 8. Click Next. The Deployment Console Information dialog appears. 9. Select the computer to install the component and click Next. Note If you select the On a remote computer option, you have to browse and select the remote computer. 10. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins, and can take several minutes. 11. The Installation Information dialog appears specifying that the installation has been successful. Click Finish. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. Note Install add-ons to provision server hardware is the only option available on the Installation Information Summary dialog when you select Component Install.
Installing Deployment Solution Agents

Each client computer requires the Deployment Agent to run as the Production Agent on a local hard disk, which communicates with the Deployment Server and registers in the
344
Deployment Database. For Windows and Linux client computers, Deployment Solution lets you push agent software to a client computer from a Deployment console, or you can pull the Deployment agent from the client computer from the Deployment Web Console (or pull it from the Deployment Share). You can install an embedded (recommended) or hidden automation partition, which contains an Automation Agent that establishes communications with the Deployment Server to run the deployment jobs that have been assigned to the client computer. See Install Automation Partition on page 137. The Deployment agents for handhelds are also easily installed from the console using prebuilt jobs. Deployment Agent. Install a Production Agent to a Windows desktop, notebook, or server, computer. You can also install this agent to any supported Linux workstation or server. See Installing the Deployment Agent on page 346. Deployment Agent on Linux. Install on any supported Linux workstation or server. See Installing Deployment Agent on Linux on page 350. Automation Agent. Install on any Windows desktop, notebook, or server computer. See Installing the Automation Agent on page 352. Installing Deployment Agent for Pocket PC. Install on handheld computers running the Pocket PC operating system. See Managing Licenses on page 352.
Client Connectivity and Network Adapters

Altiris supports all standard network adapter cards and includes many drivers with the installation of Deployment Solution. However, sometimes outdated drivers (including default drivers that come with the hardware) cause problems when clients are in automation mode. To avoid these problems, you should check the manufacturers Web site for your network adapter to ensure you use their latest driver in your pre-boot operating system configuration file. Some common client problems that can be solved by updating drivers are: Locking when loading drivers or failing to connect to the server Locking when imaging (downloading, uploading, or multicasting)
Microsoft Client Drivers

The Boot Disk Creator is set up to work with drivers that follow a certain standard. Because not all NIC drivers follow that standard, you may have to move the files to a different location. The following three files must be in the same directory: The DOS driver for your card (drivername.dos) The sample protocol.ini that comes with your driver (protocol.ini) The OEM setup file that specifies the DOS driver (oemsetup.inf) Example: The OEM setup file may contain lines similar to the following:
[netcard] NGRPCI=NETGEAR FA310TX Fast Ethernet PCI Adapter,0,ndis,ethernet,real,NGRPCI,NGRPCI_NIF [NGRPCI] (This header must be the sixth item listed in the line above) Device=NGRPCI.DOS (If this line is missing, add it. The syntax is device=drivername.)
345
If there is no protocol.ini file, create a text file that contains the following command:
DriverName=drivername Novell Client Drivers

The Boot Disk Creator performs the following functions: Searches all subdirectories for a directory that contains *.ins, *.com, and net.cfg files. (These files must be in the same directory.) The .INS file is opened to get information about the network card. Searches the file for a line starting with a carat (^). This line must have at least two values listed, separated by a comma. The two values needed are the description of the card (value1), and the .com driver file name (value2). The following are the requirements to install Deployment Agents to set up managed computers for each Deployment Server system.
Installing the Deployment Agent

For client computers running a Windows operating system, Deployment Solution lets you install agent software using Remote Agent Installer to push the agent to a client computer from a Deployment console. Or, you can pull the Deployment agent from the client computer by accessing the Windows share or downloading the install package from the Deployment Web Console. You must have administrative rights to the client computers and File and Print Sharing must be enabled to install the agent software.
Click Remote Agent Installer on the Deployment Console toolbar, or click Tool > Remote Agent Installer to open the utility program. You can also download aclient.exe from the network share or Deployment Web Console to install a Deployment agent.
Windows 9x. For Windows 98 clients, you must install the agent software locally. There are several ways to do this: You can add commands to the client login script to map to the Deployment Agent on your file server and run the executable, or you can e-mail the executable or a shortcut to users and run the install program from the client computer. Windows XP. When remotely installing the Deployment Agent on a Windows XP computer, each user must have an account password. Remote Agent Installer returns an error message if it is unable to get to the Administrative share on the remote XP computer for each user. Windows XP does not allow access to any Administrative shares if the user on that computer does not have an assigned password (including the guest account). When all users have passwords and the network setup wizard has been run, you can successfully install the Deployment Agent using the Remote Agent Installer.
Remote Agent Installer

You can use the Remote Agent Installer utility program to install the Deployment Agent on Windows 2003/XP/2000 operating systems. For Windows 98 computers, you have to install manually by running the aclient.exe downloaded from the network share or from the Deployment Web Console. After downloading the install executable, run it on the local computer to install.
346
Enter administrator account information

Enter common administrator credentials for all client computers, or keep the default credentials to be prompted for each client computer. Let me specify a user name and password for each computer as its installed. Prompts for an administrative user name password for each computer in the remote install list. This is the default option. Use this username and password for all clients. Enter credentials for an administrator account that has rights to all client computers added to the remote install list. Click Next.
Specify install directory

Enter a location to install the Deployment Agent. Install directory. Enter the path where the Deployment Agent is to be installed on the client computer. Enable this agent to use Microsoft Sysprep. Select to set the security on the client computer. If you enable this option, you have to locate and download the program install files. View agent settings in the summary box. Click Change Settings to set the Deployment Agent Settings on page 113 for the Deployment Agent.
Automatically Add to a Group

You can add new computers to the All Computers group automatically, or specify another computer group. Add clients to default group. Add new computers to the All Computers group. Add clients to a specific group. Specify another group to add new computers. Use back slashes to separate subgroups.
Select Computers on the Network

Identify client computers on the network and add them to a list of computers to remotely install the Deployment Agent. Add. Select the computers by the name in the list, or enter a computer name or IP address. Computer Name. Enter the name of a computer on the network or its IP address. Properties. Select a computer and view agent install settings. You can also change SID and Agent settings from this Agent Properties dialog. Import. Find a .RCI file and import new computers from a file previously created file in a DOS text file. This file has the following parameters: -c:[computer] u:[username] p:[password] i:[input file]. The parameters must be entered in this order. The password parameter is not required if the administrator account does not have one
347
assigned. If you are using the default settings, you do not need to specify an input filename. Each computer entry must be on a separate line. Export. You can export the computers listed into an export file for future use. The default extension is *.RCI. Remote Agent Installer first looks for an RCI file extension, but any DOS text file can be used. When the computers appear in the installer list and the properties have been set, click Finish. The status of the agent install appears on screen. After the Deployment Agent is installed, it connects to Deployment Server automatically and appears in the Computers pane of the Deployment console.
Download Microsoft Sysprep

If you selected Enable this agent to use Microsoft Sysprep on the previous dialog, the Remote Agent Installer dialog assists in finding the required install files for the specific versions of Sysprep. Select to download and install the Microsoft Sysprep files.
Update file system permissions when changing SIDs. Click to automatically update file system permissions to maintain the individual file permissions that may have been set. This also includes the individual network shares that may exist on this client. Checking this option also includes those individual permissions. This takes a long time to convert the SIDs. To make the SID utility run faster, do not select this option. Note SIDgen is no longer supported and should not be used. Altiris recommends using Microsoft Sysprep in situations where SID replacement is required. To install Microsoft Sysprep, you need to download the install files required for the Windows operating systems running on the client computer. Windows 2000/XP/2003 (deploy.cab) We recommend installing these files from a Windows 2003 server CD.
Click Next.
Change Settings
Click Change Settings to modify access, security and other settings on the Deployment Agent to be installed. See Deployment Agent Settings on page 113.
Get Server Security Key

This page appears only if you select the Enable key-based authentication to Deployment Server option in the Change Agent Settings. Enter the security key file path for the Deployment Server or browse and select a file containing the security key file path.
348
Installing Deployment Agent for Windows

Run AClient.exe from the Deployment Share (shared folder) or download the install file from the Deployment Web Console. 1. On the Altiris Client Service dialog, enter a location to install the Deployment agent. Select one of these options, if required: Secure modification of server properties. Select to prohibit users from changing any agent settings. Enable changing of Security ID. Select to manage the security IDs to run a SID utility as part of an imaging job. Advanced. Click to open the Computer Configuration Properties dialog and enter the settings for the Deployment agent you are installing. 2. Click Next. If you have enabled the security IDs, a screen listing the options for managing the SIDs appears. Select the utilities you want to use and enter the path where the utilities are stored. 3. Click Next to install the Deployment Agent. Select a group in Deployment Console to add the client to. This is optional.You can also leave it at the default group.
After the Deployment agent is installed, it connects to the Deployment Server and appears in the Computers pane of the Deployment console. See Installing Deployment Solution Agents on page 344.
Automating the Installation of Deployment Agent

If you do not select Remote Agent Installer to install Deployment Agent, install the Deployment Agent using log-on scripts or batch flies. However, this requires that you manually complete the installation at each client computer. Instead, you can use a template file to set applicable options and properties. The template file is a text file that can be used to automate configuration of the properties when installing Deployment Agent from a batch file, login script, or manually from a client computer. The template file can be created using two methods: editing the sample.inp file or using the Remote Agent Installer.
Editing the Sample.inp file

Deployment Solution ships with a sample template file named sample.inp, which contains the commands to configure installation options and properties. This file is located in Program Files\Altiris\eXpress\Deployment Server. Most of the parameters have been disabled in this file. To enable an option, remove the semicolon. Example: to specify a specific IP address and port number for the client to locate the Deployment Server, remove the semicolon from the TcpAddr and TcpPort lines and change the address and port number to the correct values.
Creating a Template File using Remote Agent Installer

A template file can be created when running Remote Agent Installer. After modifying agent properties and adding computers to the Selecting Clients window, click Export
349
to create the template file to import computers (*.rci) as well as the template file (*.inp). Example: if you have computers named PC-1 and PC-2 listed in the Selecting Clients window and export these computers using the file name Export.rci, the following two template files are created: Export_PC-1.inp Export_PC-2.inp
Using the Template File

To use the template file you created, run the AClient.exe installation program specifying the template file and using the -install switch. Example: \\FX1\eXpress\AClient.exe aclient.inp -install The following command-line options are available:
Option
-install -remove -silent -stop
Definition
AClient.exe runs and installs the Deployment Agent on the computer as opposed to just running it in memory. Permanently removes Deployment Agent from the computer where it was installed. Lets you use the options without being prompted for further input. Stops the Deployment Agent from running, but does not remove it. The next time the computer is booted, the Deployment Agent runs in production mode. Starts the Deployment Agent. This option works only when Deployment Agent is installed on the computer.
-start
Installing Deployment Agent on Linux

You can install the Deployment Agent to any supported Linux workstation or server by downloading and running the Deployment Agent for Linux installation file (a .BIN file) on the client computer. The Deployment Agent is updated automatically on Linux computers when upgrading to a new version of Deployment Solution. The creation date of the Deployment Agent is checked and updated when a new agent is available.
Processors
Disk space Operating systems:
Pentium
5 MB contiguous RedHat 7.2, 7.3, 8.0, 8.1 RedHat Advanced Server 2.1 United Linux 1.0
RAM
32 MB
Installing the Deployment Agent for Linux

1. After downloading the .BIN file to a local directory, you can install from the command line.
350
To install from the command line, browse to the directory where you saved the .BIN file, switch to the root user (su) and change the directory to the location of the .BIN file by typing
(cd < directory>)

after changing the directory, you must have the permission to execute the .BIN file, to obtain the permission, type chmod 544 <filename> Type: ./<file name> The Deployment Agent for Linux is installed in the /opt/altiris/deployment/
adlagent directory.
2. You can change the adlagent configuration file settings by updating the adlagent.conf file. This file is located in the /opt/altiris/deployment/ adlagent/conf directory. You can also change the adlagent configuration file settings by executing the configure script from the /opt/altiris/ deployment/adlagent/bin directory. To run the script to change settings for the adlagent configuration file, browse to the /opt/altiris/deployment/adlagent/bin directory from the shell and type the following:
./configure
You are prompted to select Multicast options to identify a Deployment Server to manage the current client computer, or you can select a specific Deployment Server by setting the Multicast option to false and adding the IP address of the desired Deployment Server. To edit the configure file directly, open the adlagent.conf file located in the
/opt/altiris/deployment/adlagent/conf
directory and make setting changes to the configuration document. In many cases, you can edit the configuration file to change the functionality or properties. Example: you can open the adlagent.conf file in an editor and scroll to the [Transport] section and the UseMcast line. Change UseMcast=true to UseMcast=false. Type the IP address of the specific Deployment Server you want to manage the client computer into the TCPAddr=<IP address> line. Additional configuration settings can also be identified and edited in the configuration file. 3. After editing the configuration file, restart the Deployment Agent for Linux. To start and stop the Deployment Agent for Linux, you must enter the full path or browse to the /etc/rc.d/init.d directory (with administrator/root rights) and use the adlagent stop and adlagent start commands, or the adlagent restart command. You can also use the Package Manager installed with Linux to restart the Deployment Agent for Linux. By stopping and starting the Deployment Agent for Linux, the service updates the changes made in the adlagent configuration file. You can now view the Linux managed computer from a Deployment console. See Installing Deployment Solution Agents on page 344.
351
Installing the Automation Agent

After Deployment Server has detected a managed computer through the Deployment Agent in a production environment, you can install an Automation Partition from the Computers pane. You can use this feature on Windows 2003/XP/2000.
Processors
Disk space Operating systems RAM
Pentium
5 MB contiguous MS DOS and Linux 32 MB
Here are some other ways to create and install an Automation Agent, which is saved in an embedded (recommended) or hidden partition on the client computers hard disk. For Windows 98 computers, create boot disks to install locally. For Deployment Solution systems running the Altiris PXE Server, create boot menu options from the PXE Configuration Utility, using one of the following methods: Boot Disk Creator, Direct from floppy, or User Specified. See PXE Configuration Utility Help. To install an Automation Partition on Windows 2003/XP/2000 computers, you can create a Microsoft Install Package (MSI) and deploy it using a job from the console. See Distributing Software on page 175. You can also create floppy disks, bootable CDs with an ISO image, or bootable USB devices. See Boot Disk Creator Help
To install an Automation Partition

See Install Automation Partition on page 137.
Managing Licenses
From the Deployment Console you can find the number of licenses used, detect an expired license, or apply a license to a client computer. Although you can install multiple Deployment Servers, but licensing is based on the number of managed client computers. The Deployment Server system also provides the license utility to install or update regular licenses, or add licenses to computers installed with Deployment Solution. This utility shows the license status, install a new license, and add additional licenses.
352
Licensing Terms
Term
AUP - Annual Upgrade Protection
Description
Altiris Annual Upgrade Protection or AUP lets registered Altiris software users upgrade to any version of the registered product that is released during the coverage period without paying an upgrade charge. Regular production licenses never have a license expiration date, but always have an AUP date. As long as this date is not expired you can use that license to register any version of Deployment Server. The total number of client and server computers that a Deployment Server is licensed for. Each client computer that has an agent and that communicates actively with the Deployment Server uses a single license node. You can view this information on the About Deployment Console box. This detail appears in the License Details when you apply a license with the Product Licensing Utility, and select a license file.
Licensed Nodes
DS and PCT
These are common abbreviations for Deployment Server and PC Transplant. Both of these products are licensed with the same licensing model, and very often a single license applies to both products at once, although some licenses apply only to PC Transplant. All regular licenses (that are purchased) never expire. Evaluation licenses however do have an expiration date. After the expiry date those trial or evaluation licenses no longer function, and need to be replaced with a regular license.
Expired License
See also: Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
Using the License Utility

The Deployment Server system provides a license utility to update or add licenses to installed sites, which lets you apply the license activation key file (.lic file) after Altiris products are installed. This utility is installed to the Deployment Share during the Deployment Server installation. When you open the License Utility, the Altiris Activation Key Wizard appears. On the Select Altiris Program Files to Activate page, you can select the Replace all existing license Activation Keys with this new Activation Key check box, which overwrites the current Activation Key with the one you are installing.
353
The License Utility shows the license status, install a specific product, install new or updated licenses for installed software, and additional licenses for installed software. To open the Altiris License Utility Option 1: Click Start > Programs > Altiris > Deployment Solution > Product Licensing Utility.
Option 2: 1. 2. Browse to the location where you installed the Deployment Share. Run license.exe.
To view license status

1. 2. 3. Open the License Utility. Enter the directory path to the new .LIC file. Click Next. A summary screen displays the activation key information. 4. Click Cancel.
Install a Regular License for Altiris Products

When a product is installed from the Altiris CD or the Altiris Web site, a 7-day trial license is automatically applied. However, you can apply a 30-day evaluation license or a purchased regular license to installed products that use a license activation key file (.LIC). Note Save the license activation key file, because you will need it when future product updates are released. After you receive the key, store it in a safe place (such as a floppy disk) for future reference. Multiple license activation key files can be stored in individual folders on a single disk. You can also store multiple license activation key files in the same folder, as long as the file names are different.
To apply a regular license file

1. 2. Open the License Utility. Enter the directory path to the new .LIC file and click Next. The Altiris Activation Key Wizard displays the activation key information. 3. Click Next. A list displays the Altiris products that are installed on the Deployment Server. Each program file uses license activation key files. 4. Select one of the following: Option 1:
354
a. b.
Select the product you want to license. Use the Shift key to select multiple products. Click Finish to apply the license to the selected products.
Option 2: c. d. e. Click Add to browse to the location of an Altiris product folder. Select the program filename and click Open. The product is added to the license list. Select the products to license and click Finish.
Option 3: f. g. h. Select the products you do not want to apply a license to. Click Remove. Select the products to license and click Finish.
See Installing Deployment Solution Agents on page 344.
HP client computers and licensing

HP client computers automatically connect to the Deployment Server with a 30-day trial license. In the Deployment Console, HP client computers display a clock icon to indicate that the trial license is limited, and has an expiration date. Following are the steps to upgrade the trial license: 1. 2. 3. From the Deployment Console, right-click the HP client computer and select Properties. Click the Apply regular license check box. Click OK. The license is automatically upgraded to a purchased license.
Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console.
Install Multiple Licenses

Some Altiris utilities can combine multiple licenses together for the total number of nodes. Example: two 50-node licenses can be combined to a single 100-node license. This option lets you apply an add-on license to the Altiris products you have installed on the Deployment Server. 1. 2. Open the License Utility. Enter the directory path to the new .LIC file and click Next. The Altiris Activation Key Wizard displays the activation key information. 3. Click Next. A list displays the Altiris products you have licensed. 4. Click Finish.
See also: Managing Licenses on page 352, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the
355
Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
Adding a License from the Deployment Console

Use this option to install a license to a computer from the Deployment Console after the free trial has expired. You must apply a regular (permanent) license to continue managing client computers. You cannot install a license directly to a client ccomputer. However, you must install a regular license on the Deployment Server before you can install and manage licenses for client computers from the Deployment Console.
To install a regular license to a single computer

1. 2. 3. 4. From the Deployment Console, right-click the computer to which you want to apply the license. Select Properties. Select Apply regular license. Click OK.
To install a regular license to multiple computers

1. 2. 3. From the Deployment Console, right-click the computer group to which you want to apply the license. Select Advanced. Select Apply Regular License.
See also: Managing Licenses on page 352, Using the License Utility on page 353, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
Rapid Deployment Pack Licensing

Rapid Deployment Pack (RDP) is a version of Deployment Server released to HP customers. It functions and behaves almost in a similar manner in regards to licensing. The only major difference is that due to the HP policy, AUP for their customers is much longer than normal. Deployment Server does not apply licenses correctly if they have AUP longer than 3 years. Because of this, if you have licenses for RDP, and you download Deployment Server from the Altiris.com Web site, you cannot apply the licenses. The easiest way to resolve this issue is to use the install files from the HP Web site. Those installation files use a slightly different version of the Product Licensing Utility, and they let licenses with long AUP dates. See also: Managing Licenses on page 352, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
356
Finding the Number of Licenses Used

Open the Deployment console and select Help > About from the main menu bar. You can see the total number of licenses you have purchased, the total licenses you have used, and the total licenses available. You can view the information in the Computers pane to understand for which computers regular licenses have been applied. In the Computers pane, a clock icon in the lower left corner implies that the computer still has a free license. See also: Managing Licenses on page 352, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
Computers Not Using a Regular License

From the Deployment Console, you can understand which computers do not have a regular license. If the icon has a clock in the lower left corner of the Computers pane, this is an HP computer that still has the free 30-day license. See also: Managing Licenses on page 352, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
Detecting an Expired License

A computer listed in the Computers pane of the Deployment Console will be gray instead of blue if the license has expired. However, this may not always mean that the license has expired so check the other options listed below. A computer with an expired license states Client license expired - see computer properties when selected. If you try to view the properties of a computer with an expired license, the following error message appears: Error: You have chosen a computer that has expired. Clients that are expired cannot be managed until a license is purchased for them and they have been flagged in the Computer Properties dialog to accept a regular license. Note If you place a job on a computer with an expired license, the same error message appears.
Directing client computers to the correct Deployment Server

If you review the client computer list from the Deployment Console and notice some computers are not available when you click them, it can be that the computer was moved from one Deployment Server to the other, and the former server had an expired licence. To verify that a client computer is associated with the Deployment Server you want, do the following: 1. 2. Double-click on the Deployment Agent icon on the client computer. Select Properties.
357
3. 4.
Enter the IP address of the correct Deployment Server in the Address/Hostname field. Click OK.
See also: Managing Licenses on page 352, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, and Expired Licenses on page 358.
Expired Licenses
Regular Deployment Server licenses do not expire, however the 7-day trial license, or the 30-day evaluation licenses do expire, and can cause some problems if not replaced properly after adding regular licenses. Computers with expired licenses become dead nodes and can no longer be managed by the Deployment Console. When a license is first installed on the Deployment Server, each computer in the database takes a license node. If this node is a temporary license, that computer has a tag in the database that says it is a trial node. If that license is not replaced before the time limit, the computer stops accepting jobs or any type of remote management. When the Deployment Server receives new regular licenses, it does not by default release the trial license nodes that it was using before. This can cause problems if the trial licenses are still being used and they expire even after you apply a regular license. There are 2 ways to deal with this lingering expired license issue. First you can set up a global option that automatically replaces any trial license with a regular license as soon as they become available. This is a long term and preventative solution to expired license issues. 1. 2. 3. In the Deployment Console, go to Tools > Options. Click the Global tab. Select the Automatically replace expired trial licenses with available regular licenses check box. This resolves the computer node licenses expiry issue.
The second way you can deal with expired licenses is reapply all regular licenses to the computer nodes. This is helpful if you want to see an immediate resolution to a license issue. 4. 5. In the Deployment Console, right-click the All Computers computer group (or any other computer group you need to do this to). Select Advanced > Apply Regular License. This makes all computer nodes in that group release the license node they were using and take a regular license node.
See also: Managing Licenses on page 352, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, and Detecting an Expired License on page 357.
DS Installation Help
The following are the help file topics for the Deployment Server installation program that you can access by clicking Help or pressing the <F1> key. These topics identify and explain the screen elements on the dialogs used in the installation process.
358
Install Configuration
The Deployment Server system supports a Simple Install and as well as a Custom Install option. A Simple installation lets you install all components on a single computer. The Custom installation lets you distribute individual components of a Deployment Server system on multiple computers. The Thin Client Install lets you install the Thin Client view of the Deployment Console on your computer. Use the Component Install option to install additional components on your system. Pre-Installation Simple Install Helper. Click this option to check for an installation of Microsoft SQL Server for a Simple install. If Microsoft SQL Server or MSDE is located, the installation program continues. If not, the installation program prompts you to automatically install MSDE 2000 from an Altiris download Web site. Installation Type Simple Install. Click this option to install all Deployment Server components on a single computer. This configuration is recommended for managing computers on a single LAN or across a site with few subnets. See Simple Install for Deployment Server on page 337. Include PXE Server. Select this feature to install the Altiris Altiris PXE Server when running the Simple install option. The PXE Server requires a DHCP server also installed on your network. Custom Install. Click this option to install Deployment Server components on multiple computers across your system. A Custom install lets you balance network activity for large enterprises with multiple subnets. Example: use this option to distribute the Deployment Database on a separate computer or assign another file server as the Deployment Share to store image and package files. See Custom Install for Deployment Server on page 340. Thin Client Install. Click this option to install the Thin Client view of the Deployment Console on your computer. You do not require a license file to install this view. See Thin Client Install for Deployment Server on page 343. Include PXE Server. Select this feature to install the Altiris Altiris PXE Server when running the Simple install option. The PXE Server requires a DHCP server also installed on your network. Component Install. Click this option to install additional Deployment Server components to your system. Example: use this option if you want to add an Altiris PXE Server to your Simple or Custom installation, or if you need multiple Deployment consoles. See Component Install for Deployment Server on page 343. If you have multiple network adapter cards, a secondary dialog appears asking you to select the IP address for the Deployment Server interface. See also Deployment Server System Requirements on page 336. Note If you are running Deployment Server on a MS Windows Server 2003 Domain Controller with SMB Signing enabled you cannot execute any imaging and DOS jobs. When running jobs on MS Windows Server 2003, you must change the SMB Signing Registry Key to execute DOS-based deployment jobs.
359
To disable SMB signing on the Windows 2003 Server

1. Open the Default Domain Controller Security settings dialog by clicking Start > Settings > Control Panel > Administrative Tools > Domain Controller Security Policy >Local Policies >Security Options. Locate the Microsoft network server: Digitally sign communications (always) policy setting, right-click it and select Properties > Disabled. Disable the Microsoft network server: Digitally sign communications (if client agrees) policy setting as well. This is Enabled by default.
2. 3.
Installing Deployment Server

Specify the Deployment Share (shared directory) where the image files, .RIPs, and other package files are to be stored. Ensure you have a shared Windows or NetWare directory with free disk space and appropriate security rights before installing. File server path. Select the drive letter and directory path where Deployment Server can be installed. The default path is the Program Files directory on the local computer. Create Deployment Share. If you are installing the Deployment Server to a local Windows computer, select the Create Deployment Share check box to create a shared directory as your Deployment Share. If you are installing to a remote file server or if you select an invalid path, this option is unavailable. Note If you are installing the Deployment Server to a remote file server, create a share or grant access rights to the Deployment Server directory on the file server before you start the installation. For Windows XP, you must run the Network Setup Wizard accessed from My Network Places to enable sharing. Free 7 day license. Click to use an evaluation license for a new Deployment Server installation. Upgrade using existing license. Upgrade the Deployment Solution install by using an existing license file. License file. Type the path or browse to the license (.LIC) file received when you registered on the Altiris Web site. Service user name and Service password. If running a Simple Install, type the user name and password of the Deployment Server service and the Deployment Share. For domain accounts include the domain name (example: orgDomain\admin). Ensure you create the administrator domain account before starting the installation. See also Deployment Server Components on page 331, Installing Deployment Server, and Managing Licenses on page 352. Installing Deployment Server using Component Install Specify the Deployment Share (shared directory) where image files, RIPs, and other package files are stored. Ensure you have a shared Windows or NetWare directory with available disk space and security rights before installing.
Deployment Server Install

Install the Deployment Server on a computer. The service is identified in the Services section of the Windows Computer Management as Altiris eXpress Server.
360
To install service on a local computer

1. 2. 3. 4. Click On this computer. Type the Deployment Server IP address and port information. Enter the path to install the Deployment Server. Type the user name and password of the Deployment Server. For a domain account, type the domain and user name. Create this account before starting the installation.
To install service on a remote computer

1. 2. 3. Click On a remote computer. Type the name of the computer or browse to where you want to install. The destination path and IP address of the computer appear automatically. Type the user name and password of an administrator account for the Deployment Server computer. For domain accounts include the domain name (example: orgDomain\admin). The user account must have rights to the Deployment Share. Create the administrator domain account before starting the installation.
See Deployment Server Components on page 331 and Installing Deployment Server on page 331.
Pre-boot Operating System (Simple)

Select a default pre-boot operating system, which Deployment Server can use as the default when creating a deployment job with an automation task. However, you can also install additional pre-boot operating system files through Boot Disk Creator later. If you are running an Altiris PXE Server in your system environment, the first pre-boot operating system you install becomes the default boot menu option for Initial Deployment. The menu options display DOS Managed, Linux Managed, or Windows Managed. You can assign an automation pre-boot operating system to an automation task when it is added to a deployment job. This flexibility lets you run several automation tasks within a single job, and each task can boot to the automation environment you want. None. Select this option if you do not want to provide a default automation operating system. You can also select this later through the Boot Disk Creator utility. DOS FreeDOS. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment Server. The exact location of the folder varies, depending on the installation path. This .FRM file is an open source code and is not owned by Altiris. However, this file is available to all customers by downloading the file from the Altiris Solutions Center. MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or browse to the system formatted files. Linux. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment Server. The exact location of the folder varies, depending on the installation path. This .FRM file is an open source code and is not owned by Altiris. However, this file is available to all customers by downloading the file from the
361
Altiris Solutions Center. You can select the Altiris FIRM file for the following operating systems. x86 x64 ia64 Windows PE. Browse to the Windows PE files and the Microsoft Windows operating system path. Altiris supports Microsoft Windows PE 2005, and Microsoft Windows 2003 SP1. You can select the WinPE files for the following operating systems. x86 x64 ia64 See Boot Disk Creator Help, and PXE Configuration Help.
Pre-boot Operating System (Custom)

Select a default pre-boot operating system, which Deployment Server can use as the default when creating a deployment job with an automation task. However, you can also install additional pre-boot operating system files through Boot Disk Creator later. If you are running an Altiris PXE Server in your system environment, the first pre-boot operating system you install becomes the default boot menu option for Initial Deployment. The menu options display DOS Managed, Linux Managed, or Windows Managed. You can assign an automation pre-boot operating system to an automation task when it is added to a deployment job. This flexibility lets you run several automation tasks within a single job, and each task can boot to the automation environment you want. FreeDOS. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment Server. The exact location of the folder varies, depending on the installation path. This .frm file is open source code and is not owned by Altiris. However, this file is available to all customers by downloading the file from the Altiris Solutions Center. MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or browse to the system formatted files. Linux. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment Server. The exact location of the folder varies, depending on the installation path. This .frm file is open source code and is not owned by Altiris. However, this file is available to all customers by downloading the file from the Altiris Solutions Center. Windows PE. Browse to the Windows PE files and the Microsoft Windows operating system path. Altiris supports Microsoft Windows PE 2005, and Microsoft Windows 2003 SP1. See Boot Disk Creator Help, and PXE Configuration Help.
362
Deployment Database Install

Install the Deployment Database on a local or remote server with or without an existing Microsoft Data Engine (MSDE) or Microsoft SQL Server. To install the database you must have administration rights to the selected server. Note In Deployment Solution 6.0 and later, if you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific instance using this format: <SQL Server Name>\<database instance>. The instance of the database can vary. Example: if you have a clustered Microsoft SQL Server to manage multiple Deployment Solution systems on different network segments, you can enter the name salesSegment\express or marketingSegment\express depending on the previously established database instance. Install the Deployment Database using these options: Select the Microsoft SQL Server instance where you want to install your Deployment database. You can also change the default SQL Port number. To name the Deployment Database differently from the default name eXpress, you can type a different name in the Database Name: box. However, this does not alter the Deployment Share name. See also Deployment Server Components on page 331.
Altiris PXE Server Install

Select the options to boot locally using the Altiris Automation Partition or across the network using the Altiris PXE Server using the Intel Pre-boot eXecution Environment (for PXE-compliant computers only). Note If you have a Novell NetWare file server, you must set up the Altiris PXE Server after installing Deployment Server. The Universal Network Device Interface (UNDI) default driver is not supported by Novell NetWare. Click No I will be using an Altiris automation partition on each client computer, if you do not use PXE and prefer using embedded (preferred) or hidden partitions, or bootable media to run tasks. Note This option is unavailable for installing the Altiris PXE Servers using Add Components. Click Yes, I want to install PXE Server on this computer to install on the local computer. Note This option is selected by default for the Add Components install. Click Yes, I want to install PXE Server on a remote computer to install the Altiris PXE Server on a remote computer. Type the name of the computer and the path.
363
Type the IP address for the Altiris PXE Server and the Deployment Server. Type the path on the computer to install the Altiris PXE Server. Select the pre-boot operating system that can be used as the default PXE boot menu item. The pre-boot operating system options that are enabled depends on the options selected for pre-boot operating system in the Pre-boot Operating Systems page. Example: if you select Linux in the Pre-boot Operating Systems page, the Linux option is enabled as the default PXE boot menu item. See also Installing the Automation Agent on page 352, Pre-boot Operating System (Simple) on page 361, and PXE Configuration Utility Help.
Client Connection to Server

Select the protocol your managed computers can use to connect to the Deployment Server. Connect directly to Deployment Server. Installs the Altiris PXE Server using the Intel Pre-boot eXecution Environment (for PXE-compliant computers only). You can use this without PXE for faster access, as it goes directly to the IP address without searching. If managed computers are on a different segment or if you are using the Altiris PXE Server with an UNDI driver, click Connect directly to Deployment Server and enter the IP address of the Deployment Server that the managed computers can connect to. Do not change the port number unless the default is already being used. Note If you change the port number, you have to change the client configurations. Discover Deployment Server using TCP/IP multicast. Lets managed computers connect to any Deployment Server. To use multicasting and connect to a specific Deployment Server, enter the name of the Deployment Server computer. Multicasting cannot be used with the UNDI driver. If you want to use different drivers on the Altiris PXE Server, you can create multiple PXE boot files after installing. See also Deployment Agents on page 112.
Deployment Web Console Information

This feature lets you remotely manage Deployment installations, deploy and manage Windows and Linux computers (both client and server editions) in real-time, and benefit from many of the same features available in the Deployment Console.
To Install Deployment Web Console

1. By default, DS Web Console installs to the same computer running the installer. Click On a remote computer, and click Browse to navigate to a computer where you want the installation to occur. You can also select to not install Deployment Web Console by clicking the Do not install option. If you want to change the default values, enter the Console port and Deployment Web Console path for the installation. The Service user name and Service password must be an existing account on the Deployment Share and the destination computer where the Web Console can be installed.
2. 3.
364
Note If you are installing an additional Deployment Web Console using Add Component, the Do not Install option is disabled. See also Deployment Console on page 332 and Deployment Server Components on page 331.
Sysprep
Enter the location of the Microsoft Sysprep files according to the operating system. Type the location or click Browse and select the required files. If you install the Itanium Windows operating system to a computer that is not an Itanium box, an error message appears that the file is valid, but is of the wrong type for the computer. To resolve this issue, access the Deploy.cab file from an Itanium box and save it on the server before you install Deployment Solution.
Installing Components
Click Install, or click Back to change settings. See also Deployment Server Components on page 331.
Installation Information Summary

The components are installed. You can remotely install Deployment Agents, enable Sysprep support, and download Adobe Acrobat for documentation. Enable Microsoft Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Remotely Install Deployment Agent (Windows 2000 or later only). Select this option to push the Deployment Agent to computers running the Windows 2000, XP, and Windows Server 2003 operating systems. Install add-ons to provision server hardware. Select this option to install the addons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. Note Install add-ons to provision server hardware is the only option available on the Installation Information Summary dialog when you select Component Install. Click Finish. See also Deployment Server Components on page 331.
Add Components Summary

The components in the list are installed.
365
Download Adobe Acrobat. Select this option to download the Adobe Acrobat Reader to read the documentation in the .PDF format. Click Finish. See also Deployment Server Components on page 331.
Deployment Database Authentication

Specify the type of authentication the Deployment Database will use. You can select Windows authentication or SQL Server authentication. If you select SQL authentication, enter the user credentials with administrative rights for the SQL database. Use Windows NT authentication. Click to use the Windows network or Active Directory authentication. Use SQL Server authentication. Enter the user name and password set for the Microsoft SQL Server. If using MSDE, the default sa user name is used with no password is required. See also Deployment Server Components on page 331 and Installing Deployment Server on page 331.
Add Components
If you have already installed Deployment Server, you can add components to the existing system. Select the type of component you want to add. See also Deployment Server Components on page 331.
Console Install
You can install the Deployment Console on either the local computer or multiple remote computers. Installing the Deployment Console to remote computers lets you manage computers from multiple Deployment Consoles across the Deployment Server installation. Click On this computer to install the Deployment Console to the local computer. Click On a remote computer to install the Deployment Console to a remote computer. Type the computer name or browse and select a computer. See also Deployment Server Components on page 331 and Installing Deployment Server on page 331.
Installer Return Codes

For a list of return codes for the installation program, see the Error Messages in Deployment Solution chapter in the Reference Guide.
366
Part VII Deployment Web Console

The Deployment Web Console allows you to manage and deploy computer resources in real-time from a web browser to manage multiple Deployment Server sites. In addition, the Deployment Web Console loads into the Altiris Console to provide comprehensive reports and integrate additional management solutions. Deployment from the Altiris Console allows you to use the built-in features of Notification Server such as Package Servers, security, and collections with standard Deployment Solution management features.
367
Managing from the Deployment Web Console

Deployment Solution provides both Windows and Web user interface consoles to deploy and manage computer devices across local or wide area networks. As an IT administrator, you can manage all types of computer devices and servers from the Deployment Web Console using all features available in the Windows console. The Web console reads and writes directly to the Deployment Database and can be accessed as a standalone Web application or integrated within the Altiris console: The Deployment Web Console provides basic deployment and management functionality from a Web browser, including the ability to remotely access and manage computer devices, build and schedule jobs, and view multiple Deployment sites. To launch the Deployment Web Console, double-click the icon on the desktop, or click Programs > Altiris > Deployment Solution > Deployment Web Console.
The Web console for Deployment Solution provides standard Computers, Jobs, and Details panes to view computer icons and properties, perform remote operations, schedule deployment jobs, and identify the state and status of computers in your system. See Deployment Web Console Basics (page 369). Deployment from the Altiris Console lets you manage and generate reports across multiple Deployment Server systems and integrate additional Web applications available in the client and server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, and Application Metering solutions. Deployment from the Altiris Console lets you generate enterprise-wide reports that track deployment resources and integrate features such as Package Servers for location-sensitive software distribution. Notification Server also provides collection features to group computers by defined criteria. See Deployment from the Altiris Console (page 386). The Deployment Console is a Windows-based console with complete deployment and management features, including remote control, security, PXE server configuration, image editing, and other deployment utilities and features. To launch the Deployment Server Console, double-click the icon on the desktop or click Programs > Altiris > Deployment Solution > Console. See the Deployment Server Help and Deployment Product Guide for additional information.
368
The Deployment Web Console also provides features and functionality to integrate with Microsofts Automated Deployment Services (ADS). See Automated Deployment Services (ADS) (page 385). See Basic Tasks from the Deployment Web Console (page 372) for steps to manage and deploy computer devices from the Deployment Web Console.
Deployment Web Console Basics

The Deployment Web Console is a feature-rich Web application that uses Microsoft .NET and other built-in services to provide real-time access to computer resources, deployment jobs, and package files. The Deployment Web Console includes a graphical user interface with distinct icons to identify type and status of the computer, groups, deployment job or other system components. From the Deployment Web Console you can build simple or complex deployment jobs to migrate users, set up new users, install software and image hard disks all from a Web browser. The Deployment Web Console also loads from the Deployment tab in the Altiris Console for integration with the Client Management Suite and Server Management Suite. Refresh. Click to update console information after adding or deleting items, creating groups, or making other screen changes. Expand. Click to expand or contract feature sections within the Web page. Apply. Click to apply settings, properties or names. You remain on the current page after clicking Apply. Cancel. Click to cancel out of an action or delete a property or name. You remain on the current page after clicking Cancel. New. Click to add new items or objects within a group, such as new computer accounts or conditions sets. New Computer. Click when Adding New Computers.
New Job. Click to create a new job.
Up/Down arrows. Click to change the order of items in a list. Example: the order of tasks in a deployment job.
Task User Passwords. Click to change the users task password on multiple Deployment servers. Users have access to the job tasks: Copy file to, Distribute Software, Run Script, Distribute Personality, and Capture personality. Find. Click to find or filter selected computers in a group or jobs in a folder. You can also filter computers by operating system or jobs by task types.
369
Go. Click to run a process or actuate a feature.
Delete. Click to delete an item.
Deployment Web Console options. Click to set these features set properties for the Deployment Web Console and the ADS features. About Deployment Web Console. Click to view supported Deployment Servers, licensing information for each system, and general information. Help. Click to open help documentation for the Deployment Web Console.
Like all Deployment consoles, the Deployment Web Console is divided into several panes to organize computers, deployment jobs, software packages and scripts. It gives you a graphical view of your network and provides features to build jobs, store and access jobs and packages, and report the status and state of all of your computer resources.
Computers pane
From the Computers pane, you can traverse multiple Deployment Server systems and navigate the treeview of each system to select computers or computer groups. You can view Computer Details, run Remote Operations, or Assigning and Scheduling Jobs for each selected computer or group. Elements of each group appear in the Details pane with features to view properties and run management tasks. By drilling down into a selected Deployment Server system, you can view and select New Computers and other computer groups defined for your organization. When running Deployment from the Altiris Console, you can also identify managed computers within the Altiris Console Collections created by Notification Server. These collections identify only managed computers with the Deployment Agent installed, displaying computers by operating system, computer model, type, or other properties. You can now manage computers by defined groups or filtered by client type.
When a computer or group is selected, the Details pane shows a list of computers in the group and gives basic information about each computer. The Find detail bar appears in the Details pane to filter computers by a set criteria. When a computer is selected, you can view the computer status in the Details pane, including a list of jobs that have run or are scheduled to run on the computer and the status of each job. See Managing
370
Computers from the Deployment Web Console (page 398) for complete information about organizing computers, running remote operations, and viewing properties from the Computers pane.
Jobs pane
Use the Jobs pane to create and build jobs with specified deployment tasks. You can organize the job objects using the New job folder command from the Select Action list. Jobs in one Deployment Server group can be scheduled to computers in another Deployment group, where they are replicated to the source Deployment Server. Jobs can also be replicated directly to another system using the Move job command in the Details pane. From the Jobs pane you can schedule and execute deployment jobs such as creating images, deploying computers, changing configurations, or installing software. Once a job is created, you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a particular time, or saved for a later time. See Scheduling Jobs from the Deployment Web Console (page 419) for complete information about setting up, importing, and managing computers from the Jobs pane.
Jobs are organized by Deployment Servers, listing all job folders and individual jobs for a specific site under the name of the managing Deployment Server. When a job is selected, the Details pane displays a list of jobs in the folder and provides basic information about each job object, such as its state, status, and task list. It also shows the computers or computer groups to which the job is assigned.
Details pane
The Details pane is the right-hand pane in the Deployment Web Console. It extends the user interface features when working in the Computers or Jobs panes. When you select Deployment Servers in the Computers pane, the Details pane lists all associated Deployment Server in your organization and displays links to access the computers and jobs for that site. When you select a specific Deployment Server, all computers and computer groups for that system appear. When you select a Deployment Server in the list, the computer groups and managed computers for that system appear. When you select a job icon in the Jobs pane, the Details pane displays information about the job to set up conditions, order tasks, and add, modify, or remove tasks.
371
Deployment Web Console Options

Click the Console Options icon in the toolbar of the Deployment Web Console.
The Deployment Web Console appears with the following console options. Clear the computer and job selections after scheduling. Select this option to clear selected computers or computer groups and the associated jobs assigned to them. Prompt before performing operations. Verify actions to the user before scheduling jobs or performing other operations. Show physical devices. Show blade servers as Rack/Enclosure/Bay objects in the Computer pane.
Microsoft Automated Deployment Services (ADS)

Enable ADS. Deploy and manage using the Microsoft ADS features. See Automated Deployment Services (ADS) (page 385).
Basic Tasks from the Deployment Web Console

The following are basic tasks you can perform using the Deployment Web Console as a stand-alone console or from the Altiris Console. Remote Computer Operations (page 372) Assigning and Scheduling Jobs (page 373) Finding and Filtering Computers and Jobs (page 373)
Remote Computer Operations

From the Deployment Web Console, you can quickly deploy and manage computers onthe-fly using remote operation features. 1. Click a Deployment Server or other computer group in the Computers pane. In the Details pane, the computers and computer groups are listed. Select the managed computers to select the check box for specific computers. The computers appear as a Selected Computer. 2. From the Selected Computers list, select an action to perform on the managed computer. See Remote Operations (page 415) for a list of provided management actions. Depending on the selected action, a secondary page may open to run the operation. Set the appropriate values and click OK. The selected operation runs on the managed computers.
3.
Reject Client Computer Connections

To manage unwanted client computers from attaching to the Deployment Server, use the Reject Connection Computer Action to remove the clients MAC address and other information from the Deployment database. If the client tries to connect to the server, the MAC address cannot be found and the client-server connection is rejected.
372
Note Virtual client computers cannot be rejected.
To reject client computers

1. From the Deployment Web Console, in the Computers pane, click a Deployment Server name. A list of client computers and groups appears in the Details pane. Select the check box next to the computer whose connection you want to reject. Click the Computer actions drop-down list, and select Reject Connection.
2. 3.
Assigning and Scheduling Jobs

From the Deployment Web Console, you can assign jobs to computers and schedule them to run immediately or at a later time. 1. Click a Deployment Server or another computer group in the Computers pane. Select the check box for specific computers or computer groups in the Details pane. The computer appears as a Selected Computer. 2. Click a job folder in the Jobs pane. Select the check box for one or more jobs in the Details pane. The jobs appears as a Selected Job. .
To clear the computers or jobs and reselect, click the clear icon. 3. Click Run Now or Schedule to run the selected jobs on the selected computers. Secondary pages appear to set scheduling values.
Finding and Filtering Computers and Jobs

You can search for or filter computers or jobs within a selected group or job folder. If you select a computer group in the Computer pane, you can enter a search string for a computer name in the Find field and filter by operating system. If you select a job folder in the Jobs pane, you can enter a search string for a job name in the Find field and filter by task types. See Find a Computer in the Database (page 417) and Creating a Computer Group Filter (page 417).
Scheduling Jobs
After selecting computers or computer groups and assigning jobs, you can now select to run the job immediately or schedule it for another time. See Scheduling Jobs on page 373.
Deployment Server Configuration

You can configure all the options for a single Deployment Server from the Deployment Server Options page from the Deployment Web Console. Click the Deployment Servers link in the Computers pane to view a list of all available Deployment servers
373
appears in the Details pane. Then, double-click a particular Deployment Server in the Details pane to view the Deployment Server Options page. You can change the following options: Global (page 374) Maintenance (page 375) Agent Settings (page 375) Security (page 380) Logon (page 385)
Global
Set global options for the selected Deployment Server. Synchronize display names with windows computer names. Automatically updates the display name of the managed computer names in the Web console when the managed computer name changes. If this option is not selected, changes to computer names is not reflected in the Web console. Synchronization option is off by default. The computer names do not have to be synchronized for the Deployment Server to manage the computer. Display imaging status on console (percent complete). Shows the status, in percentage, for the scheduled imaging job. Deployment Agent/Deployment Server file transfer port. Specify a static TCP port for file transfers to the clients or choose to assign it dynamically. The default value for static port is 0 and causes the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamically assigned port. The transfer port range is 1 to 2147483647. Remote control ports. You can specify the two ports; Port 1 and Port 2 by selecting the Remote control ports check box. By default the check box for Remote control ports is not selected and dynamic port is used while remote controlling. If the Port 1 is already in use, Port 2 is used for remote control. The remote control port ranges from 0 to 65535. Key. Specifies the primary lookup key type used to associate a new computer with a managed computer. The options are Serial Number (SMBIOS), Asset Tag (SMBIOS), UUID (SMBIOS), or MAC Address (SMBIOS). Speed. This is the file transfer speed between the Deployment Server and client computers. Select a transfer rate from the Speed list. Change Sysprep Settings. Enter the global Sysprep values you want to use when creating or distributing disk images. Click Change Sysprep Settings to view the Sysprep Settings dialog.
SysPrep Settings
OS Product Key tab Click the drop-down arrow and select an Operating System from the list. Then, click Add product key to enter product key (up to 29 characters) information. Add as many product keys as needed and select a product key from one of the keys listed. To modify a product key, select the product key and click Modify product
374
key. To delete a product key from the list, select the product key and click Delete product key. Note If a product key is being used by another task, a message prompt appears that the product key is currently in use and you cannot delete the product key until the task completes.
Maintenance
Retry failed imaging jobs immediately. Immediately retry a failed image deployment job. The program continues to retry until the job succeeds or until the job is cancelled. Automatically replace expired trial licenses. Allows Deployment Server to automatically assign a permanent license to the managed computers after the trial license expires. Delete History older than _____ days. Specify the number of days an entry is kept in the history until it is deleted. If the number of days is set to 0, no entries are kept in the history. If this option is not selected, log entries remain in the history. Remove inactive computers after _____ days. Specify the number of days you want to keep inactive computers in the Deployment database before they are deleted. The default value is 30 days, but any number between 1 and 10,000 is valid.
Agent Settings
Use the Agent Settings tab to control the default agent settings for new computers. These default settings are applied only for new client computers that have never connected to the Deployment Server and have no information stored in the Deployment Database. Production Agent Settings Force new Production agents to take these default settings. Select this option to force these settings when adding a new computer. Modify default settings. Click this link to change Deployment Agent Settings for Windows and Linux systems. See Production Agent Settings (page 375). Automation Agent Settings. Force new Automation agents to take these settings. Select this option to force these settings to effect new client computers until you can change the settings using the Deployment Console. Modify default settings. Click this link to change Automation Agents Settings. See Automation Agent Settings (page 379).
Production Agent Settings

The description below is for client computers running the Windows or Linux operating systems. This option is only available if you select Force new agents to take these default settings.
375
Click the Modify default settings link to set or modify Deployment Agent for Windows and Deployment Agent for Linux properties from the same dialog. The Production Agent Settings dialog appears.
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the Deployment Agent connects to the Deployment Server you selected to configure. Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server computer. Port. Enter the port number communicating with the Deployment Server. Enable key-based authentication to Deployment Server. Select this option to valid the client computers that are trying to connect to the Deployment Server. This helps keep rogue computers from connecting to unauthorized Deployment Servers. Key file. Enter or browse to an authorized key. The client computer checks the Deployment Server authentication key and if a match is made, the client connection is allowed. Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast address if they are on the same segment as the Deployment Server or if multicast is enabled on the network routers. Ensure that the multicast address and port match those set up on the Deployment Server. Try using defaults on both the client and Deployment Server if you are having problems connecting. Managed computers should use the Deployment Server IP address if multicasting is disabled on the network routers or if they are not on the same network segment as the Deployment Server. The port number must match the number set on the Deployment Server. Otherwise, your clients cannot connect. Server Name. Enter the NetBIOS name of the computer running the Deployment Server. Port. Enter the port number distributing the multicast address. Multicast Address. Enter the group multicast address. TTL. Specifies the number of routers the multicast request is can pass through. Change this setting if you need to find a Deployment Server that is more than 32 routers away (default setting) or if to restrict the search to a smaller number of routers, making it easier to find the closest Deployment Server. Refresh connection after idle. Select the Refresh connection after idle check box and set the refresh time by seconds, minutes, hours, or days. The Deployment Server closes the connection after the specified time and immediately tries to re-open the connection. This forces clients to realize the network is down. The default checking is of 28800 seconds or 8 hours. It is recommend keeping this setting above 28800. Do not set this option too low--reconnecting to the Deployment Server increases bandwidth when connecting. If this option is set too low you can run into problems where it takes longer for your clients to connect than to refresh their connections. Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by selecting this option, which saves bandwidth when running deployment tasks on slower connections.
376
Access
Set these commands to control how the client handles requests from the server. Allow this computer to be remotely controlled. If you select this option, the administrator can remote control the selected computer. The default setting is to NOT allow the computer to be remote controlled. Prompt the user before performing actions Shut down and Restart. Select for the user to be prompted before shutting down or restarting the computer. This feature overrides the Power Control option from the Deployment Server to Force applications to shut down without a message. Copy file and Run command. Select for the user to be prompted before running a program or executing file copy commands Remote Control. Select for the user to be prompted before running the Remote Control commands. You can set a default time before running or aborting the commands. Select the time for the user to respond and either continue with the operation or abort the operation. Time to wait for response. If one of the Prompt the user before performing actions is selected and the user is not at the computer to respond, you need to decide whether to continue or abort. Select the amount of time you want to wait for a response, and select one of the following: Continue the operation. Click to continue without receiving a response from the user. Abort the operation. Click to not continue without receiving a response from the user. Select when the Deployment Server is denied access to the Deployment Agent. Select the days and set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set a password so that the user on the client computer can only view and modify the User Properties of the Altiris Client Settings on the managed computer. Encrypt session communication with Deployment Server. Select to allow encryption from this managed client computer to the Deployment Server. This allows encrypted data transmissions between the Deployment Server and the Deployment Agent on the client computer. If selected, the client computer can connect (but is not required to connect) using encryption. To enable encryption protocols, you must open the Deployment Configuration tool (Start > Programs > Altiris > Deployment Server > Deployment Configuration tool), and select the Transport tab. Select the Allow encrypted sessions with the servers check box to allow Deployment Server to transmit using encryption protocols. Require encrypted sessions with the servers. Select to require encryption between the managed client computer and the Deployment Server. If this option is selected and the option to allow encryption in the Deployment Configuration tool is not selected, the Deployment Server does not communicate with the Altiris Client on the managed client computer.
377
Note Selecting encryption options slows down the communication path between Deployment Agent for Windows and the Deployment Server, so do not use encryption unless it is necessary for high security environments. Password protect Admin properties. Select to allow users on the managed computer to access the Admin properties only if they enter the set password. If the option is selected and the user does not know the password, they have rights only to open the User Properties, which includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog. Click Edit Password to change the password settings for users trying to access the Admin properties. Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer. If you hide the icon you are required to run AClient.exe -admin to view and modify the complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system, allowing you to save different types and levels of information to the log files. You can save a text file with log errors, informational errors, and debugging data using this dialog. If the log exceeds the specified size, older data is dropped from the files. You can maximize the size of the log file to save all selected data. Save log information to a text file. Click to save information to a log file. File name. Enter the name and path of the log file. The default is to save the log file to the \Program Files\Altiris\AClient\AClient.log file. Maximum size. Enter the maximum number of bytes for each log file. Log errors. Select this option to save only the errors returned when running a job or operation between the Deployment Server and the Deployment Agent. Log informational messages. Select this option to save a list of procedural steps run on the client computer. Log debugging information. Select this option to list comprehensive debugging information in the text file. Use this tab to save the Deployment Agent for Windows log file. By default, the option Save log information to a text file is cleared. Select it to enter a file name for the log and the maximum size for the log file. Note If the log exceeds the specified size, older data is dropped from the files, so it is recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake On LAN packets from the Deployment Server. Setting the managed computer as a proxy client computer forwards or re-creates the multicast packets. A
378
managed client computer set up as a multicast proxy simply acts as a Deployment Server and advertises the servers name and IP address through multicasting. Or you can set the managed computer as a proxy to send Wake On LAN packets. Set these options to control how the managed computer can act as a proxy agent, identifying the type of traffic this managed computer can forward from the server. Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN packages. Forward Deployment Server multicast packets. Select if you want to advertise the Deployment Server to client computers on another LAN segment or if the client computer is on the other side of the router. Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed computers to delay jobs until after system startup. Specify the Windows boot drive. Specify the drive that the client computer can boot from. The default is C: Force all programs to close when shutting down. Select this option to shut down applications when using Power Control features. The user is still prompted to Abort or Continue the shutdown. Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of managed computers with the time of the Deployment Server. Prompt for a boot disk when performing automation jobs. Select this option to prompt for a boot disk while doing any automation jobs. Advanced Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication. Select this option to disable the direct disk access for automation communications.
Automation Agent Settings

You can configure property settings for the Automation Agents (DOS, Linux, and Windows PE) for specified computers or computer groups. You can remotely maintain important agent settings and update settings as required from the console. When a new client computer connects, it receives the default agent settings from Deployment Server for drive mappings, authentication, and LMHost entries. Each client computer still has the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot Disk Creator. Select the Force new Automation agents to take these settings check box, and click the Modify default settings link to view the default settings for the DOS, Linux, and Windows PE Automation Agents.
Drive Mappings
Set drive mappings used by the Automation Agents to access hard disk image files and other packages from a specified network drive. It is required that the F Drive be
379
mapped to the Deployment Share. You can also map other file server directories when storing large numbers of image files or deployment packages. Drive. Select the drive letter of a shared folder. Example: F: \\WebDeploy\Image
files.
Note You must select a shared folder in this field. From the browse window you are allowed to select any type of folder, but the Automation Agents can only map and access files from a shared folder. Path. Enter a UNC path.
Authentication
Enter the login credentials that Automation requires to map network drives. The associated credentials for each network drive must have the appropriate rights for the Automation Agents to access files. Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Automation Agents can log on to map the network drives. User name. Enter the user name that the Automation Agents can use to log on so they can map to the specified network drives. Password. Enter the password.
Network
These settings allow you to match the IP address with the computer name, as maintained in the LMHosts file in automation partition. 1. 2. 3. Click the Add LM Hosts icon. Enter the Computer Name to associate with an IP address. Enter the IP Address. You can click Lookup IP and the IP address field automatically fills in the IP address of the computer you entered in the Computer Name field. Click Apply.
4.
Security
This features lets you enable or disable security for the Deployment Server. You can also add local users and local groups, import both Active Directory users and groups, and assign rights for users to perform Deployment Solution operations. Use the Security tab to provide enable/disable security and to add local users and local groups. You can also import both Active Directory users and groups and assign rights to all of them. You can create users and groups and set scope-based rights. Enabling Security (page 381) Rights (page 382) Setting Permissions (page 383)
380
Enabling Security
You can enable security by first creating a user with Administrative rights or selecting a user who belongs to a group having Administrative rights and selecting Enable Security.
To enable security
1. 2. 3. 4. Click the Deployment Servers link in the Computers pane. A list of all available Deployment servers appears in the Details pane. Select or click the specific Deployment server in the Details pane to view the Deployment Server Options page. Click the Security tab. Click New User to add new user information. Type the user details. Note The first user automatically gets the administrative rights. Any subsequent users do not have rights and cannot be added to any group by default. You can also import new users from the Active Directory. See Importing user groups from Active Directory (page 382). 5. 6. 7. 8. Click Membership to view the membership groups and all available groups. Click Rights to view the available rights. Click Apply to add the user. Now that you are an administrator, select the Enable Security check box. Security is now enabled. You can now create users and groups and assign permissions to computer groups and job folders.
Importing users from Active Directory

You can import users from Active Directory. 1. 2. Click Import User on the toolbar to view the Import Active Directory User page. Add users from Active Directory (not groups) by providing the user names and domain to which they belong. The users are added to the Deployment Database. Notes If you add Active Directory Syntax name, such as sam@abc.com, the field Domain name becomes disabled. No default group membership is applied nor any default rights are applied unless this is the first user you have imported. However, you still need to assign the users to security groups with appropriate rights and permissions. When logging on with the imported AD account, Deployment Web Console accesses the Windows Active Directory server to validate the user password.
Membership Groups
Assign the user to previously created groups. If enabling security, you can assign the user to a group with Administrative rights. 1. 2. Click New Group from the toolbar. Enter a name for the group and a description, and click Apply.
381
Importing user groups from Active Directory

You can also import user groups from Active Directory. 1. 2. 3. Click Import Group on the toolbar to view the Import AD Group page. Add groups from Active Directory by providing the group names and domain to which they belong. The groups are added to the Deployment Database. Click Apply to save the changes.
DS Authentication
If the user is already in the DS database, and it tries to access the Deployment Server Console, DS checks the authentication with the logged on user, and upon matching doesn't prompt for user credentials. Similarly, if a group has already been added in the DS database, and any user who is a part of the group tries to access the Deployment Server Console, DS doesn't prompt for credentials. This method of authentication is the same for AD user and AD group also.
Rights
Rights allow you to set general rights for a user or group. To verify, add or change the rights assigned to each console user, use the following steps: 1. 2. 3. From the Security tab, click a user and click Rights. Select the check box for every right you want to grant. After selecting all applicable rights, click Apply to save your changes.
A brief explanation of each deployment server right that can be assigned is detailed below:
Administrator
Lets you access all available features from Deployment Web Console. You must have Administrator rights to enable security. Lets you view and set console options. Lets you view and set global options Lets you view and set domain accounts options. Lets you view and set RapiDeploy options. Lets you view and set agent settings options. Lets you create custom data sources options. You can view, create, and set database tokens. Lets you view rejected computers in Deployment Solution and change their status. Lets you Refresh Deployment Solution clients. Lets you schedule jobs on all computers. If you have Administrator rights, by default you have the rights to schedule job on all computers, irrespective of the state of the Allow scheduling on All Computers check box. You can grant this right to a specific user or a group.
Options Console Options Global Options Domain Accounts Options RapiDeploy Options Agent Settings Options Database Tokens Manage Rejected Computers Refresh Clients Allow scheduling on All Computers Groups
382
Administrator
Lets you access all available features from Deployment Web Console. You must have Administrator rights to enable security. Lets you import and export any jobs/computers. Lets you centrally update passwords for users and groups so they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating or modifying jobs. You must have administrative rights to access this option. Lets you set up and modify PXE Configurations.
Import/Export Option Task Password
Use PXE Configuration Utility
Setting Permissions
Set permissions for jobs, job folders, computers, computer groups, and physical devices. 1. 2. 3. 4. 5. 6. Click the Deployment Servers link in the Computers pane. Select or click a specific Deployment server in the Details pane to view the Deployment Server Options page. Click the Security tab. Log on as a user with administrative privileges. A list of all computers belonging to the selected Deployment Server appears. Click a specific computer to view its property, inventory, and scheduled jobs status. Select Permissions from the Computer actions drop-down list. Notes If you do not have administrator privileges, you cannot view Permissions option. You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers pane without selecting a job or computer object. 7. 8. A list of users or user groups appears. You can select a user or a group and grant permissions accordingly. Select the check box for the permission group to allow the permissions you want to grant for the selected user or user group. Notes Administrators have access to all objects with unrestricted rights and permissions. The description of each permission group appears under Description column. You cannot explicitly deny permissions to computer or job objects for users with administrator rights. 9. Click Advanced to view the advanced options associated with the selected permission group. This page contains Allow as well as Deny check boxes. For information on evaluating permissions, see Evaluate Permissions (page 384).
383
10. To assign permissions to multiple groups, click Apply permissions recursively to all child objects to assign the permissions. 11. Give permissions as per your requirements, and click Apply. Notes If a user does not have the Schedule this job permission for a particular job, the user cannot schedule it. This is irrespective of any other privileges. If a user has Schedule this task permission for a certain task and the user schedules the job and the user modifies the job by adding another task, for which the schedule task permission is not allowed, the second task also gets executed. This is because the Web console checks the permissions only before scheduling the job, and not after the execution of the job.
Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are to be enforced: Permissions cannot be used to deny the user with Administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is the one enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find, which is the one it uses. If a Web Console user does not have permissions to run all tasks the job contains, the user is not allowed to run the job.
Evaluate Permissions
Identify the combined permissions of groups and containers with contrasting permissions. You can identify effective permissions for each object by resolving any possible conflicts. Permissions are represented in three different stages according to the state of the check box, which is called tri-state check box. This tri-state displays a full check mark when all permissions in the selected group are allowed. It displays a partial check mark (check mark with a grey background) when at least one, but not all permissions in the selected group are allowed. And finally, it displays no check mark if none of the permissions in the selected group are allowed. You can evaluate permissions in three ways: If none of the Allow or Deny options are selected for a permission associated with a subfolder, it inherits the options specified for the permission associated with its parent group. This type of inheritance can be confirmed with the message that appears for the subfolder. If a user group is associated with some permission, the users belonging to that group inherits the same permissions as that of the group. This is true only if none of the 'Allow' or 'Deny' options are specified for a permission for that user.
384
The Deployment Web Console displays the simple as well as advanced options of granting permissions. The simple option displays only the Allow column, whereas the Advanced option displays both the Allow and Deny column. Security permissions are grouped together and appear as a single Permission group under Simple option. You can use the Advanced option to view all the individual permissions that together form the Permission Group. This grouping of permissions varies from object to object. Example: a Modify permission for a job folder can contain different security permissions than a Modify permission for a computer group. To view all the permissions related to a specific permission group, select the check box for a specific permission, and click Advanced to view the individual permissions related to the selected permission group. If you want to exclude a specific security permission, click Advanced to view the individual permissions related to the selected permission group. A list of all permission with Allow and Deny check boxes appears. Select the Deny check box or clear the Allow check box for the specific security permission, and click Apply.
Logon
This option lets you set user credentials for the Deployment Server, but only if Role Base Security is enabled for the server you selected. The user can access the server through the Deployment Web Console. If you want to change the Task Password for multiple Deployment Servers, select the servers from the Details pane and click the Task Password icon on the toolbar. Username. Enter the name of the user. Password. Enter a password for the specified user. Confirm Password. Enter the password to confirm the entry. Domain. Enter the domain name for the specified user.
Automated Deployment Services (ADS)

From the Deployment Web Console, you can utilize and extend features of Microsofts Automated Deployment Services (ADS).
1. 2.
Click the Console Options icon Console. Select the Enable ADS option.
in the toolbar of the Deployment Web
An ADS Controllers collection appears in the Computer and Jobs pane. 3. 4. In the Computers pane, click ADS Controllers. From the Details page, click the Add icon to enter the computer name where the ADS controller is installed. Enter the login credentials and access paths on this page. All specified ADS controllers are listed. In the Jobs pane, click ADS Controllers. Enter credentials and ADS paths as in step 4. All ADS controllers, devices and job templates appear. You can now manage computer devices using standard ADS features.
5.
385
Deployment from the Altiris Console

Deployment from the Altiris Console provides additional features and functionality for managing and deploying computer resources using Deployment Solution. In use, the Altiris Console opens and displays the Deployment Web Console, while providing additional collections, reports and other basic Notification Server features from the Altiris Console. See Installing Deployment Solution from the Altiris Console (page 14).
Using Deployment Solution from the Altiris Console

Integrate with other IT solutions. Deploy and manage computers from the Deployment tab while managing other aspects of your organization such as inventory reports, software delivery, application management, remote control, patch management and other administration tasks. Generate Reports. From the Reports tab, create reports for all Deployment Servers computers devices and deployment tasks across all sites. By setting polling intervals on the Altiris Agent and the Deployment Server Agent, you can transmit data from the Deployment Database to the Notification Database from which you can generate reports. Organize using Deployment Collections. Computer devices can now be grouped on criteria such as operating system, computer type, workstation or server, mobile computers, and other groupings. Employ the Schedule Wizard. From the Tasks tab, open the Schedule Wizard to select computer groups, assign jobs, and schedule jobs to run immediately or at a specified time. Set Security. From the Configuration tab, set NS security to limit users from using the Deployment tab. All other Deployment security is set from the Deployment Server Console (the Windows console).
386
Adding Deployment Servers

You can manage multiple Deployment Servers from the Deployment Web Console. To consolidate multiple Deployment Server sites, you can identify and add existing Deployment Servers to appear in the Computers and Jobs pane from the Deployment Web Console. Note You can also remotely install Deployment Servers from the Deployment Web Console. See Installing Deployment Solution from the Altiris Console (page 23). 1. 2. 3. 4. 5. Click Add Deployment Server in the Computers or Jobs action list, or click the New Server icon. From the Deployment Servers page, type the name of an existing Deployment Server. This is the computer name of the Deployment Server, in most cases. Enter the Deployment servers port number if it is different than the default value. Click Credentials. If Deployment Solution security is enabled for the Deployment Server, enter a username, password, and Domain name. Click Speed. Select the speed of the network connection for the Deployment Server from the drop-down list.
Task Password options

This feature lets you centrally set or change user passwords for multiple Deployment Servers to they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating Jobs. However, this tab is only visible to administrators and users who have been granted the appropriate rights to modify task passwords.
To change task passwords

1. 2. 3. 4. Click Deployment Servers in the Computers pane. The available Deployment Servers appear in the Details pane. Click one or more Deployment Servers you want to change the task user passwords. Click Change Task User Password icon on the toolbar. Enter the user information for all 4 fields on the page. Click Apply.
Configuring the Deployment Server AClient

The Deployment Server AClient option lets you view the Notification Server clients that do not have AClient installed. See Viewing Notification Server Clients without AClient (page 388). You can create a package to install AClient to the existing Notification Server clients. See Installing AClient to a Notification Server Client (page 388). You can also assign the Deployment Server AClient package to computers. See Creating Deployment Server AClient Packages (page 388).
387
Viewing Notification Server Clients without AClient

In the Altiris Console, you can view the Notification Server Clients that do not have AClient installed.
To view the Notification Server clients without AClient

1. 2. In the Altiris Console, click the Configuration tab. In the left pane, select Configuration > Solutions Settings > Deploy and Migrate > Deploy > Deployment Server AClient Configuration > All NS Clients without AClient. In the right pane, the All NS Clients without AClient page appears with a list of all Notification Server clients that do not have AClient installed. You can view details such as Name, Domain, User, OS Name, OS Version, and so on for each client. You can also double-click a client to view more details.
Installing AClient to a Notification Server Client

You can install an AClient to the Notification Server client by creating a task to install the AClient. The task that you create uses the package that was created on the Creating Deployment Server AClient Packages page. For more information, see Creating Deployment Server AClient Packages (page 388).
To create a task to install AClients to Notification Server clients

1. 2. In the Altiris Console, click the Configuration tab. In the left pane, select Configuration > Solutions Settings > Deploy and Migrate > Deploy > Deployment Server AClient Configuration > Deployment Server AClient Install. In the right pane, make the required changes. To select the computer collections, click All NS Clients without AClient. The Collection Selector dialog box opens. 5. 6. 7. Select the computer collections and click Apply. Select the required scheduling options. Click Apply. The AClient installation task is saved. 8. 9. To enable the task, select the Enable check box. Click Apply. The task is enabled.
3. 4.
Creating Deployment Server AClient Packages

You can create the Deployment Server AClient package that is used in the Installing AClient to a Notification Server Client (page 388) task.
To create the Deployment Server AClient Package

1. In the Altiris Console, click the Configuration tab.
388
2.
In the left pane, select Configuration > Solutions Settings > Deploy and Migrate > Deploy > Deployment Server AClient Configuration > Deployment Server AClient Package. On the Package tabview, specify the Name and Description for the package. Click the Programs tab. Check the command line and the specified parameters in the Command line field. Click Update Distribution Points. Click Apply.
3. 4. 5. 6. 7.
The Deployment Server AClient package is created. For more information, see Exporting and Importing Deployment Jobs (page 393).
Configuring the Deployment Server Agent

To update Notification Server collections and generate reports from the Altiris Console, set the polling intervals from the Configuration tab. Enable. Select to enable communication between the Deployment Database and the Notification Database. Resynchronize all Deployment Server computers/tasks for this configuration. Click to completely transmit all Deployment Server data to the Notification Database. For large Deployment Server systems, this process can take several minutes and require large amounts of bandwidth. Use this feature carefully.
Set polling intervals for Deployment Servers

1. 2. Click Add. A list of Deployment Servers is listed. Select the Deployment Server to configure. You can select all Deployment Servers or identify an individual Deployment Server. The new agent configuration appears in the list. Select a Deployment Server. Select a polling interval for that Deployment Server from the list in the Computer/Job Polling Interval box.
3.
Database Login ID. Enter credentials for the Deployment Database selected in the list. Role-based user name. Enter credentials if Deployment Solution security has been enabled using the Deployment Server Console.
Generating Deployment Reports from the Altiris Console

Deployment from the Altiris Console furnishes features to generate comprehensive reports detailing computer information and deployment jobs for all Deployment Server sites. To run deployment reports, you must configure the Deployment Server Agent (see Configuring the Deployment Server Agent on page 389) to transmit data between the Deployment Database to the Notification Database. The Deployment Solution reports are generated from the Altiris Console from data stored in the Notification Database. 1. 2. Click the Reports tab on the Altiris Console. Click Reports > Deploy and Migrate > Deployment.
389
3.
Select reports specific to Client Information, Job Information, Job Status, Server Information, or Software Deliver Execution Status. A description of each report appears in the Details pane after it is selected. Click a report option to run, view, or schedule a report to run.
4.
Altiris Console Collections

From the Deployment Web Console you can view and order computers based on Altiris Console Collections created automatically in Notification Server and viewed from the Altiris Console. These collections identify computers running the Deployment Agent and meeting the criteria for each collection, such as Mobile Computers, Windows Servers, Windows Workstations, and so on. You can assign jobs and perform operations to these collections from the Deployment Web Console. Collections are updated between the Notification Database and Deployment Database. At each polling interval the new data is transmitted between the databases and updated in the Deployment Web Console. See Configuring the Deployment Server Agent (page 389).
Using Package Servers to Replicate Deployment Jobs

Deployment Solution takes advantage of Package Servers (a basic component of Notification Server) to automatically copy images, software packages, scripts, and other package files for building deployment tasks for use across multiple Deployment Server installations. From a central Deployment Server installation, packages can be built and saved to a local Library structure, where they are replicated to other Deployment Servers and used in deployment jobs for each Deployment Server system. Note Package Servers can only replicate packages on Deployment Server installations set up as a simple install, where all Deployment Server components are on a single computer.
Overview of Package Servers

Package Servers are a basic feature of Notification Server and are used to reduce network traffic and HTTP download times when deploying packages across your system. Package Servers replicate and transmit packages from a central computer to local computers during off-peak hours. When deployment tasks are executed, package files are accessed quickly from local package libraries. Notification Server lets you identify managed computers running the Altiris Agent as a Package Server.
390
Replication of packages from a central Deployment Server to other Deployment Servers is a one-way process: You can build and copy packages from the Library of a central Deployment Server to replicate to other Deployment Servers; however, any changes made to a destination Deployment Server cannot be replicated back to the central Deployment Server. After the package files have been copied once (per each package server), they can never be copied again unless the files are updated, new files are added to the package, or files are set manually to be copied down to other destinations again. When the Deployment is installed and enabled on the Altiris Console (on Notification Server), default packages, collections, and policies are created to take advantage of Package Server technology. To complete the setup process, however, additional configuration steps are required. Setting up Package Servers requires three basic steps: 1. 2. 3. Setting Up a Central Deployment Server Library (page 391) Setting Up Package Servers (page 392) Exporting and Importing Deployment Jobs (page 393)
Note Before delivering packages, check the Package Server settings and the package settings to ensure that the package can be delivered. The DS install package by default is not set to use any Package Servers. There is a global configuration variable that says not to allow any package downloads from the server, leaving the DS Install in a state where there is no way to access the package.
Setting Up a Central Deployment Server Library

Before setting up Package Server in a Altiris Console, you need to select a central Deployment Server to copy and store all packages to be replicated to other Deployment Server installations. After selecting a Deployment Server in your system, you can set up the Deployment Server Library directory structure. The Library is a directory structure that contains your images, RIPs, and any other package files needed for a Deployment Server Task. Because the package used to replicate files only points to one location, all items to be replicated must reside under this substructure. You need to manually create the Library directory and any other subdirectories on the central Deployment Server. 1. Go to your Central Deployment Server directory (default is c:\Program
Files\Altiris\eXpress\Deployment Server).
391
2. 3. 4. 5.
Create a Library directory. Under the Library directory, create subdirectories to use for images, RIPs, or other package files. Create a Temp directory for deployment tasks that require a temp directory. Copy into this structure any required files accessed during execution of the jobs.
Note Any job that is automatically created needs to be modified before running or the default directories cannot be correct. Example: if you choose to change the configuration of a computer by choosing the Configure option in the Deployment on the Notification Server, the task creates a CFG file in the temp directory located in the Deployment Server directory. For this task to replicate correctly, you must copy the file into a temp directory under the Library structure and edit the task to point to the file in the Library\temp directory. Remember that only the files under this structure are replicated to the other Deployment Server installations. After installing Deployment from the Altiris Console, you have two packages and one policy created to help facilitate replication. You can manually modify the packages and enable the policy.
Setting Up Package Servers

After setting up a Library directory structure on the central Deployment Server computer, you can set up Package Servers on other Deployment Server installations.
To set up a Package Server

1. 2. 3. 4. From the Altiris Console, select the Configuration tab. From the left pane, select Server Settings > Notification Server Infrastructure > Package Servers. Select Add Package Server from the bottom of the page. Locate and select the Deployment Server computer (or the Deployment Share for each installation) and click Add. Use the search feature if required.
Modify the DS Library Package

To replicate files stored in the central Deployment Server Library directory, the DS Library package installed with the Deployment Solution (on Notification Server) must be edited with configuration information, including: The source of the files and programs to be replicated. The Package Servers that can receive the files to be replicated. The destination directory for the files being replicated. The programs that will run after the files are copied to the Package Servers. Follow these steps to modify the DS Library package: 1. 2. Select the Tasks tab and select Deploy and Migrate > Deployment > Deployment Server Replication > DS Library. From the right pane, select the Package Source option to configure the path to the files that are included in this package.
392
3.
Select the applicable Package Source method and enter the correct path to the Central Deployment Server Library. Choose from one of the following options: Access Package from a local directory on the Notification Server computer Use this option when the central Deployment Server is installed on the same computer as the Notification Server. Fill in the Package Location box with the correct path for the Library. Access Package from Existing UNC Use this option when the Deployment Server that has been configured as the Central Deployment Server Library is not installed on the same computer as the Notification Server. When using this option, read and follow the instruction on this page. Note Depending on the amount of data in the Central Deployment Server Library, a message warning you about the size of the files in the Package can appear. This message is to remind you that all files in this directory will be sent when this package is used.
4.
Select Package Servers. This option lets you specify to which Package Servers you would like this package to be replicated to.
5. 6. 7.
Enable all applicable Package Servers by clicking the Enabled check box. To identify the destination directory (where the package files will be sent) on the destination Deployment Server, select the Advanced tab. At the package destination location, enter the destination path:
\\%COMPUTERNAME%\eXpress\Library
8. Select Apply to save the changes.
As soon as the Notification Server Clients Configuration request interval time (on the destination Deployment Servers) has elapsed, the files in the central Deployment Server are sent to the Package Servers on other Deployment Servers.
Exporting and Importing Deployment Jobs

After creating a Library directory on the central Deployment Server and setting up Package Servers, you need to create the jobs to copy and run the packages on the managed computers. These tasks need to be exported from the central Deployment Server to the destination Deployment Servers by configuring the DS Task Import Utility package and modifying the DS Task Import Utility policy on the central Deployment Server. Note Replicated deployment tasks need to reference files created in the Library directory structure. Example: a deployment task that deploys an image named NT4.img would use the file path of .\Library\Images\NT4.img instead of the standard .\images\Nt4.img path.
393
To create a job export file

After creating deployment jobs to use with the replicated packages, you can create a job export file. 1. Right-click the jobs you want to export. Select Export (or click File > Import/ Export > Export Jobs). The Export Jobs dialog appears. 2. Browse to the \Notification Server\nscap\bin\win32\x86\DSUtil directory and enter a name for the export file. (The default file name used in the task replication package is task.bin.) The DSUtil directory is added when you install the Deployment view on Notification Server. If you want to export the task subfolders, choose the Export subfolders check box. Note If you use an export file name other than task.bin, you must edit the program command-line in the task replication package. 3. Click OK to start the export.
Configure the DS Task Import Utility Package

After creating deployment tasks and exporting them to the DSUtil directory, you need to configure (or verify) settings in the DS Task Import Utility package. Modifications to this package are required when any of these alterations are made: The Deployment Server jobs exported are not saved in a file called Task.bin. The method of handling duplicate job names on the destination Deployment Server needs to be changed. Security for the Deployment view on Notification Server is enabled on the destination Deployment Server. The DS Task Import Utility package runs the aximport.exe program to import deployment jobs. When the Deployment view on Notification Server is installed, the aximport.exe program file is copied to the \Notification Server\nscap\bin\win32\x86\DSUtil directory. This is the same directory where you saved your exported tasks.bin file from the central Deployment Server. When all steps are completed, no changes are required for this package. To configure or modify how the DS Task Import Utility package is configured, complete the following steps: 1. Open a Notification Server Administration console and select the Tasks tab. Select Deploy and Migrate > Deployment > Deployment Server Replication > DS Task Import Utility. In the right pane, select the Programs link. By default, the Identification section expands to view settings. 3. If needed, change the name of the file on the command line to match the name of the export file created when the Deployment Server tasks from the central Deployment Server were exported.
2.
394
As can be seen in the figure above, the default command-line parameters for the aximport.exe program are configured to use the Task.bin file. This file contains the exported Deployment Server deployment tasks (jobs). Note The /o switch causes the import to replace any tasks with the same name as those being imported. If this is not the desired result, change the command-line options. If you have Console Security enabled, the username (/u) and password (/p) command line options need to be included for this process to work correctly. /u Database user name /p Database user password Example: aximport.exe task.bin /o /u administrator /p yourpw See the command-line chapter in the Altiris eXpress Deployment Solution User Guide for additional command-line options for aximport.exe. 4. Select Apply.
You can choose to force an update of the package to ensure that the task export file is in the package.
Modify and Enable the DS Task Import Utility Policy

You must enable the DS Task Import Utility policy to allow the Deployment Server tasks to be replicated to the destination Deployment Servers. 1. Open a Notification Server Administration console and select the Tasks tab. Select Deployment and Migration > Deployment > Deployment Server Replication > DS Task Import Utility. The Identification section of the Advertisement page appears by default. 2. Verify that the Applies to Collection option has been configured to use the DS Package Servers collection. This collection is selected by default. Before enabling the DS Task Import Utility policy, ensure that the task.bin file has been created and saved in the \Notification Server\nscap\bin\win32\x86\DSUtil directory. 3. 4. Click the Enabled check box. Select Apply.
The policy is now enabled. The next time the Notification Server Clients configuration timer elapses on the Deployment Servers with Package Server installed, the policy is executed. On the destination Deployment Servers, a DOS box appears on this computer and aximport.exe is run.
Synchronize Deployment Server Tasks

You can update deployment tasks by creating a new task.bin file and placing it in the DSUtil directory. After all timers elapse, Notification Server compares and detects the new export file by its time stamp. When the Altiris Agent checks for new policies, this policy runs on the destination Deployment Servers. To avoid waiting for Notification Server to detect that the file has been modified, the package can be refreshed manually by selecting the DS Task Import Utility package
395
(from the Solutions tab of the Notification Server Administration Console) and selecting the Update Distribution Point option. From a destination Deployment Server, the policy to import the Deployment Server jobs can be forced to run again by manually scheduling the policy.
Setting Polling Intervals in Deployment Solution

You can set polling intervals to transmit data from the Deployment Database to the Notification Database when generating reports from multiple Deployment Server systems. Deployment Solution uses two separate interval settings to synchronize data between the Deployment Database and the Notification Database. (1) To update the Notification Database, new computers and deployment tasks created in a Deployment console and saved to the Deployment Database are transmitted using the DS Agent to update the Notification Database. (2) Conversely, updated collection data created in Notification Server is transmitted using the Altiris Agent to update the Deployment Database.
Setting polling intervals and configuration request intervals requires that you plan how often you want to refresh console and deployment information based on network traffic requirements. If you set frequent updates (such as setting a polling interval to 1 minute), your console information is relatively up-to-date, but network traffic is heavy because data is extracted and transmitted every minute from every Deployment Database to update the Notification Database. In contrast, if you set polling intervals and configuration requests for a larger polling interval (such as one day), your network traffic is light--and you can plan the polling updates for off-hours--but report data is more static and out-of-date. The balance between timely deployment information appearing in the Deployment view on the Notification Server and the level of network traffic should meet your IT policies, organizational requirements, and network design. See Setting the DS Agent Polling Interval (page 396). See Setting the Altiris Agent Configuration Request (page 397).
Setting the DS Agent Polling Interval

To refresh data to the Notification Database, set the polling interval in the Altiris Console. 1. 2. Select the Configuration tab. Select Solution Settings > Deploy and Migrate > Deployment > Deployment Server Agent Configuration > Deployment Server Agent Configuration.
396
Multiple policies to configure or install Deployment Server Agents are provided. 3. Select the Deployment Server Agent for all Deployment Servers. You can also select settings for each Deployment Server installation. 4. 5. Set the Computer/Job Polling Interval. Click Apply.
Setting the Altiris Agent Configuration Request

To download collection data from Notification Server for each Deployment Server installation, the Notification Database must update the Deployment Database. This updated data is transmitted automatically through the Altiris Agent at defined configuration request intervals. To update scheduling and configuration information for each Deployment Server installation, you must set the interval request information in the Altiris Console. 1. 2. 3. Click the Configuration tab. Select Altiris Agent > Altiris Agent Configuration > All Windows Servers. In Agent Basic Settings, select new values in the Request new configuration field. You can also set inventory updates, if required. Request new configuration information every: _______. This feature sends a request to Notification Server to flag all new scheduling records in the Notification Database. This transmits data to the Deployment Database to update data. Send basic inventory every: ______. This feature transmits all inventory data from the computer running Deployment Server. This field is only used by Deployment Server when first installing the Deployment from the Altiris Console. By sending basic inventory (including information that Deployment Server is installed on the computer), Notification Server identifies that the DS Agent needs to be installed. 4. Click Apply.
397
Managing Computers from the Deployment Web Console

From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage all computer resources across your organization, including desktop computers, notebooks, handhelds, network and Web servers, and network switches. All computer resources can be accessed and managed as single computers or organized into computer groups with similar hardware configurations or deployment requirements, allowing you to run deployment jobs or execute operations on multiple computers simultaneously. You can use search features to locate a specific computer in the Deployment Database, or set filters to sort computers by type, configuration, OS, or other criteria.
To select a computer to run remote operation or schedule a job, select a Deployment Server group icon from the Computers pane and select the computer or computer group in the Details pane. Select a job and click Run Now or Schedule.
Manage multiple Deployment Server sites. From the Deployment Web Console, you can now access different Deployment Server systems and manage all sites or network segments across your organization. Each Deployment Server site is identified in the Computers pane under Deployment Server. You first select a Deployment Server icon and expand the treeview to see the computers and computer groups managed by the selected Deployment Server. See Managing Multiple Deployment Server Systems (page 399).
Manage with Computer icons. Major computer types are identified by a computer icon in the console, with a listing of scheduled jobs and operations associated with each computer. In the Deployment Web Console, you assign and schedule deployment jobs to computers or groups with easy-to-use Web features. See Viewing Computer Details (page 402). Add new computers. Deployment Solution lets you add new computer accounts and set configuration properties for new computers before they are recognized by the Deployment Server system. Preset computer accounts automatically associate with new computers when they start up, or can be associated with virtual computers. See Adding New Computers (page 403). Deploy to groups of computers. Organize computers by department, network container, hardware configuration, software requirements, or any other structure to meet your needs. You can deploy and provision computers on a mass scale. To filter computers in a computer group to schedule jobs only to the appropriate computer types, see Creating a Computer Group Filter (page 417).
398
Configure Computer Agents. See the property pages for modifying Deployment Agent settings. See Deployment Agents (page 410). View and configure computer properties. You can modify computer settings for each computer from the console. See Computer Configuration Properties (page 406). Or you can view the Computer Properties page for detailed access to a computers hardware, software, and network property settings. See Computer Details (page 412). Run remote operations from the console. Perform operations quickly in real-time from a Deployment console. Configure property settings, send a file, run deployment jobs or select from additional management commands. See Remote Operations (page 415). Build and schedule jobs. Build deployment jobs with one or more management tasks to run on selected computers. Create jobs, add tasks, assign the job to computer groups. Jobs can be organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling Jobs on page 102.
Managing Multiple Deployment Server Systems

From the Computers pane of the Deployment Web Console, you can access multiple Deployment Servers and drill down to view all client computers attached to each Deployment Server system. Deployment Servers collection. All Deployment Servers are listed under this collection. Expand the Deployment Server group icon to view all computers for a specific site or network segment. Individual Deployment Servers. This icon identifies an individual Deployment Server system with its managed computer devices. Expand the Deployment Server system to view all managed client computers and groups for the selected Deployment Server.
Adding Deployment Servers

You can identify and add existing Deployment Servers to the Deployment Web Console. This lets you manage computers and use jobs created at various sites managed by different Deployment Server systems. 1. In the Computers pane, select Add Deployment Servers from the drop-down list, or click the on the Details page.
Note To push down a new installation of Deployment Server using Deployment from the Altiris Console, see Installing Deployment Solution from the Altiris Console on page 14. 2. 3. Enter the computer name for the computer running Deployment Server. Enter the port number if it is different from the provided default. Use Logon tab to set security options, if required. This lets you authenticate to a role if security has been set up in the Deployment Server Console. The Deployment Server appears in the Computers pane with its job folders listed in the Jobs pane.
399
Changing Task User Password options

Change Task User Password option lets you update the user credentials to be used for the execution of Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks. Task password option facilitates to update user credentials for multiple Deployment Servers at one time. Note This feature is valid only for the Copy File To, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks. 1. 2. 3. 4. 5. Click Deployment Servers link in the Computers pane. The available Deployment Servers appear in the Details pane. Select Deployment Servers for which you want to perform Change Task User Password operation. Click Change Task User Password from the toolbar. The Task Password page appears. Type the user credentials, and click Apply. Click Yes to the summary message to update the password of specified user.
Note This tab is visible only to the administrators and those users who have the rights to modify password.
Scheduling Jobs from Other Deployment Server Systems

From the Deployment Web Console, you can schedule jobs from one Deployment Server to computers in another Deployment Server. This lets you easily replicate jobs from one site to another site quickly and efficiently. Files (image files, software packages, scripts) associated with a specific job are linked from the Deployment Server Deployment Share of the originating job. 1. 2. 3. Select a job in the Jobs pane of the Deployment Web Console. Click Schedule job in the Jobs Action list. From the Computers pane, select another Deployment Server system. Computers and computer groups of the selected Deployment Server site appear in the Details pane. Select the check box for each computer or computer group you want to run the job. Click Schedule in the toolbar of the Details page. Select scheduling options and click OK.
4. 5. 6.
The job from the original Deployment Server appears in the Deployment Share of the targeted Deployment Server. If the job includes associated files, a linked icon appears with the job identifying that the associated files are referenced from the original Deployment Server system.
Replicating Jobs to Other Deployment Server Systems

1. Select a job in the Jobs pane of the Deployment Web Console.
400
2. 3.
Select Copy job/folder in the Select Action list. The Job/Folder Selection page appears with all Deployment Server systems and their job folders. Select a folder in another Deployment Server system from this page and click OK. The job is replicated from the original Deployment Server system to the targeted Deployment Server system. If the job includes associated files, a linked icon appears with the job identifying that the associated files are referenced from the original Deployment Server system.
Note To successfully replicate a job from one Deployment Server to another Deployment Server, both Create and Modify Permissions are required for the Job objects if security is enabled. Otherwise, the job does not appear in the target Deployment Server Console, and an error appears in the Altiris Console Manager log in the Event Viewer.
Replicating Jobs without Copying the Collateral

When copying jobs from one Deployment Server to another, the associated collateral, such as files are also copied. However, you can also copy dependent files to the destination server using a different mechanism, such as Package Servers. To enable a Do not copy value for all replication, set the key value in the ExcludeAllTargets registry key as dsword:00000001. The path of this registry key is HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > eXpress > Deployment Web Console > Deployment Console Manager > Job Replication. Note If the key value name does not exist or if the key value is not equal to 1, the files are replicated. When this value is set to 1, the Console Manager waits until the file exists on the destination Deployment Server before copying the job data and scheduling data. The Console Manager logs a warning in the event log stating that Console Manager is waiting for the file to exist. Once the file exists, the Console Manager proceeds. To enable the Do not copy value for an individual target (destination) Deployment Server, set the key value in the Exclude Targets registry key as Timpanogos = dword:00000001. The path of this registry key is HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > eXpress > Deployment Web Console > Deployment Console Manger > Job Replication > Exclude Targets. In the above example, Timpanogos is the name of the target Deployment Server. When the key value is set, replication targeting Timpanogos does not copy collateral files. To enable the Do not copy value of an individual Deployment Server, it must be equal to 1. The Console Manager follows the same procedure for an individual Deployment Server that it follows when the ExcludeAllTargets value is set. Note When the ExcludeAllTargets value is changed or set, the Console Manager must be restarted for the changes to be implemented. However, changing the value for an individual Deployment Server does not require a restart of the Console Manager service. The ExcludeAllTargets global value when set to 1, overrides all Deployment Serverspecific flags regardless of their respective settings. When the ExcludeAllTargets value does not exist or is not set to a value of 1, any Deployment Server-specific flags take precedence.
401
Viewing Computer Details

In Deployment Solution, a computer resource is identified in the console with a distinctive icon to display the computer type Windows desktop or notebook, handheld, server, or Linux operating system and its current status. These computer icons change to convey the state of the computer, such as the log on status, server waiting status, or user with a timed license status. You can also view the status of the jobs assigned to the selected computer in the Details pane of a Deployment console. The following is a sample list of computer icons appearing in each Deployment console identifying the computer type and state.
Computer connected to the Deployment Server with a user logged in.
Computer connected to Deployment Server but the user is not logged on.
Computer with a time-limited user license and a user logged on.
Computer not currently connected to the Deployment Server but known to the Deployment Database. The computer is designated as a master computer and is used to broadcast images to other client computers.
A virtual computer with values defined in advance using the New Computer feature. As soon as the computer connects and the Deployment Server recognizes the new computer and changes the icon. See Adding New Computers on page 63. A client computer waiting for user interaction before running deployment tasks. This icon appears if the Workstations check box is selected on the Advanced tab of Initial Deployment. See Advanced on page 131.
A connected handheld computer.
A managed server connected to the Deployment Server with a user logged on. Additional icons identify different states of server deployment. A managed Linux computer connected to the Deployment Server with a user logged on. Additional icons identify different states of Linux computer deployment.
402
View the Physical Devices by clicking the drop list in the Computers pane and selecting Show Physical Devices. Physical view of Rack/ Enclosure/Bay components for high-density server systems. These icons appear as physical representations to allow management of different levels of the server structure. In addition, server icons identify logical server partitions. See Bay on page 70 for properties and rules to deploy Rack/ Enclosure/Bay servers.
Select the New Computers or All Computers group to run jobs or operations for these default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar computer types or to list computers of similar departments or locations. Click New Group or select New > Computer Group to create a new group.
See also Deployment Agents on page 67.
Adding New Computers

Computers can be added to the Deployment Database using three methods: Install the Deployment Agent on a Windows or Linux system. If you install the Production Agent (Deployment Agent) to a computer with the operating system already installed, the computer is added automatically to the Deployment Database at startup. New computers with the Deployment Agent installed are added to the All Computers groups (unless otherwise specified in the Deployment Agent configuration). You can move the computer to another group listed in the Computers pane. Use Initial Deployment to configure and deploy new computers booting to automation. Starting up a new computer in automation lets you image the hard drive, assign IP and network settings, distribute personal settings and software, and install the Deployment Agent for new computers. Using Initial Deployment you can associate new computers with pre-configured virtual computer accounts. These newly configured computers appear in the New Computers group. See Initial Deployment (page 442). Create or import computer accounts from the Deployment console. You can add new computers using the New Computer feature or import computers using a delimited text file. You can pre configure computer accounts by adding names and network settings from the console. See Creating a New Computer Account (page 404).
403
About New Computers

When a new computer starts up, if Deployment Server recognizes the MAC address provided in a New Computer account or import file, it automatically associates the user account at startup with the New Computer icon. If this value is not provided, the computer appears as a virtual computer, letting you to associate it to a new computer.
The New Computer icon appears for a new computer if the MAC Address is provided when creating a new computer account using any import or new computer account feature. A virtual computer icon appears if specific hardware data (MAC Address) is not known. As soon as the computer starts up and is associated with a virtual computer account, Deployment Server recognizes the new computer and the icon changes.
A virtual computer account can be associated with a new computer using the Initial Deployment feature. You can create multiple virtual computer accounts and associate the account with a new computer when it boots to automation. At startup, the configuration settings and jobs assigned to the virtual computer can be associated with the new computer.
Virtual Computers
Deployment Solution provides features to create a virtual computer to pre-define a computers configuration settings and assign customized jobs to that computer even if you do not know that computer's MAC address. This type of computer is known as a virtual computer. Virtual computers offer a great deal of power and flexibility, especially when you need to deploy several computers to individual users with specific needs. The virtual computer saves time because you can configure the computer before it arrives on site. You can set up as much configuration information (computer name, workgroup name, and IP address, for example) you know about the computer and apply it to the new computer as it comes online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer using customized images, MSIs and RIPs based on a user's specific needs. When the new computer finally arrives, you are ready to deploy it because have done all the work ahead of time. Just set the managed computer option in PXE or automation and the new computer can connect to the server as a managed computer. The virtual computer you created now turns into a managed computer in the console.
Creating a New Computer Account

You can create computer accounts for individual computers or for computer groups. When creating new accounts for computer groups, you can automatically assign new names and associate them with existing computer groups or the New Computer group.
To create a new computer account

Create new computer accounts in the Deployment Database for one or more computers. 1. To add one or more new managed computers, first select the desired Deployment Server system in the Computers pane and select New computer(s) from the
404
Computer actions drop-down list or click the new computer icon in the Details pane.
The Computer Configuration Properties appears. 2. Type the name of the new computer (up to 15 characters) and configure settings. A virtual computer icon appears in the selected group.
When a new computer starts up, you can assign it to this preset account.
To create multiple computer accounts

Define a name range and create accounts in the Deployment Database for multiple new computers. 1. 2. 3. On the Networking tab, click to open the Define name range section.
Enter the number of computers to be placed in the name range. Enter the core name in Fixed text and a numeral for the range start. Select Append to incrementally add the numeral to the end of the Fixed text. If you clear this box, the numeral is added to beginning of the name.
Importing New Computers from a Text File

You can import computer configuration data using delimited text files (.txt, .csv, or .imp files) to establish multiple computer accounts in the Deployment Server database. This file contains all configuration data for a new computer, including all settings in the Computer Configuration Properties of a selected computer.
To import new computers from a text file

1. Click the Action drop-down list in the Computers pane and select Import Computers. A dialog appears, allowing you to select files from the Deployment Share. You can import: .txt; .csv; or .imp type of files. 2. 3. Select the import file. Click Open. If a correctly formatted computer import file is selected, a message appears, informing you that the computer import is complete and identifies the number of computers added. Click OK. Note Jobs can be added to the import file. They can be created and associated with the new computers. If the computer import file is incorrectly formatted, a warning appears stating that the computer import file is incorrect. 4. The imported computers appear in the Computers pane of the Deployment Web Console.
405
Computer Configuration Properties

Computer property settings can be viewed, set, and modified when Adding New Computers, Modifying Configuration, or setting up Initial Deployment. Networking Settings TCP/IP Settings NetWare Client Settings Operating System Licensing Settings User Account Settings Set the Windows name of the computer and the Workgroup or Domain settings. Set the TCP/IP addresses for one or more network adapters. Set Novell Directory Services client logon options. Set the registered name and view the hashed installation license key for the installed operating system. Set the local Windows user account values.
Networking Settings
Use the Sysprep utility to generate unique SIDs. This can be done by manually using these utilities or when installing the Deployment Agent. Computer name This is the NetBIOS name for the computer. The name must be unique in the network and is limited to 15 characters. Computer Name box is disabled for multiple computer configurations.
406
Define name range
Create a sequential range of computer names. You can identify a root name and automatically increment its associated number. This option is available when selecting groups of computers. For new computers, set a range of names for multiple new computers: Number of computers. Enter the number of computers to be automatically named. Fixed text. Enter the text portion of the name you want associated with each computer, for example: Marketing. Use Token Select the check box to specify the computer name using tokens. Selecting this option enables Fixed text combo box and disables the Range start, Label, and Append options. Note This option is applicable for multiple computers and not for single computer.Fixed Text: You can select one of the six tokens from the drop-down list. %NAME%- Complete computer name. %NICyMACADDR%- MAC address of the computer with NIC specific number. Selecting this option enables the NIC Number option where you need to specify the NIC number which can range from 1-8. Note The default value for NIC number is 1. %SERIALNUM%- Serial number from SMBIOS. %NODENAME%- First 8 characters of actual computer name. Range start. Enter a numeral to add to the fixed text, for example: Marketing1. Append Select to add the range after the fixed text in the computer name. If you clear this box, the number is added as a prefix to the fixed text.
Microsoft networking
Click Workgroup or Domain and enter the name. Enter either the fully qualified domain name, the DNS domain name, or the WINS domain name. You can enter the fully qualified domain name (example: mjones.yourcompany.com), and specify the organizational unit (OU) using this format: OU/ newOU/users. The complete entry to place the computer in the users OU is the following:
mjones.yourcompany.com/OU/newOU/users internal.myServer.org/New Corporate Computer OU/ Mail Room/Express Mail Servers.
407
TCP/IP Settings
Host name Network adapter The Windows name of the managed computer that is hosting Deployment Server. A list of all network adapters installed in the selected computer. The network adapter with the lowest bus, device, and function number is the first listed (NIC0 - zero based). If the bus, device, and function information cannot be determined for a network adapter, it is enumerated in the order it is detected. When configuring multiple network adapters, ensure that one network adapter is not using an Intel Universal NIC driver (commonly called UNDI driver) to connect to Deployment Server. If one network adapter uses the native driver and one uses an UNDI driver, your computer appears twice in the console. Add. Click the Add icon for additional network adapters installed on the client computer. If a computer in the group has only one network adapter, it is configured only with the IP settings listed first. If IP settings are provided for additional network adapters not present in the computer, they are disregarded. MAC. The MAC address is a unique number assigned to the network adapter by the manufacturer. This is read-only. Domain suffix. Enter this to add domain suffixes to the root address. Use DHCP to obtain IP address. Click to obtain an address from a DHCP server. Assign a static IP address. Click to set static IP address values.
408
Show advanced
Select Advanced to set multiple IP Interfaces. Name. Enter a name for the IP interface. Ensure you use the eth syntax when naming new interfaces, for example: eth0:1 or eth0:new interface. IP Address. Enter or modify the IP address common to all interfaces. Netmask. Enter the appropriate subnet mask. State. The default value of the interface state is Up, which denotes that the named interface is operating. Shut down the named interface by selecting Down.
Click to set named interfaces for this network adapter.
Click the edit icon to modify settings.
Broadcast Address. Enter the Broadcast address for the specified IP interface. Gateway. Click this tab to enter the gateway address for this IP interface. DNS. Click this tab to add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS suffixes (in order): Add the name of the Domain Suffix and use the up and down arrows to set the DNS suffix search order. DNS Suffix. You can enter DNS Suffix and specify DNS Suffix order search also. WINS. Click this tab to add additional WINS settings for this network adapter. You can select one of the three available options; Enable NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, and Use NetBIOS setting from the DHCP Server. Static Routes. Click this tab to enter the router settings information for this IP interface. All the fields, that is, Designation, Netmask, Gateway, Interface, Metric, Flag, Ref, and Use are mandatory.
NetWare Client Settings

Set Novell NetWare client values for a new or existing computer. Select whether you want to log on directly to a NetWare server or to a NetWare tree in Novell Directory Services (NDS). You can specify the preferred tree, server name, and NDS context. Ignore NetWare settings Preferred tree Preferred server Select to disregard all Novell NetWare client settings for this computer. Click and enter the name of the NDS tree. Click and enter the name of the NetWare server, for example: \\OneServer. This is the primary login server for the NetWare client.
409
NDS User name NDS Context Run login scripts
Click and enter the name of the user object for the NetWare client. Click and enter the organizational unit context for the user. Select this option to run the NetWare client login scripts.
Operating System Licensing Settings

Enter or view the license information for your Windows operating system software (Windows 98, 2000, XP, and 2003 Servers). Registered user Organization License key Enter the name of the registered user. Enter the name of the Organization. Enter the alpha-numeric license key. This is the hash value rendered from the OEM key or 25-digit license key required when installing the operating system.
User Account Settings

Set up local user accounts for the newly imaged computer or when running a configuration task. Enter a user name, full name, and password, set standard Windows login options. User name Full name Password Confirm Password Groups The user name for this local Windows user account. The full name for this local Windows user account. The password for this local Windows user account. Retype the password for confirmation. Specify the Windows groups that this user can belong to as a comma-delimited list, for example: Administrators,
Marketing, Management
User must change password at next logon User cannot change password. Password never expires. Select to force the user to change the password after setting the configuration properties.
Prohibit the user from changing their password at any time.
Select to maintain the user password.
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each computer in the Deployment Server system. Deployment Agents are
410
provided for various computer types, including Windows, Linux, DOS, and PPC Handhelds. The following Deployment Agents reside on the client computer and communicates with the Deployment Server. Deployment Agent on Windows Deployment Agent on Linux Automation Agents The Deployment Agent runs on Windows computers, including desktops, notebooks, and servers. This Deployment Agent runs on Linux workstations and server. The Automation Agents boot client computers when the Deployment Server sends a deployment job. Altiris supports DOS, Linux, and Windows PE preboot operating systems. This agent runs on the HP T5000 computer devices running the CE .NET 4.2 operating system. The NS client is an Altiris agent that runs on computers supported by Notification Server. This agent runs on the Deployment Server computer when running Deployment Solution on Notification Server. This agent runs on the Deployment Server computer when running Deployment on Notification Server.
Deployment Agent for CE .NET Notification Server Client
Deployment Server Agent
Install Deployment Agent to add a managed computer

When Deployment Agent is installed on a computer, it searches across the network for a Deployment Server to attach to. When a Deployment Server is located by the Deployment Agent, the client computer is added as a record to the Deployment Database. When the Deployment Agent is running on a computer, the user sees a small icon in the system tray. When the icon is blue, the client computer running the Deployment Agent is connected to the Deployment Solution system. When the Deployment Agent icon is clear, it shows that the client computer is not connected to the Deployment Solution system. The agent may be configured incorrectly, the Deployment Server is down, or other network problems exist.
Automatically update to newer version of Deployment Agent

At times, Altiris may update versions of the Deployment Agent to enhance features. For best performance, it is suggested that all managed computers run the latest version of the Deployment Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server, the managed computers automatically update the Deployment Agent.
Managing Agent Connections

The following utilities are provided for managing transmissions between the Deployment Server and Deployment Agents running on the managed client computers.
411
Reset a Client Connection

Resetting the connection that a managed computer has with the Server simply disconnects and reconnects the computer. This is useful for troubleshooting or if you suspect there is a bad connection. To reset a client connection, right-click a computer and click Advanced > Reset connection. When the computer disconnects, its icon turns gray. The computer should reconnect and its icon color returns to its original active status color.
Reject or Retrieve a Rejected Computer

If a computer you do not want to manage connects to your Deployment Server, you can reject it. This removes the unwanted computer from the Computers pane in the Web Console. Further attempts by the computer to connect are denied. Although the computer is not deleted, any history or schedule information associated with the computer is deleted. 1. 2. 3. Click the computer you want to reject from connecting to the Deployment Server. Select Reject Connection from the Select action drop-down list. Click OK.
View Rejected Computers

You can view the rejected computers by clicking on a Deployment Server, and selecting View Rejected Computers from the Select action drop-down list. The rejected computers are prohibited from being active in the Deployment Database. They are identified and rejected by their MAC address. You can remove computers from the Rejected Computers list by selecting it, and clicking Accept Computer(s) icon from the toolbar. This allows the computer to attach again and be managed by the Deployment Solution system.
Computer Details
View and edit the computer properties and inventory for each managed computer. See Properties (page 412) and Inventory (page 414).
Properties
The following are the general properties of the selected managed computer. General (page 413) Network (page 413) TCP/IP (page 413) Location (page 413) Bay (page 413) Lights-Out (page 414)
412
General
View or change the name of the computer as it appears in the console. View logged in user name, operating system installed, name of the Deployment Server, whether or not an automation partition is installed, version of the Deployment Agent, and other client information.
Network
View Microsoft Networking, Novell Netware settings, and user information for the selected managed client computer.
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the selected computer. Click Change to open the configuration window allowing you to modify settings.
Location
View and edit user-specific properties such as contact name, phone number, e-mail address, department, mail stop, and site name. As the administrator, you can enter this information manually or you can let the user populate this screen using Prompt User for Properties.
Bay
View location information and other properties for Rack / Enclosure / Bay components for high-density and blade servers. Set rules for automatic re-deployment of blade servers based on physical location changes.
Server Deployment Rules

From the Bay property page, you can select rules to govern actions taken when a new blade server is detected in a selected bay. These rules are described below:
Rule
Re-Deploy Computer
Action
Restore a blade server using deployment tasks and configuration settings saved from the previous server blade in the bay. This lets you replace new blades in the bay and automatically run deployment tasks from its deployment history.See Restoring a Computer from its Deployment History on page 88 All deployment tasks in the bay's history are executed starting from the last Distributing Disk Image task or Scripted OS Install task, or from any script (in a Run Script task) with this command: rem deployment start.
Run Predefined Job
The server processes any specified job. Select a job to run automatically when a new server is detected in the bay.
413
Rule
Ignore the Change
Action
This option lets you move blades to different bays without automatically running jobs. The server blade placed in the bay is not identified as a new server and no jobs are initiated. If the server existed in a previous bay, the history and parameters for the server are moved or associated with the new bay. If the server blade is a new server (never before identified), the established process for managing new computers is executed. (default) No job or tasks are performed (the Deployment Agent on the server blade is instructed to wait). The icon on the console changes to reflect that the server is waiting.
Wait for User Interaction
Lights-Out
View information about the remote management hardware installed on the selected computer (most often a server) used to power up, power down and restart the computer remotely, or to check server status. You can also enter the password for the remote management hardware by clicking Password. Note This feature is currently only available for selected HP Integrated Lights Out (ILO) and Remote Insight Lights-Out Edition (RILOE) features.
Inventory
The following are the inventory details of the selected managed computer. Hardware (page 414) Drives (page 414) Applications (page 414) Services (page 415) Devices (page 415)
Hardware
View processor make and type, processor count, RAM installed on the computer, display configuration, manufacturer, model, product name, MAC address of each network adapter installed, serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and configured.
Drives
View information about each drive on the computer. If you have multiple drives, you can select a drive from the list box to view its settings, such as capacity, serial number, file system, volume label, and number of drives installed.
Applications
View the applications that are installed on the computer, including description, publisher, version number, product ID, and systems components.
414
Services
View the services installed on the computer as well a description, start type, and path for each service.
Devices
View the devices installed on the computer, including display adapters, disk drives, ports, storage volumes, keyboards, and other system devices.
Remote Operations
After selecting a specific computer device, click the Computer actions drop-down list and select a remote operation to perform on the selected computer. This menu provides a variety of commands to remotely manage all computers in your site or network segment. Configure Set network and local configuration properties for each computer, including computer name, IP address, domains, Active Directory context. See Computer Configuration Properties (page 406). Select a computer and image its hard disk. This creates and stores the image to distribute now or later. To run a disk image job you must have have an Automation Partition installed on the client computer. You can also manually boot a client computer using bootable media created in Boot Disk Creator, or create a boot menu option in PXE Server. When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Image Jobs folder. The job name has a generic format of Create Image: <computer name>. Copy File to Copy selected files, directories, or entire directory structures and send them to the selected computer(s). See Copy File (page 437). Type and run commands remotely. Send a command from the Deployment console as if you were entering a command from the command-line prompt. View a history of deployment tasks. Click Save to save the deployment history to a file or click Delete to delete the history. To manage unwanted client computers from attaching to the Deployment Server, use the Reject Connection computer action to remove the client's MAC address and other information from the Deployment database. If the client tries to connect to the server, the MAC address cannot be found and the client-server connection is rejected. See Reject Client Computer Connections (page 372).
Quick Disk Image
Run command
History Reject Connection
415
Wake Up
The Wake Up feature is hardware-dependent and is only available for inactive computers. Select this command to start a computer that has been turned off. Your operating system and network adapter must be capable of recognizing and processing the wake-on-lan packets. Nonembedded network adapters must be properly configured.
Restart
Click to reboot the selected managed computer. Select Force Applications to close without a message box to restart immediately without prompting the user. Click to shut down the selected managed computer. Select Force Applications to close without a message box to shut down immediately without prompting the user. Click to log off of the selected managed computer. Select Force Applications to close without a message box to log off immediately. Clear computer status as shown in the Status field on the Details page. Query for computer location and user information. This feature sends a form to the user to fill out and writes it directly to the database, appearing in the Location properties for the selected computer. If the user changes the computer name, the name in the Computers pane of the Deployment console also changes. These settings are stored directly to the Deployment Database.
Shut down
Log off
Clear Status Prompt User for Properties
Install Automation Partition Get Inventory
Click Install Automation Partition from the drop-down list, and select a pre-boot operating system for the automation partition. You can select DOS, Linux, or Windows as the preboot operating system. Update property settings for a selected computer. These inventory settings can be viewed in Computer Details (page 412). Select it to ensure you have the latest inventory of the computer. Apply a permanent license if a client computer is using a timelimited license or requires an updated license. Assign the computer or group a new name in the console. Delete a computer, a computer group, or any combination of computers and groups from the database. Select Change Production Agent Settings to modify the production agent settings. See Production Agent Settings (page 375). Select Change Automation Agent Settings to modify the automation agent settings. See Automation Agent Settings (page 379). Click to move the selected computer to a new group.
Apply Regular License Rename Delete Change Production Agent Settings Change Automation Agent Settings Move to Group
416

Enter a search string in the Find field to query database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. In the Find field type all or part of the computers property values you would like to search for: Name Computer Name MAC Address IP Address ID Serial Number Asset Tag UUID Registered User Product Key Logged On User Physical Bay Name BIOS name of the computer. Deployment Solution name of the computer. 0080C6E983E8, for example. 192.168.1.1, for example. The computer ID. 5000001, for example. Serial number installed in BIOS. A primary lookup key. Asset number in BIOS. A primary lookup key. A primary lookup key. Name entered when the operating system was installed. Product Key for the operating system. Name of user currently at the computer. The actual bay number: 7x, for example.
A list of computers meeting the search filter requirements is listed in the Details pane. This search is not case-sensitive and allows wildcard searches using the *.
Creating a Computer Group Filter

For Computer Filters, this dialog lists all computers in a group according to a specified criteria. Example: you can create a filter to view all computers in a particular group that have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter, you can view all computers with that criteria in the Details pane of the Deployment Server Console.
Click a computer group in the Computers pane. The Filter feature appears in the Details pane for the selected computer group. Click Setup to add new filters, or modify and delete existing computer filters.
To create or modify a computer filter

1. 2. Click any computer group. In the Details pane, you can view Filter by on the toolbar. Click Add Filter icon from the toolbar to create a new filter.
417
3.
Type a name for the filter in the Filter Name box, and click Edit Filter Name. By default, the filter name is Filter N, where N is a sequentially generated numerical.
4. 5.
Click New Filter Item in the Filter Definition area. Define the conditions you want to filter. Click the Field box to see a list of computer values stored in the Deployment Database. Select a computer value and set the appropriate operation from the Filter list. In the Value box enter an appropriate value for the selected database field. Example: You might choose Computer Name as the Field, Contains as the Filter, and Sales as the Value.
6.
Repeat steps 4 and 5 to add more conditions. Click OK.
See also Find a Computer in the Database (page 417).
418
Scheduling Jobs from the Deployment Web Console

A job represents a collection of predefined or custom deployment tasks that are scheduled and executed remotely on selected managed client computers. You can build jobs with tasks to automatically create and deploy hard disk images, back up and distribute software or personality settings, add printers, configure computer settings, and perform all aspects of IT administration. Jobs can be run immediately for a specific computer, or stored and scheduled for daily or long-term administrative duties on multiple computer groups.
Job icons appear in the Jobs pane of the Deployment Web Console. To run a job, select a job and select a computer or computer group from the Computers pane. Select the Schedule Job(s) option from the Select action drop-down list.
The Job Scheduling Wizard (page 422) guides you through common deployment and management jobs. It provides three easy steps to select computers, select a job, and schedule the job to run. Jobs include one or more Deployment Tasks (page 423). You build jobs by adding tasks to a job and customizing the task for your specific needs. You can add tasks to capture and distribute images, software packages, and personality settings. Or you can write and run a script task, or run scripted installs, configure settings, copy files and back up registry settings. You can also modify existing jobs by adding, modifying, or deleting tasks to fit your needs. See Building New Jobs (page 420). Set conditions on jobs to run only on computers with properties that match the criteria you specify. You can build one job to run on different computer types for different needs, and avoid mistakes by ensuring that the right job runs on the right managed computer. Initial Deployment lets you run predefined jobs and configuration tasks on new computers when they start up. You can automatically deploy new computers by imaging and configuring TCP/IP, SIDs, and other network settings and installing basic software packages. See Initial Deployment (page 442). Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs pane. You can run many sample jobs as they are, or you can set environmental variables and run.
Viewing Job Details

As jobs are assigned, scheduled and executed, it is helpful to know specific details about their status and assignments. The Deployment Console provides job icons to show state and status of the job in the Details pane, including:
419
Job status icons that update to display the state of the job in running deployment tasks. These icons are graphical symbols in the Deployment console used to identify the status of an assigned job.
Indicates that a job is scheduled to run on a computer or computer group.
Indicates that a job is in progress.
In the Details pane, indicates that a job has executed successfully.
Indicates that a job is associated with a computer or group of computers but is not scheduled. Indicates error conditions when individual tasks run.
A description of the job, if available. If a job defines error conditions when individual tasks run, the Status field displays any errors incurred and the tasks that completed successfully. View all jobs, failed jobs, pending jobs, jobs not scheduled, scheduled jobs, and successful jobs from the Details pane. Job Schedule details. This is the job's run time, beginning when the job started and ending when it completed successfully. Currently applied conditions. You can add conditions to different task sets for different computer properties within a job. Conditions specify characteristics that a computer must have before the job is run. A list of tasks assigned to the job and task descriptions also appear. Change the order of the task execution with the arrows. Tasks are executed in the order they are listed. See Deployment Tasks (page 423). Features to add, modify, and delete tasks for each job. A list of assigned computers and its deployment history.
Building New Jobs

A job can be a single task to distribute software or change computer property settings, or a job can be a series of tasks sequenced to migrate hard disk images, set postinstallation TCP/IP and SID values, and install software packages and personality settings.
420
Create a new job by selecting the New Job command from the dropdown list in the Jobs pane. You can add tasks and create condition sets in the Details pane.
Create and build jobs by adding tasks and setting conditions to run the job. 1. 2. 3. Click a Deployment Server in the Jobs pane. The job is created in the selected Deployment Server system and saved to the shared folder in its Deployment Share. Select the New job action from the list in the Jobs pane. The Job Details page appears. Enter information for the new job: Job name: Enter a unique name for the job and click the apply icon Description. Enter a description for the job and click the apply icon 4. . .
At Condition sets, select a previously created condition set from the list to run the job only on managed computers meeting specified criteria. Click the expand in the Conditions area to create a new condition set. Note The Tasks area is not enabled when the Conditions area is expanded.
5. 6.
In the Tasks area, click the New icon information and the condition set.
. A secondary page displays job
In the Task type field, select from the list of tasks to add to the job. The configuration page for the selected job appears. Enter the configuration information for each job and click OK. See Deployment Tasks (page 423). Repeat steps 5 and 6 to add more tasks to the job. From the Job Details page, set the order of Tasks to run in the job. After creating and building a job, click the Job Actions list and select Schedule job or another option. Delete Job. Select to eliminate the job. Schedule Job. Select to schedule the job to run immediately or at another time. If no computers are selected, the Computers page appears to select a computer or computer group. The Job Scheduling page appears. Move Job. Select to move the job to another folder.
7. 8. 9.
10. Schedule the job to run immediately or at another time. If no computers are selected, the Computers page appears to select a computer or computer group. The Job Scheduling page appears. After scheduling a job, the selected computers assigned to the job appears in the Scheduled computers list box.
421
Job Scheduling Wizard

The Job Scheduling Wizard provides features to assign jobs to selected computers and computer groups, and schedule to run.
Select Computers
1. Click a Deployment Server group and select individual computers or computer groups. If you are running Deployment from the Altiris Console, you can select by defined computer collections in the Altiris Console Collections. See Managing Computers from the Deployment Web Console (page 398). Click Next.
2.
Select a Job
1. 2. Select a job in the left pane to assign to the selected computers. Select a predefined condition to run the job in the Conditions list. Click Next.
Schedule Job
1. 2. Set scheduling options. See Scheduling Jobs (page 422). Click Close.
Scheduling Jobs
After a job has been created, assign it to computers or computer groups. Click Run Now or Schedule to schedule the job to run immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected from the Jobs pane of the Deployment Web Console are scheduled in the order they were selected, even across multiple Deployment Servers. Note When a software package or deployment job is scheduled to run on client computers, e the Altiris Client Service Message dialog appears, warning them that a job is about to execute. If a user clicks Abort when the message appears, an event is logged to the client's history so that Deployment Solution administrators know when users abort a scheduled event.
To schedule a job
From the Schedule Job page, select the appropriate options: Assign but do not schedule or run. This option lets you apply jobs to computers but does not run the job until you return to the Schedule Job dialog and set a run time. Run immediately. This option lets you run the job now. Schedule to run at a later time. This option lets you type the date and time to run the job at a specified time and date. When you select this option, Date and Time fields are enabled to specify a time and date to repeat.
422
Repeat this job every x. A job can be scheduled to execute by minute(s), day(s), hour(s), week(s). Defer this job up to x. A job can be deferred when the server is busy executing other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to five minutes. Schedule in batches of x computers at y minute intervals. This option lets you schedule computers in batches to maximize efficiency. Click OK.
Deployment Tasks
A task is a subordinate action of a job. After creating a job, you can add tasks to perform basic operations, including: Create Disk Image. Create a disk image from a reference computer and save the image file (IMG or EXE files) for later distribution. See Creating a Disk Image (page 424). Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or create a disk image from a reference computer on the network and simultaneously distribute it (IMG or EXE) to other managed computers on the network. See Distributing Disk Image (page 426). Distribute Software. Distribute RIPs, MSI files, scripts, personality settings and other package files to computers or groups. See Distributing Software (page 429). Capture Personality. Capture the personality settings of a selected computer on the network using the PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing Personality Settings (page 432). Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid Altiris packages and assign passwords and command-line switches to Personality Packages. See Distributing Personality Settings (page 433). Change Configuration. Modify the IP address, computer and user name, domains and Active Directory organizational units, and other network information and computer properties. See Modifying Configuration (page 434). Get Inventory. This lets you gather inventory information from client computers to ensure that the Deployment database is up-to-date with the latest computer properties information. See Get Inventory (page 435). Back up Registry Files. Back up an individual registry file for a selected computer and save it to a selected directory. See Backing up and Restoring Registry Files (page 434). Restore Registry Files. Restore registry settings previously saved for a selected computer. This lets you recover from a hard disk crash or other disaster. See Backing up and Restoring Registry Files (page 434). Run Script. Create custom commands using scripts to perform jobs outside the bounds of the pre configured tasks. Use the Run Script dialog to select or define a script file to run on specified computers or groups. See Run Script (page 435). Copy File to. Copy a file from the Deployment Share or another source computer to a destination computer. See Copy File (page 437).
423
Shutdown/Restart. Perform power control options to restart, shutdown, power off, and log off. See Power Control (page 438). Tasks are listed for each job in the task list box. Each task executes according to its order in the list. You can change the order using the up and down arrow keys.
Creating a Disk Image

When you create an image of a client computers hard disk, it is saved to the Deployment Share (by default) as an .img or .exe file. Imaging deployment jobs require that the client computer boot to automation. PXE-enabled client computers can boot to automation from the PXE Server. Other methods of booting to automation include installing an embedded or hidden automation partition, or manually booting a computer using bootable media, created with Boot Disk Creator. See Boot Disk Creator Help, and PXE Configuration Utility Help.
To create a Disk Image

1. Enter the path and file name to store the image file. You can store image files to access later when a managed computer is assigned a job that includes the image file. The default file name extension is IMG. Saving image files with an EXE extension makes them self-extracting executable files (it adds the run-time version of RapiDeploy in the file). 2. Click Local image store if you want to store the image file locally on the client computer's hard drive. Enter the path relative to the managed computer (example: c:\myimage.img). This is optional. When you store an image locally on a computer instead of a file server, you save server disk space and reduce network traffic. If you are imaging multiple computers or image computers frequently, there it is advisable to store images locally. Prerequisite: Ensure you have an embedded (recommended) or hidden automation partition installed on the computers hard disk with enough disk space to save the images you want to store. Note When imaging computers where labs are cached, do not use the option to remove the automation partition unless you want to clear the lab from the computer. 3. 4. Enter an image description (optional) in the Description field to help identify the image. Select Prepare using Sysprep to use sysprep to prepare system for imaging. Click Advanced Sysprep Settings. See Advanced Sysprep Settings for Creating a Disk Image (page 425) Select the operating system from the Operating System drop-down list. Note Click Add new to go to the Sysprep Settings dialog and select the OS Information. 6. Select the product key from the Product Key drop-down list.
5.
424
7.
Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/Windows PE/Linux) drop-down list to perform the Create Disk Image task in selected pre-boot environment. By default, the DOSManaged Boot Option type is selected. (Optional) Click Advanced to select Media Spanning and additional options. See Create Disk Image Advanced on page 425. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
8. 9.
10. Click OK. The task appears in the Task list for the job. Tip If an imaging Job fails on a managed computer, the Deployment agent configuration screen appears on the client. This screen displays a prompt to confirm if the user wants to configure the client or restore the original settings. Select Cancel > Restore Original Settings on the client screen. See also Deployment Tasks (page 423).
Advanced Sysprep Settings for Creating a Disk Image

Click Advanced Settings to open the Advanced Sysprep Settings dialog. You can use the Advanced Sysprep Settings dialog to specify Sysprep mass storage device support. By default, the Enable mass storage device support using built-in drivers option is selected. Disable mass storage device support. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = No. Enable mass storage device support using built-in drivers. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = Yes. Enable mass storage device support using the following: When this option is selected, the Sysprep.inf file contains the section [SysprepMassStorage] and is appended by contents of the file mentioned in the Mass storage section file field. You can also copy the drivers directory mentioned in the Mass storage drivers field.
Create Disk Image Advanced

RDeploy Options Graphical Mode (RDeploy). Click this option if you want to choose the imaging executable as RDeploy. Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT. Text Mode or RDeployT is the default choice. Media Spanning Maximum file size. The Maximum file size supported is 2 GB. To save an image larger than 2 GB, Deployment Server automatically breaks it into separate files regardless of your storage capacity. From the Maximum file size list, select a media type. Specify ___ MB. If the preferred type is not on the list, enter the file size you want in the field.
425
Additional Options Do not boot to Windows. Select this option to create an image of the hard disk while booted to DOS without first booting to Windows to save network settings (TCP/IP settings, SID, computer name, and so on). If you select this option, these network settings cannot be reapplied to the computer after the imaging task, resulting in network conflicts when the computer starts up. Note This check box should be selected when imaging Linux computers. Compression. Compressing an image is a trade-off between size and speed. Uncompressed images are faster to create, but use more disk space. Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to create a larger compressed image file with a faster imaging time. The default setting is Balanced for Size and Speed. Command-line switches. You can add command-line switches specifically for the RapiDeploy program to execute imaging tasks. See the Altiris RapiDeploy Product Guide located in the Docs folder in the Deployment Share.
Distributing Disk Image

Distribute an image (.img) or executable (.exe) file to managed computers to set down a previously created hard disk image. 1. Click Select a disk image file to select a stored image file. This lets you set down a new image file from a previously imaged computer. This is a common method to distribute an image file. If you want to image a source computer on the network, click Select a computer on the network. Enter the name and location of the source computer to create an image and distribute the newly created image file. This is optional. This option saves an image of a selected computers hard disk in its current state each time the job executes. You can schedule the job to image a specified computer every time it runs, allowing the image to be updated each time. Note Network mapping must exist on the source computer before imaging. UNC paths are not supported in DOS. 3. Select Local image store if you saved the image file on the client computers hard drive. With local image store, the image file is stored on a partition on the computer being imaged. The server cannot validate the image when a local image store is used. This is optional. Select Prepare using Sysprep to use sysprep to prepare system for imaging. Click Advanced Sysprep Settings. See Advanced Sysprep Settings for Distributing a Disk Image (page 427). Select the operating system from the Operating System drop-down list. Note Click Add new to go to the Sysprep Settings dialog and select the OS Information.
2.
4.
5.
426
6. 7.
Select the product key from the Product Key drop-down list. Click Automatically perform configuration task after completing this imaging task to reboot the computer and push down the configuration settings to the newly imaged computer. This is optional. By default, the DOSManaged Boot Option type is selected. Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/Windows PE/Linux) drop-down list to perform the Distribute Disk Image task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. Click Advanced to resize partitions and set additional options. See Distribute Disk ImageResizing (page 427) and Distribute Disk ImageAdditional Options (page 428).
8.
9.
10. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). 11. Click OK. See also Deployment Tasks (page 423).
Advanced Sysprep Settings for Distributing a Disk Image

Click Advanced Settings to open the Advanced Sysprep Settings dialog. You can generate the Sysprep.inf file for the Distribute Disk Image task, depending on the option selected in the Advanced Sysprep Settings dialog. Use default answer file. When this option is selected, the Deployment Server generates the Sysprep.inf file depending on the data present in the database. Use the following answer file. When this option is selected, the Deployment Server picks up the contents of the file mentioned in the Sysprep answer file textbox and prepares the Sysprep.inf file.
Distribute Disk ImageResizing

By default, whenever you deploy an image, you have the option to resize the partition to take advantage of the available disk space. Drive Size gives you information about the size of the image, so you can determine if you need to change partition sizes. Minimum indicates the amount of space the image usees on the target computers. Original indicates the image source disk size. Fixed Size. Select this option and enter the desired partition size. Percentage. Select this option and enter the percentage of free space you want the partition to occupy. Min. View the minimum size of the partition. Max. View the maximum size of the partition. Note FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can be sized smaller than the minimum value). HP partitions remain a fixed size.
427
Distribute Disk ImageAdditional Options

This option lets you specify operations for existing automation and OEM disk partitions. The options are as follows: Leave the partition as it is Remove the automation partition Replace the existing partitions RDeploy Options: Graphical Mode (RDeploy). Click this option if you want to choose the imaging executable as RDeploy. Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT. Text Mode or RDeployT is the default choice. Automation Partition:
Leave the client's existing Automation partition as it is. If the image file contains no automation partition information, by default, this option is selected. The Automation partion remains unchanged when distributing disk images. Delete the client's Automation partition [-nobw]. Select this option if you want to delete the existing Automation partition from client computers. Replace the client's existing Automation partition from the image file [-forcebw]. Select this option
if you want to replace the existing Automation partition on the client computer with the Automation partition from the image file. OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition information, by default, this option is selected. The OEM partion remains unchanged when distributing disk images. Delete the client's OEM partition [-nooem]. Select this option if you want to delete the existing
OEM partition from client computers.

Replace the client's existing OEM partition from the image file [-forceoem]. Select this option if
you want to replace the existing OEM partitions on the client computer with the OEM partition from the image file.
Additional Command-line switches. You can add command-line switches specifically for the
RapiDeploy program that runs imaging tasks. See the Altiris RapiDeploy Product Guide located in the Docs folder of the Deployment Share. Note The checkdisk command-line option should not be used from a Deployment console, because the post-configuration task fails after an image restore. See also Deployment Tasks (page 423).
Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives)

Deployment Solution supports imaging clients from bootable USB Disk on Key (DOK) devices.
428
To image computers from USB Disk on Key Devices

1. 2. 3. 4. 5. 6. 7. Format the USB DOK using HPs USB Disk Storage Format tool as FAT and make it a DOS startup disk. In Boot Disk Creator, create a new automation boot disk while creating a new configuration. Select Bootable disk-Removable disk to install on the USB Disk on Key. Copy HIMEM.SYS to the device. Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment Server\RDeploy\DOS directory to the device. Copy the <Filename>.img file to the device. Create an Autoexec.bat with the script and command-line option, rdeployt -md -
fc:\IMAGE.img -d2
Note The -d2 switch is the most important part of the script, as it specifies the flash drive. 8. Create a Config.sys with the following:
DEVICE=C:\HIMEM.SYS switches = /f DOS=HIGH,UMB SHELL=command.com /p /E:1024 BUFFERS=20 FILES=20 STACKS=0,0 FCBS=1,0 LASTDRIVE=Z
9. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and images correctly.
Send MSI, CAB, EXE, and other package files to selected computers or computer groups, including EBS, and RPM files for Linux computers. This task identifies valid Altiris packages and assigns passwords and command-line switches. 1. Enter the name and location of the package to distribute in the Name field. Note Information about the package appears in the Title area for valid packages. If no description appears, the file is not a RIP or a Personality Package.
2.
To distribute Software Delivery Packages, click
429
Note The Import Software Delivery Packages option is enabled only if the Notification Server is installed on the Deployment server computer. A dialog appears containing a list of all available Software Delivery packages and programs. 3. Select the Software Delivery package from the Software Delivery Packages dropdown list. After you select the package, all available programs for that package are listed in the Software Delivery Programs drop-down list. Select the required program from the Software Delivery Programs drop-down list. Select Package distribution options. Select Run in quiet mode to install the package without user interaction. Select Apply to all users to run the package for all users with accounts on the computer. If sending the package to a managed computer with multiple users and if you only want it installed for certain users with a unique password, clear the Apply to all users box. If distributing an install package or other types of packages with associated support files, you can select Copy all folder files to install all peer files in the directory. Select Copy sub folders to distribute peer files in the directory and all files in associated subdirectories. Note Some clients may have software installed on the client computer that, for protection against harmful software, only allows software programs on a list of well-known executable to run. Therefore, whenever the system administrator wanted to install a patch on client computers, he or she would have to update the well-known-executable list on all the client computers, which could be a lot of work. To save the work of updating that list, or of manually renaming distribution packages, the RenameDistPkg feature was added. Now, the system administrator may update the well-known-executable list once with a filename of their choosing. The well-known filename may be entered into the Windows registry of the Deployment Server computer (the computer running axengine.exe), as the Value data of a string value named RenameDistPkg under the HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options key. If the RenameDistPkg registry entry is set, Deployment Server renames installation files that are copied to the client computers. This feature only affects files that are temporarily copied to the client computer as part of a Distribute Software task. The file that is to be executed only during the installation, sometimes referred to as the package, is the file that gets renamed, not the files that actually get installed to various locations on the target computer. If the Copy all folder files option is enabled, only the main (installable) file is renamed. 5. 6. For RIPs, if you set the Package password option when you created the RIP, you must enter the password for the package to run. Add values to the Command-line switches field, for example:
4.
430
-cu:JDoe;TMaya;Domain\BLee
Note The command-line switches are specific to any package you are distributing that supports command-line options, such as RIPs and Personality Packages. For a complete list of command-line switches, see the Wise MSI Editor and the Altiris PC Transplant Pro Product Guide. 7. Click Advanced to specify how files are distributed to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Software-Advanced on page 431. Click Next. Set Return Codes. See Setting Up Return Codes (page 440). This is optional. Click OK.
8. 9.
Notes When a RIP or Personality Package is executed through Deployment Server, the quiet mode command-line switch is applied. This means the user cannot interact with the user interface on the managed computer. If the Personality Package is configured to run only if a particular user is logged in and only if the user has an account on the managed computer, the package runs the next time that user logs in. If the user does not have an account, the package aborts and sends an error back to the console via the Deployment Agent. If the package is not run through Deployment Server, a message appears on the managed computer and the user is prompted to abort or continue.
Distribute Software-Advanced
Copy files using Deployment Server. Click this option to distribute packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. This option is run for Simple installs and is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share if this data store is located on another server (a custom install). It copies the file and runs it, avoiding running through Deployment Server and diminishing processor output. Run directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying.
431
Capturing Personality Settings

The Capture Personality task lets you save personal display and user interface settings defined in the operating system for each user. You create a Personality Package that can be saved and distributed when migrating users. This task runs Altiris PC Transplant from the console to capture and distribute settings. 1. In Personality template file, enter the name of a personality template. A default personality template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). In Store package in folder, enter the name of the folder where you want to save the personality package. In User account and folder login, enter the login credentials for the managed computer from which the personality settings are to be captured, and the file server where the Personality Package is to be stored. In Package login, enter a password for the Personality Package. This is a run time password that is required when the Personality Package runs on the destination computer. Click Advanced to specify additional features. See Capture Personality-Advanced (page 432). Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
2. 3.
4.
5. 6. 7.
Notes To capture a personality on a Windows 98 computer, ensure that all users have Write access to the Deployment Server share (by default at C: Program Files\Altiris\eXpress\Deployment Server in a Simple install). Also, ensure that the User account and folder login boxes are blank. A user must also be logged on at the client computer to capture the client profiles. An error is returned if you attempt to capture personality settings on Windows 98 computers that are not authenticated. We recommend that you don't capture personalities for mixed groups of Windows 98 and Windows 2000/XP/2003 computers. Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers to ensure that the appropriate Capture Personality task runs on the appropriate computers.
Capture Personality-Advanced
Domain users. Select this option to capture personality settings for all domain users on the computer. Local users. Select this option to capture personality settings for all local users on the computer. Custom. Specify users or groups to capture personality settings. Select the Custom check box and enter the Users or Groups you want to capture personality settings. Also, instead of specifying names, you can also select users that have been either created or last accessed in a specified number of days. Use condition. Set conditions for personality files that were accessed (a user logged on) or created (a personality package created) in the past defined days or months.
432
Command-line switches. You can add command-line switches specifically for the PC Transplant program that migrates personality settings. See the Altiris PC Transplant Guide in the docs folder of the Deployment Share.
Distributing Personality Settings

The Distribute Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can distribute Personality Packages to migrate personality settings. This task runs Altiris PC Transplant from the console to capture and distribute settings. 1. In the Name box, enter the file name and location of the PCT file. Note Information about the Personality Package appears in the Title area for valid Personality Packages (PCT files). If no description appears, the file is not a valid package. 2. 3. Select Run in quiet mode to install the package without viewing the PC Transplant screens. Specify the users to associate with the Personality Package. Click Apply to all users to run the package for all users with accounts on the specified computer. If sending the package to a managed computer with multiple users and if you only want it installed for certain users with a unique password, clear the Apply to all users box. Example: to install a Personality Packages for a specific user accounts on a computer, add values to the Command-line switches field:
-user: JDoe; TMaya; BLee

Note The command-line switches are specifically for Personality Packages. For a complete list of command-line switches, see the Altiris PC Transplant Pro Product Guide. 4. 5. 6. In the Package Password box, type the password set for the PCT file when created. Enter command-line parameters in the Command-line switches field. Click Advanced to specify how Personality Packages are copied to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share, or from another file server. See Distribute Personality Advanced (page 434). Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
7. 8.
For more information about capturing a computer's personality settings, see the Altiris PC Transplant Pro Product Guide.
433
Distribute Personality Advanced

Copy files using Deployment Server. Click this option to distribute software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file and runs it and avoids running through Deployment Server and diminishing processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. Run directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the Modify Configuration task. The Deployment Agent updates the property settings and restart the computer for changes to take effect. 1. Enter or edit the property settings in the Modify Configuration page. Click a tab to set additional values for each property setting group. See Computer Configuration Properties (page 406). Select the Reboot after Configuration check box to restart client computer after the configuration changes are complete. By Default, the Reboot after configuration check box is selected. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
2.
3. 4.
Backing up and Restoring Registry Files

Copy registry files of selected computers using the Back up Registry task and save the registry file settings to a selected directory. You can also create a Restore Registry task to copy the registry settings to a managed computer. 1. In the Folder field, enter the directory path to back up or restore registry files. The default is to create a RegFiles folder in the Deployment Share. All computers with registry files in this folder appear in a list. Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOS Managed boot menu option type is selected. Click Advanced if Windows was installed on client computers in a directory other than the default path. Enter the correct path to the root of the Windows directory.
2.
3.
434
4.
Select Include registry information for all users to back up registry keys for all user accounts. Note If you clear this check box, only the Administrator and Guest user accounts are backed up or restored.
5. 6.
Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that the Deployment database is up-to-date with the latest computer properties information. The status of the task shows Received Inventory and Received Inventory in the Scheduled Details pane below the task list on the Jobs page. 1. 2. 3. Click one of the jobs in the Jobs pane Click the New Task icon, and select Get Inventory from the Task type drop-down list. Click OK.
Run Script
Select an existing script or write a new script file to run on selected managed client computers. 1. 2. 3. 4. 5. 6. 7. If you have a script file defined, click Run script from file and browse from the folder icon to select the file. You can now modify the script in the edit box. To create a new script, click Run this script. Type the script in the provided text box. Click Import to import the scripts from a text file. In the Choose the script operating system area, select Windows, DOS, or Linux as the operating system for running the specified script. Click Advanced to provide the advanced details. See Advanced Run Script Options (page 436). Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
Notes When a computer is in Automation mode using the DOS Automation Agent, it does not see DOS partitions. To run a script from Automation, use FIRM (File-system Independent Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive. Deployment Server assumes a return code of zero (0) as a successful script execution. Some programs return a code of one (1) to denote a successful script execution. If a program returns a one (1), you see an error message at the Deployment console even though the script ran correctly. To modify the return codes, you can edit the script file to return a code that the console interprets correctly.
435
Advanced Run Script Options

Select advanced options for running the script such as location of the script and running environment. Script Run Location On the client computer. The option runs the script on the managed computer to which you assign the job. Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of the managed computer. In most cases you can create a serverside script task that runs in context with other tasks. Example: you can add a task to image a computer and add a task to execute a server-side script to post the imaging return codes to a log file stored on the Deployment Server computer. Use the -id switch for running scripts on Deployment Server when using the WLogEvent and LogEvent utilities. Note Scripts requiring user intervention do not execute using this feature. The script runs on the Deployment Server of the managed computer, but is not visible. Example: if you run a DOS command locally on the Deployment Server, the Command Prompt window does not open on the Deployment Server computer when the script executes. When running the script on the Deployment Server, it executes specifically for the assigned managed computer. Example: if you create a job with a script to run locally on the Deployment Server and assign the job to 500 computers, the script runs on the Deployment Server 500 times. Client Run Environment Select the environment for your client. You can run in either production or automation mode. Production - Client-installed OS (Windows/Linux). Click this option to run the script in a Windows or Linux production environment. Security Context - (Windows only) Default (local system account). Use Windows authentication to authorize a users account name and domain information to manage client computer.s Enter user name and password. Enter a name and valid password for the user to manage client computers. Script options (Windows/Linux) Script Window. This determines how you want the Script Window to appear when the script runs. Select Minimized, Normal, Maximized, or Hidden from the dropdown list. Additional command-line switches. Enter any commands you want to execute when the script runs in Windows or Linux. Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the automation environment. Select a pre-boot automation environment from the drop-down list. If you select Linux as the operating system type, the Locally on the Deployment Server option is disabled and only the Additional command-line switches under the Production Client installed OS(Windows/Linux) is enabled.
436
If you select DOS as the operating system type, the Locally on the Deployment Server option and the Production - Client-installed OS (Windows/Linux) option is disabled. Example Script The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful completion. Here is an example of the file that is modified to return a code of 0 (which is the success code recognized by the Altiris Console and utilities). You can make similar changes to your script files as needed.
CONVERT /FS:NTFS if ERRORLEVEL 1 goto success goto failure :success set ERRORLEVEL = 0 goto end :failure echo Failed set ERRORLEVEL = 1 goto end :end
Copy File
Copy all types of files to managed computers. You can send selected files or directories to a computer or computer group. 1. 2. Click either the Copy file or Copy folder option. Click Copy sub folders to copy all subdirectories. Enter the directory path and name of the file or directory. The Source path defaults to the Deployment Share, but you can type or browse to another file or directory. To copy files or directories through Deployment Server from the Deployment Share, you can enter a relative path in this field. To copy files or directories directly from the Deployment Share to the managed computer, you must enter the full UNC path name (see Copy File Advanced on page 438 features). Note When entering the source path for copying files through the Deployment Server, you can only access the shared directories through an established user account. Specifically, you can only use UNC paths when you have sufficient authentication rights established. 3. Type the destination path. The Destination field automatically enters a sample path, but you can enter the directory path you require. If the destination path does not exist on the destination computer it is created. Click Advanced to specify additional features to copy files through Deployment Server or directly from a file server. See Copy File Advanced (page 438).
4.
437
5. 6.
Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
Using Location Variables

Location variables are being added to Deployment Server for the Copy Files feature, allowing you to enter a token variable rather than requiring a complete location path when copying files to a managed computer (a client computer running the Deployment Agent). The current variables include: Temp. Enter Temp in the Destination path to set the Temp directory (identified in the system path) for the managed computer. Example: instead of entering C:\windows\temp\setup.exe in the Destination path, just enter temp:setup.exe.
Copy File Advanced

Select options to copy files directly from the Deployment Share. This option is for files stored on another network server in a distributed Deployment Server installation. Copy files using Deployment Server. This option distributes software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. You can use a relative path name entered in the Source Path box in the Copy Files dialog. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file directly to avoid running through Deployment Server and diminishing processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. File source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying.
Power Control
Start the computer using Wake-on-LAN or run standard power control options to restart the computer, shut down, or log off the current user. 1. Select a power control option: Restart, Shut down (if available), Log off, or Wake up (send Wake-On-LAN). 2. Select the Force applications to close without prompting check box to force applications to close without saving unsaved data,.
438
If you use this option, any unsaved data in open applications is lost. If you do not use this option, open applications with unsaved data do not close until the user chooses to save or not save the data. As a result, the managed computer cannot complete the selected power option until the user makes a selection. 3. 4. Click OK. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
Copy Jobs and Job Folders

Jobs or job folders (including their subfolders) can be copied to any other job folder in the treeview of the Jobs pane of the Web Console. A Job folder can only be copied to a root level folder, which has a limit of 30 subfolders, and cannot be copied to a child level folder. If you copy a job or folder with the same name as the destination job or folder, the copied job or folder is automatically named Copy of <job or folder name>. This feature can only be performed by administrators or users who have been granted permissions to create jobs, or job folders.
To copy jobs and job folders

1. 2. 3. In the Jobs pane, click a job or job folder. Click the Job Actions drop-down list, and select Copy job/folder. In the Select a folder dialog, select a destination job folder, and click OK.
Importing and Exporting Jobs

If you have several Deployment Servers in your environment, this feature lets you Import (restore) and Export (back up) job folders, so you can move data from one Deployment Server to another. Administrators and users, who have been granted privileges, do not have to go to the Deployment Console to perform these functions.
To import jobs
1. 2. 3. 4. From the Deployment Web Console, click a job or job folder in the Jobs pane. Click the Job Actions drop-down list, and select Backup/Restore job. The Backup Job Restore Job dialog appears. By default the Backup Job(s) option is selected. Click the Restore Job(s) option. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field, or browse to the file you want to import. The file must be a valid .bin file or have been created with a current version of the database schema. By default the job or job folder name you selected in the Jobs pane appears in the Restoring to selected folder field. If you did not specify a job or job folder, the Deployment Server imports the file at the root level in the Jobs pane. Select the Overwrite existing Jobs and Folders with the same name check box to replace jobs and folders with the imported data. Select the Delete existing Jobs in folder check box to delete all the jobs in the folder you selected. The folder is populated with the jobs from the imported file. If you did not specify a specific job folder to import (restore), this option is disabled.
5.
6. 7.
439
8.
Click OK. The import file restores the jobs on the Deployment Server.
To export jobs
1. 2. From the Deployment Web Console, click on a job or job folder in the Jobs pane. Click the Job Actions drop-down arrow and select Backup/Restore job. The Backup Job Restore Job dialog appears. By default the Backup job(s) option is selected. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field, or browse to a directory where you want to save the exported file. If you do not enter a file extension, the file is saved with a .bin file extension. Click Save. Click Browse associated with the Select job(s)/folder(s) to backup option. Select a job or folder in the dialog, and click OK. Click OK. The jobs or folders on the Deployment Server back up to the file name you specified.
3.
4. 5. 6.
Setting Up Return Codes

When you create a task in a job, you can define a response to specific return codes generated from that task after it runs. You can determine the response if the task runs successfully or if the task fails. You can also set up custom return codes generated from scripts or batch files that are unique to your environment or deployment system. Note Return code handling cannot be set up for jobs created in the Job Scheduling Wizard. When creating a task, the Return Codes dialog appears to let you set a response if the task was successful or to determine a default response if the task failed. Because Deployment Server returns a 0 (zero) if the task runs successfully, any other return code value denotes some type of failure in running the task. As a result, in the Success box you can select an action if the return code is 0 (zero), or select an action in the Default box if the return code is not a 0 (zero). Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as successful, it runs the action in the Success box. If it is not successful, it determines if the return code has been assigned a custom code value. If the return code is defined as a custom code, the selected action for that custom code is executed. If no custom code is assigned to the return code, the action set in the Default list is executed. Note If using LogEvent and WLogEvent in Scripts, you can only generate return codes when the level 3 message is specified. Specifying a severity level 3 causes the script job to fail and lets you respond using this return code feature.
Return Code Actions

For both successful tasks (in the Success list) and failing tasks (in the Default list), you can determine these specific actions: Stop. This action stops the job after the task runs. Subsequent tasks do not run.
440
Continue. This action continues with subsequent tasks in the job after the task runs. Select a job. This action lets you select existing jobs to run after the task. These actions also apply to custom return codes designed specifically for your system.
Custom Return Codes

In the Specific return codes area, you can view custom return codes set specifically for your system. Type a custom code in the Code box and select a response action in the Response list. Specify the interpretation of this return code as Success or Failure from the Result list, and give appropriate message in the Status field, if required. These custom codes can respond to any return codes set up in scripts or batch files in the Run Scripts task, or these custom codes can respond to system return codes thrown from Deployment Server or external codes generated when distributing applications, personality settings, or disk images. Any task can have custom codes that respond to different return code values. New. This lets you add a new custom return code for the task. You can also choose to add the return code to the Master Return Codes list. Add Existing Return Codes. This is a list of all the return codes existing in the Deployment database. You can add, modify, and delete the codes and their values so that setting codes for other tasks is easier. Delete. This lets you delete return codes listed in the Other return codes area, but not from the Master Return Codes list. Modify. This lets you modify the return codes listed in the Other return codes area. The changes you make do not update the Master Return Codes list.
To set up return codes

To set up return codes, you need to determine how to respond to the Deployment Server success return code (zero) in the Success box, how to respond to a failure return code (a non-zero) in the Default box, and how to respond to a custom or externally generated return code defined in the Specific return codes section. The example below describes how to set up a simple process to deal with custom and system return codes: 1. 2. In the Success list, keep the default value Continue. This allows the job to continue running additional tasks in the job after successfully completing this task. Select Select a job from the Default list to select a job to be executed when a default condition is reached. The Select a Job dialog opens, allowing you to select an existing job that runs if the task returns a failed system return code (non-zero) or a return code not defined as a custom return code. Click New to add custom return codes. In the Code box, enter a value of 10 (ten). Click the Response drop-down arrow, and select Continue from the list. Click the Result drop-down arrow, and select Success from the list. Even if the return code was not zero, which is success by default, the task is considered a success as per users choice.
3. 4. 5. 6.
441
7. 8.
Enter a description for the return code in the Status field. This message appears when the task within a selected job, executes. Select the Add to master return code list check box to add the custom code to the master return code list. The code is listed in both, the Other return code and Master Return Codes list. This is helpful if you want to use the return code again. Click Apply.
9.
Note The status of the tasks executed in a job appears in the history of a computer.
Initial Deployment
Initial Deployment is a default job designed to aid in the process of setting up computers that do not yet exist in the Deployment Database. Initial Deployment lets you define how computers are initially set up after being identified by the Deployment Server. You can define various computer configuration sets and deployment jobs to present to the user during startup, allowing the user to select the computer settings and hard disk images, software, and personality settings for their specific needs and environment. New computers appear in the New Computers group in the Computers pane of the Deployment Web Console.
To access Initial Deployment, select a Deployment Server group in the Jobs pane and select Initial Deployment from the Details pane. The Initial Deployment page appears with three tabs: Configurations, Jobs, Options.
Notes Initial Deployment is ideal for small-scale deployments (1 to 10 computers). This feature is not recommended for large deployments (10 to 100 computers) or mass deployments (100 to 5,000) where you would use virtual computers, customized jobs, and the computer import feature. Although Initial Deployment is most commonly used on computers that support PXE, you can also configure a boot disk to run Initial Deployment. In this case, the image deployed must include automation pre-boot environment so that post imaging tasks can run successfully. Installing an Automation Partition on the client computers hard disk ensures that future imaging deployment jobs run. Note To completely deploy and configure a computer using Initial Deployment, you must define at least one Configuration and one Job. Initial Deployment consists of three dialogs with separate features to deploy new computers: Configurations Jobs Options
442
Configurations
Click the Configurations tab in Initial Deployment to configure different sets of computer properties. Each configuration set is presented to the user in a menu. The user can select the configuration set designed for their environment. Compare the Configuration tab with the Jobs tab. Note If you do not create any configuration sets, the deployment process automatically sets TCP/IP information to use DHCP and names the computer to match the computers asset tag, serial number or MAC address (in that order, depending on what is available). 1. 2. 3. Click a Deployment Server in the Jobs pane. Double-click Initial Deployment. Click the Configurations tab. Click the Add icon . Enter values to set computer and network properties for new computers. See Modifying Configuration (page 434) for a list of property categories. Name the configuration in the Configuration set name field. You can provide a descriptive name that identifies the configuration set for the user. Click the Add icon again to configure another set of property settings. You can add multiple configuration sets for the user to select from a menu after connecting to Deployment Server. Add as many different configuration sets as required. After setting properties, click Apply. Click Default menu item to select the configuration set you want to be the default. Click Timeout after ___ seconds and proceed so that the default job runs automatically after a specified amount of time. Click OK, or click the Jobs tab to define a task.
4.
5.
6. 7. 8. 9.
Jobs
Click the Jobs tab in Initial Deployment to add existing jobs or create new jobs to run on the new computer. The jobs you add or build using this dialog are listed in a menu and presented to the user during startup. The user can choose the deployment jobs to image the computer and install applications and personality settings. Compare the Jobs tab with the Configurations tab. Conditions on jobs are limited to the data that can be accessed at the DOS level (example: serial number, manufacturing number, NIC information, manufacturing name). 1. 2. 3. 4. 5. Double-click Initial Deployment in the Jobs pane drop list. The Initial Deployment page appears. Click the Jobs tab. Click the Add icon .
Click New to build a new job. See Building New Jobs (page 420). Click Default menu choice to select the job as a default.
443
6.
Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the computer automatically starts the default job. The default setting is 300 seconds. Click OK, or click the Options tab to stop either servers or workstations from running configuration task sets and jobs automatically.
7.
See also Initial Deployment (page 442).
Options
Click the Options tab to set options to stop Initial Deployment from running the default configuration task sets and jobs automatically. This avoids accidental re-imaging or overwriting of data and applications for either workstations (desktop, laptop, handheld computers) or servers (Web and network servers identified by Deployment Server). When a computer not yet known to the Deployment Database is first detected, it is placed in the New Computers group and run an Initial Deployment configuration set and job. However, in many cases you do not want Web or network servers to be automatically re-imaged without confirmation from IT personnel. Servers. Stop servers from automatically running Initial Deployment configuration jobs. Servers are identified as those managed computers running multiple processors or identified as a specific server model from specific manufacturers. Example: both a HP Proliant and a Dell computer with multiple processors are identified as a server. (Identifying a computer as a server by operating system cannot be accomplished for new computers until the server operating system has been installed.) Select Workstations to force desktop, laptop, and handheld computers to stop before automatically running Initial Deployment. Select Process as each agent becomes active if you want to run the job as soon as the computer connects to the Deployment Server. Use this option for imaging 1 to 5 new computers. Select Process in batch mode if you want to run the job once a certain number of computers are connected to the Deployment Server. Enter the minimum number of agents in Minimum agents field. You can set a timeout deadline so that the job does not run if the number of computers you specify fail to connect during a certain amount time. Multicast technology sends the image over the network once, and all computers listen for and accept the image, reducing network traffic and increasing speed. Enter the timeout in Timeout field. Select Hold all agents until this time if you want to process the job on all computers at a particular time of day. All clients are held before the task sets. The message states: Deployment server has instructed Automation to wait.
444
Part VIII
Technical Reference
This section technical information for command-line switches, return code values and other detailed information for Deployment Solution components.
445
Appendix A
Command-Line Switches
This section provides detailed information about command-line switches for specific executables within Deployment Solution.
Job Utilities
The Job Utility applications allow you to import, export, create and schedule jobs from the command line. Each action is performed from separate binaries installed in the Deployment Share file directory. axExport.exe Exports jobs from Deployment Server. See Job Export Utility (page 446). axImport.exe Imports jobs in to Deployment Server. See Job Import Utility (page 447). axEvent.exe Creates jobs in Deployment Server. See Create Job Utility (page 448). axSched.exe Schedules jobs in Deployment Server. See Schedule Job Utility (page 450). axComp.exe Imports computers to the Deployment Server from a DOS mode. Axcomp allows you to import .csv and .txt files that are in a comma separated format. ImportComputers55.txt in the Samples folder off of the eXpress share is an example of the format needed. There are various command-line options available depending on whether the user is in a Trusted or Non-Trusted account environment. See Import Computer Utility (page 451). Each utility connects to the Deployment Server Database to perform specific operations. As a result, the appropriate ODBC and security rights are required. Each job utility supports the /o /d /u /p switches. The /o option (ODBC datasource) allows connectivity to the Deployment Server SQL database using a different DSN. By default the standard Deployment Database DSN is used. This is helpful when connecting to a second system from a common machine. The /d /u /p options can be used if no DSN is set up for a particular server. However, the SQL driver must be installed for any of these utilities to work. Each utility has the /? switch to show the version of the utility and all command-line options.
Job Export Utility

This utility can be used to export jobs from the Deployment Database. It can be helpful in copying jobs from one Deployment system to another, backing up jobs, creating standard jobs during multiple installations, and other actions. Syntax: axExport <filename> (options)
446
Options
/f <folder-name> /e <job-name> /s /i /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password> Job folder to be exported Job to be exported Process all subfolders also Include the Initial Deployment Job Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Example 1:
Export all jobs to a binary backup file.
axExport /s /i backup.dat Example 2: Make a backup copy of a single job.
axExport /e "Deploy Office 2000" backup2.dat Example 3: Export all jobs in the Projects folder.
axExport /f Projects projects.dat Example 4: and instance. Export a job to a binary backup file without supplying the SQL server
axExport Backup.dat /e "Image Job" Example 5: Export a job to a binary backup file with the database server name.
axExport Backup.dat /e "Image Job" /d DatabaseServerName /db DatabaseName /u DatabaseUserName /p DatabaseUserPassword
Job Import Utility

Syntax: axImport <filename> (options)
Options
/f <folder-name> /r /n /o /y /dsn <odbc-dsn-name>
Job folder to be imported Delete current contents of this folder Don't notify consoles of the changes Overwrite jobs that have the same name and parent folder Suppress confirmation prompts ODBC data source name
447
/d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password>
Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Note When new jobs are created in a console, by default, Deployment Server will notify all other consoles that changes have been made so they can refresh and show the newly imported jobs. If several batches of jobs are imported, the '/n' option should be used until the last batch to reduce the amount of refreshes performed. Example 1: Restore all jobs from a binary backup file.
axImport /r backup.dat Example 2: Jobs). Restore jobs from a backup file into pre-created folder (named Test
axImport /f "Test Jobs" backup.dat
Create Job Utility

Syntax: axEvent <job-name> (options) <task-type> (parameters)
448
Tasks
/tci <filename> /tdi <filename> /tds <filename> /tbr <path> /trr <path> /trs <path> /tcf <source> <dest> /tgi /tre /tsd /tlo Create disk image Distribute disk image Distribute software Backup registry files Restore registry files Run Script Copy file Get Inventory Restart Shutdown Logoff
Options
/a /r /x <parameters> /f <folder-name> /i /w /lnx /n /nc /de /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password> Add task to existing job Replace all tasks within this job Command-line parameters for task Job folder to be created in Import script into task definition Run the script from Windows Run the script in Linux Don't notify consoles of the changes Dont do post image config Add Description to task Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Note To use the Run Script option (/trs), a script must be created in a file first. If you want the script to be embedded, include the /i option. Otherwise, the task will link to the script filename. Example 1: Create a Job that makes an image of a computer named "Oscar" and run it immediately.
449
axEvent CreateOscar /tci .\Images\oscar.img axSched oscar CreateOscar /t "2000-12-31 08:00" Example 2: Shutdown Oscar's computer right now. axEvent Shutdown /tsd axSched oscar Shutdown /t "2000-12-31 08:00" Example 3: Run a Windows program on all computers right now. (Calc.exe is the only line in script.txt.) axEvent /w /i RunCalc /trs script.txt axSched oscar RunCalc /t "2000-12-31 08:00" Example 4: Create a Job (named Win2000 and Off2000) that reimages a computer with Windows 2000 and deploys an Office 2000 Rapid Install Package. axEvent "Win2000 and Office 2000" /tdi .\Images\w2000.img axEvent "Win2000 and Office 2000" /a /tds .\RIPs\off2000.exe To migrate Oscar to Windows 2000: axSched Oscar "Win2000 and Off2000" /t "2000-12-31 08:00"
Schedule Job Utility

Syntax: axSched <computer/group> <job-name> (options) OR axSched /q <filename> (options)
Options
/t <yyyy-mm-dd hh:mm> /n /f <folder-name> /q <filename> /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password> Time to schedule Don't notify servers of the changes Schedule the job-name found in this folder File used for exporting jobs Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Note The format for <time> is yyyy-mm-dd hh:mm. If the date is omitted, the current date is assumed.
450
If the /t switch is not used, the job is assigned to the computer but not scheduled. As a result, it will not execute. If you would like the job to run immediately, choose a date in the past. If you have a group or computer name which include spaces, put the name in quotes. All Computers can now be used as a group option. Example 1: Schedule a job called Office2000 to run on Oscars computer at midnight on 12-31-2002. axSched Oscars Office2000 /t "2000-12-31 00:00" Example 2: Schedule a job called Office2000 to run on the Accounting Group computers tonight at 10PM. axSched Accounting Office2000 /t "2001-2-15 22:00" Example 3: Schedule a job called ShutDown to run on all computers at tonight at 10 PM. axSched "All Computers" ShutDown /t "2001-2-15 22:00"
Import Computer Utility

Syntax: axcomp <import-file> <options>
Options
/n /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password>
Don't notify consoles of the changes Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Example 1: Import a computer using trusted account axcomp <filename> /u <db-user> /p <db-password> /lu <login-user> /lp <loginpassword> Example 2: Import a computer using non-trusted account. axcomp <filename> /u <db-user> /p <db-password>
axengine.exe
The Altiris eXpress Server (axengine.exe)is the Deployment Server component of the Deployment Solution infrastructure. Command-line start parameters
451
for this service are set in the registry setting rather than in the Start Parameters property of the service. If you want to add start parameters after the install, you can modify the registry settings. The registry key is LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Altiris Express Server.
Deployment Agent for Windows

The following sections identify command-line and input parameters for Aclient.exe, the executable file for the Deployment Agent for Windows.
Aclient.exe Command-line Switches

The Aclient.exe executable installs and runs on client computers, enabling them to be managed by a Deployment Server. It enables clients to receive work from the Deployment Server, and it reports client status to the Server. The program is normally installed and configured remotely using the Client Install wizard, or the program is run at the client computer. However, you can use the command-line options to run it from a script file if you want to. (If you use a script file, see the following section on aclient.inp for information on using an import file to specify install switches for the Deployment Agent.) You can use either a forward slash (/) or a dash (-) with the command-line options. Commands are not case sensitive.
Switch
-ver -install
Details
Function: Shows the version of aclient.exe running on the computer. Function: Installs the client. Option: -silent allows install to complete without sending output to the client. Example: To install aclient.exe from the Deployment Server directory without sending messages to the client, type
Deployment Server /aclient /install /silent

-remove Function: Removes (uninstalls) aclient.exe from a computer. Option: -silent removes the Deployment Agent for Windows without sending output to the client. Example: To remove Deployment Agent for Windows, type
aclient -remove
-start Function: Manually starts aclient.exe on a computer. Option: -silent starts the aclient.exe without sending output to the client. -stop Function: Manually turns off Deployment Agent for Windows on a computer. Option: -silent turns off Deployment Agent for Windows without sending output to the client.
452
Aclient.inp Parameters
You can use this input file to set installation parameters for aclient.exe, so you can install the client program from a script file. The file is copied to the Deployment Server program directory when you install the product. Command-line parameters are included in the file, but are marked with a REM statement. To use the input file, open it and remove the REM commands from the parameters you want to use. When you have the file set up the way you want it, you can run it by entering the file name as the first parameter after the aclient command.You can also put the same line in a script file if you want to run it from a file. Type
aclient aclient.inp
The input file name (aclient.inp) and InstallDir parameters are required; all others are optional. Parameters are case sensitive. Note Many parameters will work after setting other parameters first. Example: you can only use ServerName after the multicast parameters, MCastAddr and MCastPort, are set.
Parameters
ForceReboot
Details
Function: Specifies how the system should be shut down and rebooted. Applications are forced closed and the system shuts down even if programs hang. (User data could be lost.) Example: To force clients to reboot when a reboot task is assigned, type
ForceReboot=Yes
The default is No. HardTimeout Function: Specifies the length of time (in seconds) that aclient.exe will maintain an idle connection with the Deployment Server. After the time limit is exceeded, the client will disconnect and establish a new connection with the Server. Example: To establish a new connection with the Deployment Server whenever the connection is idle for 900 seconds, type
HardTimeout=900
InstallDir (required) Function: Specifies the full path name to the directory where aclient.exe will be installed. The default location is c:\altiris\aclient. Example: To change the default location, replace it with a new path. Type
InstallDir=c:\programs\aclient
LogFile Function: Specifies the full path name to the log file. Example: To write log entries to a log file in your aclient directory, type
LogFile=c:\altiris\aclient\aclient.log
453
Parameters
LogSize
Details
Function: Sets the maximum log file size (in bytes). Example: To set the log file size limit to 4096 bytes, type
LogSize=4096
MCastAddr Function: Specifies the multicast group address to be used to find the Deployment Server. Example: To set the IP address for multicasting, type
MCastAddr=225.1.2.3
MCastPort Function: Specifies the port number to use for multicasting. Example: To use port 402 for multicasting, type
MCastPort=402
Password Function: Sets a password on the client to prevent users from accessing aclient.exe settings. Example: To lock the settings, type
Password=clientmanager
PromptExecute Function: Sends output (messages) to the client when tasks are being executed. Options: Yes, No Examples: To allow prompts and messages to be sent to the client, type
PromptExecute=Yes
To suppress output, type
PromptExecute=No
PromptOverride Function: Specifies the default action to take when there is no user response to a restart prompt. Options: Abort, Continue Examples: To abort the client reboot, type
PromptOverride=Abort
To reboot the client, type
PromptOverride=Continue
PromptReboot Function: Prompts the user before restarting the client. Options: Yes, No Examples: To prompt for user input before restarting a client, type
PromptReboot=Yes
To restart a client without requiring user input, type
PromptReboot=No
454
Parameters
PromptSeconds
Details
Function: Specifies the length of time (in seconds) that the client will wait for a response from the user. Example: To wait 30 seconds for user input, type
PromptSeconds=30
ShowTrayIcon Function: Specifies whether or not to show the Altiris client icon in the system tray. If the icon is not in the tray, users cannot access Aclient. Example: To not show the icon, type
ShowTrayIcon=No
The default is Yes, which loads the icon into the system tray. SpeedLimit Function: Sets the minimum transfer rate accepted from the Deployment Server (in bytes per second). If aclient.exe cannot receive data from the Server at this rate, it will disconnect and retry at specified intervals. See HardTimeout below. Example: To set a minimum ransfer rate of 7500 bytes per second, type
SpeedLimit=7500
TcpAddr Function: Specifies the IP address of the Deployment Server that the client will connect to. Using this parameter causes the client to use TCP instead of multicasting to connect to the Server. Example: To have the client connect to a Deployment Server using its IP address, type
TcpAddr=192.1.2.3
TcpPort Function: Specifies the port number of the Deployment Server listening for requests. Using this parameter causes the client to use TCP to connect to the Server. Example: To specify the port number of the Deployment Server to connect to, type
TcpPort=402
TTL Function: Sets the maximum number of hops to multicast through. Example: To limit the number of hops to 32, type
TTL=32
UpdateFileSystemSids Function: Specifies if you want SIDgen to update permissions on any local NTFS volumes. This parameter only applies if you have domains and use SIDgen to manage the computer IDs. Example: To update permissions on the local NTFS volume, type
UpdateFileSystemSids=Yes
The default is No.
455
Parameters
UseRCDrivers
Details
Function: Specifies whether or not to install keyboard and mouse filter drivers that enable remote control on Windows NT and 2000 client computers. (The default is No, so the drivers are not installed. This parameter is not necessary for Win 95/98 computers, because they do not require Ctrl-Alt-Del input to log in. Example: To install the drivers for remote control, type
UseRCDrivers=Yes
UserName Function: Associates a computer with the primary user or users. This is used to target RIP deployments to a specific user or group of users. To assign more than one user, separate the names with semicolons. Examples: To associate user Fred with the client being installed, type
UserName=Fred
To associate users Fred and Sam with the client, type
UserName=Fred;Sam
ServerName Function: Specifies the computer name of the Deployment Server you want the client to connect to. This is useful if you have multiple Deployment Servers on your network and you do not want the client to connect to the first Server it finds. The ServerName parameter is only valid if you are using multicasting (by setting MCastAddr and MCast Port parameters).
Note ServerName can only be set after the multicast parameters, MCastAddr and MCastPort, are set.
Example: To restrict client connection to a Server named Server3, type
ServerName=Server3
Note A CR/LF (blank line) is needed at the end of the aclient.inp file in order for it to be utilized when installing Deployment Agent for Windows.
ADLAgent.config Parameters
You can use the ADLAgent.config file to configure the ADLAgent service settings. When the ADLAgent service is suspended, certain information is needed to restore the previous settings. This information is saved in the ADLAgent configuration file. This ensures that the next time the computer reboots, the ADLAgent service starts up without any problems.
456
Parameters
DebugTrace
Details
Specifies whether or not to log any messages. Changes to the DebugTrace field may not be recognized until the ADLAgent is stopped and restarted. Example: DebugTrace=True.
LogErrors
Specifies the types of messages to be written in the log file. Example: LogErrors=True.
LogInformation
Specifies the types of messages to be written in the log file. Example: LogInformation=True.
LogDebug
Specifies the types of messages to be written in the log file. Example: LogDebug=True.
UseLogFile
Specifies whether or not to write messages in the log file. Example: LogFile=True.
LogFile
Specifies log file path and name. Example: /opt/altiris/deployment/ adlagent/log/adlagent.txt
LogSize
This is the maximum file size for all trace files in bytes (optional). Example: LogSize=409600.
IPTrace
Specifies whether or not to log messages between the ADLAgent and the Deployment Server. Changes to the IPTrace field may not be recognized until the ADLAgent is stopped and restarted. Example: IPTrace=True.
IPUseLogFile
Specifies whether or not to use the IP log file. Example: IPUseLogFile=True.
IPTraceFile
Specifies the IPTrace log file path and name. Example: /opt/altiris/deployment/ adlagent/log/adlagentlpTrace.txt
IPLogSize
This is the maximum file size for all trace files in bytes (Optional). Example: LogSize=409600.
SyncTimeWithServer
Synchronize the agents time with the Deployment Server. This may be set to True or False. Example: SyncTimeWithServer=True.
457
Parameters
GetApps
Details
Specifies whether or not to get the Applications at a Get Inventory request. Example: GetApps=True.
GetServices
Specifies whether or not to get the Services at a Get Inventory request. Example: GetServices=True.
GetDevices
Specifies whether or not to get the Devices at a Get Inventory request. Example: GetDevices=True.
GetSmbios
Specifies whether or not to read the Smbios table. Example: Smbios=True.
EncryptSessions
Specifies whether or not the ADLAgent will attempt to make an encrypted session with the server. Example: EncryptSession=True.
RequireEncrypt
Specifies whether or not the ADLAgent will fail to connect if an encrypted session cannot be established. Example: RequireEncrypt=True.
UseMCast
Specifies whether or not to use multicast to find a Deployment server or make a connect directly to the Deployment server using the specified IP port and address. Example: UseMCast=True.
MCastAddr
Specifies the multicast group address to be used to find the Deployment Server (Optional). Example: MCastAddr=225.1.2.3.
MCastPort
Specifies the port number to use while multicasting (Optional). Example: MCastPort=402.
TTL
Specifies the maximum number of hops to multicast through (Optional). Example: TTL=32.
ServerName
Specifies the computer name of the server (Optional). Example: Server=RADAR.
TcpAddr
Specifies the IP address of the Deployment Server to connect to (Optional). Specifying this parameter will switch the ADL Agent to use TCP to connect to the Deployment Server. Example: TcpAddr=127.0.0.1.
458
Parameters
TcpPort
Details
This is the IP port number of the Deployment Server listening for requests (Optional). Specifying this parameter will switch the ADL Agent to use TCP to connect to the Deployment Server. Example: TcpPort=402.
WakeOnLANProxy
Specifies whether to proxy Wake on LAN packets. Example: WakeOnLANProxy=True.
MCastProxy
Specifies whether this agent will advertise the presence of the Deployment server. Specifies whether to proxy Multicast packets. Example: MCastProxy=True.
UseFQDN
Specifies whether the ADLAgent should attempt to reverse the IP address to return a proper fully qualified domain name to the Altiris Deployment Server. If the network is set up to properly resolve PTR record requests this option will return the fully qualified name of the agent, such as myhost.mydomain.com. However, if the network does not resolve PTR records, this option may delay adlagent connection by as much as a minute or two. Example: UseFQDN=True.
UseHardTimeout
Specifies whether to use the hard time out or not. Example: UseHardTimeout=True.
HardTimeout
Specifies the number of seconds of inactivity the agent will wait before reconnecting to the Deployment Server. The default is 12 hours. Example: HardTimeout=43200.
APPEND_HOSTNAME_TO_L OCAL_HOST
This is used should the ADLAgent attempt to append the new hostname to the hosts file as an alias to localhost. Example: APPEND_HOSTNAME_TO_LOCAL_HOST=True.
USER_CHECK_INTERVAL
Interval at which adl_users should report changes to the logged in users. This value is in seconds, with the default being 6 seconds. Example: USER_CHECK_INTERVAL=6. Note: A value of 0 will not send user updates.
KILL_TIME
The amount of time in seconds to wait for the agent to the Deployment Server before killing the adlagent. This will reboot the system in automation mode. Currently, this is only supported in automation mode. The default is 3 minutes. Example: KILL_TIME=180.
459
Parameters
MAKE_LOWER_CASE
Details
Changes the file path and file name to lower case when copying a file from the Deployment Server. Example: MAKE_LOWER_CASE=True.
FORCE_NEW
This is for the agent in automation mode only. It forces the agent to run the Initial Deployment event, even if it is already in the database. Example: FORCE_NEW=True.
AUTO_UPDATE
This allows the agent control as to whether it will automatically update to the newest or only adlagent on the Deployment Server. Example: AUTO_UPDATE=True.
AClient.config Parameters
You can use the AClient.config file to configure the system. This file is used to modify the AClient settings.
Parameters
Global MACAddrList
Details
Specifies the list of MAC Addresses for every NIC installed on the PC separated by a comma. Example: MACAddrList=000C29C63002, 000C29C6300C.
Serial-Number
Specifies the serial number of the PC. Example: Serial-Number=VMware-56 4d db 10 9f cd 9d 7e-d4 7e 52 4e 88 c6 30 02.
Reboot
Specifies whether to reboot the computer. By default, AClient will reboot the computer only when it is necessary for the changes that have been made. Example: Reboot=True.
RebootAfterConfig
Specifies whether to reboot the computer after the configuration task. Example: RebootAfterConfig=True.
Status-Code
Specifies the status code of the last executed job. Example: Status_Code=0.
Status_Module
Specifies the module that reported the status code. Example: Status_Module=AClient.
460
Parameters
SIDgenCount
Details
Specifies the number of times SIDGen has run. Example: SIDGenCount=0. Note: This value is set by the AClient and the user need not set it.
TaskSequence
Specifies the task sequence of the task executed by the AClient. Example: TaskSequence=0.
ScheduleID
Specifies the schedule ID of the last job executed by the AClient. Example: ScheduleID=100000008.
Remove
Specifies whether to remove AClient from the PC. Example: Remove=True.
Config
Specifies whether to configure the PC. Example: Config=None, Config=New or Config=Reply. Note: Config=Configure.
License Sysprep2KLicense Specifies the Sysprep License number. Example: LicenseNumber Specifies the operating system License Key. Example: LicenseNumber=5274-649-647895323135. RegOrganization Specifies the operating system Registered Organization. Example: RegOrganization=Altiris. RegUser Specifies the operating system Registered User. Example: RegUser=Altiris. Prompt Specifies whether to prompt the user for the computer name and to join a Workgroup/Domain during configuration. Example: Prompt=True. Networking DomainPassword Specifies the domain password. Example: DomainPassword=FVZSiJELzmpvn[^][@ DomainUsername Specifies the domain user name. Example: DomainUserName=FVZS@J\iYI ^Vjpsp DSDomainController Specifies the Domain Controller. Example: DSDomainController=mycompany.
461
Parameters
DSOrganizationalUnit
Details
Specifies the organizational unit for Deployment Solution. Example: DSOrganizationalUnit=myou.
ChangeSID
Specifies whether to change the SID value. Example: ChangeSID=True.
Computer Name
Specifies the name of the computer. Example: ComputerName=Altiris.
DNSDomain
Specifies the DNS domain, which is the name of the Workgroup or Domain that this computer is a member of. Example: DNSDomain=cybage.com.
Workgroup
Specifies whether the computer is a member of a Workgroup. Example: Workgroup=True or Workgroup=False.
Prompt
Specifies whether to prompt the user for the computer name and whether to join a Workgroup/Domain. Example: Prompt=True.
Netware RunScrits Specifies whether to run NetWare login scripts. Example: RunScrits=True. Context Specifies the NDS Context. Example: Context=NDS Context. PreferredTree Specifies the preferred Netware tree. Example: PreferredTree=Tree. LoginTree Specifies whether to login using the Preferred Tree or Preferred Server. Example: LoginTree=True or LoginTree=False. Username Specifies the NDS User Name. Example: Username=User. Prompt Specifies whether to prompt the user for Netware Client Settings. Example: Prompt=True. TCP/IP MACAddress Specifies the MAC Address. Example: MAC Address=0007E97FD73C. Description Specifies the description of the NIC (Network Interface Card). Example: Description of NIC=AMD PCNET Family PCI Ethernet Adapter.
462
Parameters
VendorID
Details
Specifies the Vendor ID for the NIC. Example: Vendor ID=32902.
DeviceID
Specifies the device ID for the NIC. Example: Device ID=4153.
PCIFunction
Specifies the PCI Function for the NIC. Example: PCI Function=0.
PCIDevice
Specifies the PCI Device for the NIC. Example: PCI device=8.
PCIBus
Specifies the PCI Bus for the NIC. Example: PCI Bus=1
WINS-Server1
Specifies the WINS Server 1 for TCP/IP. Example: WINS-Server1=0.0.0.0.
WINS-Server0
Specifies the WINS Server 0 for TCP/IP. Example: WINS-Server0=0.0.0.0.
WINS-Server-Count
Specifies the number of WINS servers for TCP/IP. Example: WINS-Server-Count=2.
WINS-Enabled
Specifies whether the WINS servers are enabled. Example: WINS-Enabled=True.
SetWINSInfo
Specifies whether to set the WINS information. Example: SetWINSInfo=True.
DNS-Server2
Specifies the DNS server 2 for TCP/IP. Example: DNS-Server2=0.0.0.0.
DNS-Server1
Specifies the DNS server 1 for TCP/IP. Example: DNS-Server1=0.0.0.0.
DNS-Server0
Specifies DNS server 0 for TCP/IP. Example: DNS-Server0=0.0.0.0.
DNS-Server-Count
Specifies the number of DNS Servers for TCP/IP. Example: DNS-Server-Count=3.
DNS-Domain
Specifies the DNS domain for TCP/IP. Example: DNS-Domain=mydomain.com
DNS-Host
Specifies the name of the DNS host. Example: DNS-Host=TSTWXP2.
DNS-Enabled
Specifies whether the DNS is enabled. Example: DNS-Enabled=True.
SetDNSInfo
Specifies the DNS information for TCP/IP. Example: SetDNSInfo=True.
463
Parameters
Gateway
Details
Specifies the Gateway information for TCP/IP. Example: Gateway=172.17.31.2.
Netmask
Specifies the Netmask value for TCP/IP. Example: Netmask=255.255.255.0.
Address
Specifies the address for TCP/IP. Example: Address=172.17.31.98.
DHCP
Specifies the DHCP value for TCP/IP. Example: DHCP=True.
SetIPInfo
Specifies whether to set the IP information for TCP/IP. Example: SetIPInfo=True.
NIC-Section-Count
Specifies the NIC section count for TCP/IP. Example: NIC-Section-Count=2.
Interface0 State Specifies the state of Interface0. Example: State=Up. Gateway Specifies the gateway of Interface0. Example: Gateway=172.17.31.2. Netmask Specifies the netmask of Interface0. Example: Netmask=255.255.255.0. IP-Address Specifies the IP address for Interface0. Example: IP-Address=172.17.31.98. DHCP Specifies the DHCP value for Interface0. Example: DHCP=Yes. Name This is the name of Interface0. Example: Name=eth0. Interface1 State Specifies the state of Interface1. Example: State=Up. Gateway Specifies the gateway of Interface1. Example: Gateway=10.10.10.1. Netmask Specifies the netmask of Interface1. Example: Netmask=255.0.0.0. IP-Address Specifies the IP-Address for Interface1. Example: IP-Address=10.10.10.10. NICEntry
464
Parameters
MACAddress
Details
Specifies the MACAddress for NICEntry. Example: MACAddress=00-FF-3C-03-85-C0.
Description
Specifies the description of the computer for NICEntry. Example: Description=AMD PCNET Family PCI Ethernet Adapter.
VendorID
Specifies the Vendor ID for NICEntry. Example: Vendor ID=4332.
DeviceID
Specifies the Device ID for NICEntry. Example: Device ID=33081.
PCIFunction
Specifies the PCI function for NICEntry. Example: PCIFunction=0
PCIBus
Specifies the PCI bus for NICEntry. Example: PCIBus=1
Gateway
Specifies the gateway for NICEntry. Example: Gateway=10.10.10.1.
Netmask
Specifies the netmask for NICEntry. Example: Netmask=255.0.0.0.
Address
Specifies the address of NICEntry. Example: Address=10.10.10.10.
DHCP
Specifies the DHCP value for NICEntry. Example: DHCP=True.
SetIPInfo
Specifies the IP information for NICEntry. Example: SetIPInfo=True.
WINS-Server-Count
Specifies the number of WINS servers for NICEntry. Example: WINS-Server-Count=0.
WINS_Enabled
Specifies whether the WINS servers are enabled. Example: WINS-Enabled=False.
SetWINSInfo
Specifies the WINS information for NICEntry. Example: SetWINSInfo=True.
DNS-Server1
Specifies DNS Server 1 for NICEntry. Example: DNS-Server1=10.10.10.3.
DNS-Server0
Specifies DNS Server 0 for NIC Entry. Example: DNS-Server0=10.10.10.2.
DNS-Server-Count
Specifies the number of DNS servers for NIC Entry. Example: DNS-Server-Count=2.
465
Parameters
DNS-Host
Details
Specifies the DNS host for NICEntry. Example: DNS-Host=TESTWXP2.
DNS-Domain
Specifies the DNS domain for NICEntry. Example: DNS-Domain=mydomain.com.
DNS-Enabled
Specifies whether the DNS is enabled for NICEntry. Example: DNS-Enabled=True.
SetDNSInfo
Specifies the DNS information for NICEntry. Example: SetDNSInfo=True.
ConfigSettings LogFile UseLogFile Specifies whether to save log information to a text file. Example: UseLogFile=Yes. LogFile Specifies the location and name of the log file to save logging information to. UseLogFile must be enabled for this setting to work. Example: Log File=File Location. LogSize Specifies the maximum size of the log file in bytes. UseLogFile must be enabled for this setting to work. Example: LogSize=4096. LogErrors Specifies the log errors. UseLogFile must be enabled for this setting to work. Example: LogErrors=Yes. LogInformation Specifies the log informational messages. UseLogFile must be enabled for this setting to work. Example: LogInformation=Yes. LogDebug Specifies the log debugging information. UseLogFile must be enabled for this setting to work. Example: LogDebug=Yes. Security ShowTrayIcon Specifies whether to show AClient tray icon. Example: ShowTrayIcon=Yes. EncryptSessions Specifies whether to encrypt sessions with the server. Example: EncryptSession=Yes. RequireEncrypt Specifies whether to require encrypted sessions with the server. EncryptSessions must be enabled for this setting to work. Example: RequireEncrypt=Yes.
466
Parameters
EncryptedClientID
Details
Specifies the encrypted client ID. Example: EncryptedClientID=0
Password
Specifies the password. Example: Password=Altiris
AllowMod
Specifies whether or not to enable or disable security for admin properties. If the value is 0, the security is disabled. if the value is 1, the security is enabled. Example: AllowMod=1
Transport TransportUse Specifies how AClient will find and connect to a Deployment Server. To use TCP/IP multicast, TransportUse=0. To use TCP/IP, TransPortUse=1. Example: TransportUse=0 or TransPortUse=1. MCastAddr Specifies the multicast group address to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: MCastAddr=225.1.2.3. MCastPort Specifies the multicast port to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: MCastPort=402. TTL Specifies the Multicast Time to Live to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: TTL=32. ConsoleName Specifies the server name to use to locate a Deployment Server via Multicast. If nothing is specified, AClient will connect to the first Deployment Server it locates. TransportUse must be 0 for this setting to work. This is optional. Example: ConsoleName=ALTIRIS. TcpAddr Specifies the IP Address or Host Name to use to locate a Deployment Server.TransportUse must be 1 for this setting to work. Example: TcpAddr=172.19.16.20 TcpPort Specifies the IP port to use to locate a Deployment Server. TransportUse must be 1 for this setting to work. Example: TcpPort=402. User Prompts
467
Parameters
PromptReboot
Details
Prompt before executing shutdown and restart commands. Example: PromptReboot=Yes.
PromptExecute
Prompt before executing program execution and file copy commands. Example: PromptExecute=Yes.
PromptRemoteControl
Prompt before executing remote control commands. Example: PromptRemoteControl=Yes.
PromptSeconds
Specifies how long the user prompt should appear in seconds. Example: PromptSeconds=10.
PromptOverride
Specifies whether the AClient should continue the operation or abort it, when the user prompt times out. Example: PromptOverride=Continue.
Connection ConnectionParadigm Specfies whether to select to either stay connected to the Deployment Server, or check periodically for work. To remain connected, ConnectionParadigm=0. To remain mostly disconnected, ConnectionParadigm=1. Example: ConnectionParadigm=0 or ConnectionParadigm=1. UseHardTimeout Specifies whether to refresh connection after idle time specified in HardTimeout. ConnectionParadigm must be 0 for this setting to work. Example: UseHardTimeout=Yes. HardTimeout Specifies how frequently to refresh the connection to the server in seconds. ConnectionParadigm must be 0 and UseHardTimeout must be Yes for this setting to work. Example: HardTimeout=28800. ReconnectInterval Specifies how often in seconds to reconnect to check for work. ConnectionParadigm must be 1 for this setting to work. Example: ReconnectInterval=28800. CloseTimeOut Specifies how long, in seconds, to wait for work before disconnecting. ConnectionParadigm must be 1 for this setting to work. Example: CloseTimeOut=60. SetSpeedLimit Specifies whether to set speed limit for transfer files. If it is Yes, check transfer rate is slower than the rate specified in SpeedLimit. If it is No, do not transfer files. Example: SetSpeedLimit=Yes.
468
Parameters
SpeedLimit
Details
Specifies the minimum speed limit in Kbps to transfer files. If the rate is slower than the rate specified here, do not transfer files. SetSpeedLimit must be enabled for this setting to work. Example: SpeedLimit=10000.
Blockout ScheduledBlockStart Specifies the beginning of the period when the client cannot connect to the server. Example: ScheduledBlockStart=08:00. ScheduledBlockEnd Specifies the end of period when the client cannot connect to the server. Example: ScheduledBlockEnd=17:00. BlockedDaysSun Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Sundays. Example: BlockedDaysSun=True. BlockedDaysMon Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Mondays. Example: BlockedDaysMon=True. BlockedDaysTue Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Tuesdays. Example: BlockedDaysTue=True. BlockedDaysWed Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Wednesdays. Example: BlockedDaysWed=True. BlockedDaysThu Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Thursdays. Example: BlockedDaysThu=True. BlockedDaysFri Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Fridays. Example: BlockedDaysFri=True.
469
Parameters
BlockedDaySat
Details
Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Saturdays. Example: BlockedDaysSat=True.
Proxy WakeOnLANProxy Forward Wake On LAN packets sent from the Deployment Server. Example: WakeOnLANProxy=Yes. MCastProxy Specifies whether to advertise for the Deployment Server the client is connected to. This allows local clients to discover the server on a remote network through TCP/IP multicast. Example: MCastProxy=Yes. MCastProxyRate Specifies how often to send multicast advertisements in seconds. MCastPRoxy should be set to Yes for this setting to work. Example: MCastProxyRate=900. BootWorks EnableDirectDiskAccess Specifies whether to enable direct disk access to BootWorks. Example: EnableDirectDiskAccess=Yes. UpdateBootworkTransport Specifies whether to synchronize transport (IP/ multicast) settings with Bootworks. EnableDirectDiskAccess must be enabled for this setting to work. Example: UpdateBootworkTransport=Yes. UpdateBootworkIP Specifies whether to synchronize TCP/IP (static IP, netmask/DHCP) settings with Bootworks. EnableDirectDiskAccess must be enabled for this setting to work. Example: UpdateBootworkIP=Yes. BootDiskMessageUsage Specifies when the user should be prompted for a Bootworks boot disk when performing tasks from DOS. Example: BootDiskMessageUsage= 0 for Never; BootDiskMessageUsage=1 for Always; BootDiskMessageUsage=2 if Bootworks is not detected; BootDiskMessageUsage=3 if PXE is not detected; and BootDiskMessageUsage=4 if neither BootWorks nor PXE is detected. Other
470
Parameters
ForceReboot
Details
Specifies whether to force applications to close when shutting down. Example: ForceReboot=Yes.
BootDrive
Specifies the Windows boot drive. Example: BootDrive=D:\.
SyncTimeWithServer
Specifies whether to synchronize the client systems date and time with the Deployment Server. Example: SyncTimeWithServer=Yes.
SettingsChanged
Specifies whether to change the settings. Example: SettingsChanged=Yes.
RequirePasswordForUserPro p
Admin password required to edit admin properties. If the value is 0, the password is not required. If the value is 1, the password is required. Example: RequirePasswordForUserProp=0
DownloadWait
Specifies in seconds whether and how long to wait for download. Example: DownloadWait=10.
ReconnectWait
Specifies in seconds whether and how long to wait for reconnect. Example: ReconnectWait=10.
EnableReconnectDownload Waits
Specifies in seconds whether to enable the reconnect and download waits. Example: EnableReconnectDownloadWaits=10.
UpdateFileSystemSids
Specifies whether to update the SIDs file system. Example: UpdateFileSystemSids=Yes.
UpdateSettings
Specifies whether to update settings. Example: UpdateSettings=True.
UpdateAllSettings
Specifies whether to update all settings. Example: UpdateAllSettings=True.
Deployment Agent for DOS Command-line Switches

BootWorks (bootwork.exe) manages client-server connections in DOS for imaging and registry management tasks. Parameters and switches for Altiris program files can be used in batch files and from the command line, usually for troubleshooting. Under normal circumstances, the program interfaces and wizards provide the tools you need to manage your network; you will not need to manually edit files.
471
Bootwork.exe
You can use either a forward slash (/) or a dash (-) with the command-line options. Commands are not case sensitive. Switch -dsbios Details Function: Disables reading of the BIOS for system information. This is typically used for troubleshooting, if a client computer crashes when it first starts running BootWorks. Example: To load and run BootWorks without reading the BIOS, type
bootwork -dsbios
-f Function: Causes a computer to pause during the BootWorks boot process and wait for a job from the Deployment Server, instead of booting to production if work is not assigned. This allows new computers that need to run Initial Deployment to wait for a connection to the Server. Example: To have a new computer wait for the Deployment Server to assign a job, type
bootwork -f
-hr Function: Specifies a hard reboot when a client computer boots to production. This is the default. It ensures the BootWorks boot data is cleared from memory, so the computer reads the MBR when booting to production. If this is not used, the client computer might lock up when it reboots. Example: Because this is the default, you do not need to enter anything. -ip<address> Function: Specifies the IP address of the Deployment Server you want the client to connect to. Use this if the network is not configured for multicasting, or if there is more than one Deployment Server on the network. Specifying the Servers IP address prevents the client from connecting to the wrong Deployment Server. The port number must also be specified if you change this parameter. (See -p<port>.) Example: To connect a client directly to a Deployment Server, type
bootwork -ip207.197.28.38
-mcdelay[xx] Function: Sets the number of seconds the client waits between multicast requests for a Deployment Server. The default is 5 seconds. Example: To set the interval for multicast requests to10 seconds, type
-mcdelay10
-mcwait[xx] Function: Sets the length of time (in seconds) that the client searches for a Deployment Server before rebooting to production. The default is 30 seconds. This parameter applies to multicast sessions only. It does not apply if the clients connect using the Console IP address. Example: To have the client search for a Deployment Server for 45 seconds, type
-mcwait45
472
Switch -mip<IPaddress>
Details Function: Specifies the multicast IP address of the Deployment Server. The default value is 225.1.2.3. If the address is changed on the Server, use this parameter to change the address in BootWorks so the client looks for the correct address. The port number must also be specified if you change this parameter. (See -mp<port>.) Example: If you changed the Deployment Servers multicast address to 225.12.12.13, you would change the address for BootWorks by typing
bootwork -mip225.12.12.13
-mp<port> Function: Specifies the multicast port address of the Deployment Server. The default value is 402. If you have changed the port number of the Server, use this parameter to change the number in BootWorks. (Any unassigned number that is less than 65536 is valid.) The IP address must also be specified if you change this parameter. (See mip<address>.) Example: If the Deployment Servers IP address was changed and you set a new port number of 1026, type
bootwork -mp1026
-name Function: Prompts the user to enter the name of the client computer. This name will be registered in the Console Computers list. If no name is specified, the client computers MAC address will be used. Example: To prompt for a computer name, type
bootwork -name
The client computer will prompt you to enter a name. The name appears in the Computers list on the Console. -new Function: Runs Initial Deployment. Example: To run Initial Deployment on a client computer, type
bootwork -new
-nologin Function: Loads the LAN drivers on the client so BootWorks can check the Deployment Server for work without completing a user login. Example: To load the network drivers and check the Deployment Server, type
bootwork -nologin
-p<port> Function: Specifies the port number of the Deployment Server you want the client to connect to. The default port number is 402. If you have changed the port number of the Deployment Server, use this parameter to change the number in BootWorks. (Any unassigned number that is less than 65536 is valid.) The IP address must also be specified if you change this parameter. (See -ip<address>.) Example: If the Deployment Servers port number has been changed to 1026 and clients are not multicasting to find the Server, type
bootwork -p1026
473
Switch -pause
Details Function: Causes the computer to pause for 5 seconds before beginning production boot processes. This allows time to access the bootworks program before the computer boots to production. Example: To add a 5-second pause before a production boot, type
bootwork -pause
-s<name> Function: Specifies the computer name of the Deployment Server you want the client to connect to. Otherwise, if you have more than one Console on the network, clients will connect to the first one they find. Example: If you want a client to connect only to a Deployment Server named ServerOne, type
bootwork -serverone
-sr Function: Specifies a soft reboot when a client computer boots to production. Example: To reboot a client using a soft reboot instead of the default hard reboot, type
bootwork -sr
-wb Function: Specifies a warm reboot when a client computer boots to production. Example: To reboot a client using a soft reboot instead of the default hard reboot, type
bootwork -wb
Deployment Agent for DOS Install (Bwinst.exe) Switches

The Deployment Agent for DOS is installed by bwinst.exe, so if you have problems installing you might need to edit these settings in the Deployment Agent for DOS autoexec.bat file. Parameters are case sensitive. Use a space between the command and the switch, and between switches if you use more than one. Switch -mbr Details Function: Rewrites the BootWorks MBR code and exits. Example: If the BootWorks code is overwritten by another program and you want to rewrite it to the boot record, type
bwinst -mbr
-u Function: Uninstalls BootWorks. Example: To uninstall BootWorks from a client, type
bwinst -u
-c Function: Checks for Altiris MBR code. Example: To find out if BootWorks is installed on a client, type
bwinst -c
474
Switch -s[x]
Details Function: Works with the -old switch to set the partition size (in MB) for hidden BootWorks partitions. The minimum size is 5 MB, which is the default. Note If you install embedded BootWorks (new style for 4.x versions), this switch does not apply. A 5MB embedded partition is always installed. Example: To set the BootWorks partition size at 10 MB for a hidden partition, type
bwinst -s10 -old

-old Function: Installs a hidden (old style) BootWorks partition instead of an embedded (new style) partition. The default size is 5 MB. To install a larger partition, use the -s switch. Note When this partition is installed, it will overwrite any data on the drive it is installed to. Ensure the drive is empty, or upload an image of the drive, and then download it to a different drive after BootWorks is installed. Example: To install a hidden BootWorks partition of 30 MB, type
bwinst -s30 -old

-q Function: Runs BootWorks install in quiet mode, so no user input is required to complete the install. This switch is intended for use with unattended installs, so you should use it in conjunction with the -f switch to install from a file instead of disks. Since there are no prompts, bwinst makes the following decisions/ assumptions. If a partition is found, you will not be asked if you want to move or overwrite the partition. BootWorks will automatically overwrite the partition and existing data will be erased. You will not be prompted for the second BootWorks disk. You will see a message that a file could not be found. If you are installing an embedded partition, it is assumed that NT Service Pack 4 is installed. Example: To install BootWorks unattended from a boot directory on a network drive, type
bwinst -q -f=f:\bootfile
475
Switch -f=
Details Function: Specifies the source path to the BootWorks files. The default is drive a:. Example: To install BootWorks from a directory named bootfile on a network drive, type
bwinst -f=f:\bootfile
-b Function: Reads the BIOS settings for the hard drive if IDE settings fail or return incorrect values. If you get the message, Error creating drive map when installing BootWorks, run bwinst with this switch to correct the problem. Example: To solve the Error creating drive map error and install bwinst, type
bwinst -b
Keyboard and Screen Lock Utility (Kbdsclk) Switches

This utility can be used to limit user intervention while client computers are in BootWorks mode. BootWorks connects client computers to the Deployment Server to run assigned Jobs (receive images, back up and restore registries, and so on). The Server then releases control of the computers to run their regular boot processes and come up in production mode. KBDSCLK is part of the BootWorks autoexec.bat file. The utility runs from the file as a TSR.
How the Keyboard and Screen Lock Utility (kbdsclk) Works

During the time the computer is in BootWorks mode, the Altiris client graphic appears so the user knows the Altiris boot processes are running. However, the keyboard is not locked, so the boot process can be interrupted if a user breaks in using CTRL-C, CTRL-ALT-DELETE, CTRL-Break, or another interrupt command. The screen and keyboard can be locked by setting the security option when you use the Boot Disk Creator to make BootWorks boot files. Or, you can change the settings in the BootWorks autoexec.bat file. Just remove the REM statements for the commands you want to use. You can also add commands to set and clear keyboard and screen locks in multiple places in the batch file. This is useful for enabling input when applications are loaded (such as the Microsoft client, which prompts for a password), and then relocking the screen and keyboard to complete the boot processes. You can also use KBDSCLK on the command line if you want to temporarily override the batch file settings.
Keyboard and Screen Lock Utility Usage

Commands are not case-sensitive. The syntax is as follows:
kbdsclk [p=password] [+|-k] [+|-s] [x [h#]] [c|t] [w=file] [b]
For help when running the utility, type KBDSCLK ? The batch file includes keyboard and screen lock commands, which are marked out (REM). When you remove the REM commands and run the commands in a batch file, the utility behaves as a TSR. The defaults are:
476
The Altiris client graphic appears. The keyboard and screen are not locked. If options are added to the batch file, they are executed in the order they appear in the file. Option p=pwd [b] Description Function: Sets a password to enable/disable the keyboard and screen lock. Maximum character length is 128. Option: b Scans keyboard input for a password to set locks when they are not set. (Be careful using this option. It can interfere with keyboard input for applications that are running!)
+|- k
Function: Enables/disables keyboard input. To allow keyboard input, use +k. To lock the keyboard, use -k. Default: Locked.
+|- s
Function: Enables/disables screen output. To allow screen output, use +s. To disable it, use -s. Default: Disabled.
x [h#]
Function: Displays the wallpaper or graphic and then exits the KBSCLK utility. Once the utility has exited (no longer running as a TSR), the keyboard and screen are not locked. Default: 3 second graphic/wallpaper display, then unload TSR. Options: h Allows use of the Home key to bypass BootWorks and begin production boot processes. # Specifies the time (in seconds) for the graphic to appear (a maximum of 34 seconds is possible). During that time, you can use the Home key to bypass the BootWorks processes. If zero is used, the graphic appears for 3 seconds and no bypass is allowed.
c t w=file
Function: Clears the screen and exits the program. Used mostly for troubleshooting. Function: Sets video text mode (MODE CO80) and exits. Used mostly for troubleshooting. Function: Specifies the name of a graphic/wallpaper file to appear. This is valid only if the x option is used. Valid files are pcx files with 640x480x16 color.
Order Of Operations
The order of operations and utility behavior when KBDSCLK is run from the command line is as follows: When c or t is used, it performs its functions and exits without performing any other functions, regardless of order. KBDSCLK does not remain loaded as a TSR, so the keyboard is not locked and no screen output appears.
477
Use w to specify the name of a wallpaper/graphic file to replace the default. See the table above for details on using graphics files. When x is used, the wallpaper/graphic appears and the KBDSCLK program exits, ignoring all other commands except w and h, regardless of order. KBDSCLK does not remain loaded as a TSR, so the keyboard is not locked. If the utility is loaded as a TSR (in the autoexec.bat file), and you execute KBDSCLK on the command line and specify the k and s options, it changes the keyboard and screen lock settings of the TSR instance. Options w, p, and b are ignored, regardless of order. If the TSR is not loaded, w, p, and b can be used with k and s in any order. The p option can be used on the command line to set a password for unlocking the screen and keyboard.
Deployment Server Install Switches

You can run the Deployment Server installation executable (axinstall.exe) from the command-line using these switches:
Switch
-s
Details
Function: Runs a Simple install where all components are installed on a single computer. Example: axinstall -s
-a
Function: Adds a component when installing a custom install where componentsthe Deployment Server database, PXE server, Deployment Share, services can be installed on separate computers. Example: axinstall -a
-t
Function: Allows you to run a silent install (where the install application executes without asking for user input. Example: axinstall -t
478
Switch
-i -
Details
Function: Allows you to create a setup.ini file used for automation or a silent install Example: axinstall -i
-t <INI file location>
Function: Allows you to run a silent install (where the install application executes without asking for user input) and read setting from an INI file. See Silent Install Options (page 479). Example: axinstall -t c:\silent.ini Sample Silent.INI file:
[SilentInstall] ProgramFiles=C:\Program Files\Altiris\eXpress\Deployment Server\ LicenseFile=axinstall.lic Username=Administrator Password= DOSBootFilesPath=
Silent Install Options

You can add parameters for a silent install using an INI file that is accessed and used by the axinstall executable. The INI file can be named anything, but for the following section it will be identified as SILENT.INI. This file can be modified to directly input values when running an install without user interaction. axinstall.exe -t <INI filename> Example: axinstall -t c:\silent.ini To add the ability to provide all inputs from a Simple Install, Custom Install, or an Add Component install, the Silent.ini file is required and must contain input parameters for each type of install. By adding Version and InstallType entries to the [SilentInstall] group, Deployment Solution can identify if its working with an old SILENT.INI file or a new file. The old file type will be supported for backward compatibility and will continue to function. Note The silent.ini file cannot have comments or blank lines between the header line and the key/value pairs.
[SilentInstall] Version=3 SEDataManagerPort WCLocation WCPath
479
WCRemoteComputerName WCUsername WCPassword WCEncryptedPassword WCConsoleManagerport

The Version and InstallType entries are both required in the new SILENT.INI file. If the Version entry is missing, it is assumed that it is an old SILENT.INI file (implicitly assumed to be version 1). If the InstallType entry is missing for a new version of SILENT.INI, an error will be logged to the log file and the installation will be aborted. Depending on the value of InstallType, different entries will be expected in the SILENT.INI file. The expected entries are listed in the following sections. Note A validator checks all input values during a silent install. It ensures that all user input (such as the user name, password, data path, and so on) is valid before starting the silent install. The validator inherit its behavior from the validation in the wizard pages of a non-silent install. If the validation fails, an appropriate error message writes to a log file and the installation process is aborted.
Simple Install Entries

If the InstallType is set to Simple, the following entries are expected in the SILENT.INI file. If any of the entries are missing, default values are used. We do not recommend using default values because it may cause the validator function to abort the install because the default values won't work with the specified values. Any entries other than the ones listed below are ignored for a simple install.
DAPath=C:\Program Files\Altiris\eXpress\Deployment Server LicenseFile=ax85.lic DAUsername=Administrator DAPassword=password

OR
DAEncryptedPassword=z%l$qry^w InstallPXE=0 CreateExpressShare=FALSE | TRUE DOSFilesPath=c:\dos To install Sysprep files, specify the following fields AddSysprepFiles=FALSE | TRUE XPSysprepPath=c:\xp\deploy.cab 2KSysprepPath=c:\2k\deploy.cab NTSysprepPath=c:\nt\nt4prep.exe
480
To install FreeDos files, specify the following fields PBFreeDOS=FALSE | TRUE PBFreeDOSFile=c:\DSSetup\BDCgpl_6.8.8271.frm
If you install DOS files, the following fields are listed:
PBMSDOS=FALSE | TRUE PBMSDOSPath=c:\DOSFiles To install Linux files, specify the following fields
For Linux IA64, specify the path of the .FRM file in PBLinuxFileIA64. The PBLinuxIA64 field should be True. Example
PBLinuxFileIA64=c:\DSSetup\BDCgpl_6.8.8271.frm PBLinuxIA64=True
For Linux x64, specify the path of the .FRM file in PBLinuxFileX64. The PBLinuxX64 field should be True. Example
PBLinuxFileX64=c:\DSSetup\BDCgpl_6.8.8271.frm PBLinuxX64=True
For Linux x86, specify the path of the .FRM file in PBLinuxFileX86. The PBLinuxX86 field should be True. Example
PBLinuxFileX86=c:\DSSetup\BDCgpl_6.8.8271.frm PBLinuxX86=True To install WinPE files, specify the following fields

For WinPE x86, to use an add-on file, specify the path of the add-on file in PBWindowsPEX86AddOnPath. The PBWindowsPEX86AddOn field should be True. Example
PBWindowsPEX86AddOn=TRUE PBWindowsPEX86AddOnPath=c:\DSSetup\AddonX86.exe
To specify the WinPE disk path, specify the path in PBWindowsPEWinPEX86Path and the operating system path in PBWindowsPEX86OSPath. The PBWindowsPEWinPEX86 field should be True. Example
PBWindowsPEX86=TRUE PBWindowsPEWinPEX86Path=c:\WinPE\Disk1 PBWindowsPEX86OSPath=c:\WinPE\Disk2
481
For WinPE x64, to use an add-on file, specify the path of the add-on file in PBWindowsPEX64AddOnPath. The PBWindowsPEX64AddOn field should be True. Example
PBWindowsPEX64AddOn=TRUE PBWindowsPEX64AddOnPath=c:\DSSetup\AddonX64.exe
To specify the WinPE disk path, specify the path in PBWindowsPEWinPEX64Path and the operating system path in PBWindowsPEX64OSPath. The PBWindowsPEWinPEX64 field should be True. Example
PBWindowsPEX64=TRUE PBWindowsPEWinPEX64Path=c:\WinPE\Disk1 PBWindowsPEX64OSPath=c:\WinPE\Disk2

For WinPE IA64, to use an add-on file, specify the path of the add-on file in PBWindowsPEIA64AddOnPath. The PBWindowsPEIA64AddOn field should be True. Example
PBWindowsPEIA64AddOn=TRUE PBWindowsPEIA64AddOnPath=c:\DSSetup\AddonIA64.exe
To specify the WinPE disk path, specify the path in PBWindowsPEIA64 and the operating system path in PBWindowsPEIA64OSPath. The PBWindowsPEIA64 field should be True. Example
PBWindowsPEIA64=TRUE PBWindowsPEWinPEIA64Path=c:\WinPE\Disk1 PBWindowsPEIA64OSPath=c:\WinPE\Disk2
Custom Install Entries

If the InstallType is set to custom, the following entries will be expected in the SILENT.INI file. If any of the entries are missing then default values will be used. Using default values is not recommended because it may cause the validator function to abort the install because the default values won't work with the specified values. Any entries other than the ones listed below will be ignored for a custom install. Note If you attempt to push out a silent Deployment Solution install to a computer where Microsoft SQL Server is installed and SQL Server has a password for the "sa" account, then it will not work.
DAPath=C:\Program Files\Altiris\eXpress\Deployment Server LicenseFile=ax85.lic DAUsername=Administrator DAPassword=password
482
OR
DAEncryptedPassword=z%l$qry^w CreateExpressShare=FALSE | TRUE DOSFilesPath=c:\dos SEPath= C:\Program Files\Altiris\eXpress\Deployment Server SELocation=local | remote SERemoteComputerName=DESKPRO1 SEUsername=administrator SEPassword=password
OR
SEEncryptedPassword= z%l$qry^w SEIPAddress=172.16.2.123 SEDataManagerPort= 8080 SEDBLocation=local | same | remote | sqlserver SEDBRemoteComputerName=DESKPRO2 SEDBSQLPortNumber=<Enter SQL Port Number here> SEDBEnginePath=c:\mssql7 SEDBDataPath=c:\mssql7\data SQLAuthentication=FALSE | TRUE SQLMachineUsername=administrator SQLMachinePassword=password
OR
SQLEncryptedMachinePassword= z%l$qry^w InstallPXE=FALSE | TRUE PXLocation=dos | local | remote PXRemoteComputerName=DESKPRO3 PXMakeMasterServer=FALSE | TRUE PXIPAddress=172.16.2.123 PXDSIPAddress=172.16.2.123 PXPath=c:\Program Files\Altiris\express\Deployment Server PXUsername=Administrator PXPassword=password
OR
PXEncryptedPassword= z%l$qry^w
483
PXCreateDefaultPXEBootFiles=FALSE | TRUE SQLAuthentication=FALSE | TRUE SQLUsername=Administrator SQLPassword=password

OR
SQLEncryptedPassword=zlq%r*x+y DSConnectionMethod=multicast | tcpip DSConnectionServerName=* | <server name> DSConnectionDSIPAddress=172.16.2.123 DSConnectionDSPort=402 COLocation=local | remote CORemoteComputerName=DESKPRO4 COUsername=Administrator COPassword=password
OR
COEncryptedPassword=zlq%r*x+y WCLocation=local | remote | none WCPath= c:\Program Files\Altiris\express\Deployment Server WCRemoteComputerName=DESKPRO5 WCUsername=Administrator WCPassword=password WCEncryptedPassword= zlq%r*x+y WCConsoleManagerPort=8081
Add Component Entries

If the InstallType is set to addcomponent, the following entries will be expected in the SILENT.INI file. If any of the entries are missing then the default values will be used. Using default values is not recommended because it may cause the validator function to abort the install because the default values will not work with the specified values. Any entries other than the ones listed below will be ignored for adding new components.
AddDSConsole=FALSE | TRUE AddPXEServer=FALSE | TRUE AddDSWebConsole=FALSE | TRUE DOSFilesPath=c:\dos DAPath=C:\Program Files\Altiris\eXpress\Deployment Server SEIPAddress=172.16.2.123
484
SEDataManagerPort=8080 COLocation=local | remote CORemoteComputerName=DESKPRO4 COUserName=Administrator COPassword=password

OR
COEncryptedPassword=zlq%r*x+y PXLocation=dos | local | remote PXRemoteComputerName=DESKPRO3 PXMakeMasterServer=FALSE | TRUE PXIPAddress=172.16.2.123 PXDSIPAddress=172.16.2.123 PXPath=c:\Program Files\Altiris\express\Deployment Server PXCreateDefaultPXEBootFiles=FALSE | TRUE PXUsername=Administrator PXPassword=password
OR
PXEncryptedPassword= zlq%r*x+y WCLocation=local | remote | none WCPath= c:\Program Files\Altiris\express\Deployment Server WCRemoteComputerName=DESKPRO5 WCUsername=Administrator WCPassword=password WCEncryptedPassword= zlq%r*x+y WCConsoleManagerPort=8081
Client BIOS Settings for Wake-On LAN and PXE

Some network cards have their own setup utilities. If there is a Wake On LAN option on your NIC, enable it. If you want to use Wake On LAN, the motherboard and network card must support Intels Wired for Management (WfM) specification. You will also have to enable the features in the BIOS. (Settings are hardware specific.Your BIOS might not list all of these.).
Power Management Suspend/Wake-up Features
ON/ENABLED ON/ENABLED
485
Wake On LAN Remote Power Up Power Switch/Wake-up
ON/ENABLED ON/ENABLED ON/ENABLED
Command-line Switches for the Pocket PC Agent

You can manage the Pocket PC Agent through command-line switches. The default path of the agent executable file is: C:\Altiris\PPCAgent\PPCAgent.exe. The following table shows the optional switches and the functions they perform. Note If PPCAgent.exe is run and if the agent has not previously been installed, then the agent will be installed automatically. If the agent was previously installed, it will simply load the agent.
Command Line Switches for the Pocket PC Agent

Option
-install -silent -stop -start -restart -remove
Function
Installs the agent, or re-installs the agent if already installed. When used with -install, installs the agent without the installation dialog screens. Stops the agent. Starts the agent after it has been stopped. Stops and restarts the agent. Stops and uninstalls the agent. Example: to restart the agent, run
C:\Altiris\PPCAgent\PPCAgent.exe -restart
To use more than one command-line parameter, separate the parameters with a space. Example: ppcagent -install -silent.
Command-line Install Switches for Linux

The command-line switches used for Linux files are express path where the bootwiz.exe is present -install -os LINUX -x86/x64/ia64 path where the .FRM file is present. The following table lists the Command-line Install and Silent Install Switches for Linux and the functions they perform.
Switch
-install -os LINUX -x86 e:\BDCgpl_6.8.8260.frm -install -os LINUX -x64 e:\BDCgpl_6.8.8260.frm
Details
Installs the Linux agent for x86 computers. Installs the Linux agent for x64 computers.
486
Switch
-install -os LINUX -ia64 e:\BDCgpl_6.8.8260.frm -install -os LINUX -x86 e:\BDCgpl_6.8.8260.frm -quiet -install -os LINUX -x64 e:\BDCgpl_6.8.8260.frm -quiet -install -os LINUX -ia64 e:\BSCgpl_6.8.8260.frm -quiet
Details
Installs the Linux agent for ia64 computers. Silently installs the Linux agent for x86 computers. Silently installs the Linux agent for x64 computers. Silently installs the Linux agent for ia64 computers.
Example: To install the Linux agent for x86 computers, run
C:\Program Files\Altiris\eXpress\Deployment Server\Bootwiz\bootwiz.exe install -os LINUX -x86 "e:\BDCgpl_6.8.8260.frm"

Example: To silently install the Linux agent for x86 computers, run
C:\Program Files\Altiris\eXpress\Deployment Server\Bootwiz\bootwiz.exe install -os LINUX -x86 "e:\BDCgpl_6.8.8260.frm" -quiet

Tip You can do the same for x64 and ia64 computers.
Command-line Install Switches for WinPE

The command-line switches used for WinPE files are express path where the bootwiz.exe is present -install -os WINPE -x86/x64/ia64 path where the .EXE file is present. The following table lists the Command-line Install and Silent Install Switches for WinPE and the functions they perform.
Switch
-install -os WINPE -x86 e:\Altiris_DS_Preboot_WinPE2005_x86. exe -install -os WINPE -x64 e:\Altiris_DS_Preboot_WinPE2005_x64. exe -install -os WINPE -ia64 e:\Altiris_DS_Preboot_WinPE2005_ia64 .exe -install -os WINPE -x86 e:\Altiris_DS_Preboot_WinPE2005_x86. exe -quiet
Details
Installs the WinPE agent for x86 computers. Installs the WinPE agent for x64 computers. Intalls the WinPE agent for ia64 computers. Silently installs the WinPE agent for x86 computers.
487
Switch
-install -os WINPE -x64 e:\Altiris_DS_Preboot_WinPE2005_x64. exe -quiet -install -os WINPE -ia64 e:\Altiris_DS_Preboot_WinPE2005_ia64 .exe -quiet
Details
Silently installs the WinPE agent for x64 computers. Silently installs the WinPE agent for ia64 computers.
Example: To install the WinPE agent for x86 computers, run
C:\Program Files\Altiris\eXpress\Deployment Server\Bootwiz\bootwiz.exe install -os WINPE -x86 "e:\Altiris_DS_Preboot_WinPE2005_x86.exe"

Example: To silently install the WinPE agent for x86 computers, run
C:\Program Files\Altiris\eXpress\Deployment Server\Bootwiz\bootwiz.exe install -os WINPE -x86 "e:\Altiris_DS_Preboot_WinPE2005_x86.exe" -quiet

Tip You can do the same for x64 and ia64 computers.
488
Chapter 26
RapiDeploy Technical Reference

In Deployment Solution, most imaging tasks can be completed directly from task wizard in the Deployment Console. For advanced imaging operations, you might need the extended functionality provided by the command-line interface of the Deployment Solution imaging tool, RapiDeploy. This section provides details on using the RapiDeploy command-line interface.
See Also
RapiDeploy Executable Files on page 489 Running RapiDeploy from the Command-line on page 489 Using File System Independent Resource Management (FIRM) on page 502 Using File System Independent Resource Management (FIRM) on page 502 Troubleshooting RapiDeploy on page 89
RapiDeploy Executable Files

The following table lists and gives a short description of RapiDeploy executable files:
RapiDeploy Executable Files File

rdeploy
Description
An Altiris program with a graphical wizard-like interface. When run on a computer, rdeploy.exe temporarily designates the computer as the RapiDeploy Master PC or as the Client PC. The Master PC controls how images are created, uploaded, and downloaded, and how they are sent or multicasted to other computers. Rdeploy.exe lets you set up configurations (such as TCP/IP and networking settings) on the computer after it has received an image. You can run rdeploy.exe with command-line switches and set up other options for imaging and multicasting.
rdeployt firm
A text-based version of RapiDeploy, this version does not provide a graphical interface but supports the command-line switches. File System Independent Resource Management (FIRM) lets you access files in automation. This is an advanced feature. You do not have to use it to perform normal management tasks. For more information, see Using File System Independent Resource Management (FIRM) on page 502.
Running RapiDeploy from the Command-line

You can create and deploy images from the command-line using switches. This is useful if you want to run imaging from a batch file and not use the Rdeploy wizard.
489
Switches can be entered in any order and they are not case sensitive. When using multiple switches, leave a space between each option. You can also get a list of switches at the DOS prompt by typing the following:
rdeploy -?
If you want to redirect this list to a file, type the following:
rdeploy -? -text > rdparams.txt
RapiDeploy Command-line Switches

The following table lists all the command-line switches that you can use with rdeploy.exe.
RapiDeploy Command-line Switches Switch [parameters]

-? -align:[cyl|track] -bsl:[maximum bandwidth]
Details
Function Shows command-line help. Function Sets partition alignment to the provided values. Function Determines the maximum bandwidth to be used by the multicasting session. Example To limit the bandwidth to 5 Megabits per second, type
rdeploy -bsl:5
-c[compression mode] Function Sets the compression mode for image creation. Speed is the default mode. Modes off turn compression off. size make smallest image size with slight speed penalty. speed (default) make a less compressed image in less time. balanced make a reasonable compressed image with a reduced speed penalty. Example To optimize image creation for speed, type
rdeploy -mu -f[filename] -cbalanced
490
RapiDeploy Command-line Switches (Continued) Switch [parameters]

-cfgfile:[filename]
Details
Function Sets the configuration filename (default is lastrun.cfg). The configuration file provides information for post configuration. The default configuration file is lastrun.cfg that can be edited in a text editor with the specific information needed for the computer. This command is useful if you want to run imaging in a batch file using configuration information saved previously by the RapiDeploy program. (If you select the option to save settings in the RapiDeploy program, a configuration file will be created with the name lastrun.cfg.) You can rename lastrun.cfg and specify it in your batch file to apply configuration settings. Example If you have run RapiDeploy and have chosen the option to save configuration settings, you could rename lastrun.cfg to laptop1.cfg and use it in a batch file by typing the following:
rdeploy -md -f[filename] -cfgfile:laptop1.cfg

You can also put configuration files in a shared directory and load them from the network. See also -m[mode], -f[path & file name] -cmdline Function In text mode, display the command-line options.
491

-d[hard disk number]
Details
Function Specifies which hard disk to read from or write to, depending on whether you are uploading or downloading. This switch is used for computers that have more than one hard disk. Examples To download an image to disk 2, combine with the -md switch and type
rdeploy -d2 -md -f[filename]

To create an image from disk 2, combine with the -mu switch and type
rdeploy -d2 -mu -f[filename]

See also -m[mode], -f[path & file name] Disk to Disk A colon indicates disk-to-disk imaging. -d1:2 (disk to disk mode, source is disk 1, destination is disk 2) -d3:2 (Source is disk 3, destination is disk 2) Linux Software Raid and LVM When using a Linux software raid or LVM, a comma specifies the disks in the set.
rdeploy -d1,2 -md -f[filename]

If using a hardware raid, this syntax might not be required if the disk set is recognized as a single drive. Use the firm drives command to determine how the drives are recoginized. -dpos[1-2] -dsconfig:[filename] -f[path & file name] Function Specifies the disk location to set if the imaged disk will be removed after imaging. Function Specifies the Deployment Agent configuration file to copy to the computer when the imaging job completes. Function Used with the -m switch. In upload mode, it specifies the filename and location for storing an image file. In download mode it specifies which image file to restore. To create (upload) a regular image file, use an .img extension. To create a self-extracting executable image file, use an .exe extension. Examples
To upload an image file to disk g:, type
rdeploy -mu -fg:\images\win98.img

To upload a self-extracting executable image file, type
rdeploy -mu -fg:\images\win98.exe

See also -m[mode], -f[path & file name]
492

-forcebf
Details
Function Forces boot fixup in cases when it does not normally occur. When imaging completes, certain files, such as boot.ini or grub, and the MBR are modified to ensure that the computer boots. This is used in circumstances when you want to keep existing partitions using the -kp switch. If you are replacing a boot partition use this switch to fix booting. If you are replacing a data partition this is not required.
-forcebw
Function Forces the automation partition to be restored. Use this switch when using PXE or to overwrite an existing automation partition on the hard disk with the automation partition in the image. Example To restore an image and have the automation partition in the image replace an existing automation partition on the hard disk, type
rdeploy -md -f[filename] -forcebw

See also -m[mode], -f[path & file name] -forcegui Function Forces the wizard to appear even if it does not have to. Use this switch to force the wizard to appear so that you can view or edit settings for each computer. Example To restore an image but first view or make changes in the settings, type
rdeploy -md -f[filename] -forcegui

See also -m[mode], -f[path & file name] -forceoem Function Forces the OEM partition to be restored. Use this switch to overwrite an OEM partition on the hard disk with an OEM partition in the image. Example To restore an image and have the OEM partition in the image replace an existing OEM partition on the hard disk, type
rdeploy -md -f[filename] -forceoem

493

-frm:[name]
Details
Function Specifies a FIRM file that contains a list of FIRM commands to be executed after a restore. A FIRM file is a text file containing FIRM commands to execute. Example After a computer has received an image, you can copy a file that is not in the image to the computer. Example: you may want to copy a .cfg file that a computer needs but is not in an image.
rdeploy -md -f[filename] -frm:c:files.txt

In this example, you would have two files: The file that includes the copy commands. The file that you want copied to a computer, sample.cfg Both of these files must be in the RapiDeploy/FIRM application folder. The FIRM file, firm.txt, could have the following FIRM command:
copy sample.cfg c:\sample.cfg

In this example, after the image has been received, sample.cfg is copied from the RapiDeploy application folder on the server to the computer in the specified folder. -grubdir:[dir] Function Specifies the directory where the GRUB boot files are located. If GRUB is installed on a system, the MBR is re-created based on the GRUB files when imaging completes. If GRUB files are located in a non-default directory, use this command to specifiy their location. Function Shows command-line help. Function Sets screen resolution. For information on setting VESA modes, see -ve:[31.34] Example To set screen resolution to VGA mode 23 (640x480x16), type
-h -i:[20..25]
rdeploy -i:23
-i[IDnumber] Function Sets session ID when sending an image file to more than one computer. Use this switch with multicast sessions so the Master PC can identify Client PCs in the same session. Example To send an image to 10 Client PCs, type
rdeploy -mdb -f[filename] -s9 -i5000001

Note -i500001 is given as an example. This value is an example of what the Deployment Server console would send for a session ID. See also -m[mode], -s[number of Client PCs], -f[path & file name]
494

-ip:[n.n.n.n:p]
Details
Function Sets the multicast IP address and port. This can be used for two purposes: 1) To allow multicasting through a router that is set up to use a different multicast IP address, and 2) to separate multiple multicasting sessions more efficiently. If you are manually running multiple multicast sessions, you can specify a different multicast IP address for each session to allow the NIC itself to filter out unwanted packets from other sessions. This speeds up all sessions involved. Important Remember to put the port number at the end of the IP address after a colon. Example
rdeploy -mdb -f[filename] -s9 -ip:224.2.0.3:401

See also -m[mode], -s[number of Client PCs], -f[path & file name] -iosize:[n] Function Sets the size in KBytes of reades and writes to the image file. (4-64k). Default is 32k. If setting this to greater than 32k in DOS, you must use a DOS extender, such as DOS/32A. Function Prevents rdeploy.exe from overwriting any existing partitions on the hard disk. Function (Download only) Prevents rdeploy.exe from overwriting a specified partition. n=partition 1 - 31 Example To keep partition 2 from being overwritten during imaging, type
-kap -kp[1-31]
rdeploy -md -f[filename] -kp2

See also -m[mode], -f[path & file name] -kprs Function Keeps the recovery partition during image restoration.
495

-m[mode]
Details
Function Sets the operating mode. Modes u (Upload image) d (Download image) dd (Disk-to-disk) b (Multicast only) mm (Multicast master) ub (Upload and multicast image) db (Download and multicast image) client (Client mode) Examples To upload an image, type
rdeploy -mu -f[filename]

To designate a computer as a Client PC, type
rdeploy -mclient
See also -f[path & file name], -i[IDnumber] -makeimx Function Minimizes the number of disk swaps that occur when restoring a hard disk image that has been split across multiple CDs or other storage media. This switch causes RapiDeploy to create an .imx (IMage IndeX) file which contains data that may reside on other CDs. If RapiDeploy has access to the .imx file, it will not prompt you to insert any CD more than once. Use the -makeimx switch when you create an image. However, no switches are needed when restoring the image. Once the split image file has been created and you are ready to burn the image to CDs, put the .imx file on the CD with the first .img split image file. Subsequent split image files do not require the .imx file to be placed on the CD. -mcastspeed[speed] Sets the speed used in multicast operations. Range: 1 or greater. Deployment Solution 6.5 and previous use 1 as default, later versions use 5. Function Operate in client mode. When multicasting, set this flag to force the computer to not attempt to act as master. Function Specifies the interface used for multicasting. This is useful if you have a computer with multiple NICs and you want to force multicast data to use a specific NIC.
-mclient -mcint:[n.n.n.n]
496

-mconv
Details
Function Used with the -f switch to convert an existing image file (.img) to a self-extracting .exe file. (Does not upload or download; just converts the file.) Example To convert a file named WINXP.IMG, type
rdeploy -mconv -fwinXP.img

See also -f[path & file name] -mig:[filename] -n Function Used to specify a migration file. Prompts before overwriting the drive. This is used mainly by PC Transplant Pro. Function Do not save the image to the destination. This is useful to see if an image capture completes successfully without consuming disk space. Function Makes sure that a BootWorks partition does not exist in the destination, is not on the disk when restoring, and is not in the image when creating. Example To remove an existing BootWorks partition from a hard disk and exclude the BootWorks partition from being downloaded with an image, type
-nobw
rdeploy -md -f[filename] -nobw

See also -m[mode], -f[path & file name] -nocancel -nooem Function Does not allow the user to cancel the imaging task. Function Makes sure that an OEM partition does not exist in the destination, is not on the disk when restoring, and is not in the image when creating. Example To remove an existing OEM partition from a hard disk and exclude the OEM partition in an images from being restored, type
rdeploy -md -f[filename] -nooem

See also -m[mode], -f[path & file name] -noprompt Function Prevents any need for user interaction. Example: clicking OK after an error occurs. This is very useful in scripting situations where there won't be a user present to hit a key. Function Makes sure that a recovery partition does not exist in the destination, is not on the disk when restoring, and is not in the image when creating. Function Dont check for available space on the volume when creating an image. Function (NT computers only) Enables a 64K cluster size with a FAT16 partition. This allows you to resize a FAT16 partition up to 4 GB rather than the normal 2 GB limit. Example To change the size, type
-nors
-nospacecheck -nt64k (Download only)
rdeploy -md -f[filename] -nt64k

497

-p[partition]
Details
Function Specifies which partition to process. Parameters n Number (1-31) uploads the partition (each partition must be designated separately) b images the BootWorks partition (works for both hidden and embedded types) oem images the oem partition rs images the recovery partition Examples To upload an image of partition 2, type
rdeploy -mu -p2 -f[filename]

To upload multiple partitions, type
rdeploy -mu -p2 -p3 -p4 -f[filename]

To upload the BootWorks partition, type
rdeploy -mu -pb -f[filename]

To upload the oem partition, type
rdeploy -mu -poem -f[filename]

See also -m[mode], -f[path & file name] -password:[pwd] Function Specifies the image password. Passwords are case sensitive. Example To create a password-protected image file, type
rdeploy -mu -f[filename] -password:Altiris

To restore that file, type
rdeploy -md -f[filename] -password:Altiris

See also -m[mode], -f[path & file name] -postconfig -raid:[n] -raw Function Perform postconfig from within RDeploy. Function Specify the software raid level. Function Treats all partitions as raw. The Master PC reads and images a partition by sectors rather than by files. This switch makes the image drive geometry dependent (must have the same heads, cylinders, and tracks as the image source). Used mostly by Altiris Technical Support for troubleshooting, or it could be used to make sure that any extra data residing outside of the file system is included in the image. Function Reread the partition table after imaging. Function Restore the boot track during download.
-rescan -restorebt
498

-restoresig
Details
Function Causes RapiDeploy to restore the unique disk signature in the MBR of the hard disk from which the image was created. Normally, RapiDeploy does not transfer the disk signature to the target computer when deploying an image. This switch can be used when restoring an image to the same or similar systems. The -szf switch may be needed in combination with the -restoresig switch. Example One This -restoresig switch has been added to the Distribute Disk Image job in the XP Embedded folder in the Samples folder to protect the Write Filter Partition. It is required for all Restore Image jobs for XPe Thin Clients. Example Two The -restoresig switch is needed when restoring an image to a Citrix Metaframe Server to preserve the alternate drive mappings. In this situation the -szf switch is also required. Note This switch will function only if no production partitions are being preserved on the hard drive when deploying the disk image.
-rscs:[name] -s[number of Client PCs]
Function Create a recovery solution checksum during upload. Function Specifies the number of Client PCs included in a multicast session. When the Master PC detects the specified number of Client PCs, it automatically starts the multicast session. The number specified does not count the Master PC. Example To set the number of Client PCs that will be connecting to the Master PC in a multicast session to 9 computers, type
rdeploy -mdb -f[filename] -s9

See also -m[mode], -f[path & file name] -span Function Prompts between each piece of an image file (if set when using the -split command), allowing you to insert new media. Example To prompt between each file in the image set, type
rdeploy -mu -f[filename] -split:500 -span

See also -m[mode], -f[path & file name] -split:[n] Function Breaks an image into multiple files of a specified size during an upload (in megabytes). Example To set the file size to 500 MB, type
rdeploy -mu -f[filename] -split:500

See also -m[mode], -f[path & file name] -sN Function Send to N clients.
499

-szf
Details
Function Use this switch to set fixed sizing for all partitions. By using this switch, RapiDeploy will use the original sizes that existed on the computer from which the image was created. Example If the original size of the partition to be downloaded was 250 MB and you want the destination partition to remain 250 MB, use the -szf switch. If the target disk has 500 MB of free space, you will have a 250 MB fixed partition and 250 MB of free space.
-sz[parameter]
Function Resizes partitions during imaging. Syntax rdeploy -sz[#]:[x{m|p}] where # is the partition number and x is the size based on the number of megabytes or a percentage. Parameters [x]m (Resize partitions in megabytes) [x]p (Resize partitions as a percentage of hard disk size for primary partitions or the percentage of the extended partition for logical drives) Examples If the size of partition 2 being downloaded is 300 MB and you want it to fit in half of the 500 MB of disk space on the client disk, type
rdeploy -sz2:50p -md -f[filename]

This resizes the 300 MB partition to 250 MB, leaving the other 250 MB unused. You can set the target size for multiple partitions on the same command-line by including multiple instances of the switch:
rdeploy -sz1:200m -sz2:50p -md -f[filename]

See also -m[mode], -f[path & file name] -text
Function Run in text mode instead of GUI mode. To use this switch, all settings must be specified at the command-line.
Examples
rdeploy -md -f[filename] -text

or
rdeploy -mu -f[filename] -text

If you want to save a list of command-line parameters to a text file, you can use the -text parameter
rdeploy -? -text > rdparams.txt

500

-threshold:[n]
Details
Function This option applies only to the Restore and Send (mdb) mode. We have found that when using a small number of clients, it is faster to perform individual downloads on each client than it is to multicast to all of them. There is a point where it becomes more efficient to multicast than it is to perform individual downloads. This threshold is where it becomes faster to multicast than to do individual downloads and can be specified by the -threshold:[n] command line parameter. Depending upon the network environment, this number may vary. You should perform a few tests to pick a good threshold value for your network. It may be a small number, like four, or it could be much larger, like 15. Once you have found this threshold value, you can specify this number on the command line and then RapiDeploy will, depending on the number of clients that connect, have them do individual downloads or have them multicast. The number [n] specifies the minimum number of clients that will need to connect to the master in order for it to multicast. Example: if you specify -threshold=5, and four or fewer clients connect to the master PC, it will have them all do individual downloads of the image. If five or more clients connect to that master, it will multicast to them. This becomes more important when multicasting across subnets with a router that doesn't support multicasting. If you start one master and nine clients (10 PC's total), three of which are on one side of the router and seven of which are on the other side, RapiDeploy will detect that there are only three on one side of the router and do individual downloads to them. It will also detect that seven are on the other side and multicast to them. RapiDeploy does all of this automatically. All you must supply is the threshold value to let RapiDeploy determine when it should multicast or not. Example Suppose you have determined that the threshold value for your network is five. In other words, you have found that multicasting from one master to five or more clients is faster than doing individual downloads to those clients and the master. You could then specify the following threshold value on the command line:
rdeploy -mdb -f[filename] -s9 -threshold:5

See also -m[mode], -f[path & file name], -s[number of Client PCs] -throttle:[n] FunctionThrottle RDeploy operations to N mbps.
501

-ve:[31.34]
Details
Function Set VESA screen resolution.
Example To set screen resolution to VESA mode 31 (640x480x256), type
rdeploy -ve:31
-w[n] Function When multicasting, specifies the maximum number of minutes to wait for Client PCs to connect. If all Client PCs connect, it will start right away. Default: 5 minutes (or until the specified number of Client PCs is connected). Example To set the timeout to wait for PC Clients to 10 minutes, type
rdeploy -w10 -mdb -f[filename] -s9

See also -m[mode], -s[number of Client PCs] -x Function Cause the image to be saved as a self-extracting file. This setting will automatically be set if the image file name specified by the -f parameter ends with .EXE.
Using Command-line Switches with Executable Images

In rare cases, you might need to use switches with executable image files. Multiple switches can be used on the same command-line. As with other switches, you can use them on the command-line or in a batch file. In addition, you can use the -noprompt switch, which bypasses the default screen that prompts the user before imaging begins. Example If you named your self-extracting file baseimag.exe when you created (uploaded) it, you would type the following on the command-line or in your autoexec.bat file:
baseimag.exe -noprompt
You can combine this switch with any of the other switches.
Using File System Independent Resource Management (FIRM)

FIRM gives you file access to all FAT, NTFS, and EXT2 file systems on your hard disk from the automation environment. This is an advanced feature. You do not have to use it to perform normal management tasks.
502
How FIRM Works

FIRM identifies two drive types: DOS drives and FIRM drives. DOS drives are those that DOS recognizes, such as local drives and network drives. FIRM recognizes DOS drives in addition to other local partitions that are present but may not be recognized by DOS. FIRM assigns drive letters to partitions in the order they are defined on the hard disk. Because FIRM and DOS both assign drive letters, they might see different drives. So, the drive letter assignments might be different depending on which operating system you use to see the mappings. Here is an example of what you would see with several operating systems compared to what you would see with FIRM. Note that the only way to see the location of the embedded BootWorks partition is with FIRM.
Drive mapping comparison Sample Partitions Partitions recognized by Win 98 Partitions recognized by WIN NT Partitions Partitions recognized recognized by WIN 2000 by FIRM
* * * * * * * * * * * * *Drive letters are assigned according to where the drives physically reside on the disk. FIRM uses the following logic to determine which type of drive to use: Drives A: and B: are DOS drives. All other drives are assumed FIRM drives unless prepended with the drive type identifier D. Example: DC: indicates DOS drive C:. If a FIRM drive is not found, then a DOS drive is assumed. FIRM drives can also be explicitly specified by prepending the drive type identifier F. Example: FK: indicates FIRM drive K:.
Embedded BootWorks partition (always drive W:) FAT 32 FAT 16 NTFS EXT2/EXT3
Running FIRM
The computer must be booted to DOS. The firm.exe program must be on a disk or a server where you have rights to access it.
To run FIRM
1. 2. Put the disk containing FIRM.EXE into drive a:, or log into the server where the program files are located. Type FIRM to run the program.
503
FIRM Command-Line Switches

Drive designations Because FIRM and DOS recognize drives differently, they might assign different letters to the same drive. So, for some commands you must specify the drive type in addition to the drive letter. Drive types are: OS (operating system drive), and f (FIRM drive). Tokens You can use a token in place of a drive letter wherever one is required. Tokens are just another way of accessing a drive on the partition. FIRM replaces tokens with the appropriate drive letter.
FIRM Tokens Token

auto
Function
Function Used in place of the BootWorks partition letter (w: drive). Examples To delete the autoexec.bat file from the BootWorks partition, type
firm delete auto:\autoexec.bat

To see a directory list of the BootWorks partition, type
firm dir auto:\

prod Function Used in place of the production partition letter (Example: firm c: drive). Examples To see a directory list of firm drive c:, type
firm dir prod:\

To copy backup files from the production partition c: to the BootWorks partition, type
firm copy prod:\backup.lst auto:\backup.lst

temp Function This is an environment variable string that maps to wherever your TEMP directory is assigned. Example To see a list of files and directories in your TEMP directory, type
firm dir temp:\
504
FIRM Modes and Switches Mode

drives
Options
Function Gets a list of all partitions/drives. Shows the file system and FIRM drive letters. Also shows the percentage of the drive used by the partition.
Usage firm drives

Example To see a list of all supported drives, including the embedded BootWorks partition, type
firm drives
type Function Sees the contents of an ascii text file. (Other file types do not display correctly.) Usage firm type [filename] Option [filename]= path and name of the file you want to read Syntax firm type[drive type][drive letter or token]:[path][filename] Example To see the contents of a file called disk32.txt, type
firm type fc:\diskfiles\data\disk32.txt

copy Function Copies a file from one directory to another. Usage firm copy [source file][destination file] Options [source file]=path and filename to be copied [destination file]=location path and filename file will be copied to Syntax firm copy [drive type][drive letter or token]:[path][filename] Examples To copy an autoexec.bat file from DOS drive C: to the BootWorks partition, type
firm copy dc:\autoexec.bat auto:\autoexec.bat

To copy backup files from the production partition to the BootWorks partition, type
firm copy prod:\backup.lst auto:\backup.lst

To backup an autoexec.bat file on FIRM drive c: to FIRM drive c:, type
firm copy fc:\autoexec.bat fc:\autoexec.old

To copy an autoexec.bat file from DOS drive c: to FIRM drive c:, type
firm copy dc:\autoexec.bat fc:\autoexec.bat
505
FIRM Modes and Switches (Continued) Mode

dir
Options
Function Displays file and directory lists. Usage firm dir [directory] Option [directory]=directory letter or path Syntax firm dir [drive type][drive letter or token]:[path] Do not include a filename or you will get an error. The drive type is optional. Examples To see a list of directories and files in the BootWorks directory, type
firm dir w:\

or, type
firm dir auto:\

(This shows the same results as dos: dir c:\ when running in BootWorks.) When you are in the BootWorks partition, you can get a list of the contents of the TEMP directory on DOS drive c: by typing
firm dir auto:\temp

To see a list of files and directories in the Windows system directory, type
firm dir prod:\windows\system

delete Function Deletes a file. Usage firm delete [filename] Option [filename]=path & name of file to delete Syntax firm delete [drive type][drive letter or token]:[path][filename] Always use the full path when deleting a file. You can also use tokens. Examples To delete the autoexec file from your BootWorks partition, type
firm delete auto:\autoexec.old

To delete the file foo.txt from a directory on DOS drive d:, type
firm delete dd:\mydir\foo.txt

To delete the autoexec file from FIRM drive e:, type
firm delete fe:\autoexec.bat
506

backupreg
Options
Function Backs up registry files. Usage firm backupreg [dest file][local path] Options -noprofile Backs up default registries without the user profiles. [destination file]=destination filename (must be a DOS filename) [local path]=local path to registry files (source) (Default source path for Win NT/2000 is c:\winnt\system32\config. Default for Win 95/98 is c:\windows). If files are stored in the default location, you do not need to enter the path. Syntax firm backupreg [destination path and filename] [drive letter or token]:[local path] Include the complete path. Examples To back up registries without user profiles to c:\regback.lst, type
firm backupreg c:\regback.lst -noprofile

To back up registries from FIRM drive e: to regback.lst, type
firm backupreg c:\regback.lst e:\winnt

restorereg Function Restores registry files. Usage firm restorereg [source file] [local path] Options [source file]=source filename (must be a DOS filename) [local path]=local path to registry files (Default source path for Win NT/2000 is c:\winnt\system32\config. Default for Win 95/98 is c:\windows. If files are stored in the default location, you do not need to enter the path.) Syntax firm restorereg [source path and filename][drive letter or token]:[local path] Include the complete path. Examples To restore registries from c:\regback.lst to default location, type
firm restorereg c:\regback.lst

To restore registries from c:\regback.lst to e:\winnt
firm restorereg c:\regback.lst e:\winnt
507

backuplist
Options
Function Backs up a set of files. Usage firm backuplist [destination file] [list file] Options [destination file]=destination filename (must be a DOS filename) [list file]=filename containing a list of files to back up (source) Must be in a DOS text/ascii file format. Syntax firm backuplist [destination path and filename][list filename] Include the full path. Example To back up the files in c:\backup.lst and store them in c:\backup.txt, type
firm backuplist c:\backup.txt c:\backup.lst

The backup.lst file might contain the following: c:\autoexec.bat c:\config.sys prod:\windows\command\format.com restorelist Function Restores a set of files. Usage firm restorelist [source file][logical drive] Options [source file]=source filename (must be a DOS filename) [logical drive]= drive letter to overwrite default logical drive Default logical drive = PROD:\ Syntax firm restorelist [source path and filename][logical drive letter] Include the complete path. Example To restore backup files to DOS drive c:, type
firm restorelist dc:\backup.txt
508
Appendix B
Tokens: Dynamic Database Access

These are variable tokens that can be inserted in scripts (see Run Script on page 183) or answer files (in Scripted OS Install on page 168) to extract information from the Deployment Database. Example: the token named %ASSETTAG% contains the asset tag of a computer. Tokens are most commonly used when creating custom scripts (using the Run Script Task) or answer files when doing unattended operating system installations. The custom script is unique to the computer in which it is applied.
System Tokens
The following table lists all predefined system tokens supported by Deployment Solution 5.6 or higher. System tokens are case sensitive. The percent symbol % at the beginning and end of each token is part of the token name and must be included.
Token
Description
%ASSETTAG% %AGENTIPADDR% %BWIPADDR%
Asset tag from SMBIOS The IP address of the NIC of the client computer connected to the Deployment Server. The IP address of the client computer connected to the Deployment Server. This token only works with Bootworks. It is deprecated and it is recommended that you use the token %AGENTIPADDR% instead. The name of the job that called this job (as used when Setting Up Return Codes) or the name of this job if not called by another job Actual computer name used by the OS Contact name defined in the Location properties Date string in the form of mm/dd/yyyy Department description defined in the Location properties MS Workgroup or domain name Domain organization units. Example: MyCompany.com/MyParentOU/MyOU The NetBios name of the computer where the Deployment Server is installed. Email from the Location properties Unique Computer ID Generated by Deployment Server
%CALLINGJOBNAME%
%COMPNAME% %CONTACT% %DATE% %DEPT%
%DNSSUFFIXSEARCHORDER% The DNS suffixes under the DNS tab. %DOMAIN% %DOMAINOU% %DSSERVER% %EMAIL% %ID%
509
Token
Description
%IPNAME% %JOBNAME% %JOBUSER% %LDAPDOMAINOU%
Full DNS name of the computer The name of the current job. The name of the user logged on to the Deployment console The LDAP format for AD domains. Example: dc=MyCompany, dc=com, OU=MyParentOU, OU=MyOU Mail stop from the Location properties Computer manufacturer from SMBIOS Complete computer name as it appears in the console The NetBios name for the Microsoft Domain IP Address for NIC y (y = 1-8). Example: the first NIC would be %NIC1IPADDR%I , second %NIC2IPADDR% DNS entry x for NIC y. Example: the second NIC fourth DNS entry would be %NIC2IPDNS4% All DNS IP addresses for NIC y. Example: All DNS entries for the second NIC would be %NIC2IPDNSALL%. Default gateway for NIC y (y = 1-8). Example: the first NIC would be %NIC1IPGATEWAY%, second %NIC2IPGATEWAY% IP HOst for NIC y (y = 1-8). Example: the first NIC would be %NIC1IPHOST%; the second would be %NIC2IPHOST%. Netmask for NIC y. Example: the first NIC would be %NIC1IPNETMASK%, second %NIC2IPNETMASK% WINS entry x for NIC y. Example: the third NIC first WINS entry would be %NIC3IPDNS1% All WINS addresses for NIC y. Example: All WINS entries for the second NIC would be %NIC2IPWINSALL%. MAC for NIC y (y = 1-8). Example: the first NIC would be %NIC1MACADDR%, second%NIC2MACADDR% NetBios options for NIC y. Example: the NetBios options for the third NIC would be %NIC3NETBIOSOPTIONS%. PCI Bus number for NIC y. Example: the PCI Bus number for the second NIC would be %NIC2PCIBUSNUMBER%. PCI Device number for NIC y. Example: the PCI Device number for the fourth NIC would be %NIC4PCIDEVICENUMBER%.
%MAILSTOP% %MANUF%
%NAME%
%NETBIOSDOMAIN%
%NICyIPADDR%
%NICyIPDNSx% %NICyIPDNSALL%
%NICyIPGATEWAY%
%NICyIPHOST%
%NICyIPNETMASK%
%NICyIPWINSx% %NICyIPWINSALL%
%NICyMACADDR%
%NICyNETBIOSOPTIONS%
%NICyPCIBUSNUMBER%
%NICyPCIDEVICENUMBER%
510
Token
Description
%NICyPCIFUNCTIONNUMBER% PCI Function number for NIC y. Example: the PCI Function number for the third NIC would be %NIC3PCIFUNCTIONNUMBER%. %NICyUSEDHCP% %NICyUSEWINS% %NODEFULL% %NODENAME% %NWCONTEXT% %NWSERVER% %NWTREE% %OS% %OSTYPE% %PHONE% %PROCDESC% %PROCSPEED% %PROCCOUNT% %PROD_LIC% %PROCTYPE% %RAMTOTAL% %SERIALNUM% %SITE% %TIME% %USER_NAME% %UUID% If you use DHCP, the valid values are Yes or No. If you use WINS, the valid values are Yes or No. Complete computer name First 8 characters of actual computer name NetWare context name NetWare preferred server NetWare preferred tree Specific operating system (WIN98, WIN2K, WINXP) Operating system type (WIN9x, WINNT, Linux) Phone defined in the Location properties Description of the processor Processor Speed The number of processors installed (not the number of processor slots) Product License Key Processor Type Total Random Access Memory Serial number from SMBIOS Site description defined in the Location properties Time string in the form of hour:minutes The Registered To user name that can be viewed on the System Properties page of Windows. The Universally Unique Identifier (UUID) of the computer, if supported by hardware.
Finding the Right Token Value

By default, all values for the custom tokens can be located using the computer ID number that is automatically assigned to all computers when they are added to the Deployment Server database. This ID number is located in the computer_ID column of its associated table. The computer ID number can be viewed from a Deployment Server console by rightclicking a computer and then selecting Properties > General. After the computer ID number has been located, the associated column value can be used. The example below shows a Deployment Server Job using the Run Script Task, which will extract information from the Deployment database using the alias name of FS2. Script
echo This computer has %#FS2*"SELECT ram_free from hardware where computer_id = 5000001"% MB of free RAM
511
Explanation of Script
FS2 is the alias name. hardware is the table name Ram_Free is the column name to find the value in.
If a job using the above script was assigned to the PC-1 computer (with the computer_id of 500001), the values specified are located in the database and appear on the clients computer. The message shows the DS database search results. Users Display Message
C:\ This computer has 213 MB of free RAM Press any key to continue...
Creating Unique Files Using Tokens

There are times, during the deployment of a computer, where the computers being deployed need a unique file to complete the deployment process. Example: when using the Microsoft System Preparation (sysprep) program, a unique configuration file is needed to ensure that each computer gets a unique computer name and that it gets assigned to the correct Domain (among other things.) An answer file used to perform unattended operating system installations is another example. In both of these examples, much of the configuration file is the same for all computers being managed with only a portion of the file contents needing to be unique. The challenge is to get a file with the unique entries to the computers being managed without manually visiting each computer and without having to create each file manually. To meet the demands of this challenge, Deployment Server has the ability to automatically create and distribute a unique text file to meet these needs. This process is known as the Token Replacement Process. The token replacement process is accomplished using a template (reference) file which is automatically customized as needed through the use of tokens (variables) and saved as a unique file. This unique file is then sent to the individual computer. (See Figure below.)
Tokens
An Altiris token is a type of variable that can be replaced with unique data from the Deployment Server database. Each computer can have its own unique value for each token. Example: the token name of %NAME% stores the name of a computer being managed as seen in the Deployment Server console view, while the token name of %DOMAIN% stores the Microsoft Workgroup/Domain a computer belongs to. Depending on the individual computer, there may or may not be a value stored in the Deployment Server database for every possible token. Token names are case sensitive. See System Tokens on page 509.
Token Replacement Template Files

To understand the token replacement template file, consider the needs when using Microsofts System Preparation program (Sysprep.) When using Sysprep, each computer
512
requires a Sysprep.inf file. This file is used, among other things, to set the NetBIOS computer name for a computer and which Domain the computer will belong to (see the sample Sysprep.inf file in the figure to the right.) If the image being deployed to the computers contained this Sysprep.inf file and no other changes were made, all computers would end up with the same computer name and Domain when the Sysprep.inf files was used to configure the computers being deployed. To solve this dilemma, a token replacement template file is used. The token replacement template file is a copy of the text file, which after being edited needs to be copied to each computer. In this example it is theSysprep.inf file. The unique text files that will be sent to the individual computers are created by taking the contents of this template file and adding the unique data using tokens. Therefore, any data in the template file that needs to be unique must be replaced with an applicable token. Example: to ensure that every computer gets a unique computer name, the Sysprep.inf file is edited to use a token to provide this information instead of using the real computer name. As seen in the figure to the right, this is accomplished by placing the %NAME% token after the ComputerName entry. Likewise, the entry that determines the Domain is changed to use the %DOMAIN% token instead of the real Domain name. After the tokens have been added as needed, this file is saved in the Deployment Server directory structure and becomes the template file. After going through the token replacement process, the tokens are replaced with unique data from the Deployment Server database and a new file containing that information is created. The end result is that the new file created would now have an entry such as ComputerName=Bryce in one file while another file might have an entry such as ComputerName=Jackson.
Template File Rules

The following template file rules are as follows: The template file can have as many Altiris tokens as needed. The template file needs to be saved in the Deployment Server directory or in one of its subdirectories. Example: the template file may be saved in the \Deployment Server\temp directory. By default, the Deployment Directory is located at C:\Program Files\Altiris\eXpress\Deployment Server and is the directory where Deployment Server was installed. It is also referred as the Deployment Share.
The Token Replacement Process

The method of converting the template file to a unique file is accomplished as follows: The template file (in this example - Sysprep.inf) is created with the necessary tokens and is placed in the Deployment Server\temp subdirectory. A Job is created containing a Run Script task. The Run Script task contains the command(s) needed to invoke the token replacement process and the specific paths for all files needed in this process. (See The Run Script Task on page 1-32 for the Run Script task syntax.) This Job is then run on selected target computers.
513
When the Job is executed the following happens: The template file (Sysprep.inf) is examined and all tokens are located. The unique token values for each computer are located in the Deployment Server database and are used to create a new file for each computer. The tokens in the new files have now been replaced with their applicable values and the files are saved in the Deployment Server directory path specified in the task. The name of the new file created is determined by a token variable used in the task allowing each new file to have its own unique name. Each unique file is then copied to the applicable target computer. As the files are copied, they are renamed back to the correct name needed. In other words, all computers will end up with a file by the exact same name (this may or may not be needed depending on what this process is being used for.) The destination of the file on the target computer and its final name are determined by the Run Script task in the Job.
Custom Tokens
Custom tokens can be defined in a script or answer file to extract data from any MS SQL Server database table. This is most commonly used when creating custom tables to store additional computer inventory information. This token replacement feature allows you to specify any SQL database, look up a specified value, and replace the custom token with the value from the selected database (whether it resides on the local computer or not).
Syntax One
%#Alias^!table name@column name%
% # Alias
Identifies the opening and closing of a variable token in the script. Indicates that this is a custom token. Specify the alias for an external database set up in the Tools > Options > Custom Data Sources dialog. See Custom Data Sources options on page 88. When used, this will provide the information and credentials to gain access to an external SQL database. If the Alias option is not used, the values will be obtained from the same Deployment Server database the Job containing this token is using.
Indicates that this is a global identifier token. All tokens by default will be looked up using the Computer_ID value for which the token ID is being replaced. This global identifier tells Deployment Solution to NOT use the value in the computer_ID column. Instead, it will use the first value found in the specified table. Specifies that the following text is the table name in the Deployment Database. This field is required for all user-defined tokens. Specifies that the following text is the column name in the table. This field is required for all user-defined tokens. Examples:
! @
514
To return the names of the computers:
%#!computer@computer_name%
To return the color column from a custom database and table that has the computer_id column in it:
%#DBAlias!table@color%
To return the color column from the first record from a custom database and table:
%#DBAlias^!table@color% Syntax Two

%#Alias*SQL query statement%
Indicates that the following text is an SQL statement.
Examples
To return the names of the computer with an SQL statement:
%#*SELECT computer_name from computer where computer_id = 1234567%

To return the color column from a custom database and table with a computer_id column:
%#DBAlias*SELECT color from table where computer_id = 1234567%

To return the color from the first record from a custom database and table:
%#DBAlias*SELECT color from table%
515
Appendix C
Error Codes
This section presents some error messages generated by Deployment Solution. They are divided into the following groups: General Error Messages on page 517 Client Error Messages on page 519 Communication Error Messages on page 520 Memory Error Messages on page 522 Partition Error Messages on page 523 Installer Return Codes (page 524)
516
General Error Messages

Error Message
"Error reading . . ." "Error writing . . ."
Description
Explanation: An error occurred while reading or writing to the disk. Possible causes: Faulty disk hardware. A write-protected disk. The BIOS in some computers has an antivirus capability which attempts to protect the disk from Master Boot Record (MBR) viruses by write-protecting the first sector or track on the hard disk.
"Error reading from file." "Error writing to file." "Error opening file for reading." "Error opening file for writing." "Error saving image info to file." "Error closing file." "Error reading image information." "Geometry Error . . ."
Explanation: An image file could not be accessed. Possible causes: The file does not exist, or cannot be read (for downloads). The image file is corrupt. The directory does not exist or cannot be written to (for uploads). The disk where the image file is being written is full.
"Invalid geometry exception . . ." Possible cause: Invalid or corrupt BIOS drive geometry settings. "No such drive . . ." Explanation: The specified drive could not be accessed. Possible cause: An invalid drive letter was entered. "Error reading drive parameters from BIOS." Explanation: The program received an error from the BIOS while trying to read disk geometry information. Possible Cause: Often occurs when trying to run a DOS application from Windows. "Bad image number. File is not an image file." Explanation: The file is not recognized as an image file.
Explanation: There was an error converting cylinders, heads, and sectors to logical blocks or vice versa.
Possible causes: "Bad image number. Buffer The file is not a valid image file. doesn't contain image data." File was created with a different version of the imaging "Bad file version number. program, which is not compatible. Cannot read the file." Data loss is occurring over the network. "Bad version number. Buffer doesn't contain image data." "Too many clients for current license count." Explanation: More clients connected to the Console or Master computer than the license allows. Action: Upgrade your license to support more nodes. Call your authorized reseller for more information.
517
Error Message
Description
"This program is not licensed Explanation: Multicasting works only when the license count for multicasting (peer-tois greater than one. peer imaging)." Action: Upgrade your license to support more nodes. Call your authorized reseller for more information. "Exiting with error code . . ." Explanation: The program failed. Possible causes: The operator aborted the program prematurely. A serious program error occurred. Action: A descriptive error message should appear before this message to give you information about the problem that is causing the program to exit. If you do not see a preceding descriptive message, notify Altiris Technical Support. Write down the error code and a description of what was happening before the error occurred.
518
Client Error Messages

Error Message
"The master PC ended the transfer before we received all of the data."
Description
Explanation: The Master computer sent a "goodbye" packet before the image-transfer was finished. The download didn't finish, so the client disk will be in an indeterminate state. Possible cause: The user aborted the download before it was complete.
Explanation: The Master computer sent a packet with the "Error: Received cluster chunk with wrong version . . wrong version number. . (want .. .)." Possible cause: The Master computer and clients are "Client and master versions running different versions, and there are packet-header do not match." differences. "Error: Received cluster map Action: Ensure both master and client programs are updated with wrong version . . ." to the same software version. "Error: End of Block packet has wrong version . . . (want . . .)." "Error: Received Wrong NetBlock . . . (expected . . .)." "Received Wrong segment . . . (expected . . .)." Explanation: The Master computer moved on to the next segment in an image transfer before the client successfully received the data in the previous segment. Possible cause: The client may have lost contact with the Master computer during a download.
"Error: Master started before Explanation: The client received an unknown packet before we could register." it was ready to begin the download. Possible cause: The "download confirmation" packet sent from the Master to the client is lost. Action: Re-send the image. "Error decoding buffer." "Error while getting image info from master." Explanation: The client was unable to decode packet or image information. Possible cause: Data corruption in a packet somewhere between the Master computer and the client (likely), or a bug in either the master or client software (much less likely). Action: Call Altiris if you see this message and you believe your network is operating reliably.
519
Communication Error Messages

Error Message
"Error opening IP socket." "Error canceling IP listen packets."
Description
Explanation: An error was returned from a call to the network protocol stack. Possible causes:
"IP SendPacket error, code . The IP protocol stack isn't loaded. . ." An internal error occurred in the protocol stack code. "IP Error sending packet ..." "Error sending farewell packet: ECB code . . ." "IP error getting local target address." "Unable to bind socket 0x . . ." Note The same errors can occur with IPX.
Critical Error Messages

Error Message
"Compression failure, result is 0x. . ." "Decompression failure, result 0x . . ."
Description
Explanation: Compression or decompression failure. Possible causes: A decompression failure can be caused by corrupt data in an image file or data accessed across the wire. A compression failure is probably caused by a bug in the program. Action: If you get a compression or decompression failure on a file you know to not corrupted, isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
"Unable to send packet: buffer too big."
Explanation: The program tried to send a packet that was larger than the internal limit. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
520
Error Message
"Unable to register multicast cleanup function."
Description
Explanation: Indicates a failure in the programs library routines. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
"Unhandled exception detected. Explanation: A top-level handler in the program detected an exception from an unknown location in the Please call technical support." program. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Error: Missing chunk number . . Explanation: Indicates an internal error in the client. . too big." Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Error: Received non cluster map block type 0x . . ." Explanation: The client received a block of data containing unexpected information. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
521
Error Message
Description
"Out of range index . . . in Explanation: Internal program error. removeItem. ElementCount is . . Action: Please report the error to Altiris. Write down the ." error code and message and a description of what was "Error removing child subtree." happening just before the error occurred. "Invalid item to remove." "Error: Attempted removal of top-level container segment." "Error: unable to copy source segment." "Error getting download info space requirements." "Error getting image info space requirements." "Error getting bitmap space requirements." "Error encoding image info into buffer." "Error encoding bitmap."
"Container segment has invalid Partition-table slot . . ."
Explanation: A partition table in an extended partition contains a reference to a nonexistent slot in the partition table. Action: Please report this error to Altiris.
Memory Error Messages

Error Message
"Insufficient memory for . . ."
Description
Explanation: The program is out of memory.
Possible cause: The Altiris program requires 16 MB to run. "Ran out of memory while . . It could also be a lack of conventional memory. ." Action: Add the emm386.exe file, and load as many drivers, "Exception . . . while devices, and so on as possible into high memory. Check the allocating . . ." Altiris support forum for information on memory errors. "Error adding . . ." Explanation: There was a problem building an internal list structure. Possible cause: This is almost always a result of memory exhaustion.
522
Partition Error Messages

Error Message
"Collision in partition-table . ." "Collision with . . ."
Description
Explanation: More than one partition was defined for a given partition table slot. It can mean one of two things: Possible cause: The on-disk partition-tables (including partition tables in extended partitions) are corrupt. The program was unable to merge an image file with the local disk contents because both the image and the local disk contain a partition definition that must reside in the same slot.
"No partitions to process." "Segment boundary error: doesn't start on track boundary." "Invalid partition . . . "
Explanation: No partitions were found in the partition table. The program has nothing to image (upload). Explanation: An invalid partition definition exists. Possible cause: The invalid entry might be in the partition tables extended partitions. Action: Try running ibmaster.exe with the -sz or -szf switch. Explanation: An extended partition was found that contained no internal partition table, or contained no internal definitions. Action: The invalid configuration can be resolved by removing the invalid partition definition (using FDISK or similar utility). Explanation: The local disk doesn't have enough free space to accept the image being downloaded.
"Error: No partition-table segment to update." "Error: Expected container segment not found."
"Not enough free disk space to accept image."
"Underlap error while placing Possible cause: The image may have more data than can fit segment." on the client computer hard drive, or the partition cannot be resized to fit the drive. "Overlap error while placing segment." "Collision at beginning of disk Explanation: The program was unable to place the boot while trying to place boot record on the disk. record." Possible cause: Another partition may be defined to cover the required space. This usually indicates corruption in the target disk's partition table, because it is illegal for a partition to occupy the space required by the boot record. Action: Run FDISK to remove all partitions, then reboot the computer and run FDISK/MBR. Also check for viruses.
523
Error Message
Description
"This image requires that the Explanation: The image being transferred contains a destination drive have the geometry-dependent partition, and the geometry of the same geometry . . ." source disk does not match the geometry of the target disk. This means the disks are not seen as identical drives by the drive controller. "Error flushing MBR sector." Explanation: The program was unable to write data to the first sector on the hard disk. The image transfer is incomplete because the partition-table and/or master boot record code was not successfully written, and the disk is in an indeterminate state. Possible cause: This may be caused by a BIOS setting that prevents programmatic access to the boot sector (see the CMOS setup).
Installer Return Codes

The Deployment Solution Installer returns error codes whenever it encounters any problems while installing. These return codes are saved in a log file, which is used to help understand the installation problems. Below is a list of error codes returned with their descriptions for different components of the Deployment Server.
Return Code
1000
ErrorID
IDS_ERR_SETUP_INSTALL
Error Description
This return code is for the DataStore component. This error occurs while setting up the installation on a remote computer. This signifies an error in opening the setup INI file. This return code is for the DataStore component. This error occurs while copying the license file to the remote computer. Please ensure that the temp directory on the remote computer has at least 100MB free space. This return code is for the Deployment Server component. This error occurs while setting up the installation on a remote computer. This signifies an error opening the setup INI file. This return code is for the Deployment Server component.This error occurs when it is unable to grant logon as service rights to the Deployment Server Service user. If you continue the installation, it will install the service, but will require you to manually set "Logon as Service" rights for the Deployment Server Service user.
1001
IDS_ERR_COPYING_LICEN SE
1002
1003
IDS_ERR_GRANT_LOGON
524
Return Code
1004
ErrorID
IDS_ERR_INSTALLING_SE RVER_REG
Error Description
This return code is for the Deployment Server component. Thus error occurs while creating some registry entries required for the server to function correctly. If you choose to continue, you will need to set the options manually from the Altiris eXpress Deployment Server Configuration control panel applet. This return code is for the Deployment Server component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Server component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Server component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Server component. This error occurs while copying the license file to the remote computer. Ensure that the temp directory on the remote computer has at least 100MB free space. This return code is for the Deployment Server component. This error occurs when it is unable to execute package on the remote computer. Ensure that the username and password you have supplied has Administrator rights on the remote computer.
1005
IDS_ERR_CONNECTING
1006
IDS_ERR_INSTALLING_SE RVICE
1007
IDS_ERR_STARTING_SERV ICE
1008
IDS_ERR_COPYING_LICEN SE
1009
IDS_ERR_EXECUTE_PACKA GE
525
Return Code
1010
ErrorID
IDS_ERR_COPYING_PACKA GE
Error Description
This return code is for the Deployment Server component. This error occurs while copying the install package to the remote computer. Please ensure the temp directory on the remote computer contains at least 100MB free space. This return code is for the Deployment Console component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is for the PXE Server component. This error occurs while copying the PXE boot image files. If you continue the install, you will need to run the Boot Disk Creator from the PXE computer and create these files manually. This return code is for the PXE Server component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is for the Deployment Web Console component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is for the Deployment Web Console component. This error occurs when it is unable to grant logon as service rights to the Deployment Server Service user. If you continue the installation, it will install the service, but will require you to manually set "Logon as Service" rights for the Deployment Server Service user. This return code is for the Deployment Web Console component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer.
1011
1012
IDS_ERR_COPYING_BOOT
1013
1014
1015
IDS_ERR_GRANT_LOGON
1016
IDS_ERR_CONNECTING
526
Return Code
1017
ErrorID
Error Description
This return code is for the Deployment Web Console component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Web Console component. This is an unknown error that occurs while starting the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Web Console component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for a Hotfix installation. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is common for all the components of Deployment Server. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is common for all the components of Deployment Server. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer.
1018
1019
IDS_ERR_CONNECTING
1020
1022
IDS_ERR_CONNECTING
1023
527
Return Code
1024
ErrorID
Error Description
This return code is common for all the components of Deployment Server. This is an unknown error that occurs while starting the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is common for all the components of Deployment Server. This error occurs when it is unable to execute package on the remote computer. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is common for all the components of Deployment Server. This error occurs while copying the install package to the remote computer. Please ensure the temp directory on the remote computer contains at least 100MB free space. This return code is common for all the components of Deployment Server. This error occurs while copying the setup.iss file to the remote computer. Please ensure that the system temp directory on the remote computer contains at least 100MB free space. This return code is common for all the components of Deployment Server. This error occurs while monitoring the remote install. The install has been started, but there is no way to find out if the install completed successfully. This return code is for all the components of Deployment Server. This error is encountered when any of the components encounter an Install shield problem. This error occurs when the package is terminated unexpectedly.
1025
IDS_ERR_EXECUTE_PACKA GE
1026
IDS_ERR_COPYING_PACKA GE
1027
IDS_ERR_COPYING_ISS
1028
IDS_ERR_MONITORING
1029
Install shield writes errors
1030
IDS_ERR_PACKAGE_TERMI NATED
528
Appendix D
System Jobs for Deployment Solution

System jobs are shipped and installed in the Deployment Share (<DS install path>\Altiris\eXpress\Deployment Server\Samples) to assist in various deployment tasks. During installation, jobs are automatically imported from the samples.bin file into Deployment Solution where they can be viewed in the System Jobs folder in the Jobs area of the console. The System Jobs folder contains subfolders for Imaging, Simple Tests, Migrations, Miscellaneous Jobs, Pocket PC, Scripted OS Installs, Scripts, XP Embedded, and Agent Update jobs. Jobs in each folder marked with an asterisk (*) require input parameters or other minor modifications added before running on your system. These modifications allow you to add parameters to the job such as user name and password, or other required data to allow the job to be functional. These jobs will not function properly if you do not edit the job task with the information specific to your environment. All files without an asterisk (*) can be used to perform the identified functions without modification. However, if the job conditions are not met or are not consistent with the computer type then you may get an error. Example: if the Repair Office XP job runs on a computer without MS Office XP then you will get an error when trying to run the job. Note We recommend that you copy the desired sample job and change the name to avoid overwrites if you reinstall Deployment Solution. Sample files are provided to help create jobs and other files for use in your specific environment. These files portray possible solutions and configurations, and can be modified and rewritten. Each of these jobs can also be created in the Deployment Server Console and executed with the same effectiveness to meet your specific needs. Because of continually changing market conditions and specific requirements for your organization, Altiris cannot guarantee the effectiveness of these sample files working in your environment. See sample jobs in these categories: Imaging (page 530) Simple Tests (page 530) Migrations (page 531) Misc Jobs (page 532) Pocket PC (page 536) Scripted OS Installs (page 537) Scripts (page 544) XP Embedded (page 547)
529
Imaging
Use these sample jobs for basic imaging tasks: Create Disk Image (page 530) Distribute Disk Image (page 530)
Create Disk Image

Description Creates a disk image. Additional files required None. What this task does This task will create a disk image using the name of the computer as the image filename. Steps to use Assign the job to a computer or computer group.
Distribute Disk Image

Description Distributes a disk image. Additional files required None. What this task does This job will distribute the disk image using the name of the computer as the image filename. Steps to use Assign the job to a computer or computer group.
Simple Tests
Run simple commands and install software packages using these jobs: DIR Command at DOS (page 530) DIR Command at Windows (page 530) Distribute RapidInstall Package (page 531)
DIR Command at DOS

Description Runs the DIR command in DOS Additional files required None. What this task does This task runs the DIR command at the DOS prompt. If the managed computer is running in Windows, it will tell the Deployment Agent to restart the computer to automation and the computer will reboot. When the computer starts, the BootWorks application runs and the DIR command executes. After the DIR command runs, the computer will boot back to the production status. This task also uses the Logevent application to send the scripting status back to the Deployment Server. Steps to use Assign the job to a computer or computer group.
DIR Command at Windows

Description Runs the DIR command in Windows from a command prompt Additional files required None.
530
What this task does This task runs the DIR command in Windows from a command prompt. Steps to use Assign the job to a computer or computer group.
Distribute RapidInstall Package

Description Runs the shwnm.exe RapidInstall package. Additional files required: None. What this task does This package includes a utility that displays the computer name in a window. A shortcut is created in the startup group so that every time the computer is started the window shows the computer name. Steps to use Assign the job to a computer or computer group.
Migrations
With the aid of PC Transplant, capture various user settings using these jobs: Capture User Application Settings (page 531) Capture User Desktop Settings (page 531) Capture User Microsoft Office Settings (page 532) Capture User Printer Settings (page 532)
Capture User Application Settings

Description Collects the users application setting using PC Transplant. Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the application settings for all users that exist on the computer. The client computer will execute the PC Transplant Wizard using the specified template and create a file (computername.exe) at the specified location. Steps to use 1. 2. Edit the job. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers, then the logged-in user must have rights to the specified location for the template and package creation. Assign the job to a computer or computer group.
3.
Capture User Desktop Settings

Description Collects the users desktop setting using PC Transplant Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the desktop settings for all users that exist on the computer. The client computer
531
will execute the PC Transplant Wizard using the specified template and create a file (computername.exe) at the specified location. Steps to use 1. 2. Edit the job. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers, then the logged-in user must have rights to the specified location for the template and package creation. Assign the job to a computer or computer group.
3.
Capture User Microsoft Office Settings

Description Collects the users Microsoft Office setting using PC Transplant Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the Microsoft Office settings for all users that exist on the computer. The client computer will execute the PC Transplant Wizard using the specified template and create a file (computername.exe) at the specified location. Steps to use 1. 2. Edit the job. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers the logged-in user must have rights to the specified location for the template and package creation. Assign the job to a computer or computer group.
3.
Capture User Printer Settings

Description Collects the users printer setting using PC Transplant Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the printer settings for all users that exist on the computer. The client computer will execute the PC Transplant Wizard using the specified template and create a file (computername.exe) at the specified location. Steps to use 1. 2. Edit the job. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers the logged-in user must have rights to the specified location for the template and package creation. Assign the job to a computer or computer group.
Misc Jobs
Misc jobs can be executed on computers, including installation and repair of Office XP, computer power control, and SQL service and installation: Install Office XP from Mapped Drive (page 533)
532
Install Office XP from UNC Source (page 533) SQL 2000 Unattended Install (page 534) SQL 2000 Unattended Install Using a RIP (page 534) Copy WLogevent to Client (page 535) Install MSI 2.0 Runtime (page 535) Repair Office XP (page 535) Restart Computer (page 535) Shutdown Computer (page 535) Start SQL Server Service (page 536) Stop SQL Server Service (page 536) Uninstall Office XP (page 536) Wake up Computer (page 536)
Install Office XP from Mapped Drive

Description Installs Microsoft Office XP. Additional files required Microsoft Office XP setup files located on the network share that will be used in the drive mapping. What this task does This script maps a network drive and installs Microsoft Office XP Professional with Front Page from it. Steps to use 1. 2. 3. To customize the script, change the UNC that the drive is being mapped to, as well as the username and password. To change the username, go into the advanced settings of the script. Note that the client computer must be in the domain if you are using domain authentication. Assign the job to a computer or computer group.
Note We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to be deployed. The setup should be customized using the proper tools, and an administrative install should be performed to place the setup files on the network share. For more details, consult the Office XP Resource Kit.
Install Office XP from UNC Source

Description This task will install Microsoft Office XP. Additional files required Microsoft Office XP setup files located on the network share that will be used in the script. What this task does This script runs a Microsoft Office XP Professional with Front Page install directly from a UNC. Steps to use
533
1.
To customize the script, change the location of the setup files, as well as the username and password. Note that the client computer must be in the domain if you are using domain authentication. To change the username, go into the advanced settings of the script. Assign the job to a computer or computer group.
2. 3.
Note We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to be deployed. The setup should be customized using the proper tools, and an administrative install should be performed to place the setup files on the network share. For more details, consult the Office XP Resource Kit.
SQL 2000 Unattended Install

Description This script will do an unattended install of SQL Server 2000. Additional files required The files from the SQL Server 2000 disk. What this task does This script will copy all files and directories from the SQL setup to the client computer, then execute an unattended install using the specified silent install script (sqlins.iss). Steps to use 1. Copy the files from the SQL 2000 CD into the .\samples\misc\sql2000 directory. Edit the sqlins.iss file located in the .\samples\misc\sql2000 directory to include your CD key. Assign the job to a computer or computer group.
2.
SQL 2000 Unattended Install Using a RIP

Description This script will do an unattended install of SQL Server 2000 using a RapidInstall Package to copy the files on the computer and execute the setup using a post install script. Additional files required The files from the SQL Server 2000 disk inserted into the sql2000pkg.exe RapidInstall package. What this task does This script will copy all files and directories from the SQL setup to the client computer using a RapidInstall package, then execute an unattended install using the specified silent install script (sqlins.iss) in a post install script. Steps to use 1. 2. Start RapidInstall Editor and open the sql2000pkg.exe located in the .\samples\misc\sql2000 directory. Edit the sqlins.iss file in the TempPath\SQL2000 directory in the RIP. To edit the file, select the SQL2000 directory in the Files view and right click the file listed to the right and choose Open With. Choose Notepad as the associated program. Replace the CDKey entry in the file and save the file. Close Notepad. Choose OK in the Edit File dialog to reinsert the changed file into the RIP. 3. Copy the files and directories from the SQL 2000 CD into the SQL2000 directory in the RIP by dragging and dropping them onto the SQL2000 folder.
534
4. 5.
After the files have been added to the RIP, save it by choosing File>Save. Close the RapidInstall Editor. Assign the job to a computer or computer group.
Copy WLogevent to Client

Description Copy the wlogevent.exe to the windows client computer for use with script logging. Additional files required None. What this task does This job will copy the wlogevent.exe from the Deployment Server directory to the client computer in the temp directory. This file is used for logging status in windows scripts. Steps to use Assign the job to a computer or computer group.
Install MSI 2.0 Runtime

Description Installs the Microsoft Installer runtime files. Additional files required None. What this task does This task uses conditions to determine the operating system of the computer and installs the appropriate MSI 2.0 runtime files. Steps to use Assign the job to a computer or computer group.
Repair Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be repaired on the client computer. Additional files required The source that Office XP was originally installed from must be accessible in order for the repair to function successfully. What this task does This script will force Microsoft Office XP Professional with Front Page to be repaired on the client computer. You can substitute the Product ID of any MSI (Windows Installer) installed application in this sample. Steps to use Assign the job to a computer or computer group.
Restart Computer
Description Restarts the client. Additional files required None. What this task does Restarts the client if restart is supported. Steps to use Assign the job to a computer or computer group.
Shutdown Computer
Description Shutdown the client. Additional files required None. What this task does Shuts down the client if shutdown is supported.
535
Steps to use Assign the job to a computer or computer group.
Start SQL Server Service

Description This script will start the SQL Server service. Additional files required None.
What this task does This script will send the NET START MSSQLServer command to the computer.
Steps to use 1. 2. If you run the SQLServerAgent you need to remove the REM on the line that starts the agent service. Assign the job to a computer or computer group.
Stop SQL Server Service

Description This script will stop the SQL Server service. Additional files required None. What this task does This script will send the NET STOP MSSQLServer and NET STOP SQLServerAgent command to the computer. This job will stop the agent service because the SQL server will not stop if this is running from the command line.
Steps to use Assign the job to a computer or computer group.
Uninstall Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be uninstalled on the client computer. Additional files required The source that Office XP was originally installed from must be accessible in order for the uninstall to function successfully. What this task does This script will force Microsoft Office XP Professional with Front Page to be uninstalled on the client computer. You can substitute the Product ID of any MSI (Windows Installer) installed application in this sample. Steps to use Assign the job to a computer or computer group.
Wake up Computer
Description Wake up a computer. Additional files required None. What this task does Sends a Wake On LAN packet to the computer. If the client supports Wake On LAN, then this will succeed. Steps to use Assign the job to a computer or computer group.
Pocket PC
These jobs are used to install agents and CAB files to manage handheld devices in Deployment Solution:
536
Distribute Software (page 537) Install Altiris Pocket PC Agent (page 537)
Distribute Software
Description Installs a simple application that displays the name of the Pocket PC. Additional files required None. What this task does This job allows you to set a condition for a MIPS, ARM, or SH3 processor for your handheld device. Once a condition is set then it will install the correct CAB file from the Samples directory. Steps to use Assign the job to the handheld device appearing in the Computers section of the Deployment Server Console.
Install Altiris Pocket PC Agent

Description Installs Pocket PC Agent on the host computer (the computer with the handheld cradle) for the handheld device. This job sets a condition to check if ActiveSync is installed on the host computer. If ActiveSync is installed, the Pocket PC agent will install. If ActiveSync is not installed, then an error appears stating that your condition is not met on the selected computer. Additional files required Microsoft ActiveSync on the host computer. What this task does This job places the Pocket PC agent on the host computer to manage a connected handheld device. Steps to use Assign the job to a managed computer acting as host (with Microsoft ActiveSync installed) for a handheld device.
Scripted OS Installs
These imported jobs allow you to run scripted, unattended installs on both Windows and Linux servers. These jobs are used for both Network installs and Hard Disk installs. To do a network scripted install of Windows, use the Scripted OS install task type in a job: Create W2K Install Disk Image (Target HD) (page 537) W2K Scripted Install (Target HD) (page 539) Create RH7 Install Disk Image (Network) (page 540) Create RH7 Install Disk Image (Target HD) (page 541) RH7 Scripted Install (Network) (page 541) RH7 Scripted Install (Target HD) (page 542) Create RH8 Install Disk Image (Network) (page 543) RH8 Scripted Install (Network) (page 543)
Create W2K Install Disk Image (Target HD)

Description This job creates a disk image to be used for installing Windows 2000 using files from the local hard drive. This method is not supported from the Scripted OS install task. This process can be repeated for XP and .NET as well. This job is only used once to
537
set up the image that will be repeatedly called from the "W2k Scripted Install (Target HD)" job. Additional files required
< DS install path >\IMAGES\DOS_ONLY.IMG. Image file containing a simple

bootable partition that is provided during the product install. Windows 2000 installation files (I386 directory from the Windows CD). These files need to be copied from the Windows CD to the operating system files directory. The default directory is <DS install path>\DEPLOY\WIN\W2K\I386 directory.
< DS install path >\Deployment Server\ \SAMPLES\SCRIPT~1\WINDOWS\W2KSETUP.BAT. DOS batch file that the job
calls to copy the Deployment Agent, other DOS utilities, and the Windows operating system files needed for the target HD install. If you need to supply drivers that are not included with the Windows installation you will need to create a $OEM$ directory under the i386 directory. If you have hardware or other devices that are not supported in the operating system distribution, you can add the drivers needed in the $OEM$ directory that is supported by the unattended install process. In our examples we have added drivers for Intel display, network and chipset. The $1 specifies the root of the %SYSTEMDRIVE% variable. You will need to verify that the directories are included in the OemPnpDriversPath value in the Unattended section of the unattended.txt file. Note The Windows unattended install process requires that all drivers in $OEM$ be fully extracted. Zip files cannot be used. See the "Microsoft Windows 2000 Guide to Unattended Setup" for more information. This guide is named unattend.doc and is in the deploy.cab file in the \Support\Tools folder of the Windows 2000 installation CDROM. What this task does This job creates a hard drive image that can later be used for installing Windows 2000 through the hard disk install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 GB, FAT16 DOS bootable partition. It reboots the client so that DOS will recognize the newly created DOS partition. It calls the w2ksetup.bat file to copy the Deployment Agent, and the Deployment Agent input file (aclient.inp) as well as various other DOS utilities to facilitate a Windows scripted install. It also copies the Windows operating system files (usually from the I386 directory) to the target's hard drive in the C:\I386 directory. It runs rdeploy.exe to create a disk image of the now populated DOS partition. Steps to use 1. 2. Make a copy of the sample job. If you want to create your own DOS_ONLY.img with MSDOS instead of using the supplied DR DOS image, you will need to manually create the image. To create your own DOS image, use a DOS boot floppy to run fdisk.exe to create a 2GB partition on a reference computer. Format the partition to be a system drive. Copy the appropriate DOS files needed (example: himem.sys, smartdrv, xcopy). Create an autoexec.bat file that runs smartdrv to speed the installation and then looks for a file called install.bat. Install.bat will be used in our examples to initiate the unattended installation.
538
Example Autoexec.bat file:
@echo off smartdrv IF NOT EXIST c:\install.bat goto no_install call c:\install.bat goto done :no_install echo No Install File :done
Be sure to include smartdrv in the batch file. This command starts SMARTDrive, which creates a disk cache in extended memory. A disk cache will significantly speed up the imaging process. After the above tasks have been performed, create an image of the drive named MS_DOS.img. Once the MS_DOS image is created, copy the i386 folder of the Windows CD (along with the $OEM$ folder if supplemental drivers will be required) to the DOS computer. Now create another image of the drive and name it W2K_AS.img. This image will be used for hard drive scripted OS installs to provide the operating system files needed for the Windows installation. A total of two DOS images should be created with the second image containing Windows install files in a C:\i386 folder. If you use the MS_DOS.img then edit the task and replace DOS_ONLY.img with MS_DOS.img. 3. Edit the last Run Script task, Create Windows Install Disk Image, and change the SET ImageName=F:\IMAGES\W2K_HD.IMG line to the name of the image you wish to create. If you copied the Windows operating system files to a location other than <DS install path>\DEPLOY\WIN\W2K\I386, edit the second Run Script task, Copy Windows Files to Hard Drive, and specify the location on the SET OSFilesPath= line. Change the name of the job to reflect the desired purpose (optional). Note After this job finishes, it will leave the client computer in an unmanageable state. 6. Assign the job to a computer or computer group.
4.
5.
W2K Scripted Install (Target HD)

Description Deploys the Windows 2000 operating system using the Target HD scripted install model. This will use the image we created with the Create W2K Scripted Install (Target HD) job. We recommend using FAT32.img rather than DOS_ONLY.img to perform scripted installs. Additional files required
<install path>\IMAGES\W2K_HD.IMG. This is the image file created by the

Create W2K Install Disk Image (Target HD) job described above. You may
539
have changed the name. This image file contains a DOS bootable partition with the Deployment Agent and other various DOS utilities along with the Windows operating system files that are required for a Windows unattended install.
<install path>\IMAGES\Install.bat. File that executes the scripted install.

Windows unattended answer file. A sample provided by the product installation located in the <DS install path>\SAMPLES\SCRIPTED OS INSTALL\WINDOWS directory. What this task does This job starts a Windows unattended operating system install on a client using the hard disk install method. It downloads the W2K_HD image (or whatever you have named it) to the selected client. This creates a 2 GB, FAT16 DOS bootable partition with the operating system files to do a Windows unattended install. It then reboots the computer to get the new partition and format information. It uses a script to get the unattended answer file copied to the client. It then reboots the client. Upon reboot, the DOS partition is booted and the operating system install is automatically started with the autoexec.bat that is called in the image. Steps to use 1. 2. Make a copy of the sample job. Edit the Deploy Image task and change the name of the image file to the name you created with the Create W2K Install Disk Image (Target HD) job described above. Edit the answer file to specify the product key and other information. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4. 5.
Create RH7 Install Disk Image (Network)

Description Creates a disk image to be used for installing RedHat Linux v7.1 through the Network install method. The Network method copies the RedHat files from an FTP server during operating system installation. See the user guide for instructions on setting up an FTP server for this purpose. Additional files required
<DS install path>\IMAGES\DOS_ONLY.IMG. Image file containing simple

bootable partition. Provided during the product install.
<DS install path>\SAMPLES\SCRIPT~1\RedHat\RH7SETUP.BAT. DOS

batch file that the job calls to copy the basic RedHat files needed for the Kickstart install such as LOADLIN, VMLINUZ, and so on. What this task does This job creates a hard drive image that can later be used for installing RedHat Linux through the network install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. Then it reboots the client so that DOS will recognize the newly created DOS partition. It then calls RH7SETUP to copy the basic RedHat files that facilitate a RedHat Kickstart install. It then runs RDeploy to create a disk image of the now populated DOS partition. Steps to use 1. Make a copy of the sample job.
540
2.
Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET ImageName=F:\IMAGES\RH71_FTP.IMG line to the name of the image you wish to create. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
Create RH7 Install Disk Image (Target HD)

Description Creates a disk image to be used for installing RedHat Linux (v7.1 or later) through the hard disk install method (where files are installed from the local hard drive). Additional files required
<DS install path>\IMAGES\DOS_ONLY.IMG. DOS_ONLY.IMG is an image file

containing a simple bootable partition provided during the product install. RedHat operating system files (REDHAT and DOSUTILS directories from the RedHat CD). These files need to be copied from the RedHat CD to the <install path>\DEPLOY\CDS\REDHAT\RH71\REDHAT and <install path>\DEPLOY\CDS\REDHAT\RH71\DOSUTILS directories, respectively.
<DS install path>\SAMPLES\SCRIPT~1\REDHAT\RH7SETUP.BAT. DOS

batch file that the job calls to copy the RedHat operating system files needed for the target hard drive install. What this task does: This job creates a hard drive image that can later be used for installing RedHat Linux v7.1 through the Hard Disk install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. It reboots the client so that DOS will recognize the newly created DOS partition. It calls RH7SETUP.bat to copy the basic RedHat files that facilitate a RedHat Kickstart install. It also copies the RedHat operating system files to the target's hard drive in the C:\REDHAT directory. It runs RDeploy to create a disk image of the now populated DOS partition. Steps to use 1. Make a copy of the sample job. Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET ImageName=F:\IMAGES\RH71_HD.IMG line to the name of the image you wish to create. If you copied the RedHat operating system files to a location other than <DS install path>.\DEPLOY\CDS\REDHAT\RH71, edit the second Run Script task, Copy RedHat Files to Hard Drive, and specify the location on the SET OSFilesPath= line. 2. 3. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
RH7 Scripted Install (Network)

Description This job deploys the RedHat Linux operating system using the Network scripted install model. The network method copies the RedHat files from an FTP server during operating system installation. See the Deployment Solution User Guide for instructions on setting up an FTP server for this purpose.
541
Additional files required
<DS install path>\IMAGES\RH71_FTP.IMG. This is the image file created by

the Create RH7 Install Disk Image (Network) job described above. You may have changed the name. This image file contains a DOS bootable partition with the basic RedHat files that facilitate a RedHat Kickstart install. RedHat Kickstart answer file. A sample is located in the \SAMPLES\SCRIPTED OS
INSTALL\REDHAT directory.
What this task does This job starts a RedHat Kickstart operating system install on a client using the Network install method. It downloads the RH71_FTP image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with files to facilitate a RedHat Kickstart install. It reboots the client so that DOS will recognize the newly created DOS partition. It uses a Scripted OS Install task to start the unattended install on the client. This task contains the location of the operating system install files located on the FTP server as well as the Kickstart file to be used for the operating system install. Steps to use 1. 2. Make a copy of the sample job. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH7 Install Disk Image (Network) job described above. Edit the Scripted OS Install task and change the location of the Kickstart answer file. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
5. 6.
RH7 Scripted Install (Target HD)

Description This job deploys the RedHat Linux operating system using the Hard Disk scripted install model. Additional files required
<DS install path> \IMAGES\RH71_HD.IMG. This is the image file created by

the Create RH7 Install Disk Image (Target HD) job described above. You may have changed the name. This image file contains a DOS bootable partition with the RedHat operating system files that are required for a RedHat Kickstart install. RedHat Kickstart answer file. A sample is located in the \SAMPLES\SCRIPTED OS
INSTALL\REDHAT directory.
What this task does: This job starts a RedHat Kickstart operating system install on a client using the Target HD install method. It downloads the RH71_HD image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with the operating system files to do a Kickstart unattended install. It uses a Scripted OS Install task to get the Kickstart answer file copied to the client. This task contains the location of the answer file to be used for the operating system
542
install. It reboots the client. Upon reboot, the DOS partition is booted and the operating system install is automatically started. Steps to use 1. 2. Make a copy of the sample job. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH7 Install Disk Image (Target HD) job described above. Edit the Scripted OS Install task and point it to the desired Kickstart answer file. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
5. 6.
Create RH8 Install Disk Image (Network)

Description Creates a disk image to be used for installing RedHat Linux v8.0 through the Network install method. The Network method copies the RedHat files from an FTP, NFS, or HTTP server during the operating system installation. See the RedHat User guide for instructions on setting up a source server for this purpose. Additional files required
<DS install path>\IMAGES\DOS_ONLY.IMG. Image file containing simple

bootable partition. Provided during the product install.
<DS install path>\SAMPLES\SCRIPT~1\RedHat\RH8SETUP.BAT. DOS

batch file that the job calls to copy the basic RedHat files needed for the Kickstart install such as LOADLIN, VMLINUZ, and so on. What this task does This job creates a hard drive image that can later be used for installing RedHat Linux through the Network install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. It reboots the client so that DOS will recognize the newly created DOS partition. It calls RH8SETUP to copy the basic RedHat files that facilitate a RedHat Kickstart install. It runs RDeploy to create a disk image of the now populated DOS partition. Steps to use 1. 2. Make a copy of the sample job. Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET ImageName=F:\IMAGES\RH80_FTP.IMG line to the name of the image you wish to create. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
RH8 Scripted Install (Network)

Description This job deploys the RedHat Linux operating system using the Network scripted install model. The network method copies the RedHat files from an FTP, NFS, or
543
HTTP server during the operating system installation. See the Deployment Solution User Guide for instructions on setting up an FTP server for this purpose. Additional files required
<DS install path>\IMAGES\RH80_FTP.IMG. This is the image file created by

the Create RH8 Install Disk Image (Network) job described above. You may have changed the name. This image file contains a DOS bootable partition with the basic RedHat files that facilitate a RedHat Kickstart install. RedHat Kickstart answer file, located in the \SAMPLES\SCRIPTED OS INSTALL\REDHAT directory. What this task does This job starts a RedHat Kickstart operating system install on a client using the Network install method. It downloads the RH80_FTP image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with files to facilitate a RedHat Kickstart install. It reboots the client so that DOS will recognize the newly created DOS partition. It uses a Scripted OS Install task to start the unattended install on the client. This task contains the location of the operating system install files located on the FTP server as well as the Kickstart file to be used for the operating system install. Steps to use 1. 2. Make a copy of the sample job. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH8 Install Disk Image (Network) job described above. Edit the Scripted OS Install task and change the location of the Kickstart answer file. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
5. 6.
Scripts
These jobs are provided to give some ideas of things that can be accomplished by scripting. The scripts have been divided into scripts for Windows and scripts for Linux: Send Email if Disk Space Low (Linux) (page 545) Logevent Script (Linux) (page 545) Restart HTTPD Service (Linux) (page 545) Move Computer to Default Container (Windows) (page 545) Move Computer to Specific OU (Windows) (page 546) Send Error Email (Windows) (page 546) Server-side Embedded VBScript (Windows) (page 546) WLogevent CMD Script (Windows) (page 546) WLogevent VB Script (Windows) (page 547)
544
Send Email if Disk Space Low (Linux)

Description This script will send an email specifying that the computer had less free space than specified threshold. Additional files required None. What this task does This script will send an email notifying the specified user of the computer that has less than the specified threshold of disk space free. Steps to use 1. 2. Edit the embedded script to specify the email username to send to and the threshold percentage. Assign this job to a computer or computer group.
Logevent Script (Linux)

Description This script shows how to use the logevent utility to send status back to the console while running a Linux script. Additional files required None. What this task does This job sends a status message to the console then executes an ls command, then sends another message to the console. Steps to use Assign the job to a computer or computer group.
Restart HTTPD Service (Linux)

Description This script will restart the HTTPD service. Additional files required None. What this task does This script will check to see if a page can be loaded from the http server. If it cannot be loaded, then the script will restart the httpd service. Steps to use Assign the job to a computer or computer group.
Move Computer to Default Container (Windows)

Description This script will take the specified computer and move it to the specified domain default computer container. Additional files required None. What this task does This script will take the specified computer and move it to the specified domain default computer container. Steps to use 1. Edit the movecomp_cn.vbs to specify the domain you want to use for the computer to be moved in. This script will not create the computer account in the domain. If it is not already a member of the domain, this event will fail. 2. Assign the job to a computer or computer group.
545
Move Computer to Specific OU (Windows)

Description: This script will take the specified computer and move it to the specified domain OU. Additional files required None. What this task does This script will take the specified computer and move it to the specified domain OU. Steps to use 1. Edit the movecomputer.vbs to specify the domain and OU you want the computer to be moved into. This script will not create the computer account in the domain. If it is not already a member of the domain, this event will fail. 2. Assign the job to a computer or computer group.
Send Error Email (Windows)

Description This script will send an email specifying that the computer had an error. Additional files required None. What this task does This script will send an email using the job name and computer name to identify the client that had an error. This script is run on the Deployment server and can be used as a job to be run when having a specific error occurs. Steps to use 1. 2. 3. Edit the sendmailscript.vbs to specify the SMTP server and the user to have the email sent from and to. Assign the job to a return code handler on another task. (See "Setting up Return Codes" in help for more details). Assign the calling job to a computer or computer group. If you have the error then this job (Send Error Email) will be called.
Server-side Embedded VBScript (Windows)

Description This script will log an event to the event log. Additional files required None. What this task does This script will log an event to the application event log under the WSH module. The text will read Deployment Server Job complete for <computername>. Steps to use Assign the job to a computer or computer group.
WLogevent CMD Script (Windows)

Description This script shows how to use the Wlogevent utility to send status back to the console while running a Windows CMD script. Additional files required None.
546
What this task does This job will copy the WLogevent.exe to the Windows client, then sends a status message to the console, then executes a dir command, then sends another message to the console. Steps to use Assign the job to a computer or computer group.
WLogevent VB Script (Windows)

Description This script shows how to use the Wlogevent utility to send status back to the console while running a Windows VB script. Additional files required None. What this task does This job will copy the WLogevent.exe to the Windows client, then sends a status message to the console, then executes a dir command, then sends another message to the console. Steps to use Assign the job to a computer or computer group.
XP Embedded
These jobs are provided to give samples when working with XP embedded that have the Enhanced Write Filter enabled: Disable Enhanced Write Filter (page 547) Enable Enhanced Write Filter (page 547) Distribute RapidInstall Package (page 547)
Disable Enhanced Write Filter

Description Disable the Enhanced Write Filter. Additional files required None. What this task does This job will disable the Enhanced Write Filter and reboot the client computer. Steps to use Assign the job to a computer or computer group.
Enable Enhanced Write Filter

Description Enable the Enhanced Write Filter. Additional files required None. What this task does This job will enable the Enhanced Write Filter and reboot the client computer. Steps to use Assign the job to a computer or computer group.
Distribute RapidInstall Package

Description Runs the shwnm.exe RapidInstall package after disabling the Enhanced Write Filter. Additional files required None.
547
What this task does This job will disable the Enhanced Write Filter, and then install a package that includes a utility that shows the computer name in a window. A shortcut is created in the startup group so that every time the computer is started the window displays the computer name. After installing the RIP, the Enhanced Write Filter will be enabled. Steps to use Assign the job to a computer or computer group.
Agent Update
This folder contains a list of agent update jobs that are generated dynamically during updation. These jobs are created whenever an auto update for agents is required. The job names can be AClient x64 Update, AClient x86 Update, and adlagent ia64 update.
SVS
This folder contains a sample script (.bin file) that enables installing the SVS fully licensed version to support customers when they upgrade. The sample script file contains commands that sets new license key to the SVS client. Note You should modify this key before scheduling this job.
548
Appendix E
Network Ports
This document lists the details of the ports used by Deployment Solution. It also includes the steps to configure the ports that are configurable.
Component
Service
Port
Protocol
Where is this port connected?

PXE Client PXE Client
Is this port configurable?

No (Industry standard port) Yes
PXE MTFTP
Altiris PXE MTFTP Server Altiris PXE MTFTP Server
69 1758 1759
UDP UDP (Multicast)
PXE Server
Altiris PXE Server Altiris PXE Server Altiris PXE Server
67 68 4011
UDP UDP UDP
PXE Client PXE Client PXE Client
No No No
PXE Manager
Altiris PXE Manager
405
TCP
PXEConfig
Yes
Altiris PXE Manager
406
TCP
PXECfg Service
Yes
PXECfg Service
Altiris PXE Config Helper
407
TCP
PXE Server and PXE MTFTP
Yes
Deployment Web Console (Web Console)
Altiris Deployment Server Console Manager Altiris Deployment Server Data Manager
8081
HTTP
DSWeb
Yes
8080
HTTP
DSWeb, Console Manager
Yes
DB Management (Middle Man)
Altiris Deployment Server DB Management
505
TCP
Win32 console, Axengine, PXEManager
Yes
549
Component
Service
Port
Protocol
Where is this port connected?

Agents, PXE Server, DataManager, PXEManager
Is this port configurable?

Yes
Deployment Server
Altiris eXpress Server
402
TCP/UDP (multicast)
Deployment Console (Win32 Console)
5001
TCP
AClient
Yes
5002
TCP
AClient
Yes
Deployment Agent on Linux (ADLAgent)
Altiris Network Management Client for Linux
415
TCP
Remote Client
Yes
Deployment Agent on Windows (AClient)
Altiris Client Service
402
UDP
Deployment Server
Yes
Altiris Client Service
401
UDP
AClient (Wakeon-LAN Proxy)
No
PXE MTFTP
The Altiris PXE MTFTP Server service is used to transfer file data between the PXE Server and the PXE Booting client. This service supports both MTFTP and TFTP standard interfaces.
To configure the 1758 and 1759 ports

1. Go to the datastore path. Note: By default, the path is: C:\Program Files\Altiris\eXpress\Deployment Server. 2. 3. 4. 5. 6. Open the PXE folder. Open the pxe.INI file in a text editor. In the [MTFTPD] section, set the MCAST_CLNT_PORT value to 1758 and the MCAST_SRVR_PORT value to 1759. Save the pxe.INI file. Restart PXE services.
PXE Manager and PXECfg Service

The Altiris PXE Manager Service controls the data associated with the PXE components that are included in the PXE package. The PXE Configuration Utility and PXE Servers use
550
the PXE Manager to route, store, and retrieve information about the status, image availability, user input, and so on.
To configure the 405, 406, and 407 ports

1. Go to the datastore path. Note: By default, the path is: C:\Program Files\Altiris\eXpress\Deployment Server. 2. 3. 4. 5. 6. 7. 8. Open the PXE folder. Open the RPC.INI file in a text editor. In the PMData class for PXEConfig and PXE Manager section, set the ServerIPPort value to 405. In the PCSData class for PxeCfgservice and PXE Manager section, set the ServerIPPort value to 406. In the PHData class for PxeServer/PxeMtftp and PreCfgService section, set the ServerIPPort value to 407. Save the RPC.INI file. Restart PXE services.
Deployment Web Console (Web Console)

The Deployment Web Console allows you to remotely administer a Deployment Server installation using a Web browser. The Web Console provides the options to deploy and manage Windows and Linux computers (both client and server editions) in real-time with many features present in the Deployment Console. The Deployment Web Console can be installed on any computer running Microsoft IIS Server, a computer running a Deployment Server or a Notification Server, or a remote computer running only Microsoft IIS.

1. 2. From the Windows Explorer, select My Computer > Local Disk (C drive). Run the axInstall.EXE file in the DSSetup folder. The Deployment Server Install Configuration wizard appears. Note: The DSSetup folder is created on extracting a build. 3. 4. 5. 6. Select the Custom Install option and click Install. The Software License Agreement dialog appears. Click Yes. The Deployment Share Information dialog appears. Select the License file option and click Browse to enter the path of the License file. Click Next. The Deployment Server Information dialog appears. Select the On this computer option. Note: You can choose whether you want to install the Deployment Server on a local computer or a remote computer. 7. 8. By default, the Port is 8080. This port is used by the DataManager service. Enter the Service password and click Next. The Deployment Database dialog appears.
551
9.
Click Next. The Gathering Information dialog appears.
10. Select the appropriate option, provide the authentication information and click Next. The Pre-boot Operating System dialog appears. 11. Enter the required information and click Next. The PXE Server Information dialog appears. 12. Enter the required information and click Next. The Deployment Agent Connection to Deployment Server dialog appears. 13. Enter the required information and click Next. The Deployment Console Information dialog appears. 14. Select the required option and click Next. The Deployment Web Console Information dialog appears. 15. The Console Port is 8081 by default. Click Next. The Installation Information dialog appears. Note: This port is used by the Console Manager service. You can change this port if required. 16. Click Install.
DB Management (Middle Man)

This component is used for secure communication between the Console and the Database and the Console and the Server.
To configure the 505 port

1. 2. 3. 4. Open the Registry Editor. In the left pane, select HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > MMProc > Port 505. The Edit DWORD Value dialog appears. Set the required value and click OK. Restart the Altiris Deployment Server DB Management and the Altiris eXpress Server services after this change.
Deployment Server
The Altiris Deployment Server controls the workflow and information exchange between the managed computers and the other Deployment Server components, such as Deployment Console, Deployment Database, and Deployment Share. Managed computers connect and communicate with the Deployment Server to register inventory and configuration information and to run deployment and management tasks. Computer and deployment data for each managed computer is then stored in the Deployment Database. There are two methods to configure the 402 port.
To configure the 402 port Option 1:

1. From the Start Menu, click Settings > Control Panel > Altiris Deployment Server Configuration Utility.
552
2. 3.
Click the Transport tab. Enter 402 in the TCP Port field and in the Multicast Port field. Click OK.
Option 2:
1. 2. Open the Registry Editor. In the left pane, select HKEY_LOCAL_MACHINE > SOFTWARE > Altiris Altiris eXpress > Options > TCP Port 402 or Multicast Port 402. Note: This is the port where the server accepts all client connections, such as AClient (Windows Agent), ADLagent (Linux Agent), and DataManager. 3. 4. The Edit DWORD value dialog appears for each port. Set the required values for both TCP Port 402 and Multicast Port 402 and click OK. Restart the Altiris eXpress Server service. >
About the Multicast Port: On the client computers there is an option in the Altiris Client Service Properties dialog called Discover Deployment Server using TCP I/P Multicast. On selecting this option the client locates the deployment server by multicasting. You have to enter the Multicast Address for using the multicasting option. On finding a Deployment Server, the client computer connects to the port that is received from the server.
Deployment Console (Win32 Console)

The Deployment Console is the Win32 user interface for Deployment Solution. You can install this Win32 console on computers across the network to view and manage resources from different locations. In addition, from this console, you can access the Deployment Database on other Deployment Server systems to manage sites across the enterprise. Note: You can remotely control an active client computer from the Win32 console. Right-click a connected client and select Remote Control.

1. 2. 3. 4. 5. Open the Deployment Console and click Tools > Options. The Program Options dialog appears. Click the Global tab. Select the Remote control ports check box. Enter port number 5001 in the Primary field. Enter port number 5002 in the Secondary (Optional) field. Note: Port 5002 is the backup port in case Port 5001 is not available. 6. Click OK. Note: By default, Port 5001 is used for controlling the clients remotely.
Deployment Agent on Windows (AClient)

The Deployment Agent is installed on each client computer in the Deployment Server system to remotely manage the computers from a Deployment Console. The
553
Deployment Agent on Windows runs on Windows computers, including desktops, notebooks, and servers.

1. 2. 3. 4. Click the AClient icon on your desktop. The Altiris Client Service dialog appears. Click Properties. The Altiris Client Service Properties dialog appears. By default, the Server Connection tab is selected. Select the Connect directly to this Deployment Server option or select the Discover Deployment Server using TCP/IP multicast option. Enter the port number. Note: By default, this port number is 402. Note: When the AClient is connected to the Deployment Server on port 402, it internally creates a listening UDP socket on port 402 to accept Wake-up packets from the server.
Deployment Agent on Linux

The Deployment Agent is installed on Linux workstations and server to establish communication between Linux computers and the Deployment Server. This agent collects and sends data from the client computer to the Deployment Server, executes deployment tasks sent from the server, installs packages, and runs management processes as directed from a Deployment Console.

1. 2. 3. To edit the configure file directly, open the adlagent.conf file at the following path: /opt/altiris/deployment/adlagent/conf. Change the value corresponding to the TCPport= if necessary. The default value is 402. Restart the ADLAgent service.

1. 2. 3. To edit the configure file directly, open the trace.conf file at the following path: / opt/altiris/deployment/adlagent/conf. Change the value corresponding to the TcpTracePort= if necessary. The default value is 415. Restart the ADLAgent service. Note: Port 415 is used to remotely view debug messages from the ADLAgent. These messages include the debug information and communication details between the ADLAgent and the Deployment Server. This port connects to the Remote Client.
Client/Server File Transfer Port

Open the Copy File To dialog of the Copy File task and click Advanced. Select the Copy files using Deployment Server option. The files will be copied using this port.
554
To configure the Client/server file transfer port

1. 2. 3. 4. 5. From the main menu, open the Deployment Console and click Tools > Options. The Program Options dialog appears. Click the Global tab. Select the Client/server file transfer port check box. Enter the port number in the Client/server file transfer port field. Click OK.
RapiDeploy Ports
This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server. This allows you to deploy images to a group of computers simultaneously, download an image from a file server, or access a local hard drive, and manage the imaging of several client computers. Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter driver, you can enter a range of IP addresses when using the multicasting feature to speed computer deployment and management. Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and operating system layers. However, some network adapter cards do not handle multiple multicast addresses. In such instances, you can define a range of ports to identify these computers. On the first pass Deployment Server accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server accesses the selected computers using the port numbers.
To configure the RapiDeploy ports

1. 2. 3. From the main menu, open the Deployment Console and click Tools > Options. The Program Option dialog appears. Click the RapiDeploy tab. Enter the range of ports in the Port > Range fields. Note: The port values are 401 by default. 4. Click OK.
555
Appendix F
Deployment Agent Authentication

This article describes the AClient and the Deployment Server authentication process. The authentication process is required to safeguard the use of the AClient from connecting to a malicious Deployment Server.
556
The authentication process starts with the Deployment Solution installer generating a security key and writing it in the server.key file. You can find the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options > Security > ServerSecurity registry key. This security key is a random numeric value that is generated automatically. When the Deployment Server starts, the server reads this registry key. The AClient has to add the automatically generated security key to the AClient registry by specifying the server.key file path.
To specify the server.key file path

1. 2. Click Start > Program > Altiris > Deployment Solution > Configuration > Options > Authentication > Add Key. Select the Server.key file and click Open.
Note: The AClient also has to select the Enable key based authentication check box in Start > Program > Altiris > Deployment Solution > Configuration > Options > Transport tab. If this option is not selected, server authentication fails. The Deployment Server stores the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > DSAuthentication The AClient stores the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > SecurityKey A random challenge key is generated, which is unique to the AClient. The AClient encrypts this challenge key and stores the challenge key in the registry using the security key. The AClient sends the following connection request to the server in the form of Cipher Text.
Request=Authenticate CipherText=
The Deployment Server uses the ServerSecurity key stored in its registry and decrypts the Cipher Text. Using the same key, the server again encrypts the challenge key and sends the following reply in the form of Cipher Text.
Reply=Authenticate CipherText=
The AClient decrypts the Cipher Text using the challenge key already stored in its registry. It compares the decrypted Cipher Text with the random key it has generated. If the two keys match, the server authenticates the AClient connection. If the keys do not match, the authentication fails. The connection is closed and the AClient status is updated to Server Authentication failed. The keys stored on the Server and at the AClient are the same. These keys, however, look different because they are altered using random bytes, and are encrypted using a constant key. The Cipher text sent on the wire also looks different in request
557
authentication as well as in reply authentication, because it is altered using random bytes. These alterations ensure the safety of the key from malicious users.
558
Appendix G
Windows Registry Keys

This section contains a description of the Windows Registry Keys used by Deployment Solution. You can access the keys in the Options folder. 3. 4. Open the Registry Editor. Click HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options.
The keys present in the Options folder are listed in the table below, with their description and purpose.
Registry Name Keys present in Options folder

AgentCommLogDir AgentCommLogging AgentCommLogMaxFileSize
Description
Purpose
Specifies the path for client server communication log. Checks whether to create a communication log. Specifies the size of the log file.
This path is used to create the client-server communication log file. If the value is 0, it disables the logging, else, it enables the logging. The maximum the file can grow is up to the size specified by this key. If the size exceeds this, then it starts overwriting the file from the beginning. Used to create the engine log file at the specified path. If 1, creates the engine log file. The maximum the file can grow is up to the size specified by this key. If the size exceeds this, then it starts overwriting the file from the beginning.
DebugLogFilename DebugLogging DebugLogMaxSize
Specifies the path and name of the engine log file. Checks whether to create the engine log file. Specifies the max log file.
PingIntervalMinutes
When sending CACKS to active clients, the server will not send CACK to an active computer if there was an activity on the socket associated with that computer in the last PingIntervalMinutes minutes. CACK timeout in seconds. If the client fails to respond to a CACK within the time out, then it is considered as inactive.
PingTimeOut
559

ReadThreadCount
Description
Purpose
Specifies the number of threads for the read operation. Number of computers in a batch.
Creates the number of read threads. The default is 10, the minimum is 0 and the maximum is 200. While sending WACs to inactive computers, the engine processes n computers at a time. After processing n computers it waits for some time (Specified by ResetInactiveClientConnectionsRest Time) before processing the next batch of n computers. After every n hours, the engine will send WACs to inactive clients. While sending WACs to inactive computers, the engine processes n computers at a time. After processing n computers it pauses before processing the next batch of n computers. This entry defines this pause time. If the value is 13:25, it means 1.25 PM. The Engine will send WACs to inactive clients at 1:25 PM everyday or on a particular day of the week depending upon ResetInactiveClientConnectionWeek Day. Engine sends WACs to inactive computers at the given time everyday or on a specific day of the week.
ResetInactiveClientConnectionsBatch Size
ResetInactiveClientConnectionsHours
Reset inactive client connections every n hours. If it is positive, this key is activated. Wait time (in seconds) between two batches.
ResetInactiveClientConnectionsRest Time
ResetInactiveClientConnectionsTime
If ResetInactiveClientConnectionHo urs is negative, this key is activated. Stores time as a string in HH:MM format, where HH can have values 00-23 Hours. If ResetInactiveClientConnectionHo urs is negative, this key is activated. If positive indicates the day of the week (1=Sunday, 2=Monday,...). A negative value means everyday. Specifies the size of the buffer for the socket. For Backward compatibility. Specifies the install path of Deployment Server. Specifies password for SQL server. Specifies Username for SQL server.
ResetInactiveClientConnectionsWeek Day
SendBufferSize SendWaitTime ServiceInstallPath SqlPassword SqlUserName
Sets the size of socket buffer.
Path of the DS. Connects to SQL server using this password. Connects to SQL server using this Username.
560

ThreadLogging
Description
Purpose
Specifies whether to create a log file in thread directory for threads. Number of minutes to wait before retrying to wake up the inactive computer.
If checked, creates a thread directory and threading related log files. If a job is scheduled on an inactive client, and if UseWOL is 1, the engine will try to wake up that computer by sending WOL every n minutes until it wakes up. If true, syncs the client time with the server. After every n hours the engine will send CACKs to active clients. While sending CACKs to active computers, the engine processes n computers at a time. After processing n computers it waits for some time (specified by UpdateActiveClientConnectionsRestT ime) before processing the next batch of n computers. While sending CACKs to active computers, the engine processes n computers at a time. After processing n computers it pauses before processing the next batch of n computers. This entry defines the time of this pause. If the value is 13:25, it means 1:25 PM, then Engine sends CACKs to active clients at 1:25 PM everyday or on a particular day of the week depending upon UpdateActiveClientsConnectionWeek Day. Engine sends CACKs to active computers at the given time everyday or on a specific day of the week.
ThresholdWOL
TimeSyncMaster UpdateActiveClientConnectionsHours
Specifies whether to sync the time with the client. Updates active client connection every n hours. If it is positive, this key is activated. Number of computers in a batch.
UpdateActiveClientConnectionsBatch Size
UpdateActiveClientConnectionsRest Time
Wait time (in seconds) between two batches.
UpdateActiveClientConnectionsTime
If UpdateActiveClientConnectionsHo urs is negative, this key is activated. Stores time as a string in HHL:MM format, where HH can have values 00-23 Hours. If UpdateActiveClientConnectionsHo urs is negative, this key is activated. If positive indicates the day of the week (1 = Sunday, 2 = Monday,...). A negative value means everyday.
UpdateActiveClientConnectionsWeek Day
561

UpdateInventoryBatchSize
Description
Purpose
Number of computers in a batch.
While inventorying computers, engine processes n computers at a time. After processing n computers, it waits for some time (specified by UpdateInventoryRestTime) before processing the next batch of n computers. After every n hours the engine will send inventory for the active clients. While inventorying computers, engine processes n computers at a time. After processing n computers it takes a pause before processing the next batch of n computers. This entry defines the time of this pause. If the value is 13:25, it means 1:25 PM. The Engine will inventory active clients at 1:25 PM everyday or on a particular day of the week depending upon UpdateInventoryWeekDay. Engine inventories active computers at a given time everyday or on a specific day of the week.
UpdateInventoryHours
Update inventory for active computers every n hours. If it is positive, this key is activated. Wait time (in seconds) between two batches.
UpdateInventoryRestTime
UpdateInventoryTime
If UpdateInventoryHours is negative, this key is activated. Stores time as a string in HH:MM format, where HH can have values 00-23 Hours. If UpdateInventoryHours is negative, this key is activated. If positive, indicates the day of the week ( 1 = Sunday, 2 = Monday,...). A negative value means everyday. It is related to socket activity. 1 if Update active client connections, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0.
UpdateInventoryWeekDay
UseFD_READ UseResetInactiveClientConnections
This is being used for internal socket communication activity. If Reset inactive client connections is enabled, the engine periodically send WACs to the inactive computers. If the AClient is running on any of the inactive computers, it just resets the connection with server. If true, then connects to database using username and password specified in the configuration dialog. If Update active client connections is enabled, the engine periodically sends CACKs to the active computers and marks those computers, which fail to respond to CACKs as inactive.
UseSql
Used to connect to sql server.
UseUpdateActiveClientConnections
1 if Update active client connections, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0.
562

UseUpdateInventory
Description
Purpose
1 if Update inventory for active clients, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0. Not Used. Not Used.
If Update inventory for active clients is enabled the engine periodically inventories the active computers.
WakeAgentWithPing AllowJobWOL
Key in the Security Folder

You can access the key in the Security folder. 1. 2. Open the Registry Editor. Click HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options > Security.
The key present in the Security folder is listed in the table below, with its description and purpose.
Registry Name Key present in Security Folder

Server Security
Description
Purpose
Authenticates client to DS server.
This key is used to authenticate the client to server.
563
Appendix H
Pocket PC Installing Deployment Agent for PocketPC

The Deployment Agent for Pocket PC lets you manage and deploy handheld computers running the Pocket PC operating system, including: HP iPAQ Pocket PC HP Jornada Pocket PC Casio Cassiopeia Pocket PC
You can manage handhelds through a cradle attached to a host computer, or through direct connection to the network using a LAN or wireless network adapter. When connected through the cradle, the Pocket PC Agent software will reside on the host computer and the Pocket PC Client software will reside on the handheld computer. This configuration allows Deployment Server to recognize and update the handheld each time it returns to the cradle and synchronize with the host computer using Microsoft ActiveSync. Handheld computers connected directly to the network install only the PPC Client software and are managed like any other computer in your Deployment Server system.
System Requirements
Processors
ARM MIP SH3 5 Mb contiguous 16 Mb
Disk space RAM
Operating systems: Pocket PC
Install from a cradle or cable. See Install a Pocket PC Agent from the Deployment Console on page 565 to install to a handheld computer in the cradle attached to a host computer. Download CAB files with ActiveSync. See Install Pocket PC Agent from the Host Computer on
page 566 to install the handheld by running or copying the Deployment agent install file or the Deployment Client CAB files over the network.
Install directly to the handheld. See Install Pocket PC Client on the Handheld on page 566 to install only
the Deployment Client from CAB files on the handheld computer.
564
The Deployment Agent for Pocket PC (PA) runs on the host computer, which itself is a managed computer running the Deployment Agent (DS). The Deployment Agent for Pocket PC automatically installs the Deployment Client for Pocket PC (PC). You can also install the Deployment Client for Pocket PC directly to the handheld by installing the required CAB files.
Install a Pocket PC Agent from the Deployment Console

When installing a handheld running the Pocket PC operating system, you can attach to a host computer and run Microsoft ActiveSync software to synchronize data between the host computer and the handheld. Deployment Solution lets you install Deployment Agents on both the host computer and the handheld to communicate with Deployment Server as a managed computer. The Altiris Pocket PC Agent is software that runs on the host computer. This agent communicates through the handhelds cradle to the Pocket PC Client running on the handheld. The Pocket PC Agent also automatically installs Pocket PC Client on the handheld. The Pocket PC Agent provides communication between the Pocket PC Client on the handheld and the Deployment Server. ActiveSync is required for the Pocket PC Agent because it provides the IP stack the Pocket PC Agent uses to communicate with the handheld. The Pocket PC Agent monitors the connect and disconnect jobs sent to the handheld. If the Pocket PC Client on the handheld is present but not started, then the agent will start it. The Pocket PC Agent also acts as a relay agent to transfer data from the Pocket PC Client on the handheld to the Deployment Server. From a Deployment console, you can schedule and run a Sample job to install the Pocket PC Agent on a host computer. Ensure that the handheld is connected to the host computer and seated in the cradle. You must also download Microsoft ActiveSync and install it (this is free software available on the Microsoft web site) on the host computer. Then synchronize the host computer with the handheld. To install from a Deployment console Use Deployment Solution to find computers with ActiveSync and run deployment jobs to automatically copy the necessary files and install the Deployment PPC Agent and PPC Client. 1 From a Deployment console, in the Jobs pane open the Samples > Pocket PC folder. 2 Click the Install Altiris Pocket PC job and then select the Active Sync computer condition in the Condition box in the Details pane. 3 Drag the Install Altiris Pocket PC job to the host computer. If you are using a Web console, then assign using web features. 4 Schedule the job. After the Pocket PC Agent has installed, the Altiris Pocket PC Agent icon will appear in the system tray of the host computer. When the Deployment Agent is initialized, it will connect to the handheld. The agent will check if the Altiris Pocket PC Client is installed on the handheld. If not, the agent will automatically install it.
565
When the Pocket PC Client is installed on the handheld, the Deployment Client icon will appear in the system tray of the handheld and the client details screen appears.
Note: For ease of use, the Pocket PC Client will first try to connect to a Pocket PC Agent. If it fails, the
Pocket PC Client will try to connect directly to the Deployment Server. 5 Click OK. The handheld appears in the Deployment Console as a unique computer displaying the handhelds name. See Installing Deployment Agent for PocketPC on page 564.
Install Pocket PC Agent from the Host Computer

From the host computer, you can install the Pocket PC Agent by running the ppcagent.exe installation file on the host computer. After installing the Pocket PC Agent, it will automatically install the Pocket PC Client when the computers synchronize. This is the fastest and easiest way to install both agents on the host and handheld computers.
Note: After you have installed the Altiris Pocket PC Agent on a host computer, the PPCAgent.exe file can
be executed from the C:\Altiris\PPCAgent directory (or the directory where you installed Pocket PC Agent if you chose a directory different from the default). This lets you access the features of this program even though the icon has been hidden. In addition, if you are using ActiveSync 3.5 or a later version, you can also log on to the Deployment Share in the Deployment Server > Pocket PC Client folder and copy the correct CAB file for the handheld (based on type of processor) to the host computer. You can then copy the CAB files directly to the handheld using the Explore feature in ActiveSync. To install Pocket PC Client directly with ActiveSync 1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from). 2 Connect your device to your desktop computer using a cradle or cable. 3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device. 4 In Windows Explorer, browse to the CAB file you want to copy. 5 Right-click the file and click Copy. 6 Place the cursor in the desired folder for your device, right-click, and click Paste. 7 From the device, tap Start > Programs > File Explorer. Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the handheld, the Deployment Agent icon appears in the handhelds system tray.
Note: If using ActiveSync 3.5, the Pocket PC Agent is not required after the Pocket PC Client is installed.
However, the Pocket PC Agent can still be useful for installing the Pocket PC Client onto the handheld, loading the client, and managing client settings. See Installing Deployment Agent for PocketPC on page 564.
Install Pocket PC Client on the Handheld

You can install the Pocket PC Client directly to the handheld computer if your handheld has a network adapter (LAN or wireless), allowing you to download the correct CAB file and install the Pocket PC Client to communicate with the Deployment Server. The following CAB files are provided based on processor type. Copy the CAB files from the Deployment Share in the Deployment Server\PocketPCClient folder: ppccInt.Arm.CAB, ppccInt.MIP.CAB, ppccInt.SH3.CAB.
566
To install Pocket PC Client using CAB files 1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from). 2 Connect your device to your desktop computer. 3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device. 4 In Windows Explorer, browse to the CAB file you want to copy. 5 Right-click the file and click Copy. 6 Place the cursor in the desired folder for your device, right-click, and click Paste. 7 From the device, tap Start > Programs > File Explorer. Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the handheld, the Deployment Agent icon appears in the handhelds system tray. See Installing Deployment Agent for PocketPC on page 564.
Uninstall the Pocket PC Agent

1 Open the Pocket PC Agent status sheet by double-clicking Altiris Pocket PC Agent icon. 2 Click Options > Uninstall. You can also uninstall the agent by running the ppcagent -remove switch from the command line.
Note: There is no uninstall program for the PPC Client. To remove the Pocket PC Client, you must remove the client file from the My Device\Windows\ppccInt.exe file on the handheld.
Command Line Switches for the Pocket PC Agent You can also manage the Pocket PC Agent through command-line switches. The Pocket PC Agent is started using the C:\Program Files\Altiris\PPCAgent\PPCAgent.exe program file. If you need to perform some function with a command-line switch, run the program file followed by the applicable switch. To restart the agent, you would run: C:\Program Files\Altiris\PPCAgent\PPCAgent.exe -restart The following is a list of the supported switches:
-stop
Stops the agent.

-start
Starts the agent after it has been stopped.

-restart
Stops and restarts the agent.

-silent
Installs the agent without the installation dialog screens.

-remove
Stops and uninstalls the agent.
567
Appendix I
Managing Switches
To administer roles and configurations for network servers, it is necessary to discover and modify the network switch settings for the connected network servers. Deployment Solution provides the Switch Add-On program to discover and manage Virtual Local Area Networks (VLAN) settings on a LAN switch or to run commands from the command-line. This utility allows you to directly discover and provision the port settings of a LAN switch.
To open the Switch Management tool, click Tools > Altiris Tools > Switch Management. The Deployment Solution Switch Add-On utility tool appears. Network switches will be identified in the left pane. Click the star icon to Add New Switches.
Switch Management Features

Typically, a VLAN setting is port based it is a LAN switch port that can be configured as a member of a specific VLAN. As such, client and server computers connected to that LAN switch port are members of the VLAN and can communicate with other member client and server computers of that VLAN. By changing the VLAN setting of a switch port, you can move client and server computers between logical VLAN groupings without actually changing the physical network infrastructure. Often, when modifying server roles or configurations, it will be necessary for you to change the grouping or VLAN for the servers network. This can be accomplished by changing the VLAN setting on the switch port that the server is connected to. The Deployment Solution Switch Add-On allows you to perform the following functions: Discover the LAN switch MIB II system information (command-line and GUI) Discover the switch ports of a LAN switch (command line and GUI) Discover the VLAN setting for each switch port (command line and GUI) Modify the VLAN setting of a switch port (command line and GUI) Assign physical connectivity of a workstation/server to a switch port (GUI)
About Switch Add-On for Deployment Solution

Switch Add-On will assume port-based VLANs (not MAC-based VLANs), managing only VLANs for a specified port setting on the switch. For this release, it will assume only one VLAN per port. (Switch Add-On will not perform any type of VLAN trunking management in its initial release.) Deployment Solution Switch Add-On will only support VLAN management based on the list of supported devices in LAN Switch Support List (page 569). Deployment Solution Switch Add-On will only support SNMP v1. You will need the SNMP read community name to discover a LAN switch (along with its port/VLAN mappings) and the SNMP write community name to manage the port/VLAN settings.
568
All discovered switch information will be kept in a local database file (SwitchMngtDb.txt). To ease installation and support, this file will be text based and be located in the directory from which the Deployment Solution Switch Add-On applications are executed. Notes If a LAN switch supports the 802.1Q VLAN standard, Deployment Solution Switch Add-On will only provide PVID management on a port. Since most vendors do not support VLAN Add/Edit/Delete through SNMP, Deployment Solution Switch Add-On will not provide these features. All devices that are to be managed must support SNMP v1.
LAN Switch Support List

Deployment Solution Switch Add-On supports these specific vendors with the following LAN switches: Cisco Catalyst 1900/2820 series switches Models: All models (OS Versions 8.XX and up - Enterprise Edition) Cisco Catalyst 2900 series switches Models: WS-C2900, WS-C2926 (OS versions 3.1 and later) Models: WS-C2948G, WS-C2980G and WS-C2980GA (All operating system versions) Cisco Catalyst 2900 XL / 2900 XL LRE series switches Models: All models (IOS versions 11.2(8) SA3 and later) Cisco Catalyst 3500 XL series switches Models: All models (IOS versions 12.0(5) XP and later) Cisco Catalyst 4000 series switches Models: WS-C4003, WS-C4006, WS-C4912G (All operating system versions) Cisco Catalyst 5000 series switches Models: WS-C5000, WS-C5002, WS-C5500, WS-C5505, WS-C5509, WS-C5509E (OS versions 3.1 and up) Cisco Catalyst 6000 series switches Models: WS-C6006, WS-C6009, WS-C6506, WS-C6509, WS-C6509NEB, WS-C6513 (All OS/IOS versions) HP Models: BL eClass Interconnect Switch (802.1Q PVID management only) Dell Models: PowerEdge 1655MC Integrated Switch (802.1Q PVID management only)
Using Deployment Solution Switch Add-On

The Deployment Solution Switch Add-On program is a stand-alone application that displays a graphical view of the all switches that have been discovered along with their respective switch ports.
569
The following are port attributes appearing in the Details pane of the program: Switch The switch to which the port belongs Port The name of the port (vendor-specific port names will be shown when available) Description The description of the switch port VLAN The VLAN assignment for the switch port Connectivity Any user assigned mapping of clients or servers to the switch port By selecting a device in the tree view pane, the switch port display is updated to show its respective ports. By selecting Network in the tree view, all switch ports that have been discovered will be shown in the switch port view. You can sort on attributes by selecting the appropriate column.
Adding a Switch Device

To add a switch to the Deployment Database 1. Press the Add icon on the toolbar Or, right-click Network in the tree view. 2. From the pop up menu that opens, click Add Device.
570
Note When the device is available and the SNMP communities are correct, the application reads the MIB II system information from the device and add the device to the tree view. If the device is not available, an error message appears.
Discovering a Device
Once a device has been added to the database, all properties for that device can be discovered. By selecting the device in the tree view and right clicking, the following menu appears:
Click Discover Device to discover all the switch device properties and store these values in the Deployment Database. Once the discovery process is complete, the switch ports for that device will be seen in the port view.
Deleting a Device
A device can be deleted in two ways: 1. Press the Delete icon on the toolbar: Or, right-click and select Delete.
Viewing and Setting Device Properties

Select and view Properties for a switch device by right-clicking its name in the tree view. The system information for the selected device appears. This dialog will allow you to make any necessary modifications to the SNMP read and SNMP write community strings (passwords).
Setting the VLAN for a Switch Port

To set a switch port to a specific VLAN, right-click on a switch port in the switch port view and click Click Set VLAN to view all available VLANs on the switch. Select a VLAN from the list.
571
The Deployment Solution Switch Add-On application will then use the supplied SNMP community strings (passwords) and attempt to change the VLAN setting on the port. If successful, the VLAN column will be updated. Note It is possible to select more than one port in the port view and assign all selected ports to a particular VLAN in one operation. However, due to the number of operations required to change VLANs on some switching devices, this operation can be time consuming.
Assigning Connectivity to a Switch Port

From the switch port view, right-click any switch port and click Assign/View Connectivity to determine what client or server computers are connected to a particular switch port. This dialog appears:
The Assign/View Connectivity dialog shows all visible devices, including the MAC addresses that are being forwarded by the switch. It also shows any previous connectivity mapping, such as an X in the Connected column). You can add a
572
hostname to a specific MAC address by right-clicking the appropriate MAC address. A menu appears. Click Add/Edit Host Info to enter the hostname on the dialog. Note If the IP address and Hostname columns are blank for a MAC address, the application does not have enough information about the global network to display an IP Address/ Hostname binding to that MAC address. You can assign connectivity to a particular switch device by selecting the device (or MAC address) in the list and clicking Assign Connectivity to Port. This will mark the MAC address as connected to this port. You can remove connectivity by selecting the MAC address you want to remove from connectivity and clicking Remove Connectivity from Port. When the dialog is closed, the client and server computers can be seen in the Connectivity column of the switch port view.
Command-line Parameters
The following command line parameters can be supplied to the Deployment Solution Switch Add-On program to launch the program with the appropriate -d=<switch IP address>: By supplying the IP address of the switch, the Switch AddOn program will launch and automatically select the supplied device in the tree view (thereby, showing all of its ports in the port view). -e=<end node MAC address>: By supplying the MAC address of a client or server computer, the Switch Add-On program will launch and automatically select the switch and port that the client or server computer is connected to (if the connectivity has been previously assigned).
GUI Tools
The Switch Management Console includes a Tools menu, providing a Ping IP Range command to assist in "pinging" a specified IP range in order to generate traffic to a range of devices that might otherwise be inactive. From this dialog you can specify the starting and ending IP addresses to ping. Success or failure messages will appear in the list. The Ping IP Range tool can be used to lookup the MAC address of the device being pinged. To be successful, SNMP must be enabled on the end device. The user can supply an SNMP Read community name to perform this operation. Otherwise, the user may clear the SNMP MAC Lookup box to ping only the end device.
573
Note If a device is inactive, the forwarding tables in the switch will not show the MAC address of the client or server computer. The Ping IP Range tool can be used to refresh the forwarding table in the switch.
Deployment Solution Switch Add-On (Command Line Options)

Along with the Deployment Solution Switch Add-On graphical program, a command-line interface is provided that will support the command line arguments listed below. This program file is named switchcfg.exe. It will be executed from the same directory that the database file (SwitchMngtDb.txt) is located.
Command-line Interface Parameters

By executing the switchcfg.exe without any arguments, you can see the usage of the CLI application as below. The following is a description of the available command line arguments and how they are to be used: -m=<mode> This indicates the mode of the operation to be performed. The two possible values are: 1) discover, and 2) set (as in set VLAN). -d=<target ip> This indicates the switch (by IP address) to perform the operation on. -r=<read community> The SNMP read community name (password) to use to discover the switch. -w=<write community> The SNMP write community name (password) to use to perform any set operations on the indicated device. -p=<port name> The name of the switch port the user is attempting to configure. -v=<VLAN number> The VLAN number to set the switch port to (or). -n-<VLAN name> The VLAN name to set the switch port to.
574
-e=<end node MAC address> The MAC address of the workstation/server you want to be put in a particular VLAN. In order for the utility to perform this operation correctly, the connectivity of the MAC address must have already been assigned using the GUI application. When using this option, the user must only supply the SNMP write community (password) and the VLAN (name or number) to put the workstation/server in. The CLI application will use its database to lookup the appropriate (bound) switch and switch port to provision. -c=<SNMP retry count> The number of attempts that SNMP should attempt before giving up. -t=<SNMP timeout> The SNMP timeout value in milliseconds. Note Prior to executing any command to provision a switch, that switch MUST be discovered. Otherwise, the program will report errors.
Command-line Examples
Discover a Switch switchcfg.exe -m=discover -d=<target IP> -r=<SNMP read> Set VLAN on a Switch/Port switchcfg.exe -m=set -d=<target IP> -w=<SNMP write> -p=<port name> -n=<VLAN name> Set VLAN for a Workstation/Server (End Node) switchcfg.exe -m=set -w=<SNMP write> -e=<MAC address> -n=<VLAN name>
575
Index
Symbols A
access 377 account option, domain 87 account settings 410 AClient. see Deployment Agent for Windows adapter configurations 298 network 274, 298 add command 82 component 484 components 366 computer 100, 403 group 92 server 387 user 91 add components 366 adding servers 399 ADLAgent configuration 251 installation 251 administrative tools 80 ADS options 372 set up 385 agent see also Deployment Agent for... ADLAgent see ADLAgent configuring 389 installation overview 344, 411 polling interval 396 production agent settings 375 requirements 337 settings 88, 138, 375, 379 Altiris Console collections 370, 390 configuration request 397 deployment 386 reports 389 application properties 125 applications 414 assigning jobs from Deployment Web Console 373 with conditions 83 Atools.ini 82 authentication 268, 380 agent for DOS 120 database 366 user 92 autoexec.bat file editing 477 order of operations 477 Automated Deployment Services. see ADS Automation Agent settings 379 axengine 451 axinstall 478 CE.NET agent 122 Central Deployment Server Library 391 change password 400 chat feature 136 clear after scheduling 372 clear status action 416 operation 128 client BIOS setting 485, 485 client/server file transfer port 86 connections 364 connections, managing 123, 411 connectivity 345 driver 345 driver for Novell 346 Client Access Point. see Deployment Share codes, return 193, 440 collections Altiris Console 390 from Notification Server 370 command execute 135 to menu, adding 82 command line switches 215, 446 aclient.exe 452 Aclient.inp 453 add on 574 Bootwork.exe 472 Deployment Agent for DOS 471 Deployment Agent for Windows 452, 452 export job utility 446 import computer 451 import job 447 job utility 448 keyboard and screen lock (kbdsclk) 476 Pocket PC agent 486 schedule job 450 command-line switches rdeploy.exe 489 using 502 communication, server 276, 300 components add 366 Deployment Console 332 Deployment Database 333 Deployment Server 332 Deployment Share 334 installing 343
B
basics, Deployment Web Console 369 bay virtual 247 bay properties 413 deployment rules 413 server deployment 126 BDC additional files 303 best practices 89 BIOS settings 485, 485 blade server. see server blades boot bootloaders, Linux 252 Boot Disk Creator 270 advanced 275, 299 configuration summary 278, 302 server communication 276, 300 tool icon 80 toolbar 272 boot menu importing 294 tab 290 BootWorks see Deployment Agent for DOSt BootWorks. see Deployment Agent for DOS broadcast address 108 builder, lab 68 building jobs . see jobs bwinst.exe installation switches 474 bwinst.exe see Deployment Agent for DOS
C
capture personality advanced 432 capturing personality settings 179 packages 432
576
PXE server 334 computer adding 100 computers pane 73 configuring properties 103, 406 details 412 filtering 373 filters 83, 84 finding 144, 373 group filter 84 groups 73 history 129 icons 98, 402 import 451 managing 398 managment 97 migrating with wizard 150 new account 101 pane 370 preconfigured 100 properties 124 rejected 96 remote operations 127 removing inactive 85 restoring 129 select with wizard 153 showing 73 conditions 153 creating 83 order sets 154 configuration computer 130, 216 computer properties 103 Deployment Server 373 general 264 initial deployment 196, 443 modify 434 modifying multiple tasks 191 mulit-network adapter 273, 298 name 272, 297 new 296 properties 406 request, Notification Server 397 summary, Boot Disk Creator 278, 302 confirmation settings 326 connection to other sites 95 connections 268 rejection 372 console Deployment Console basics 73 Deployment Console features 73 extending the console tools menu 82 installation 366 managing from 72 options 85 Web console. see Deployment Web Console
Web. see Deployment Web Console copy file 187 folders 192 jobs 192, 439 copy file 437 advanced 438 copy folders 439 creating disk images 158, 424 new script 191 credentials, logon 263 custom data sources options 88 install 340 installation 482 tokens 514
install 346 Deployment Console basics 73 features 73 managing from 72 Deployment Database 333 connecting to new 95 installation 363 Microsoft SQL Server and 337 deployment from Altiris Console 386 Deployment Server adding 387 agent configuration 389 communication 276, 300 component install for 343 components of 331 console basics 73, 73, 369 console features 73, 73 custom install 340 installation 360, 360, 478 installation overview of 331 library 391 memory requirements 336 setting rights for 332 simple install 337 system requirements of 336 systems, managing multiple 399 Thin Client install for 343 Deployment Server configuration 373 Deployment Share 334 requirements 337 deployment tasks. see tasks Deployment Web Console 335, 364, 364 basics 369 computers pane 370 details pane 371 jobs pane 371 jobs, assigning 373 managing from 368 options 372 requirements 337 description property 319 details computer 412 pane 74, 371 detecting expired licences 352 devices 415 devices properties 125 DHCP server managing TCP/IP 335 DIR command DOS 530 Windows 530 disk image advanced 425 options 428 resizing 427 disk images
D
database authentication 366 connecting to new 95 Deployment Database 333 instances, installing to multiple 334 debug 269 default pre-boot operating system 361, 362 delete history entries 85 Dell server blades 143, 247 deployment reports,generating 389 server deployment 126 Deployment Agent installing 337, 411 settings 112, 113, 410 Deployment Agent for Automation. see Deployment Agent for DOS Deployment Agent for CE.NET 122 Deployment Agent for DOS autoexec.bat 477 bootwork.exe 472 bwinst.exe 474 command line switches 471, 472 installation 352, 474 settings 119 Deployment Agent for Linux install 350 Deployment Agent for PocketPC install 564 uninstalling 567 Deployment Agent for Windows aclient.exe 217, 452, 452 aclient.inp 453 command line switches 452
577
creating 158 distributing 163 disk imaging 267 disk partition properties 319 disk space requirement 336, 337 display options 326 distribute personality advanced 434 distribute software advanced 431 distributing disk images 163, 426 personality settings 180, 433 software 175, 429 distrubuting software 251 domains account option 87 DOS agent. see Deployment Agent for DOS drive mappings 264, 379 drive mappings for DOS 120 drive mappings, network 277, 301 drive properties 124 drives 414
replacing 86 explorer, image 81 exporting jobs 192, 393, 439 EXT2 file systems 214 EXT3 file systems 214 extending tools menu 82 extract folder 322 extract options 326
get inventory 183, 435 global options 85, 374 groups 92 adding 92 computer 73 importing 92 selecting with wizard 153
H
hardware 414 hardware properties 124 Hewlett-Packard server blades 142 history computer 129 deleting 85 restoring 129 HTTP imaging 216
F
FAT FAT16 503 FAT32 503 file systems 214 FIRM 502 file properties 319 file server requirement 337 file server type 273, 297 file system independent resource management. see FIRM file systems EXT2 214 EXT3 214 FAT 214 imaging 214 NTFS 214 file transfer port 86 file, copy 187 filter using to find 322 filters computer group 83 creating computer group filter 84 find files 322 finding computers 67, 144, 417 computers and jobs 373 licences used. see licenses FIRM 502 EXT2 502, 503 EXT3 503 FAT 502 firm.exe 489 tokens 504 folder property 319 folder, extracting 322 Fujitsu-Siemens server blades 248 Fujitsu-Siemens server blades 143
I
IBM server blades 144, 248 icons Boot Disk Creator 80 computer 98, 402 Image Explorer 81 jobs 147, 147, 419 PC Transplant Editor 81, 81 PXE Configuration 80 Remote Agent Installer 80 toolbars 80 utilities 80 image description properties 319 image file password 326 ImageExplorer 81, 217 convert image 320 create image index 321 flags 322 not enough free space 324 open file 319 self-extracting image 323 settings 326 split image 327 using 318 images 530 creating 158, 424, 530 distributing 163, 426, 530 HTTP 216 Linux 252 properties 318 quick disk 130 rescheduling failed 86 Unix 252 ImageX Sample Scripts 324 imaging, disk 267 Import Package Advanced 179 importing groups 92
E
editing autoexec.bat 477 packages 81 shared menu 293 editor PC Transplant 81, 81 enabling ADS 372 security 90 enabling security 381 errors client error messages 519 CMD error handling 235 communication error messages 520 critical error messages 520 DOS error handling 235 general error messages 517 implementing effective script reporting 234 memory error messages 522 partition error messages 523 Visual Basic error handling 236 evaluate permissions 94 rights 91 evaluate permissions 384 execute 135 expired licenses 357
G
general properties 124, 413 generating deployment reports 389
578
jobs 393 users 91 users from Active Directory 91 importing computers from text file 405 importing jobs 192, 439 inactive computers, removing 85 INI files 82 Initial Deployment 196, 442 initial deployment stopping servers 198, 444 initial deployment configuration 196, 443 installation 364, 364, 366 agent 344, 474 component 343, 360, 484 configuration 359 console 366 custom 340, 482 Deployment Agent for DOS 352 Deployment Agent for Linux 350 Deployment Agent for Windows 346 Deployment Database 363 Deployment Server 331, 360, 360 multiple database instances 334 options of 359 Pocket PC (PPC) client from the network 566 Pocket PC agent from the console 565 Pocket PC agent from the host 566 pre-boot operating system 294 PXE server 363 Remote Agent Installer 346 return codes 524 scripted 168 silent 479 simple 337, 480 software packages 152 summary 365 switches 478 Thin Client 343 unattended 168 intervals, setting polling 396 inventory get 183 inventory details 414 inventory update 264 inventory, get 435 IP interfaces 108
assigning 83, 373 associating destination computers 151 building 147, 152, 420, 448 conditions 83 conditions with wizard 152 conditions,creating 83 defined 147 details 147, 419 exporting 192, 393, 439, 446 filtering computers and jobs 373 finding 373 icon 147 icons 147 imaging 530, 530, 530 importing 192, 393, 439, 447 Initial Deployment 197, 443 Job Scheduling Wizard 153, 422 jobs pane 74 options 197, 443 pane 371 removing 156 removing tasks from 156 replicating jobs 400 rescheduling 155 running from resources view 156 sample 195, 529, 532 scheduling 147, 155, 373, 400, 422, 450 select with wizard 153 selecting computers with wizard 151 software installation with wizard 152 tests 530 using package servers 390 wizard 148
Command-line Switches 486 distributing software 251 imaging 252 scripted install 174 location properties 126, 413 log file 378 LogEvent utility 186 logon 263 logon option 385 lookup key primary 86
M
MAC addresses, add new 308 Macintosh Agent 121 maintenance 375 Managing 398 managing computers 97, 398 computers chat feature 136 from Deployment Console 72 from Deployment Web Console 368 licenses 352 user groups tab 92, 92 Managing the SVS Layer 177 map drives 268 mappings, drive 264, 379 mappings, network drive 277, 301 menu extending 82 menu, editing shared 293 Microsoft ADS. see ADS client driver 345 SQL Server 337 migrating computers with New Job Wizard 150 migration 531 capture settings 531, 531, 532, 532 see also personality package Missing File Cousins 284 modify task 189 modifying configuration task 182, 434 moving jobs to other systems 400 multicasting Master PC 216 process 216 multi-network adapter configuration 273, 298 load order 274, 298 multiple database instances, installing to 334 deployment servers 399 multiple image files 319
K
kbdsclk (keyboard and screen lock utility) 476
L
Lab Builder 145 lab builder 68 library package 392 setting up 391 licenses adding 356 expired 357 finding licenses used 352 replacing 86 licensing settings 410 lights out 127 lights out properties 414, 414 Linux 251 agent. see Deployment Agent for Linux bootloaders 252
J
jobs 147 applying computers with wizard 151
579
N
name, configuration 272, 297 NetWare authentication 268 NetWare client settings 409 network adapter 274, 298, 298
P
package editing tools 81 personality 179 Package Server jobs 390 overview 390 setting up 392 pane computers 73, 370 details 74, 371 jobs 74, 371 shortcuts and resources 75 partition properties 319 partitions OEM 215 password 380 password options for tasks 86, 387 password, change 400 password, image file 326 paste folders 192 jobs 192 PC Transplant Editor 81, 81 permission rules 384 permissions 89, 93, 383 evaluating 94 rules 94 personality package application settings 531 desktop settings 531 Microsoft Office settings 532 printer settings 532 see also migration personality settings 179, 432 distribute 433 distributing 180 physical devices options, show 372 ping time-out 264 ployment 195 Pocket PC Agent command line switches 486 PocketPC agent command-line switches 486 installing 564 polling intervals 396 for Deployment Server Agent 389 setting agent 396 port, TCP for file transfer 86 power control 189 operation 130 task 438 PowerEdge, Dell 143 pre-boot operating system 361, 362 install files 294
pre-configured computer account 100 primary lookup key 86 print file 325 folder contents 324 preview 325 printer settings, capture 532 product key tab 86 prompt before performing operations 372 user for properties 136 properties 412 application 125 bay 126 computer 124 configuring computer 103 devices 125 drives 124 general 124, 318 hardware 124 image 318 location 126 network configuration 125 prompting for 136 RILOE 127 services 125 TCP/IP 125 protocal settings 275, 300 Proxy settings 378 PXE additional files 303 BIOS settings 485 boot meny tab 290 client BIOS settings 485 configuration tool 80 server 337 server installation 363 PXE Server 334
configurations 273
drive mappings 277, 301 network adapter 345 network configuration properties 125 network properties 413 networking settings 406 new configuration 296 configuration wizard 272 Job Wizard 148 server blade 246 server blades 141 shared menu 292 new computer 100, 404 account 101, 404 new computers adding 403 Notification Server configuration request 397 Novell client driver 346 NTFS 214 FIRM 502
O
OEM system partitions 215 open site 95 operating system, preboot 361, 362 install files 294 operations, remote 415 options 184 agent settings 88 console 85 custom data sources 88 Deployment Web Console 372 domain account 87 for Deployment Solution 85 global 85 import boot menu 294 install 479 new shared menu 292 RapiDeploy 87 task password 86, 387 options tab 198, 444 order condition sets 154 of operations, autoexe.bat file 477 OS licensing settings 410 OS product key tab 86
Q
quick disk image 130
R
RapiDeploy options 87 RapidInstall distribute package 531 RIP, distributing 175 rdeploy.exe command-line switches 489, 492, 502 executable files 489 redirect shared boot menu options 293 refresh displayed data 85 view 96 registry settings backing up and restoring 182, 434
580
reject connection 372 rejected computers 96 remote computer operations 127, 415 control 131, 134 Remote Agent Installer 80, 81, 346 removing computers 85 computers from jobs 156 jobs 156 tasks jobs 156 replicating jobs 390, 400 reports,generating 389 requirements Deployment Web Console 337 Depoyment Server system 336 disk space 336, 337 file server 337 minimum agent 337 rescheduling jobs 86, 155 resizing disk image 427 resources view 75 restoring computers history 129 return codes 193, 440 return codes for installer 524 return codes, setting 440 rights 89, 382 evaluation 91 security 92 RILOE properties 127, 414 RIP. see RapidInstall rules, permission 94 run script 435 run script advanced 436 running jobs from resources view 156 script tasks 183, 435
scripted OS install 168 Linux 174 Windows 169 scripting DOS/CMD errors 235 reporting errors 234 retrieving values with tokens 233 running scripts on the server 234 server scripting commands 232 Visual Basic error handling 236 writing scripts 232 search for files 322 searching for computers 67, 144, 417 security 377, 380 best practices 89 DS authentication 92 enabling 90, 381 importing from Active Directory 91 Notification Security 386 permissions 89, 93 rights 89, 92 select computer 153 group 153 jobs 153 select computers 422 select job 422 server adding 387 communication 276, 300 connection to client 364 Deployment Server 332, 336 DHCP Server 335 file server requirements 337 file server type 273, 297 library 391 package server setting up 392 PXE
services properties 125 setting polling intervals 396 settings account 410 agent 375 Auotomation Agent 379 backing up and restoring files 182 capturing personality 179 changing agent 138 conditions 83, 153 Deployment Agent 112 NetWare client 409 networking 406 OS licensing 410 permissions 93, 383 personality 180 production agent 375 return codes 440 rights 382 Sysprep 86, 86 TCP/IP 408 TCP/IP protocal settings 275, 300 Share, Deployment 334 shared menu 292 edit 293 shortcuts view 75 show computers 73 physical devices 372 shutdown settings 379 silent install options 479 command line switches 479 simple install 337 simple install entries 480 simple tests 530 DIR command at DOS 530 DIR command at Windows 530 Distribute RapidInstall Package 531 software distributing 175, 429 Software Virtualization Solution (SVS) 81 spanning media 215 split image find 319 open 319 start parameters for axengine 451 startup settings 379 status detail 73 Stored Procedures, allowed 88 switches axengine.exe 451 bwinst.exe 474 command line 446 install 478 kbdsclk 476
S
sample jobs 195, 529 scan resource files for changes 85 schedule job 422 scheduling jobs 422 scheduling jobs 373, 400, 422 scheduling jobs. see jobs screen lock 476 switch 476 script 184 creating 191 options, advanced 184 scripting 186 task 183, 435 Scripted OS Install Windows Vista 174
server 334
server access 377 server blades 141, 245 Dell 143, 247 Fujitsu-Siemens 143, 248 Hewlett Packard 142 IBM 144 new 141 server deployment rules 126, 126, 413 settings 139 server deployment rules 413, 413 server management 139 deployment 244 features 243 server package 390 servers adding 399 services 415
581
LAN support 569 Switch Add-On 569 synchronize display names with Windows computer names 85 Sysprep file location 365 settings 86 Sysprep settings 86 system requirements 336
U
unattended install 168 uninstalling Deployment Agent for PocketPC 567 Unix 251 distributing software 251 imaging 252 user name 380 users add 91 defined token 83 importing 91 utilities 80 icons 80 kbdsclk 476 keyboard and screen lock 476 LogEvent 186
T
tabs manage user groups 92, 92 OS product key 86 rights 92 task user password 400 tasks 423 building jobs 152 change configuration 191 copy file to 187 get inventory 183 list of 156 power control 189 removing 156 rescheduling 86 run sript 183 setting conditions 153 task password options 86 TCP/IP properties 125, 413 protocol settings 275, 300 settings 408 tests 530 text file, importing from 405 Thin Client installing 343 Thin Client View 76 tokens create unique files 512 finding the right value 511 replacement 513 retrieving database values 233 template file rules 513 token replacement template files 512 tools 80 administrative 80 Boot Disk Creator 80, 272 extending tools menu 82 Image Explorer 81 package editing 81 PC Transplant Editor 81, 81 PXE Configuration 80 Remote Agent Installer 80 toolbar icons 80 Transplant Editor,PC 81, 81 transport 265
V
view refreshing 96 resources 75 shortcuts 75 virtual bays 247 centers 89 computer. see pre-configured computer account Virtual Bays 141 virtual computers 404 Vista Sysprep 30 VMware Virtual Center Web services 89 volume property 318
W
Wake-On LAN BIOS settings 485 warn user 85 Web console. see Deployment Web Console Win32 console. see Deployment Console window. see pane WinPE Command-line Switches 487 WinPE Boot Options 278 wizard Job Scheduling 153 new configuration 272, 296 New Job 148 Wtools.ini 82
582

Alteris Deployment v6 - 8 SP2-Deployment & Migration

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Alteris Deployment v6 - 8 SP2-Deployment & Migration

Uploaded by

Copyright:

Available Formats

ALTIRIS

Deployment Solution 6.8 SP2 Deployment and Migration Guide

Altiris Deployment Solution 6.8 SP2

Part I: Planning and Installing Your Deployment System . . . . . . . . . . . . 25

Chapter 4: Post-Installation Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Chapter 5: Deployment Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Altiris Deployment Solution 6.8 SP2

Part II: Booting Computers to Automation . . . . . . . . . . . . . . . . . . . . . . . 40

Chapter 8: Automation Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Chapter 9: Installing and Configuring Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Chapter 10: Setting Up the Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Altiris Deployment Solution 6.8 SP2

Part III: Using Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Managing from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Altiris Deployment Solution 6.8 SP2

Altiris Deployment Solution 6.8 SP2

Building and Scheduling Jobs

Altiris Deployment Solution 6.8 SP2

Altiris Deployment Solution 6.8 SP2

192 193 195 196 196 197 197 198

Part IV: Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Altiris Deployment Solution 6.8 SP2

Chapter 15: ImageX Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

: Mac Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Chapter 18: Deploying Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Chapter 19: Creating an Image Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . 238

Altiris Deployment Solution 6.8 SP2

240 240 240 241 241 242 242 242

Chapter 20: Deploying and Managing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Part V: Operating System and Platform Reference . . . . . . . . . . . . . . . . 249

Chapter 22: Linux and Unix Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Chapter 23: Managing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Chapter 24: Windows Vista. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Chapter 25: Power Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Altiris Deployment Solution 6.8 SP2

Removing the Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Part VI: Reference: Deployment Solution Help Files . . . . . . . . . . . . . . . 261

Introduction to Altiris Boot Disk Creator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

PXE Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Altiris Deployment Solution 6.8 SP2

Altiris ImageExplorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Altiris Deployment Solution 6.8 SP2

324 324 324 325 325 326 326 327 328

Installing Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Altiris Deployment Solution 6.8 SP2

Part VII: Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Altiris Deployment Solution 6.8 SP2

390 391 392 392 393 396 396 397

Managing Computers from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . 398

Scheduling Jobs from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Altiris Deployment Solution 6.8 SP2

Part VIII: Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

Altiris Deployment Solution 6.8 SP2

485 486 486 487

Chapter 26: RapiDeploy Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Appendix B: Tokens: Dynamic Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

Appendix C: Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516

Appendix D: System Jobs for Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 529

Altiris Deployment Solution 6.8 SP2

Appendix E: Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549

Altiris Deployment Solution 6.8 SP2

Appendix H: Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564 Appendix I: Managing Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568