Professional Documents
Culture Documents
Notice
Altiris Deployment Solution 6.8 SP2 2007 Altiris, Inc. All rights reserved. Document Date: June 25, 2007 Information in this document: (i) is provided for informational purposes only with respect to products of Altiris or its subsidiaries (Products), (ii) represents Altiris' views as of the date of publication of this document, (iii) is subject to change without notice (for the latest documentation, visit our Web site at www.altiris.com/Support), and (iv) should not be construed as any commitment by Altiris. Except as provided in Altiris' license agreement governing its Products, ALTIRIS ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. Altiris assumes no responsibility for any errors or omissions contained in this document, and Altiris specifically disclaims any and all liabilities and/or obligations for any claims, suits or damages arising in connection with the use of, reliance upon, or dissemination of this document, and/or the information contained herein. Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any foregoing intellectual property rights. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express written consent of Altiris, Inc. Customers are solely responsible for assessing the suitability of the Products for use in particular applications or environments. Products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. *All other names or marks may be claimed as trademarks of their respective companies.
Contents
Chapter 1: About Altiris Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Deployment Solution Architecture Deployment Server . . . . . Deployment Database . . . Deployment Share . . . . . Management Consoles . . Automation Tools . . . . . . Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 22 23 23 23 24 24
Chapter 3: Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Simple or Custom Install? . . . . . . . . . . . . . . . . . Simple Install. . . . . . . . . . . . . . . . . . . . . . . Custom Install . . . . . . . . . . . . . . . . . . . . . . Running the Setup Program . . . . . . . . . . . . . . . . . . . Enable Microsoft Sysprep Support . . . . . . . . . . . Enable Microsoft Windows Vista Sysprep Support . Remotely Install Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 29 29 29 29 30 30
Using the Remote Agent Installer (Windows XP). . . . . . . . . . . . . . . . Step 1: Disable Simple File Sharing on Windows XP . . . . . . . . . . Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall Step 3: Get Local User Rights (admin$ Share) . . . . . . . . . . . . . . Step 4: Run the Remote Agent Installer . . . . . . . . . . . . . . . . . . Using a Script, E-Mail Link, or Manual Installation (All Platforms) . . . . Step 1: Provide Users Access to the Agent Installation Program . . Step 2: Create the Input File for a Silent Install . . . . . . . . . . . . . Step 3: Run the Installation Program . . . . . . . . . . . . . . . . . . . . Agent Auto Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
37 37 37 37 37 37 38 38 38 39 39
Network Speed. . . . . . . . . . . . . . . . . Physical Layout of your Network. . . . . PXE Request Routing. . . . . . . . . . . . . Installing Altiris PXE Servers . . . . . . . . . . Configuring PXE Settings . . . . . . . . . . . . . . . . PXE Settings . . . . . . . . . . . . . . . . . . . . . . . . Shared vs. Local. . . . . . . . . . . . . . . . . . . Session Timeout . . . . . . . . . . . . . . . . . . . DHCP Server Options . . . . . . . . . . . . . . . Boot Integrity Services . . . . . . . . . . . . . . Boot Integrity Services (BIS) Removal Boot Options . . . . . . . . . . . . . . . . . . . . . . . . Shared vs. Local. . . . . . . . . . . . . . . . . . . PXE Redirection . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
60 60 61 61 61 62 62 62 62 62 63 63 63 63
Domain Accounts options . . . . . . . . . . . . . . . . RapiDeploy options . . . . . . . . . . . . . . . . . . . . Agent Settings options . . . . . . . . . . . . . . . . . . Custom Data Sources options . . . . . . . . . . . . . Allowed Stored Procedure List . . . . . . . . . . Virtual Centers . . . . . . . . . . . . . . . . . . . . . . . Security in Deployment Solution . . . . . . . . . . . . . . Best Practices for Deployment Solution Security. Enabling Security . . . . . . . . . . . . . . . . . . . . . Groups . . . . . . . . . . . . . . . . . . . . . . . . . . Rights . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Permissions . . . . . . . . . . . . . . . . . . . . Connecting to Another Deployment Server . . . . . . . Rejected Computers in Deployment Solution . . . . . . Refresh Deployment Solution . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
87 87 88 88 88 89 89 89 90 92 92 93 95 96 96
Managing Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Viewing Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Adding New Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Creating a New Computer Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Importing New Computers from a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Computer Configuration Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 General Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Microsoft Networking Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 TCP/IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 TCP/IP Advanced Options - IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 TCP/IP Advanced Options - Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 NetWare Client Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Operating System Licensing Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 User Account Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Deployment Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Server Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Startup/Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Deployment Agent for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Deployment Agent Settings for DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Drive Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Remote Desktop Connection Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Agent for Macintosh Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Deployment Agent for CE .NET. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Managing Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Computer Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Network Configuration . . . . . . . . . . . . . . . . . . . . TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Deployment Rules . . . . . . . . . . . . . . . Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Operations Using Deployment Solution . . . . . . Restoring a Computer from its Deployment History Configuring Computers . . . . . . . . . . . . . . . . . . . . Quick Disk Image . . . . . . . . . . . . . . . . . . . . . . . . Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . Send Files during Remote Control . . . . . . . . . . Remote Control Properties . . . . . . . . . . . . . . . Set Remote Control Permissions . . . . . . . . . . . Start Multiple Sessions . . . . . . . . . . . . . . . . . Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Account . . . . . . . . . . . . . . . . . . . . . . . . Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prompt User for Properties . . . . . . . . . . . . . . . . . Install Automation Partition . . . . . . . . . . . . . . . . . Change Agent Settings . . . . . . . . . . . . . . . . . . . . Deploying and Managing Servers . . . . . . . . . . . . . . . . Server Management Features . . . . . . . . . . . . . . . Server Deployment Options . . . . . . . . . . . . . . . . . Managing Server Blades . . . . . . . . . . . . . . . . Managing New Server Blades . . . . . . . . . . . . . Virtual Bays . . . . . . . . . . . . . . . . . . . . . . . . Hewlett-Packard Server Blades . . . . . . . . . . . Dell Server Blades . . . . . . . . . . . . . . . . . . . . Fujitsu-Siemens Server Blades . . . . . . . . . . . . IBM Server Blades . . . . . . . . . . . . . . . . . . . . Find a Computer in the Database . . . . . . . . . . . . . . . Using Lab Builder . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
125 125 125 125 125 126 126 126 127 127 129 130 130 130 131 133 133 134 134 135 135 136 136 137 138 138 139 139 141 141 141 142 143 143 144 144 145
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 148 150 151 151 151 152 152 152 152 153 153 153 153 154
Viewing Job Details. . . . . . . . . . . . . . . . . . . . . New Job Wizard . . . . . . . . . . . . . . . . . . . . . . . Migrating Computers . . . . . . . . . . . . . . . . Selecting Computers in the New Job Wizard Apply Computers to a Job . . . . . . . . . . . . . Associating Destination Computers . . . . . . Setting up Conditions in the New Job Wizard Install Software Packages . . . . . . . . . . . . . Summary of Options . . . . . . . . . . . . . . . . . Building New Jobs . . . . . . . . . . . . . . . . . . . . . Job Scheduling Wizard . . . . . . . . . . . . . . . . . . Select Job(s) . . . . . . . . . . . . . . . . . . . . . . Select Computer(s) or Computer Groups . . . Setting Conditions for Task Sets . . . . . . . . . . . Order Condition Sets. . . . . . . . . . . . . . . . .
Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Creating a Mac Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Creating a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 162 Advanced Sysprep Settings for Creating a Disk Image in Windows Vista . . . . . . . . . . . . . 162 Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Distributing a Mac Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Distributing a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 166 Advanced Sysprep Settings for Distributing a Disk Image in Windows Vista . . . . . . . . . . . 166 Distribute Disk Image-Resizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Distribute Disk Image-Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 167 Scripted OS Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Scripted Install for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Select Operating System Version and Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Installation Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Operating System-Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Partition and Format Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Import an Answer File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Answer File Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Add a New Variable Value or Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Add a New Variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Command-line Switches for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Deployment Agent Settings for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install for Windows Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Distribute Software Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Managing the SVS Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Import Package Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Capture Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Distributing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Script Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Using LogEvent and WLogEvent in Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Copy File to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Copy File to Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Modifying Tasks in a Deployment Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Modifying Multiple Change Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Creating New Script Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Copy and Paste Jobs and Job Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Importing and Exporting Jobs . . . . . Setting Up Return Codes . . . . . . . . Sample Jobs in Deployment Solution Initial Deployment . . . . . . . . . . . . . Configurations . . . . . . . . . . . . . Advanced Configuration. . . . Jobs . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
Chapter 13: Migrating Application Data and User Settings . . . . . . . . . . . . . . . . . . . . . 213 Chapter 14: Capturing and Deploying Disk Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
What is a Disk Image? . . . . . . . Imaging in Deployment Solution How Imaging Works . . . . . . . . . File Systems . . . . . . . . . . . Partitions. . . . . . . . . . . . . . Partition Size . . . . . . . . Spanning Media . . . . . . . . . Multicasting . . . . . . . . . . . . How Multicasting Works HTTP Imaging . . . . . . . . . . Capturing Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 214 214 214 215 215 215 216 216 216 216
Chapter 16: Symantec Ghost Imaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Chapter 17: Software Packaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Why Use Software Packaging? . . . . . . . . . . Overview of the Software Packaging Process Setting up a Reference Computer . . . . . . . . . . . Accessing Wise SetupCapture . . . . . . . . . . Capturing a Software Package . . . . . . . . . . . . . What Can I Capture?. . . . . . . . . . . . . . . . . The Capture Process . . . . . . . . . . . . . . . . . Customizing a Software Package . . . . . . . . . . . Distributing a Software Package . . . . . . . . . . . . Appendix A: Migrating From RapidInstall . . . . . . . . . Appendix B: Windows Installer Format Explained . . . Advantages of Windows Installer . . . . . . . . Appendix C: SetupCapture Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 224 225 225 225 225 226 226 226 226 226 227 229
10
Step Three: Configure the Server Lookup Utility. . . . Create a Configuration . . . . . . . . . . . . . . . . . . Create a Server Lookup File . . . . . . . . . . . . . . GetSRV.EXE Parameter Descriptions . . . . . . . . . Step Four: Create a Boot Disk Creator Configuration Modify Mapdrv.bat to call Getsrv.bat. . . . . . . . . Deploy the Boot Configuration . . . . . . . . . . . . . Step Five: Distribute an Image . . . . . . . . . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
11
12
Import Boot Menu Options. . . . . . . . . . . . Regenerate Boot Images . . . . . . . . . . . . . Install Pre-boot Operating System Files. . . . . . DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeDOS . . . . . . . . . . . . . . . . . . . . . MS-DOS . . . . . . . . . . . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . . . . . . . . Windows PE . . . . . . . . . . . . . . . . . . . . . . New Configuration Wizard . . . . . . . . . . . . . . . Configuration Name . . . . . . . . . . . . . . . . File Server Type (DOS) . . . . . . . . . . . . . . Multi-Network Adapter Configurations . Network Adapter . . . . . . . . . . . . . . . . . . Have Disk . . . . . . . . . . . . . . . . . . . . Internet. . . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . . . . . . . TCP/IP Protocol Settings . . . . . . . . . . . . . Altiris Deployment Server Communication . Network Configuration . . . . . . . . . . . . . . Network Drive Mappings and Mount Points Configuration Summary . . . . . . . . . . . . . Edit Configurations . . . . . . . . . . . . . . . . . Additional Files . . . . . . . . . . . . . . . . . Create PXE Boot Image Files (PXE) . . . . . . PXE Boot Image Creation Complete . . . . . PXE Server Tab . . . . . . . . . . . . . . . . . . . . . . DS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . MAC Filter Tab . . . . . . . . . . . . . . . . . . . . . . . Define MAC Addresses . . . . . . . . . . . . . . Multicast Tab . . . . . . . . . . . . . . . . . . . . . . . . BIS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Logs Tab . . . . . . . . . . . . . . . . . . . . . . . Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . Remote PXE Installation . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
294 294 294 295 295 295 296 296 296 297 297 298 298 299 299 299 300 300 301 301 302 302 303 304 304 304 306 307 308 308 310 310 311 311
13
Not Enough Free Space . . . . . . . ImageX Sample Scripts . . . . . . . . . . Print Folder Contents . . . . . . . . . . . Print Preview . . . . . . . . . . . . . . Print a File . . . . . . . . . . . . . . . . . . Setting a Password on an Image File Settings . . . . . . . . . . . . . . . . . . . . Split Image . . . . . . . . . . . . . . . . . . Command Line Switches . . . . . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
14
Install Configuration . . . . . . . . . . . . . Installing Deployment Server. . . . . . . Deployment Server Install . . . . . . . . . Pre-boot Operating System (Simple) . Pre-boot Operating System (Custom) Deployment Database Install . . . . . . . Altiris PXE Server Install . . . . . . . . . . Client Connection to Server . . . . . . . . Deployment Web Console Information Sysprep. . . . . . . . . . . . . . . . . . . . . . Installing Components . . . . . . . . . . . Installation Information Summary . . . Add Components Summary . . . . . . . . Deployment Database Authentication . Add Components . . . . . . . . . . . . . . . Console Install . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
359 360 360 361 362 363 363 364 364 365 365 365 365 366 366 366
15
Overview of Package Servers . . . . . . . . . . . . . . Setting Up a Central Deployment Server Library Setting Up Package Servers . . . . . . . . . . . . . . . Modify the DS Library Package . . . . . . . . . . Exporting and Importing Deployment Jobs . . . . Setting Polling Intervals in Deployment Solution . . . Setting the DS Agent Polling Interval . . . . . . . . Setting the Altiris Agent Configuration Request .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
16
Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 425 Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 Distributing Disk Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 427 Distribute Disk ImageResizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Distribute Disk ImageAdditional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 428 Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Distribute Software-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431 Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 Capture Personality-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 Distributing Personality Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Advanced Run Script Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 Copy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Copy File Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Copy Jobs and Job Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Importing and Exporting Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Setting Up Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 Initial Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
17
Client BIOS Settings for Wake-On LAN and PXE . Command-line Switches for the Pocket PC Agent Command-line Install Switches for Linux . . . . . . Command-line Install Switches for WinPE . . . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
18
Repair Office XP . . . . . . . . . . . . . . . . . . . . . . . Restart Computer . . . . . . . . . . . . . . . . . . . . . . Shutdown Computer . . . . . . . . . . . . . . . . . . . . Start SQL Server Service. . . . . . . . . . . . . . . . . Stop SQL Server Service . . . . . . . . . . . . . . . . . Uninstall Office XP . . . . . . . . . . . . . . . . . . . . . Wake up Computer . . . . . . . . . . . . . . . . . . . . . Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribute Software. . . . . . . . . . . . . . . . . . . . . Install Altiris Pocket PC Agent . . . . . . . . . . . . . Scripted OS Installs . . . . . . . . . . . . . . . . . . . . . . . Create W2K Install Disk Image (Target HD). . . . W2K Scripted Install (Target HD) . . . . . . . . . . . Create RH7 Install Disk Image (Network) . . . . . Create RH7 Install Disk Image (Target HD) . . . . RH7 Scripted Install (Network). . . . . . . . . . . . . RH7 Scripted Install (Target HD) . . . . . . . . . . . Create RH8 Install Disk Image (Network) . . . . . RH8 Scripted Install (Network). . . . . . . . . . . . . Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Send Email if Disk Space Low (Linux) . . . . . . . . Logevent Script (Linux) . . . . . . . . . . . . . . . . . . Restart HTTPD Service (Linux) . . . . . . . . . . . . . Move Computer to Default Container (Windows) Move Computer to Specific OU (Windows) . . . . . Send Error Email (Windows) . . . . . . . . . . . . . . Server-side Embedded VBScript (Windows) . . . . WLogevent CMD Script (Windows) . . . . . . . . . . WLogevent VB Script (Windows) . . . . . . . . . . . XP Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . Disable Enhanced Write Filter. . . . . . . . . . . . . . Enable Enhanced Write Filter . . . . . . . . . . . . . . Distribute RapidInstall Package . . . . . . . . . . . . Agent Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . SVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
535 535 535 536 536 536 536 536 537 537 537 537 539 540 541 541 542 543 543 544 545 545 545 545 546 546 546 546 547 547 547 547 547 548 548
Appendix F: Deployment Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556 Appendix G: Windows Registry Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Key in the Security Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
19
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
20
Chapter 1
Altiris Technology
RapiDeploy Imaging Scripted OS Installation and Sysprep Integration PC Transplant Personality Migration Software Virtualization and Software Distribution Wise Package Studio and Wise SetupCapture Script deployment engine
Description
Capture and deploy computer images using PXE, DVDs, CDs, or USB drives. Perform automated scripted operating system installations using sysprep. Migrate user data and application settings to new hardware and operating systems. Deploy, activate, and manage SVS layers, and install other software packages. Build and capture custom installation packages using the latest Windows Installer technology. Remotely execute Visual basic and Linux shell scripts.
In addition, the following technologies are integrated with the features of Altiris Deployment Server software to provide comprehensive deployment and migration:
Description
Management tasks provided by Deployment Server can be grouped and executed in order, enabling you to perform complex management operations in a single job. Computers can be organized into multiple groups to simplify job deployment. Drag and drop a computer group onto a job and the job runs on all computers in the group. Scripts, Sysprep configuration files, and other values can use tokens to retrieve database values at run time. Quickly install the Deployment Agent on large numbers of Windows computers using the Remote Agent Installer. Managed computers are inventoried for software and hardware, and conditions and filters can be created based on this inventory. Example: a distribute software task could check the operating system and distribute the correct software version.
Computer groups
Inventory
21
Description
Support for 32- and 64-bit architecture, servers, blades, thin clients, and Itanium, running Windows and Linux operating systems. Managed computers can be started or shutdown remotely.
Depending on the needs of your environment, multiple Deployment System components can be installed on the same computer. A single dedicated server could host your Deployment Server, Share, Database, Management Consoles, and PXE Server.
Deployment Server
The Deployment Server is the central component of a Deployment System and manages the Deployment Database, the communication between the different components, and schedules jobs to run on managed computers.
22
Deployment Database
The Deployment Database provides the back-end datastore and stores details about the computers, groups, and jobs in your Deployment System. Most of the time, you do not need to interact directly with the database.
Deployment Share
The Deployment Share stores all files, such as installation programs, disk images, and SVS layers you want accessible to managed computers. This share can reside on your Deployment Server or on another computer, and is often replicated to different locations to provide better access, especially in distributed networks or when sharing large files.
Management Consoles
Deployment Solution provides three management consoles: Deployment Console: A Windows application that provides complete access to the Deployment System administration. Deployment Web Console: A Web application that provides browser-based administration. This console can be executed remotely using any Web browser, and has built-in tools to manage multiple Deployment Servers.
23
Deployment Tab in the Altiris Console: This interface is integrated into the Altiris Console to provide integrated management with other Altiris Solutions. Its features are the same as the Deployment Web Console.
Automation Tools
Automation is the preboot environment loaded by Deployment Server to perform tasks which need to happen outside of the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Deployment Solution provides several tools to boot computers to this environment and supports several automation operating systems.
Deployment Agent
This agent runs on managed computers to report inventory, run software and scripts, perform power control, and boot the computer into automation. A Remote Agent Installer is provided to quickly install the agent on multiple Windows computers. Linux computers can install the agent using startup scripts and other automated processes.
24
25
Chapter 2
Preparing To Install
This sections lists the tasks you need to complete before you install Deployment Solution. Step 1: Log on to Your Deployment Server Computer as an Administrator (page 26) Step 2: Create a Services Account (page 27) Step 3: Gather Automation Operating System Install Files (page 28) Step 4: Obtain a License File (page 28) Step 5: Install .NET and MDAC (page 28) Step 6: Start Microsofts Internet Information Server (IIS) (page 28)
26
3. 4.
Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. Click the Server Roles tab, and enable System Administrators:
5.
27
The process for creating domain-level accounts is similar. This is the only account that needs to be created before you install.
28
Chapter 3
Installing
Simple or Custom Install?
If you plan to install your Deployment Server, Database, and Share on the C drive of the same computer, select the Simple install. Otherwise, select Custom.
Simple Install
Installs to the C drive. Installs each of the Deployment System components (with the exception of the Deployment Agent) on the computer where the install was launched. Lets you install a single automation operating system (more can be added later). The Simple Install Helper installs the MSDE database engine if no database is detected.
Custom Install
Installs to a drive other than C. Lets you select a computer other than the computer the install was launched from to install each Deployment System component. If you select to do this, certain values regarding the installation are stored in the local Windows registry. This simplifies adding components or installing add-ons such as the Altiris packaged WinPE. Lets you select a custom name and instance for the Deployment Database. Lets you select a different computer to host the Deployment Share. If you plan on doing this, you must create the share and grant the account you created in Step 2: Create a Services Account (page 27) full control before installation. Lets you install multiple automation operating systems (more can be added later).
29
This can be installed later by running setup.exe and selecting Component Install.
30
Chapter 4
Post-Installation Configuration
This section contains the tasks you should perform after installation to complete the set up of your Deployment System: Step 1: Grant Full Control of the Deployment Share to Your Service Account (page 31) Step 2: Create Domain Join and Deployment Share Accounts (page 31) Step 3: Grant Services Account the db_owner Role to Your Deployment Database (page 32) Step 4: Configure Your Deployment System (page 33) Step 5: Configure Security Settings (page 35) Step 6: Install the Deployment Agent (page 35) Step 7: Configure Automation (page 35) Step 8: (Optional) Configure PXE Server (page 35)
Step 1: Grant Full Control of the Deployment Share to Your Service Account
If your Deployment Share was created during the installation, grant the services account full control of this share. By default, this folder is C:\Program Files\Altiris\eXpress\Deployment Server.
Rights
Domain
Description
Grant privileges to add computer to domain.
31
Rights
File System
Description
Grant read/write privileges to your Deployment Share.
Step 3: Grant Services Account the db_owner Role to Your Deployment Database
1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:
3. 4.
Double-click the account you are using to run the Deployment services. If the login is not listed, add it. Click the Database Access tab, select the eXpress database, and enable the db_owner role:
32
5.
To enable security
You must add at least one user or group to enable security.
33
1. 2.
In the Deployment Console, click Tools > Security. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly.
Security is automatically enabled after a user or group is added. Additional users or groups can be added using this same method.
34
35
Chapter 5
36
\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights.
37
./adlagent
To run this, you could: Have users copy and paste it into the Windows Run dialog, or send the link in an email message. Place it in a startup script. Execute it remotely using Telnet or SSH.
38
Troubleshooting
See the following article on the Altiris KnowledgeBase: 18248 Remote Agent Installer Fails for AClient
39
40
Chapter 6
What is Automation?
Deployment Solution uses two modes to manage computers: Automation Automation is to the pre-boot environment loaded by Deployment Server to perform tasks which need to take place outside the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Production The normal operating system of the computer. Production tasks include software installation and personality capture.
Several of the tasks you perform to manage your network can be completed in the production environment. However, other tasks, primarily imaging, must be performed before the operating system boots. In Deployment Solution, this pre-boot environment is called the automation environment, or booting into automation mode. The following table contains a list of Deployment Solution tasks and the environment in which they execute:
Production Tasks
Distribute Software Capture Personality Distribute Personality Get Inventory SVS Copy File to Modify Configuration Power Control Run script
Automation Tasks
Create Disk Image Distribute Disk Image Scripted OS Install Run script
In order to manage computers in automation, you must select a method to boot computers to automation and decide which operating to use in the automation environment. Deployment Solution provides support for a broad range of boot methods and automation operating systems; this section helps you decide which works best for your environment. In order to set up automation, you must make the following decisions: Which Automation Boot Method Should I Use? (page 43)
41
42
Chapter 7
PXE
Pre-boot Execution Environment (PXE) is an industry standard developed to boot computers using a network card. PXE can boot computers regardless of the disk configuration or operating system installed, and doesnt require any files or configuration settings on a client. After PXE boot is turned on in the BIOS, a computer can communicate with your DS PXE server to receive automation jobs. PXE provides a number of advantages, especially when you are using the initial deployment features of DS, which enables you to remotely deploy an image to a computer which has no software installed. Example: the receiving department of your company could have PXE enabled on their subnet. When a new computer arrives, a technician could quickly unpack and plug the computer into the network, and possibly enable PXE boot if it was not enabled by the manufacturer. When this unknown computer contacts the Deployment Server, it is assigned an initial deployment job, which could image the computer with the corporate standard image, install additional packages, and power off the computer. The computer is now ready for delivery with minimal effort. PXE also provides an advantage if you need to use multiple automation operating systems in your environment. Since the image containing the automation operating system is downloaded when a task is executed, different operating system environments can easily be assigned to different tasks. At the same time however, this can be a disadvantage if you are using an operating system with a large footprint, such as Windows PE, since the entire image must be downloaded each time you run an automation task. If you often run automation jobs, especially on several computers simultaneously, embedding the automation operating system on the disk is faster and significantly reduces network traffic. It is also possible to use PXE for initial deployment and install an automation partition as part of the deployment. In this case, you could use the initial deployment features of PXE for arriving computers and install an automation partition in case you need access to automation at a later time.
43
This configuration does not require PXE in your general network environment, but still provides access to the automation environment without physical access. When using the DOS automation environment, PXE provides an additional advantage: multicast boot. This enables your PXE server to simultaneously boot up to 100 computers in a single session to perform automation work. Although multicast imaging is supported in WinPE and Linux, multicast PXE booting is not provided in WinPE and is not supported in Linux. That means that after each computer has booted to automation, an imaging task can be multicast, but you cannot use multicast to boot these computers.
Automation Partitions
An automation partition is a sector of your hard disk drive partitioned and managed by DS. This partition contains the automation operating system and the files needed to contact your Deployment Server, and must be present on each managed computer. The biggest advantage to an embedded partition is that it does not require PXE, yet it still enables you to boot into automation remotely. The biggest disadvantages to embedded partitions are that they consume space on the drive, they require an existing partition on the drive, and they must be manually installed from a disk on Linux and Unix operating systems. Another drawback, depending on your configuration, might be the fact that only one automation operating system can be installed to a managed computer that is using an automation partition. If you have tools that are supported only in DOS, this might limit you to DOS for all automation tasks on a particular managed computer. Automation partitions have an additional advantage in some configurations. Optionally, you can create a different type of automation partition, called a hidden partition, to store an image (or other files) locally. This provides advantages in environments where computers need to be re-imaged often or in environments where there is limited bandwidth or network connectivity. Since the image is stored locally, the time needed to create and restore images is greatly reduced and network traffic is significantly reduced as well.
44
requires booting into automation mode, the boot disk must be present at the right time to boot automation. If a complex job requires access to the production environment during this time, the BIOS will most likely continue to boot to automation until the boot media is removed. If this job, or a subsequent job, requires automation access again, the boot media must be re-inserted. To avoid these issues, some customers load the automation operating system, the RapiDeploy imaging executable, and the image on bootable physical media. They boot a computer, execute the necessary commands, and provide the required image files. In this circumstance, the remote management capabilities of Deployment Server are not being used, so the process is more manual, but it does not require network access. This works especially well when managing thin clients or other computers where all necessary files can fit on a single disk or USB device.
45
Chapter 8
DOS
DOS is still used often today as a pre-boot environment, though new technologies have emerged that might better suit your environment, such as Windows PE. The largest roadblocks most companies face when using DOS are access to drivers that support modern hardware, and security concerns. DOS still performs well for several tasks though, and can be a good choice if you have the proper driver support. DOS typically requires only around 1 MB of space. DOS provides an additional advantage in a PXE environment. When performing an automation task on multiple computers, the PXE server can use multicast to boot automation, which enables large numbers of managed computers to boot DOS simultaneously.
46
Windows PE
Windows PE (Windows Pre-boot Environment) is the next generation boot environment for Windows computers. Windows PE provides several advantages over DOS, including better driver support (Windows PE uses the same drivers used by the other modern versions of Windows), increased speed, and generally more functionality. Windows PE typically requires around 150 MB of space. The biggest drawbacks are its size, which causes increased boot time, especially when booting over the network using PXE, and its licensing requirements. Additionally, clients using Windows PE require at least 256 MB of RAM.
Linux
Linux provides an alternate pre-boot environment to DOS or Windows PE. Many vendors provide gigabit and wireless drivers for Linux that are not available in DOS. Linux typically requires around 10 MB of space. Linux can be a good choice if you do not want to license MS DOS or Windows PE, but you need updated driver support.
47
Chapter 9
FreeDOS
48
To install
1. 2. 3. In Deployment Console, click Tools > Boot Disk Creator. In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems. Click Install and complete the wizard, providing the files listed in the previous table when prompted.
For complete details on this process see the Boot Disk Creator help.
49
The diskdrivers path is for adding mass storage drivers. If you are adding different driver types, you might need to modify this path.
50
Example
You can place a disk image and the rdeployt executable in this folder, create a boot DVD, and restore the included image without network access, using a command similar to the following:
Configuring PXE
PXE is a server-based technology, and requires additional components on your DS server, and possibly other computers. Setting up and configuring PXE is covered in detail in a separate document, PXE in Deployment Solution.
Hidden Partition
51
An embedded partition doesnt create an actual disk partition, it reserves space on an existing partition by marking the sectors on the disk as unusable. The target drive must have an existing partition before an embedded partition can be installed. A hidden partition creates an actual disk partition, but this partition is hidden from normal view within the production system, though it is still viewable by FDISK or by an administrator. The partition is listed as a non-DOS partition. When a computer using an automation partition is assigned jobs, the Master Boot Record (MBR) of the computer is modified to boot to this hidden partition. After the work is completed, the MBR is restored to the previous configuration. Hidden partitions are very useful for computers which are imaged often, such as those in a test lab or provided for general use (such as a hotel or a library). After the visiting person is done using this computer, you may want to quickly re-image to ensure that the next visitor finds the computer in good working order. In these circumstances, a hidden partition enables you to quickly restore an image without needing access to a high bandwidth network. Automation partitions can be installed using an installation package deployed from DS (windows only), or installed from a CD, USB device, or floppy. This is different than using boot media to access automation, because the automation partition media is used once per computer to install, later the partition is used to perform tasks. Using boot media to access automation doesnt leave any files on the computer, but the media must be used each time you want to access automation.
52
This configuration contains the automation operating system files, network drivers, IP address of your server, and other settings which control how the managed computer communicates with your Deployment Server. This configuration does not specify how this automation configuration is installed. This is done using the Create Boot Disk wizard, which is launched automatically after you create a configuration. 3. The Create Boot Disk wizard provides three options: Creates an executable, or configures a CD, USB device, or floppy to install the automation environment. This process is executed once per device. After that, the computer uses the files from the automation partition. Select this if you are using automation partitions. For managed linux computers, you need to use a CD, USB device or floppy because no executable is provided for this platform. Create an automation boot disk Configures a CD, USB device, or floppy with the files necessary to boot a computer to automation mode. After booting, the computer executes any automation work previously scheduled, or waits for work to be assigned. Select this if you are using boot media to boot computers to automation. None of these files are installed, so the media must be used each time you need to access automation. Create a network boot disk Configures a CD, USB device, or floppy with the files necessary to boot to a prompt. This is useful if you have management task to perform that doesnt require interaction with DS, as your Deployment Server is not contacted in this scenario. None of these files are installed to the managed computer.
4.
After selecting how you want to install automation, complete the wizard. See the Boot Disk Creator help for additional details.
You can also uninstall an automation partition using an install package, or configure a CD, USB device, or floppy from Boot Disk Creator.
Using PXE
1. 2. Install the automation operating systems you want to use, as explained in Obtaining and Installing Windows PE, Linux, or DOS. In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services > PXE Configuration Utility), create a new menu item to correspond to the automation configuration you want to install.
53
3.
Click Create Boot Image to launch the configuration wizard. This wizard is identical to the wizard used when creating configurations for automation Partitions or boot media. When this option is selected from the PXE menu, the necessary files are loaded, the job is performed, the computer boots to the production operating system. None of these files are saved on the managed computer, they are downloaded each time the computer boots to automation.
4.
54
Chapter 10
55
Regardless of how broadly you implement PXE, Deployment Solution provides tools and services to simplify management of PXE in your environment. This section contains the following topics providing an overview of PXE in Deployment Solution: PXE Services and Architecture How PXE Works
Service
PXE Manager
Description
Provides all boot options and configuration settings for each Altiris PXE Server in your environment. Interfaces with the PXE Config Utility to replicate data and apply PXE configuration. Manages all communication between your Deployment Server and your Altiris PXE Servers. The PXE Manager Service is installed on your Deployment Server regardless whether or not you have also installed an Altiris PXE Server.
Interfaces with PXE Manager to receive data and configuration. Configures, starts, and stops the additional PXE services on the Altiris PXE Server.
Provides the PXE listener and proxy DHCP to respond to PXE requests and send the location of bootstrap files. Sends bootstrap files to managed computers using TFTP.
MTFTP
The PXE Manager service interacts with Deployment Server, PXE Helper service, and the PXE config utility to perform centralized PXE management:
56
On each individual Altiris PXE Server, the Altiris PXE Server service and the MTFTP service are installed to perform the work of an Altiris PXE Server. These services are configured, started and stopped by the PXE Config Helper service. Clients connect directly to these services during the PXE boot process:
57
PXE Option 60
DHCP lets clients to receive options from the DHCP server indicating various services that are available on the network. A number of standard and custom options are available that can convey a vast amount of information to DHCP clients. Option 60 deals specifically with PXE related services. Both PXE clients and servers use option 60 to convey specific information about the PXE services they need or are providing.
58
The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and additional files which ultimately provide the automation environment on the managed computer. The following diagrams contain a basic outline of this process:
59
Network Speed
Since the majority of the resources on an Altiris PXE Server are used for transferring files over the wire, the faster the network, the more work a single Altiris PXE Server can do. A single Altiris PXE Server on a gigabit network can capture and deploy several times as many images over a period of time than even multiple servers on a slower network.
60
61
Boot options. Each boot option corresponds to a specific configuration which includes an operating system, network and other drivers, utilities, mapped drives, and so on. This section contains a brief overview of selected PXE configuration and boot options. For complete details, see the help for the PXE Configuration Utility.
PXE Settings
Shared vs. Local
Deployment Solution provides a PXE settings hierarchy enabling you to provide shared and local PXE configuration values. All Altiris PXE Servers inherit the shared values unless they are overridden on the local server.
Session Timeout
The PXE configuration utility connects the PXE Manager service on Deployment Server. To ensure your changes are not overwritten by another instance of the PXE Configuration Utility, only one instance of PXE config can connect to PXE manager at any given time. If you attempt to launch PXE Configuration when another instance is running, you receive an error. To prevent you from being completely locked out for extended periods (example: an instance is inadvertently left open on another computer), a timeout has been added which terminates a connection after 30 minutes of inactivity after someone else attempts to connect. This timeout only applies if someone else is attempting to launch PXE Configuration. If no other connections are attempted, the timeout is never enabled and your session remains active.
62
Deployment Server supports the BIS technology. However, the BIS support from Altiris is only applicable when the computers being managed also supports BIS. Even if BIS is configured from the Deployment Server console, BIS will not work unless the physical computer supports it. At the present time, there are very few computers that support BIS.
Boot Options
Boot options are the boot configurations provided to a client by an Altiris PXE Server. Each boot option has a corresponding automation operating system, network drivers, and other settings.
PXE Redirection
Lets you redirect a global PXE menu option to a local PXE menu option. Redirection settings are not available globally, they are always specific to an individual Altiris PXE Server. This is due to the role redirection plays in your PXE environment. Consider the following example: You manage computers in three locations: Two offices in Ontario, and one office in Alberta. To limit transfer between each site, each office has a local Altiris PXE Server, and a file server with a mirror of the deployment share. This enables clients at each location to contact the local Altiris PXE Server to boot and use the local deployment mirror to access the network tools and to store images. You need to create a job to capture an image of each managed computer on Friday evening, once a month. To create this job, you add an imaging task, select a PXE boot option, and set the schedule. Hold on. If you select the same PXE boot option for each office, you are going to have problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress, and stores captured images on alb1\images. The two Ontario offices use the ont1 and ont2 servers respectively. You could go ahead and create three global configurations and three different jobs, but that is confusing and could potentially cause problems if the wrong selection is made. If you took this route, on each Altiris PXE Server, two of the three global configurations could potentially cause problems (they are mapped to drives in remote offices). To avoid
63
problems, select a single global configuration for a job and update it based on the location of the Altiris PXE Server. This is exactly what redirection does. You create a global configuration (example: named Imaging Environment). On each Altiris PXE Server, you create a local configuration for each office with the correct server mappings. The Imaging Environment global option is redirected to the local option, and the process is simplified. Now the imaging job can be applied to all computers at once, simplifying the process and reducing the chance of errors.
64
65
Chapter 11
Deployment Basics
Deployment Solution provides a graphical, object-based interface to manage computers. After you have installed the Deployment Agent and the computer has connected, the computer can be managed using the Deployment Console.
Computers
Each computer and computer group in your environment is represented in the computers pane:
Computers can be dragged into a group, or automatically assigned to a group when the agent is installed. Computers can belong to only one group. When a new computer connects, it is placed in the New Computers group.
Jobs
Jobs contain a sequence of tasks to perform work on managed computers. Example: a job might be install and activate Winzip 10. This job might have a condition specifying that it should only execute on Windows XP computers with 500 MHZ or greater processors.
66
Each job that can be assigned to a computer or computer group is represented in the jobs pane:
Computers are assigned jobs by dragging and dropping computers onto a job. Jobs can also be scheduled by right-clicking and selecting the Job Scheduling Wizard.
67
Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The computers that match the search will be highlighted in the Computers pane. 1. In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string will be compared with specified database fields. In the In Field box, select the field you want to search in the Deployment Database. Example: to find a computer by searching for its IP address, type the address in the Search For field and select IP Address from the In Field drop-down list.
2.
Name MAC Address IP Address ID Serial Number Asset Tag UUID Product Key Physical Bay Name
BIOS name of the computer. Example: 0080C6E983E8. Example: 192.168.1.1. Example: The computer ID. 5000001. Serial number installed in BIOS. A primary lookup key. Asset number in BIOS. A primary lookup key. A primary lookup key. Product Key for the operating system. The actual bay number. Example: 7x.
Registered User Name entered when the operating system was installed. Logged On User Name of the user currently using the computer.
The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and lets wildcard searches using the *.
Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment.
68
The following information describes the default jobs. To run one of these jobs, drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you to set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server.
69
70
Suffix,NIC6 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC7 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC8 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix
71
To launch the Deployment Console, double-click the icon on the desktop, or click Start > Programs > Altiris > Deployment Solution > Console.
Features of the Deployment Console. The Windows console for Deployment Solution provides standard Computers, Jobs, and Details panes to drag and drop icons, view properties, and identify state and status of Deployment objects. In addition, the Deployment Console also includes a Shortcuts and Resources view and provides the tools, utilities and features required for complete computer resource management. See Deployment Console Basics (page 73). Set Program Options. From the Tools > Options dialog, you can set preferences for each Deployment Server system. See General Options (page 85). Set Security. From the Tools > Security dialog, you can set security rights and permissions for all Deployment consoles. See Security in Deployment Solution (page 89). Connecting to other Deployment Server systems. Connect to other Deployment Server connections from your current Deployment Console and manage computers beyond your current network segment or site. See Connecting to Another Deployment Server (page 95). Customize the Tools menu. You can add commands to the Tools menu to open commonly-used deployment programs and utilities. See Extending the Tools Menu on the DS Console (page 82).
72
Computers pane
Use this area to view and select managed computers for the Deployment Server system. You can select and right-click a computer in the Computers pane to run Remote Operations Using Deployment Solution (page 127), or view Computer Properties (page 124). You can also create computer groups to organize collections of similar computers.
Create computer groups by clicking Computer Groups on the toolbar, or right-clicking in the Computer pane and selecting Groups. Click View > Show Computers to display only computer group icons and not the individual computers.
When a computer or group is selected, a list of computers in the group appears in the Details pane and provides the basic information about each computer. The Filter detail bar appears in the Details pane that helps to view computers by a set criteria. When a computer is selected, you can view the computer status in the Details pane, including a list of jobs that are run or scheduled to run on the computer, and the status of each job. To get more details about all tasks that are run on computers, click Status Detail. Status Detail displays a more detailed breakdown of the processes that the job has executed and a status message indicating what has been completed. You can also import new computers from a text file or add security rights and privileges for a specified computer or group of computers. See Managing Computers (page 97) for
73
complete information about setting up, importing, and managing computers from the Computer pane.
Jobs pane
Use this area to create and build jobs with specific deployment tasks. You can select and right-click a job in the Jobs pane when Building New Jobs or running the New Job Wizard. You can also import new jobs from a text file or add security rights and privileges for a specified job or collection of jobs. Set up folders to organize and access jobs according to your specifications. Create a new folder by right-clicking in the Jobs section and select the New Folder option. You can also create folders by selecting File > New > Folder.
Click View > Jobs View to show or hide the Jobs pane.
When a job is selected, the Details pane displays a list of computers in the folder and gives a basic information about each job, such as its state and status. It also shows the computers or computer groups to which the job is assigned. The Conditions detail bar also appears, letting you assign jobs to computers. See Setting Conditions for Task Sets (page 153). In System Jobs, folders are created to store jobs that are created when running operations from the console. Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when you drag an .MSI, .RIP, or other package files from the Resources view to a specific computer or group. See Shortcuts and Resources View (page 75). Image Jobs. Jobs are placed in this folder when you create a Quick Disk Image. Restoration Jobs. Jobs are placed in this folder when you run a Restoring a Computer from its Deployment History job. From the Jobs pane you can drag job icons to computer icons to execute jobs, such as creating images, deploying computers, changing configurations, or installing software. Once a job is created, you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a particular time, or saved for a later time. See Building and Scheduling Jobs (page 147) for complete information about setting up, importing, and managing computers from the Jobs pane.
Details pane
The Details pane extends the user interface features when working in the Computers, Jobs, or Shortcuts panes. When you select a computer in the Computers pane, the Details pane changes to a Filters area (if you click a group icon) and displays the status of all jobs assigned to the selected computer.
74
When you select a job icon in the Jobs pane, the Details pane displays the information about the job to set up conditions; order tasks; and add, modify, or remove tasks. When you select a computer or computer group in the Computers pane, the Details pane displays the information about a computer, including IP address, MAC address, and status. When you select a batch file, you can click Modify to update the file. When you select a hard disk image file (.IMG), the Details pane displays a description of the image file, and information about the included partitions. When you click on the package files, the Details pane displays the title, description, version, creation date, and platform of a .RIP file or Personality Package.
Click View > Shortcuts to open the Shortcuts and Resources pane. You can drag the jobs and computer icons to this pane. Click Resources in the Shortcuts and Resources view, or click View > Resources or CTRL+R to open a filtered list of packages on the Deployment Share.
The Shortcuts view provides quick links to view and access computers, jobs and packages. It can act as a palette of Deployment Solution icons to drag to other working panes in the console, or as a storage to save commonly-used jobs and computer icons. The Resources view lets you see a filtered view of the package files.MSI files, .RIPs, image files, Personality Packages, and other resource packagesstored in folders in the Deployment Share. From the Resources view, you can drag packages directly to the computers in the Computers pane to deliver the software. This automatically creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the Jobs pane. The Resources view lets you identify packages assigned to each job and assign those packages to create new jobs.
You can create a new script file from the Resources view, and use it directly to schedule it on a computer. See Creating New Script Files (page 191). See Console options (page 85) for options to set refresh intervals for Resources view.
75
76
2.
Note By default, the Thin Client view is visible if you select Thin Client Install. When you switch to the Thin Client view, all the menus and items not necessary for the Thin Client view are unavailable. These are visible when you switch to the traditional view.
Computers Pane
This pane is the same as that in the traditional view. However, only thin clients are displayed. You can right-click this pane to view a new menu. When you right-click a thin client, you can view the following options: Capture Configuration Capture Images Deploy Configuration Deploy Image Install Automation Partition Get Inventory Power Control Properties Remote Control Manage Inventory View If you select a Capture option, a text field appears, prompting you for the name of the captured resource. By default, the name is the same as the serial number on the thin client, that you can change. If you select a deploy option, a list of the available resources for the selected type appears, such as Configurations, Images, or Software Packages appears. You can select a resource from this list.
To create a job
You can create a job in one of the following ways: Select any of the first six options from the Computers pane. All these jobs are scheduled at the current time. Note The Schedule Computers for Job dialog does not have the Job Schedule tab. Also, all the automation jobs have the default option selected for boot image. Drag resources to the Computers pane or computers to the Resources pane to schedule jobs at the current time. Note Ensure that you have the required permissions to drag and drop resources.
77
All thin client job details are saved in the Thin Client Jobs system folder. You cannot delete or rename this new system folder from the console. All the above options, except Properties, are disabled when the client is not active. Note All the jobs on the thin clients are automatically created and scheduled by the console, and this is done only when the clients are active. When creating the jobs, the console refers to the operating system type (platform) of the client.
Resources pane
This pane is a tree view listing all the resources that you can drag and drop to the thin clients and vice versa. Three types of resources appear in this pane: Configuration Packages. Example: Captured Registry Settings. Images Software Packages. Example: HP Tools. Note All these resources reside in the express share in the ThinClient directory. When you click any of the three submenus corresponding to the subdirectories within the ThinClient directory, the tree expands and displays all the resources included in the directory. If the folder is empty, an appropriate message appears. You can rename or delete the resources.
Software Packages
The Software Packages pane displays the software packages that can be created for the available computers. You can drag and drop this resource to the thin clients and vice versa. When you right-click the Software Packages pane, you can view the following options: New folder. Select this option to create a new folder. Import. Select this option to import a job. See To import a job. Rename. Select this option to rename a folder. Note You cannot rename the Software Packages pane. You can only rename a folder. Delete. Select this option to delete folders. Find Software Packages. Select this option to find software packages.
To import a job
1. 2. Open the Thin Client view. Right-click the Software Packages pane and select Import. The Import Job dialog appears. 3. Browse to specify the file to be imported in the Job file to import field.
78
Note By default, the Import to Job Folder, Overwrite existing Jobs and Folders with the same names, and Delete existing Jobs in folder options are disabled. 4. 5. To preserve the source operating system file paths of Scripted Install, select the Preserve Scripted Install OS source paths option. Click OK.
You can delete the Software Packages pane from the Thin Client view through the Deployment Console view.
Inventory Pane
The pane displays a table, listing all the thin clients identified by the console. The following columns appear in the Inventory pane: Name Computer Status Action Status Product Name Operating System Image Version Flash Size Memory Size BIOS Version You can select which columns to view. The following columns are available, but do not appear: Automation Partition CPU Domain Name IP Address
79
MAC Address
Administration tools
Boot Disk Creator. Use this tool to create boot disk configurations, and automation and network boot media to image client computers. The Boot Disk Creator can maintain several different boot disk configurations for different types of network adapter cards. See Altiris Boot Disk Creator help.
PXE Configuration. After installing the Altiris PXE Server, you can create and modify configurations, which make up the boot menu options that appear on client computers. This is another solution to boot computers to automation. See the Altiris PXE Configuration help.
Remote Agent Installer. Remotely install the Deployment Agent on client computers from the console. This utility lets you push the agent installation to client computers from the Deployment Console.
80
Carbon Copy. Remotely control managed computers to view and troubleshoot problems from the Deployment Console. This utility provides comprehensive remote access features beyond the Remote Control feature accessed by right-clicking a computer or computer group from the Deployment Console.
PC Transplant Editor. Use this tool to edit a Personality Package to add or remove data. See the Altiris PC Transplant Help located in the Deployment Share.
Image Explorer. After a disk image is saved to the Deployment share, this tool lets you view and manage data in the image file. You can edit and split an image, create and index, and more. See the Altiris Image Explorer help file located in the Deployment Share.
Wise MSI Editor. Edit .MSI packages generated from the Wise Setup Capture tool or other .MSI files used to distribute software and other files.
SVS Admin Utility. Create, import, and manage virtual software layers. See Software Virtualization Solution (page 81).
81
You can create layers on a virtual computer. (See Managing the SVS Layer on page 177) This lets you disconnect a computer from the network and reset the computer after each capture. This ensures that you have a clean operating system. You can also distribute .RIPs, .MSI files, scripts, personality settings, and other package files to computers or groups. See Distributing Software (page 175).
[Application name or submenu declaration] MenuText=<the application name displayed in the menu> Description=<the name displayed when you mouse over the menu item> WorkDir=<directory set as default when executable is run> Executable=<path to the executable files>
The ATools.ini file extends the main Tools menu on the console. This sample file contains one submenu, Web Tools, and two additional menu items, Notepad, and Netmeeting. The .INI files are located in the Deployment Share.
[Submenus] Web Tools=wtools.ini [Notepad] MenuText=Notepad Editor Description=Simple Editor WorkDir=. Executable=C:\WINNT\notepad.exe [NetMeeting] MenuText=NetMeeting Description=NetMeeting WorkDir=. Executable=C:\Program Files\NetMeeting\conf.exe
82
Another Tools .INI file is wtools.ini. It is a submenu file referenced by the main ATools.ini file. On the main menu this is titled Web Tools (see Tools.ini) and contains two applications, Internet Explorer and Adobe Acrobat.
[Explorer] MenuText=Explorer Description=Windows Explorer WorkDir=. Executable=C:\Program Files\Internet Explorer\explorer.exe [Acrobat] MenuText=Acrobat Reader Description=Acrobat Reader WorkDir=. Executable=C:\Program Files\Adobe\Acrobat\acrobat.exe
Click a job in the Jobs pane. The Condition feature appears in the Details pane. Click Setup to add new conditions or edit existing conditions. When you are setting conditions to schedule a job, select from a list of predefined database fields or create custom tokens that key on other fields in the database.
83
Filter Name
Active Computers Inactive Computers Computers With Failed Jobs Windows 98 Windows 2000/ 2003 Windows XP Windows CE (PDAs) Linux Windows XP Embedded Windows CE .NET Pocket PC (PDAs)
Description
Displays all the active computers. Displays all the inactive computers. Displays all the computers where jobs have failed to execute. Displays only the computers with Windows 98 operating systems. Displays only the computers with Windows 2000 or 2003 operating systems. Displays only the computers with Windows XP operating systems. Displays only the computers with Windows CE operating systems. Displays only the computers with Linux operating systems. Displays only the computers with Windows XP Embedded operating systems. Displays only the computers with Windows CE .NET operating systems. Displays only the Pocket PC computers.
Click a computer group in the Computers pane. The Filter feature appears in the Details pane for the selected computer group. Click Setup to add new filters, or modify, and delete existing computer filters.
84
Operations list. In the Value box enter an appropriate value for the selected database field. Example: you can choose Computer Name as the Field, Contains as the Operation, and Sales as the Value. 5. Repeat to include other conditions. Click OK.
General Options
Use Program Options feature to set the general options for Deployment Solution. Click Tools > Options to view the Program Options dialog. Console options (page 85) Global options (page 85) Task Password options (page 86) Domain Accounts options (page 87) RapiDeploy options (page 87) Agent Settings options (page 88) Custom Data Sources options (page 88)
Console options
Set basic console features for miscellaneous refresh actions and warning messages. Scan resource files for changes every ____ seconds. Specify how frequently (in seconds) the Deployment Console updates its view of package files in the Resources view, see Shortcuts and Resources View (page 75). Warn user when no tasks are assigned to the 'default' condition. When a job is assigned to computers and the Default condition has no tasks assigned, a message appears. The job has no secondary default tasks assigned if a computer in the group does not meet the primary conditions. See Setting Conditions for Task Sets (page 153). Refresh displayed data every ____ seconds. Refresh the display of data accessed from the Deployment Database. This lets you refresh console data at defined intervals rather than updating every time the Deployment Console receives a command from the server, which can be excessive traffic in large enterprises.
Global options
Set global options for the Deployment Server system. Delete history entries older than _____ days. Specify the number of days an entry is kept in the history until it is deleted. Enter any number between 1 and 10,000. If you dont select this option, log entries remain in the history. Remove inactive computers after ____ days. Specify the number of days you want to keep inactive computers in the Deployment database before they are deleted. The default value is 30 days, but any number between 1 and 10,000 is valid. Synchronize display names with computer names. Automatically update the displayed name of the managed computer names in the console when the client computer name changes. If this option is not selected, changes to the computer names is not reflected in the console. Synchronization is off by default. The names do not have to be synchronized for the Deployment Server to manage the computer.
85
Reschedule failed image deployment jobs to immediately retry. Immediately retry a failed image deployment job. The program continues to retry until the job succeeds or until the job is cancelled. Client/server file transfer port: _____. Specifies a static TCP port for file transfers to the clients. The default value is 0 and causes the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamically assigned port. Automatically replace expired trial licenses with available regular licenses. Lets Deployment Solution to automatically assign a permanent license to the computer after the trial license expires. Note Be careful when using this option. Ensure that you do not give a permanent license to computers you do not want to manage after their trial license expires. Display Imaging status on console. Displays the status of the imaging job on the Deployment Console. Remote control ports. Specifies ports for using the Remote Control feature. You have the option to enter a primary port address and a secondary port address (Optional). Primary lookup key. Specifies the lookup key type used to associate a new computer with a managed computer. The options are Serial Number, Asset Tag, UUID, or MAC Address. Sysprep Settings. This lets you enter global values for Sysprep. See Sysprep Settings (page 86).
Sysprep Settings
View and configure the Sysprep settings for the Deployment Server.
86
modified to use the new password. The Task Password option provides administrators with a simple option to manage all password changes from a centralized location. This feature lets you set or change user passwords from a central location, so you can modify the password for the Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks when creating or modifying jobs. However, this tab is enabled only to administrators and select users who have been granted the appropriate privileges. The Status field displays the results of password updates. Example: User As user name and password is used in ten tasks. If you want to update the password for these ten tasks, you can do so through the Task Password option. After the password is updated, the Status field displays the message: Password for 10 tasks updated.
RapiDeploy options
This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server, letting you deploy images to a group of computers simultaneously, download an image from a file server, or access a local hard drive, and manage the imaging of several client computers concurrently. Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter driver, you can enter a range of IP addresses when using the multicasting feature to speed computer deployment and management. Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and operating system layers. However, because some network adapter cards do not handle multiple multicast addresses, you can also identify a range of ports to identify these computers. On the first pass Deployment Server accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server accesses the selected computers using the port numbers or higher level operating system ID's. Note Multicasting images are not supported when using the UNDI driver on PXE, and are disabled on the client. Click Reset to set the default values.
87
88
Virtual Centers
You can keep a list of all VMware Virtual Center Web services. The hosts and virtual computers from each Virtual Center that have corresponding computers in the Deployment Database appear in the computer tree. These virtual computers appear under the Virtual computers node in the Computer pane. Click Add on the Virtual Center page, and enter the Server host name, display name, and user name. You can also set up a password for the selected user.
To set general security rights, click Tools > Security and add a user name and password. You can create users and groups and set scope-based rights. To set feature-based permissions for specific computers or jobs, select the object in the console, right-click and click Security.
See also
Best Practices for Deployment Solution Security (page 89) Enabling Security (page 90) Setting Permissions (page 93) Groups (page 92) Rights (page 92)
89
can explicitly Allow or Deny the group from running these operations for each computer group in the Computers pane or each job folder in the Jobs pane. After creating the Technician group, you can limit their rights to set General Options and set permissions on each computer groups and job folder for the group. You can select the computer group, right-click it and select Permissions. Select the group name in the left pane, and click Allow or Deny for a list of deployment operations. Example: you can select the Deny check box for Restore, Schedule Create Disk Image, and Schedule Distribute Disk Image. Additional groups can be created with different rights and permissions depending on the needs and responsibilities in the IT team. If users are assigned to multiple groups, the Evaluate Permission and Evaluate Rights features are sorted and display effective permissions and rights.
Enabling Security
You can enable security by first creating a group with Administrator rights, adding a user to the Administrator group, and selecting Enable Security. Note When the Administrator Right is selected, you do not need to select any other rights because the Administrator Right implies that all other rights are selected. 1. Click Tools > Security. The Security dialog appears. 2. 3. Click Manage User Groups tab and click Add. The Add User Group dialog appears. Select the authentication type. You can add a DS group or a group from the Active Directory. To add groups from Active Directory, see Adding groups from the Active Directory (page 92). Click DS Group Note The Browse option is disabled for Local Group. 5. Type a name and description in the Add User Group dialog. Click OK. The group name appears in the window. 6. 7. 8. Select the new group name and click Rights. Select Administrator in the Rights dialog. This assigns complete rights and permissions to the group. Click OK, and click Close. On the main Security dialog, click the Manage Users tab, and click Add. The Add User Account dialog appears. 9. Select the authentication type. You can add a DS user or a user from the Active Directory. To add users from Active Directory, see Adding users from the Active Directory (page 91).
4.
10. Click DS User in the Add User Account dialog. Note The Browse option is disabled for DS User.
90
11. Type user name, full name, and password. Retype the password, and provide a description for the user. Click OK. 12. Select the user name in the main Security dialog. Click Rights. 13. Click the name of the new Administrator group in the Groups window. This assigns the new user to the new group with Administrator rights. Click OK. Note You can assign the user Administrator rights directly, but we recommend you to assign users to groups. See Best Practices for Deployment Solution Security (page 89). 14. Now that you have a user with administrator rights, select the Enable Security box. Security is now enabled. You can now create users and groups and assign permissions to computer groups and job folders.
Evaluate Rights
Click Evaluate Rights to identify the combined rights of the selected user and its user group(s). This feature identifies effective rights for each user by resolving any possible conflicts between multiple group settings.
91
Groups
Assign the user to previously created groups. If you are enabling security, you can assign the user to a group with Administration rights. To add groups, from the Security dialog, click the Manage User Groups tab, and click Add. Select the authentication type, and type the required details. You can view the members of any group by clicking the group in the Manage User Groups dialog and clicking View Members. See also Best Practices for Deployment Solution Security (page 89), and Enabling Security (page 90).
4.
DS Authentication
If the user is already in the DS database, and tries to access the Deployment Console, Deployment Server checks the authentication with the logged on user, and upon matching does not prompt for user credentials. Similarly, if a group has already been added in the DS database, and if a system logged-on user, who is a part of the AD group, tries to access the Deployment Console, Deployment Server does not prompt for credentials.
Rights
This dialog lets you set general rights for a user or group. To verify, add or change the rights assigned to each console user, use the following steps: 1. 2. 3. 4. From the Security screen, select a user and click Rights. From the Set Rights For window, click the Rights tab. Select the check box for each right you want to grant. After selecting all applicable rights, click OK to save your changes.
92
A brief explanation of each Deployment Server right that can be assigned is detailed below: Administrator. Lets user access all features available on the Deployment console. You must have Administrator rights to enable security. See Enabling Security (page 90). Options Console. Lets you set Console options. If this check box is selected, you can set the view and set the console options. Options Global. Lets you to set Global options. If this check box is selected, you can view and set the global options. Options Domain Accounts. Lets you set Domain Accounts options. You can view and set the domain accounts option. Options RapiDeploy. Lets you set RapiDeploy options. You can view and set the RapiDeploy options. Options Agent Settings. Lets you set Agent Settings options. You can view and set the agent settings. Options Custom Data Sources. Lets you create Custom Data Sources options. You can view, create, and set database aliases. Manage Rejected Computers. Lets you view Rejected Computers in Deployment Solution and change status. Refresh Clients. Lets you Refresh Deployment Solution clients. You can use the View > Refresh clients <CTRL +F5> feature to disconnect and reconnect client computers. Allow scheduling on All Computers. Lets you schedule jobs on All Computers. If you have administrator rights, by default you have the rights to schedule job on all computers, irrespective of the check box state. You can grant this right to a specific user or a group. Import/Export. Lets you import and export jobs and import computers as well. See Importing and Exporting Jobs (page 192) and Importing New Computers from a Text File (page 102). Options Task Password. Lets you centrally update passwords for users and groups so they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating or modifying. You must have administrative rights to access this option. See Task Password options (page 86). Use PXE Configuration Utility. Lets you use the PXE Configuration Utility. Options Virtual Centers. Lets you view and add options for Virtual Centers. See Virtual Centers (page 89).
Setting Permissions
Set permissions for jobs, job folders, computers, and computer groups. See Best Practices for Deployment Solution Security (page 89) for additional design tips. 1. 2. Right-click on a computer group or job folder (or individual computers and jobs) and select Permissions. The Object Security dialog appears. Click the Groups tab and select a group name. Or click the User tab and select a user name.
93
3.
From the list in the right pane, select if you want to Accept or Deny permission to run the operations on the selected computers or job objects. These permissions include access to Remote Operations Using Deployment Solution and features for scheduling Deployment Tasks. Select the Allow or Deny check box to explicitly set security permissions for these Deployment Solution features for the selected objects. Note Administrators have access to all objects with unrestricted rights and permissions. You cannot explicitly deny permissions to computer or job objects for users with administrator rights.
4.
5. 6.
To assign permissions to multiple groups, click Set permissions on all child objects to assign the values without closing the dialog. Click Close.
Note You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers pane without selecting a job or computer object.
Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with Administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find and uses the same. If a console user does not have permissions to run all tasks the job contains, the user cannot run the job.
Evaluate Permissions
Click Evaluate Permissions to identify the combined permissions of groups and containers with contrasting permissions. This feature identifies effective permissions for each object by resolving any possible conflicts. If a job includes multiple tasks and one of the tasks does not have sufficiently assigned permissions, the whole job fails due to lack of access permissions. Note Permissions to schedule jobs also lets a user to delete jobs in the Details pane after a job runs. Example: if a job contains errors and does not run, no other jobs can be scheduled. The user must delete the job before scheduling a new job.
94
Click File > Connect to or press CTRL+O to open the Connect to Deployment Server dialog. Enter requisite information to connect to the external Deployment Server connections using an ODBC driver.
Note Although you are accessing another connection (another Deployment Database), Windows remembers the last place you browsed to, which would be the Deployment Share of the previous Deployment Server connection. You need to browse to the new connections Deployment Share to access its shared folder containing its RIPs, images, executables, and other resources.
f. g. h. i. j. 4. 5.
Using the menu in the ODBC Data source name dialog, select the new Data Source name you just created. In the Installation Directory path field enter the full UNC path (or path using any locally mapped drive) to the directory of the required Deployment Server, for example:
95
96
Managing Computers
From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage all computer resources across your organization, including desktop computers, notebooks, handhelds, network and Web servers, and network switches. You can quickly modify any computers configuration settings or view its complete management history. Or you can take on big projects, like completely re-imaging the hard drive, restoring software and migrating personality settings for a whole department. You now have management of all your computer resources available from a Windows or Web console from any location. All computer resources can be accessed and managed as single computers or organized into computer groups with similar hardware configurations or deployment requirements, letting you run deployment jobs or execute operations on multiple computers simultaneously. You can use search features to locate a specific computer in the Deployment Database, or set filters to sort computers by type, configuration, operating system, or other criteria. Manage with Computer icons. Major computer types are identified by a computer icon in the console, with a listing of scheduled jobs and operations associated with each computer. In the Deployment Console, you assign and schedule deployment jobs to computers or groups by dragging the computer icon to a job in the Jobs pane, or vice versa. See Viewing Computer Details (page 98).
Computer icons appear in the Computer pane of the Deployment console where they can be organized into groups. To assign and schedule a computer in the Deployment Server Console, drag a computer icon or group icon to a job icon.
Add new computers. Deployment Solution lets you add new computer accounts and set configuration properties for new computers before they are recognized by the Deployment Server system. Preset computer accounts automatically associate with new computers when they start up, or can be associated with pre-configured computers. See Adding New Computers (page 100).
Click New Computer on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer. When the new computer starts up you can assign it a preset account. Click New Group on the console to add a new group in the Computers pane of the Deployment console. You can also click File > New > Computer Group or right-click in the Computers pane and select New Group.
Deploy to groups of computers. Organize computers by department, network container, hardware configuration, software requirements, or any other structure to
97
meet your needs. You can deploy and provision computers on a mass scale. To filter computers in a computer group to schedule jobs only to the appropriate computer types, see Computer Filters and Job Conditions (page 83). Configure Computer Agents. See the property pages for modifying Deployment Agent settings. See Deployment Agents on page 112. View and configure computer properties. You can modify computer settings for each computer from the console. See Computer Configuration Properties (page 103). Or you can view the Computer Properties page for detailed access to a computers hardware, software, and network property settings. See Computer Properties (page 124). Run remote operations from the console. Perform operations quickly in real-time from a Deployment console. Restore a computer to a previous state, configure property settings, send a file, remote control, chat, set security, run deployment jobs or select from additional management commands. See Remote Operations Using Deployment Solution (page 127). Build and schedule jobs. Build deployment jobs with one or more management tasks to run on selected computers. Create jobs, add tasks, and assign the job to computer groups. Jobs can be organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling Jobs (page 147). Manage Servers. Deployment Solution also manages network or Web servers to administrate high-density server farms or server network resources across your organization. See the Deployment Solution Reference.
Computer connected to Deployment Server but the user is not logged on.
98
Computer not currently connected to the Deployment Server but known to the Deployment Database. A pre-configured computer with values defined in advance using the New Computer feature. As soon as the computer connects and the Deployment Server recognizes the new computer and changes the icon. See Adding New Computers (page 100). A managed computer waiting for user interaction before running deployment tasks. This icon appears if the Workstations check box is selected in Initial Deployment. See Sample Jobs in Deployment Solution (page 195). A master computer is identified as a computer used to broadcast images to other client computers.
A managed server connected to the Deployment Server with a user logged on. Additional icons identify different states of server deployment. A managed Linux computer connected to the Deployment Server with a user logged on. Additional icons identify different states of Linux computer deployment.
Physical view of Rack/Enclosure/Bay components for high-density server systems. These icons appear as physical representations to allow management of different levels of the server structure. In addition, server icons identify logical server partitions. See Bay (page 126) for properties and rules to deploy Rack/Enclosure/Bay servers.
Select the New Computers or All Computers group to run jobs or operations for these default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar computer types or to list computers of similar departments or locations. Click New Group or select New > Computer Group to create a new group.
99
The New Computer icon appears for a new computer if the MAC Address is provided when creating a new computer account using any import or new computer account feature. A pre-configured computer account icon appears if specific hardware data (MAC Address) is not known. As soon as the computer starts up and is associated with a pre-configured computer account, Deployment Server recognizes the new computer and the icon changes.
A pre-configured computer account can be associated with a new computer using the Initial Deployment feature. You can create multiple pre-configured computer accounts and associate the account with a new computer when it boots to automation. At startup, the configuration settings and jobs assigned to the pre-configured computer account can be associated with the new computer.
100
computer even if you do not know that computer's MAC address. This type of computer is known as a pre-configured computer account. Pre-configured computer accounts offer a great deal of power and flexibility, especially when you need to deploy several computers to individual users with specific needs. The pre-configured computer account saves your time because you can configure the computer before it arrives on site. You can set up as much configuration information (computer name, workgroup name, and IP address, for example) you know about the computer and apply it to the new computer as it comes online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer using customized images, .MSIs and RIPs based on a user's specific needs. Example: a user might request Windows 2000 with Office 2000 and virus scanning software installed on the new computer. The user also might request that the computer personality (customized user settings, address books, bookmarks, familiar desktop settings) be migrated from the old system. You can build any job, including any of the available tasks, and assign it to a pre-configured computer account. When the new computer finally arrives, you are ready to deploy it because you have done all the work ahead of time. Boot the client computer to automation, and the new computer can connect to the server and become a managed computer. Now you can perform an Initial Deployment, or run a deployment imaging job on the new computer.
Click New Computer on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer.
101
3.
c.
Click Associate. You can now associate computers in a group (including the New Computers group) with the multiple computer accounts. Click OK.
102
3. 4.
Edit computer settings by selecting a computer from the list and clicking Properties. The Computer Properties sheet opens to edit or add values not set in the import file, such as computer name, TCP/ IP settings, user name, and other configuration settings. Click OK. The imported computers appear in the Computers pane of the Deployment console.
5.
You can also import a computer to be placed in a sub-folder in the Computers pane and create a job to be associated with the imported computer. See the sample import file for additional information.
103
Sample Jobs in Deployment Solution (page 195) configuration settings. Click the configuration group icons to set additional computer property values. After you edit these computer property settings, the computer restarts so that the changes can take effect.
Set the most important value from this property sheet. It includes the name of the computer in Deployment Solution, the NetBIOS name of the computer, the MAC address and other settings. Set the Windows name of the computer and the Workgroup or Domain settings. Set the TCP/IP addresses for one or more network adapters. Set Novell Directory Services client logon options. Set the registered user name and view the hashed installation license key for the installed operating system. Set the local Windows user account values.
Microsoft Networking Configuration Settings TCP/IP Configuration Settings NetWare Client Configuration Settings Operating System Licensing Configuration Settings User Account Configuration Settings
Field
Name
Description
Provides a name that appears in the Deployment console (not the BIOS name of the computer). Note The Name box is disabled for multiple computer configuration.
MAC address Serial Number Asset Tag Computer Name IP Address Registered User
The unique identification address of the network adapter. The serial number of the computers motherboard. The asset tag of the computer, if available. The Windows name of the computer. Current IP address of the computer. Multiple IP addresses are listed in this box. The name of the user who registered the operating system software
104
Field
License key User name Full name. Password
Description
The hash value rendered from the OEM key or 25-digit license key required when installing the operating system. The user name for the local Windows user account. The full name for the local Windows user account. The password for the local Windows user account. See also Computer Configuration Properties (page 103).
Use Sysprep to generate unique SIDs. This can be done by manually running the utility or selecting this feature while installing the Deployment Agent.
Field
Computer Name
Description
This is the NetBIOS name for the computer. The name must be unique in the network and is limited to 15 characters. Note The Computer Name box is disabled for multiple computer configuration.
105
Field
Use Token for computer name
Description
Select the check box to specify the computer name using tokens. Selecting this option enables the Select Token option and disables the Define Range option. Note This option is applicable for multiple computers and not for single computers.
Select Token: You can select one of the six tokens from the drop-down list. %NAME%- Complete computer name. %NICyMACADDR%- MAC address of the computer with NIC specific number. Selecting this option enables the NIC Number option. You need to specify the NIC number, which ranges from 1-8. %SERIALNUM%- Serial number from SMBIOS. %NODENAME%- First 8 characters of actual computer name. The NIC Number textbox is visible for NIC number input; the default value is 1. Define Range Click to create a sequential range of computer names. The Computer Name Range dialog appears. For new computers, set a range of names for multiple new computers: Fixed text. Enter the text portion of the name which you want associated with each computer, for example:
Marketing.
Range start. Enter a whole number to add to the fixed text, for example: 1. Append. Select this check box to add the range after the fixed text in the computer name. If you clear this box the number is added as a prefix to the fixed text. Result. View an example of the selected names that is assigned to each computer. Example: Marketing...Marketing6. Note When setting name ranges, do not set names using multiple Modifying Configuration tasks and assigning the names by Setting Conditions for Task Sets. If you set up two separate name ranges to be assigned by separate conditions, the computer names increment irrespective to the base name. See also Computer Configuration Properties on page 103. Workgroup Click and enter the name of the workgroup to place the managed computer.
106
Field
Domain
Description
Enter either the fully qualified domain name, the DNS domain name, or the WINS domain name. You can enter the fully qualified domain name (example: mjones.yourcompany.com), and specify the organizational unit (OU) using this format: OU/ newOU/users. The complete entry to place the computer in the users OU is the following:
Field
Host name Network Adapter
Description
The DNS name of a device on a network. The name is used to locate a computer on the network. A list of all network adapters installed in the selected computer. The network adapter with the lowest bus, device, and function number is the first listed (NIC0 - zero based). If the bus, device, and function information cannot be determined for a network adapter, it is enumerated in the order it is detected. When configuring multiple network adapters, ensure that one network adapter is not using an Intel Universal NIC driver (commonly called UNDI driver) to connect to Deployment Server. If one network adapter uses the native driver and one uses an UNDI driver, your computer appears twice in the console. Add. Enter new settings for additional network adapters installed on the client computer. You can add virtual network adapter settings to send a job to a computer group containing computers with varying numbers of network adapters. If a computer in the group has only one network adapter, it is configured only with the IP settings listed first. If IP settings are provided for additional network adapters not present in the computer, they are disregarded. If you add a new network adapter, the Remove button is populated. You can remove the new network adapter by clicking Remove. See also Computer Configuration Properties (page 103).
107
Field
Description
Description
MAC Address. The MAC address is a unique number assigned to the network adapter by the manufacturer. You are unable to change this number. The MAC address appears in this box when viewing computer configuration settings. This box is disabled when creating a Modify Configuration task. DNS connection Suffix. Enter this to add domain suffixes to the root address. Obtain an IP Address automatically. Use the following IP address. Obtain DNS server address automatically. Obtain the following DNS server addresses. Reboot After Configuration. To restart the computer after configuration, select this option.
Field
IP Address Subnet mask
Description
Add or modify an IP address common to all interfaces. Enter the appropriate subnet mask.
Field
Interface Name
Description
Establish Linux-specific IP interface settings. Ensure you use the eth syntax when naming new interfaces, for example: eth0:1 or eth0:new interface. Enter the Broadcast address for the specified IP interface. The default value of the interface state is Up, which denotes that the named interface is operating. You can shut down the named interface by selecting Down. See also Computer Configuration Properties (page 103).
108
Field
Gateway DNS
Description
Add additional gateways for this network adapter. DNS Server Address: Add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS Suffixes (in order): Add the name of the Domain Suffix, and use the up and down arrows to set the DNS suffix search order.
WINS
Add additional WINS settings for this network adapter. Select Enable or Disable NetBIOS over TCP/IP, or Use NetBIOS settings from DHCP server for this network adapter. Note You cannot edit this information in the Windows 98 operating systems. The Deployment Console disables the edit feature on those types of clients. See also Computer Configuration Properties (page 103).
Static Routes
This displays the static route information for the computer you are viewing. See also TCP/IP Advanced Options - Static Routes (page 110).
109
Description
IP address of the destination Deployment Server. Subnet mask. Additional gateways required to reach the destination server. IP address for the interface over which the destination can be reached. Cost associated with the route Enter the flag associated with a linux specific operating system. Possible flags include: U (route is up) H (target is a host) G (use gateway) R (reinstate route for dynamic routing) D (dynamically installed by daemon or redirect) M (modified from routing daemon or redirect) A (installed by addrconf) C (cache entry) ! (reject route)
Field
Ignore NetWare settings Preferred server
Description
Select to disregard all Novell NetWare client settings for this computer. Clear to specify the required information. Click and enter the name of the NetWare server, for example:
110
Field
Run login scripts
Description
Select this option to run the NetWare client login scripts. See also Computer Configuration Properties (page 103).
Field
Registered user Organization License key
Description
Enter the name of the registered user. Enter the name of the organization. Enter the alpha-numeric license key. This is the hash value rendered from the OEM key or 25-digit license key required when installing the operating system. See also Computer Configuration Properties on page 103.
Field
User name Full name Password Confirm Password Groups
Description
The user name for this local Windows user account. The full name for this local Windows user account. The password for this local Windows user account. Confirm the password for the local Windows user account. Specify the Windows groups that this user belongs to as a comma-delimited list, for example: Administrators,
Marketing, Management
111
Field
User must change password at next logon User cannot change password Password never expires
Description
Select to force the user to change the password after setting the configuration properties.
Select to maintain the user password. See also Computer Configuration Properties on page 103.
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each computer in the Deployment Server system. Deployment Agents are provided for various computer types, including Windows, Linux, DOS, and PPC Handhelds.
To set or modify Deployment Agent settings from the Deployment Server Console, right-click a computer or group and select Change Agent Settings and click Production or Automation. To set or modify agent settings for new computers, click Tools > Options, click Agent Settings.
The following Deployment Agents reside on the client computer and communicate with the Deployment Server.
The Deployment Agent runs on Windows computers, including desktops, notebooks, and servers. See Deployment Agent Settings (page 113). This Deployment Agent runs on Linux workstations and servers. See Deployment Agent Settings (page 113). The Automation Agent is used when you create configurations to boot client computer to automation. This is done through Boot Disk Creator. See Boot Disk Creator Help and Install Automation Partition (page 137). This agent runs on the HP T5000 computer devices running the CE .NET 4.2 operating system. See Deployment Agent for CE .NET (page 122).
Automation Agent
112
The NS client is an Altiris agent that runs on computers supported by Notification Server. This agent runs on the Deployment Server computer when running Deployment Solution on Notification Server. This agent runs on the Deployment Server computer when running Deployment on Notification Server.
When the Deployment Agent for Windows is running on a computer, the user sees a small icon in the system tray. When the icon is blue, the client computer running the Deployment Agent is connected to the Deployment Solution system. When the Deployment Agent for Windows icon is clear, it shows that the client computer is not connected to the Deployment Solution system. The agent may be configured incorrectly, the Deployment Server is down, or other network problems exist.
2. 3. 4.
113
You can also modify the properties settings for the Production or Automation Agent through the Automation Agent. To set or modify agent settings in the Deployment Server Console for Windows or Linux clients, right-click the computer and select Change Agent Settings > Production Agent Settings. To set or modify agent settings for the Deployment Agent, click Tools > Options. Click the Agent Settings tab. Select the Force new agents to take these default settings check box to set the Deployment Agent settings for all new computers. Click each agent setting tab to set properties. Click OK. To view or modify settings from the Windows client, right-click the Deployment Agent icon in the system tray (or double-click the client icon in the system tray and click Properties).
When the client agent is first started, the agent establishes a connection to the Deployment Server using the following general steps: 1. 2. 3. 4. 5. The agent service is started and initialized. A TCP socket is created. A connection is made to the Deployment server. The agent is updated, if required. A basic inventory of the client is sent to the Deployment Server.
After the initial connection process is complete, no additional data needs to be sent to or from the Deployment Server for the client agent to remain connected. Note If no Deployment Solution traffic is sent to the Deployment System agent, the TCP/IP protocols send an occasional watchdog packet (approximately every 24 hours) to ensure that the connection is still valid.
114
Shutdown for imaging. Make an image of a computer without using a job. This makes the required preparatory changes to the computer before an image is made. Failure to do this breaks the reconfiguration phase when deploying the image using a job. Passwords protect this option. Change Name in Console. Change how this computer is listed in the deployment server console. This option does not change the NetBios name of the computer or the name of the computer in the database, but only changes the name of the computer displayed in the Computers window. Passwords protect this option. Remove. Uninstall Deployment Agent from the computer. Passwords protect this option. Exit. Stops all Deployment Agent services from running but does not uninstall Deployment Agent. Deployment Agent loads normally the next time you boot the computer. Passwords protect this option. User Properties. Quickly go to the User Properties page to view or make changes. Passwords protect this option. Admin Properties. Quickly go to the Admin Properties page to view or make changes. Passwords protect this option. Show Network Interfaces. View what network cards are in your computer. Passwords protect this option. The following configuration properties (organized using tabs in the dialog) are included in the Production Agent Settings dialog.
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the Deployment Agent connects to the Deployment Server you selected to configure. Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server computer. Port. Enter the port number communicating with the Deployment Server. Enable key-based authentication to Deployment Server. Select this option to require that the client computers that are trying to connect to the Deployment Server. This helps keep rogue computers from connecting to unauthorized Deployment Servers. Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast address if they are on the same segment as the Deployment Server or if multicast is enabled on the network routers. Ensure that the multicast address and port match those set up on the Deployment Server. Try using defaults on both the client and Deployment Server if you are having problems connecting. Managed computers should use the Deployment Server IP address if multicasting is disabled on the network routers or if they are not on the same network segment as the Deployment Server. The port number must match the number set on the Deployment Server. Otherwise, your clients cannot connect.
115
Server Name. Enter the NetBIOS name of the computer running the Deployment Server. Port. Enter the port number distributing the multicast address. Multicast Address. Enter the group multicast address. TTL. Specifies the number of routers the multicast request can pass through. Change this setting if you need to find a Deployment Server that is more than 32 routers away (default setting) or if to restrict the search to a smaller number of routers, making it easier to find the closest Deployment Server. Refresh connection after idle. Select the Refresh Connection after idle check box and set the refresh time by hours or days. The Deployment Server closes the connection after the specified time and immediately tries to re-open the connection. This forces clients to realize the network is down. The default checking is of 28800 seconds or 8 hours. We recommend keeping this setting above 28800. Do not set this option too lowreconnecting to the Deployment Server increases bandwidth when connecting. If this option is set too low you can run into problems where it takes longer for your clients to connect than to refresh their connections. Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by selecting this option, which saves bandwidth when running deployment tasks on slower connections.
Access
Set these commands to control how the client handles requests from the server. Allow this computer to be remote controlled. Select to let the administrator to remote control the selected computer. The default setting is to NOT allow the computer to be remote controlled. Prompt the user before performing actions. Shutdown and Restart. Select for the user to be prompted before shutting down or restarting the computer. This feature overrides the Power Control option from the Deployment Server to Force applications to shut down without a message. Copy file and Run command. Select for the user to be prompted before running a program or executing file copy commands Remote Control. Select for the user to be prompted before running the Remote Control commands. You can set a default time before running or aborting the commands. Select the time for the user to respond and either continue with the operation or abort the operation. Time to wait for user response. If one of the Prompt the user before perform actions is selected and the user is not at the computer to respond, you need to decide whether to continue or abort. Select the amount of time you want to wait for a response, and select one of the following: Continue the operation. Click to continue without receiving a response from the user. Abort the operation. Click to not continue without receiving a response from the user.
116
Select when the Deployment Server is denied access to the Deployment Agent. Select the days and set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set a password so that the user on the client computer can only view and modify the User Properties of the Altiris Client Settings on the managed computer. Encrypt session communication with Deployment Server. Select to ALLOW encryption from this managed client computer to the Deployment Server. This lets encrypted data transmissions between the Deployment Server and the Deployment Agent on the client computer. If selected, the client computer can connect (but is not required to connect) using encryption. To enable encryption protocols, you must open the Deployment Configuration tool and select the Transport tab. Select the Allow encrypted sessions with the servers check box to let Deployment Server transmit using encryption protocols. Require encrypted session with any servers. Select to require encryption between the managed client computer and the Deployment Server. If this option is selected and the option to allow encryption in the Deployment Configuration tool is not selected, the Deployment Server does not communicate with the Altiris Client on the managed client computer. Note Selecting encryption options slows down the communication path between the agent and the Deployment Server. Password protect Admin properties from user. Select to let users on the managed computer to access the Admin properties only if they enter the set password. If the box is selected and the user does not know the password, they will have rights only to open the User Properties, which includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog. Enter the password in the Password field and reenter the password for confirmation in the Confirm Password field. Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer. If you hide the icon, you are required to run AClient.exe -admin to view and modify the complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system, letting you save different types and levels of information to the log files. You can save a text file with log errors, informational errors, and debugging data using this dialog. If the log exceeds the specified size, the older data is dropped from the files. You can maximize the size of the log file to save all selected data. Save log information to a text file. Click to save information to a log file. File name. Enter the name and path of the log file. The default is to save the log file to the \Program Files\Altiris\AClient\AClient.log file.
117
Maximum size. Enter the maximum number of bytes for each log file. Log errors. Select this option to save only the errors returned when running a job or operation between the Deployment Server and the Deployment Agent. Log informational messages. Select this option to save a list of procedural steps run on the client computer. Log debugging information. Select this option to list comprehensive debugging information in the text file. Use this tab to save the Deployment Agent log file. By default, the option Save log information to a text file is cleared. Select it to enter a file name for the log and the maximum size for the log file. Note If the log exceeds the specified size, the older data is dropped from the files, so it is recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake On LAN packets from the Deployment Server. Setting the managed computer as a proxy client computer forwards or re-creates the multicast packets. A managed client computer setup as a multicast proxy simply acts as a Deployment Server and advertises the servers name and IP address through multicasting. Or you can set the managed computer as a proxy to send Wake On LAN packets. Set these options to control how the managed computer acts as a proxy agent, identifying the type of traffic this managed computer forwards from the server. Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN packages. Forward Deployment Server discovery multicast packets. Select if you want to advertise the Deployment Server to client computers on another LAN segment or if the client computer is on the other side of the router. Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed computers to delay jobs until after system startup. Specify the Windows boot drive. Specify the drive that the client computer boots from. The default is the C drive. Force all programs to close when shutting down. Select this option to shut down applications when using Power Control features. The user is still prompted to Abort or Continue the shutdown. Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of managed computers with the time of the Deployment Server. Prompt for a boot disk when performing automation jobs. Select this option to prompt for a boot disk while doing any automation jobs. Advanced
118
Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication. Select this option to disable the direct disk access for Automation communication.
To set or modify agent settings for a specific computer, right-click the computer icon and select Change Agent Settings > Automation Agent in the Deployment Server Console. To set or modify agent settings for ALL computers, click Tools > Options, click Agent Settings > Change Default Settings.
When a new client computer connects, it receives the default agent settings from Deployment Server for drive mappings, authentication, and LMHost entries. Each client computer still has the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot Disk Creator. Automation Agent Settings include the following property settings:
119
Drive Mappings (page 120) Authentication (page 120) Network (page 120)
Drive Mappings
Set drive mappings used by the Deployment Agent for DOS to access hard disk image files and other packages from a specified network drive. It is required that the F Drive be mapped to the Deployment Share. You can also map other file server directories when storing large numbers of image files or deployment packages. Drive Mapping. Enter the drive letter and volume of a shared folder, for example:
F: \\WebDeploy\Image files.
Note You must select a shared folder in this field. From the browse window you can select any type of folder, but the Deployment Agent for DOS only maps to and accesses files from a shared folder. Path. Enter a UNC path. See also Deployment Agents (page 112).
Authentication
Provide the login credentials that Deployment Agent for DOS requires to map network drives. The associated credentials for each network drive must have the rights that the Deployment Agent for DOS requires administrative rights to access files. Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Deployment Agent for DOS uses to log on as to map the network drives. User name. Enter the name of the user that the Deployment Agent for DOS logs on as to map the network drives. Password. Enter the password. Confirm Password. Retype the password for confirmation. See also Deployment Agents (page 112).
Network
These settings let you match the IP address with the computer name, as maintained in the LMHosts file in the Deployment Agent for DOS partition. 1. 2. 3. Click Add. The Add LMHosts Entry dialog appears. Enter the Computer Name. Enter the name of a computer to associate with an IP address. Enter the IP Address. or Click Lookup IP. This automatically populates the field with the IP address of the entered computer name. 4. Click OK.
120
121
You can run a script that makes a configuration change to the Macintosh operating system. You can also run a script that copies an install file from a remote share and another script that installs the package to that computer.
122
Another option for freeing up additional disk space is to uninstall the pre-installed HP applications, letting you free up to as much as 10 MB of disk space. This lets you install an embedded automation package through a Distribute Software task. Again, if the slider is not placed around the middle of the Memory tab, an Error 112 may occur. See also Deployment Agents (page 112).
Rejected computers are stored in a Rejected Computers list. Select View > Rejected Computers to view this list.
This client computer may now be managed from within the Computers pane. Connection requests from this client computer are now allowed. See also Deployment Agents (page 112).
123
Computer Properties
View and edit the computer properties for each managed computer.
View and edit computer properties by double-clicking a computer icon in the Computers pane, or right-clicking and selecting Properties, or clicking the icon in the toolbar.
General
General
View or change the name of the computer as it appears in the console. You can view the following: logged in user names, operating system installed, name of the Deployment Server, whether or not an automation partition is installed, version of the Altiris Windows Client, and other client information.
Hardware
View processor make and type, processor count, RAM installed on the computer, display configuration, manufacturer, model, product name, MAC address of each network adapter installed, serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and configured.
Drives
View information about each drive on the computer. If you have multiple drives, you can select a drive from the list to view its settings, such as the capacity, serial number, file system, volume label, and number of drives installed.
124
Network Configuration
View Microsoft Networking, Novell Netware settings, and user information for the selected managed client computer.
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the selected computer. Click Change to open the configuration window to modify settings (see Configuring Computers on page 130).
Applications
View the applications that are installed on the computer, including description, publisher, version number, product ID, and systems components.
Services
View the services installed on the computer as well a description, start type, and path for each service.
Devices
View the devices installed on the computer, including display adapters, disk drives, ports, storage volumes, keyboards, and other system devices.
125
Location
View and edit user-specific properties such as contact name, phone number, e-mail address, department, mail stop, and site name. As the administrator, you can enter this information manually or you can let the user populate this screen using Prompt User for Properties.
Bay
View location information and other properties for Rack / Enclosure / Bay components for high-density and blade servers. Set rules for automatic re-deployment of blade servers based on physical location changes. This property is available only to systems using blade servers.
Rule
Re-Deploy Computer
Action
Restore a blade server using deployment tasks and configuration settings saved from the previous server blade in the bay. This lets you replace new blades in the bay and automatically run deployment tasks from its deployment history. (See Restoring a Computer from its Deployment History on page 129.) All deployment tasks in the bay's history are executed starting from the last Distributing a Disk Image task or Scripted OS Install task, or from any script (in a Run Script task) with this command: rem deployment start.
The server processes any specified job. Select a job to run automatically when a new server is detected in the bay. This option lets you move blades to different bays without automatically running jobs. The server blade placed in the bay is not identified as a new server and no jobs are initiated. If the server existed in a previous bay, the history and parameters for the server are moved or associated with the new bay. If the server blade is a new server (never before identified), the established process for managing new computers is executed. (default) No job or tasks are performed (the Deployment Agent on the server blade is instructed to wait). The icon on the console changes to reflect that the server is waiting.
126
Lights-Out
View information about the remote management hardware installed on the selected computer (most often a server) used to power up, power down and restart the computer remotely, or to check server status. You can also enter the password for the remote management hardware by clicking Password.
Note This feature is currently only available for selected HP Integrated Lights Out (ILO) and Remote Insight Lights-Out Edition (RILOE) features. See also Computer Configuration Properties (page 103).
Open the computer operations menu by right-clicking a computer icon in the Computers pane, clicking Operations on the menu bar, or clicking the icons in the toolbar.
Restore
Reconfigure your computer to a former state. Select from a list of previous deployment tasks and select to restore only the ones you want. See Restoring a Computer from its Deployment History (page 129). View, print, delete, and save to file a history of deployment tasks. See Viewing a Computers History (page 129). Set network and local configuration properties for each computer, including computer name, IP address, domains, Active Directory context. See Configuring Computers (page 130). Select a computer and image its hard disk. This creates and stores the image to distribute now or later. See Quick Disk Image (page 130). Wake up, restart, shut down, and log off remotely. See Power Control (page 130).
History Configure
127
Remote Control
Open a remote control window directly to a selected client computer. Investigate problems directly from your console. See Remote Control (page 131). Type and run commands remotely. See Execute (page 135). Copy selected files, directories, or entire directory structures and send them to the selected computer(s). See Copy File to (page 187). Start an individual chat session with one or more selected client computers. Communicate actions or query for symptoms during administration. See Chat on page 136.
Chat
ADVANCED >
Clear Status Prompt User for Properties Reset Connection Install Automations Get Inventory Clear computer status as shown in the title bar of the List View. Query the user for personal information. This feature sends a form to the user to fill out. See Prompt User for Properties on page 136. Disconnect and reset the connection between Deployment Server and the Deployment Agent on the selected computer. Embed automation partitions onto the selected computers hard disk to enable a managed computer to run automation tasks. Update property settings for a selected computer. These inventory settings can be viewed in Computer Properties on page 124. Select it to ensure that you have the latest inventory of the computer. Set the timeout value in the General tab of the Deployment Server Configuration utility (in the Control Panel). Reject Connection Install BIS Certificate Remove BIS Certificate Apply Regular License New Job Wizard New Group New Computer Rename Delete Change Agent Settings Refuse communication with the selected computer. Install a BIS certificate for the selected computer. Remove a BIS certificate from the selected computer. Apply a permanent license if a client computer is using a timelimited license or requires an updated license. Open this to schedule deployment jobs for the selected computer. See New Job Wizard on page 148. Click to create a new computer group in the Computers pane. Create a new computer account. See Adding New Computers on page 100. Assign the computer or group a new name in the console. Rightclick a computer or group to edit in the Computer pane. Delete a computer, a computer group, or any combination of computers and groups from the database. Update property settings for the Deployment Agent running on selected computer(s). See Deployment Agents on page 112.
128
Security Properties
View security settings for the selected computer(s). See Security in Deployment Solution on page 89. View computer configuration and network properties. See Computer Properties on page 124.
Restore a computer by right-clicking a computer icon in the Computers pane and selecting Restore, clicking Operations > Restore on the menu bar, or clicking the icon in the toolbar. You can restore a computer using Remote Operations Using Deployment Solution or by creating and scheduling a job using the New Job Wizard.
1.
Right-click a computer and click Restore. The Restore Computer dialog appears with a list of previous tasks with check boxes.
2. 3. 4. 5.
Click the Show only list box and select the type of tasks to be displayed. Click the Since list box to filter tasks by date. This is optional. Click Next to view a summary of tasks selected to reschedule. Click Next to schedule the job (See Scheduling Jobs on page 155). Click Finish.
When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Restoration Jobs folder. The job name has a generic format of Restore: <computer name>.
129
Configuring Computers
From the Operations menu you can enter and modify configuration settings for computers. See Computer Configuration Properties (page 103) for complete information about configuration settings. 1. Right-click a computer and click Configure. The Computer Configuration Properties dialog appears. 2. 3. 4. Set basic configuration values in the General configuration group (default view). Click other configuration group icons in the left pane to set additional values. Click OK.
3.
Power Control
This computer operation lets you wake up a computer, restart a computer, shut down, or log off as the current user for a selected managed computer. You can also power a computer on if Wake-On-Lan is supported.
Restore a computer by right-clicking a computer icon in the Computers pane and selecting Power Control, clicking Operations > Power Control on the menu bar, or clicking the icon on the toolbar.
1.
Right-click a computer and select Power Control. A secondary menu appears with these options:
130
Wake up
The Wake Up feature is hardware-dependent and is only available for inactive computers. Select this command to start a computer that has been turned off. Notes Your operating system and network adapter must be capable of recognizing and processing the Wake on LAN packets. Nonembedded network adapters must be properly configured. Example: 3Com NICs have an extra header cable that enables Wake on LAN. Check the documentation that came with your network adapter for more information about Wake on LAN. For NICs and operating systems that support Wake on LAN Power Management features, you need to go to Properties of the network adapter driver and select the Power Management tab. Click the Allow this device to bring the computer out of standby option for this device to bring the computer out of standby status. You have to enable this feature for some computers in their BIOS.
Restart
Click to reboot the selected managed computer. Select Force Applications to close without a message box to restart immediately without prompting the user. Click to shut down the selected managed computer. Select Force Applications to close without a message box to shut down immediately without prompting the user. Click to log off the selected managed computer. Select Force Applications to close without a message box to log off immediately.
Shut down
Log off
2.
Select a Power Control option. A Confirm Operation dialog appears. Select the Force application to close without a message option to shut down users without a warning. If you do not select Force application to close without a message, the user is prompted to save work before the power operation is continued. Click Yes.
3.
Remote Control
Remote Control is a computer management feature built in to the Deployment Server Console. It lets you control all types of computers to view problems or make immediate changes as if you were sitting at the managed computers screen and using its keyboard and mouse.
131
When a managed computer is being remote controlled, the Deployment Agent icon in the managed computers system tray flashes alternate icons. Remote Control also provides Chat, Copy File to, and CTRL+ALT+DEL features to assist in administrating managed computers from the console.
Note You cannot disable the flashing eye icon while the computer is being remote controlled. Before you can remote control a managed computer: The managed computer must have the Altiris Agent for Windows installed and properly set up. The client must have the appropriate Proxy option checked in Altiris client properties. The client and Deployment Server Console must be able to communicate to each other through TCP/IP.
Toolbar Chat Click to open a chat session with the selected managed computer. This starts a chat session between the console computer and the managed computer. The chat session opens a chat window that lets you send messages back and forth between the Console and the managed computer. If you are controlling multiple computers in a single window and start a chat session, the chat session is only between the Console and the master client. Click to update the screen view of the managed computer. Click to select restart or logon options for the managed computer. Note The managed computer must be running Windows 2000/XP/2003 and have the keyboard and mouse driver installed for this feature to be available. Send File See Send Files during Remote Control (page 133).
Refresh CTRL+ALT+DE L
132
Toggle Control Control menu Disable Input from the Client Close Window View menu Refresh Fit to Window
Click to change between control access of the managed computer (default) or view access only of the managed computer.
Click to prohibit the user of the managed computer from using the keyboard or mouse during the remote control session. Click to close the remote control window of the managed computer.
Click to refresh the view of the screen. If this option is selected, the client display image becomes the same size as the Remote Control window. If this option is not selected, the image retains the size of the client display. See Remote Control Properties (page 133). See Remote Control Properties (page 133).
To end a Remote Control session, click Control > Close Window in the Remote Control window.
133
Update interval. Select to specify how often the image in the Remote Control window is updated (in milliseconds). The more frequently the display is updated, the more bandwidth is required. Only update foreground window. Select to refresh only the selected window in the remote control session.
5.
Click OK.
134
Open a Remote Control window for a group of managed computers. Right-click a computer group icon and select Remote Control. The Remote Control Options dialog appears with options to Control each client separately in its own window or to Control all clients together. If you select to control clients separately, individual windows appear for each computer. If you select to control clients together, you are asked to select a master computer. The master computer is the computer that appears in the Remote Control window, however all actions taken from the console also run on the other computers in the group. All computers in the group should be similar in configuration to work properly. Note If you are controlling multiple computers in a single window, you can send a file only between the console and the master client. If you want to send a file to multiple clients at the same time, use the Copy File to feature. See Copy File to (page 187). To end a Remote Control session, click Control > Close Window. See also Remote Operations Using Deployment Solution (page 127).
Execute
Send a command from the Deployment console as if you were entering a command from the command-line prompt on the client computer.
Execute a command to a client computer by right-clicking a computer icon in the Computers pane and selecting Execute, clicking Operations > Execute from the menu, or clicking the icon in the toolbar.
1.
Type a command you would like executed on the selected remote computer(s), or select from a list of previously run commands. Example: type regedit to open the Registry on the computer. To run the command as another user on the managed computer, click User and enter the user name and password.
2.
User Account
Use this dialog to run a script using another local user account. You can log in with another user name and password with rights to run an execute command. Run with default security credentials. This option runs with the current user credentials. This is the default option. Run with the following credentials. Click this option to log on with another user name and password. See also Remote Operations Using Deployment Solution (page 127).
135
Chat
You can communicate with managed computers using the Chat text messaging system. From the Deployment Server Console, select an individual computer or a group of computers to open an individual chat session with each logged-in user.
Open text messaging with a user by right-clicking the computer icon in the Computers pane and selecting Chat, or clicking the icon in the Remote Control window.
1. 2. 3.
Open a chat session. The Chat with <computer name> window appears identifying the computer you are sending messages to. Type a message in the lower text box. Click Send or press <Enter>. The exchange of text messages appears in the upper text box.
136
When the user enters information and selects OK, the Location properties in the computer properties fields is updated for the selected computer. If the user changed the computer name, the name in the Computers pane of the Deployment Console also changes. These settings are stored directly to the Deployment Database. See also Chat (page 136) and Remote Operations Using Deployment Solution (page 127).
During the Deployment Server installation, the Pre-boot Operating System page appears for you to select a default pre-boot operating system, which is used by Boot Disk Creator to create the configurations that boot client computers to automation. You can install additional pre-boot operating system files through Boot Disk Creator. See Boot Disk Creator Help. If you are running Altiris PXE Servers, you do not need to install an automation partition on each client computers hard disk. When the Deployment Server sends a deployment job, PXE-enabled client computers search for an Altiris PXE Server to receive the boot menu options and the boot menu files that are required to boot to automation. See Automation Pre-boot Environment in the Deployment Server Reference Guide.
137
Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, or any Linux operating system), multiple processors, and specific vendor server models.
Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers.
138
Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides serverspecific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options (page 139).
Icon
Description
Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up operating system install files using a wizard. See Scripted OS Install (page 168). Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings (page 107). Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server.
139
Example: if you rely on PXE to boot the new server and you want to deploy new servers automatically without halting the process, you must change the default settings in the PXE Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed (or waits a set time before proceeding) to avoid erroneous redeployment, you need to set the options in the Advanced section of Initial Deployment.
Initial Deployment does not run for any computer identified in the console as a server.
140
Following these steps ensures that the BootWorks message does not appear and things move forward when a job is scheduled.
Using Deployment Solution, you can employ rip and replace technology that lets you insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, letting you replace any downed server and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade.
Virtual Bays
Hewlett-Packard blade servers now have a Virtual Bay feature that lets you pre-assign deployment jobs to the Rack, the Enclosure, or to a specific blade server in the Bay. Any
141
HP blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. (This feature requires that the Hewlett-Packard Rapid Deployment Pack is installed.) The Virtual Rack/Enclosure/ Bay icons change from virtual icons to managed server icons in the Deployment console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the pre-configured computer account is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays are truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you need to recreate the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades (page 141).
HP Proliant BL e-Class
Proliant BL 10e Proliant BL 10e G2
HP Proliant BL p-class
Proliant BL 20p Proliant BL 20p G2 Proliant BL 40p
HP blade servers let you employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/ rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server appears along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and appear in both the physical and server views within the Computers pane of the Deployment console. For HP blade servers in the physical view the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features (page 139) and Server Deployment Options (page 139).
142
For Dell blade servers in the physical view, the Rack name is always Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example: Dell <enclosureName> <bayName> See also Server Management Features (page 139) and Server Deployment Options (page 139).
For Fujitsu-Siemens blade servers in the physical view, the Rack name is always Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features (page 139) and Server Deployment Options (page 139). Note If you have Fujitsu-Siemens Server blades managed by the Deployment Server, ensure that the SNMP service is running on the Deployment Server. Also, if the Deployment Server is installed on a Windows 2003 server, ensure that the security is set correctly to receive traps from remote computers. By default, Deployment Servers cannot receive traps from remote computers.
143
Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The search begins at the top of the computer list and highlights the computer name in the Computers pane when a match is found. Press F3 to find the next computer that matches the search criteria until there are no more results, or the end of the computer list is reached.
1.
In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string is compared with specified database fields. From the In Field drop-down list, select the field you want to search in the Deployment Database. Example: to find a computer by searching for its IP address, type the address in Search For field and select IP Address from the In Field drop down list.
2.
BIOS name of the computer. Deployment Solution name of the computer. 0080C6E983E8, for example. 192.168.1.1, for example. The computer ID. 5000001, for example. Serial number installed in BIOS. A primary lookup key.
144
Asset Tag UUID Registered User Product Key Logged On User Physical Bay Name
Asset number in BIOS. A primary lookup key. A primary lookup key. Name entered when the operating system was installed. Product Key for the operating system. Name of the user currently at the computer. The actual bay number: 7x, for example.
The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and lets wildcard searches using the *. See also Computer Filters and Job Conditions (page 83).
Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment.
145
Note The lab name must be unique because the program creates a default image file name based on the name, and the image file name must be unique. The default image name is synchronized in all lab jobs, so if you change the name later you must change it in all the jobs that use the image. 3. 4. 5. Enter a lab description to help you differentiate the lab from others (optional). Click OK. This is also optional. Identify an image in the Create Disk Image job. Set computer names and addresses in the Update Configuration job.
The following information describes the default jobs. To run one of these jobs, simply drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset the IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server.
146
Job icons appear in the Jobs pane of the Deployment console. To assign and schedule a job in the Deployment Console, drag the job icon to selected computer icons. Job status icons also appear in the Details pane of the Deployment Console to indicate various deployment states. See Viewing Job Details (page 147).
The New Job Wizard guides you through common deployment and management jobs. It is an easy way to set up new users or migrate users to new computers, create and distribute images of computers on the network, distribute software packages, restore computers, and more. Jobs include one or more Deployment Tasks. You build jobs by adding tasks to a job and customizing the task for your specific needs. You can add tasks to capture and distribute images, software packages, and personality settings. Or you can write and run a script task, or run scripted installs, configure settings, copy files and back up registry settings. You can also modify existing jobs by adding, modifying, copy and pasting, or deleting tasks to fit your needs. See Building New Jobs (page 152). Set conditions on jobs to run only on computers with properties that match the criteria you specify. You can build one job to run on different computer types for different needs, and avoid mistakes by ensuring that the right job runs on the right managed computer. See Setting Conditions for Task Sets (page 153). Initial Deployment lets you run predefined jobs and configuration tasks on new computers when they start up. You can automatically deploy new computers by imaging and configuring TCP/IP, SIDs, and other network settings and installing basic software packages. See Sample Jobs in Deployment Solution (page 195). Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs pane. You can run many sample jobs as they are, or you can set environmental variables. See Sample Jobs in Deployment Solution (page 195).
147
Job status icons that update the state of the job in running deployment tasks. These icons are graphical symbols in the Deployment console used to identify the status of an assigned job. .
Indicates that a job is associated with a computer or group of computers but is not scheduled. Indicates error conditions when individual tasks run.
A description of the job, if available. You can also use Add or Modify in the main window to edit the description as well. If a job defines error conditions when individual tasks run, the Status field displays any errors incurred and the tasks that completed successfully. Job Schedule details. This is the job's run time, beginning when the job started and ending when it completed successfully. The currently applied conditions appear in a list box with a Setup option to add conditions to different task sets for different computer properties within a job. Conditions specify characteristics that a computer must have before the job will execute. See Setting Conditions for Task Sets (page 153). A list of tasks assigned to the job and task descriptions also appears. Change the order of the task execution with the up and down arrows. Tasks are executed in the order they are listed. See Deployment Tasks (page 156). Features to add, modify, and delete tasks for each job. A list of assigned computers and its deployment history. To sort jobs or computer details, just point and click on the category in the Details bar. Example: click the Status column heading to organize and display the progress status of the job. See also Viewing Computer Details (page 98).
148
Note When a software package or deployment job is scheduled to run on client computers, the Altiris Client Service Message dialog appears, warning them that a job is about to execute. If a user clicks Abort when the message appears, an event is logged to the client's history so that Deployment Solution administrators know when users abort a scheduled event.
Create a new job by clicking New Job Wizard on the Deployment Console, clicking File > New > Job Wizard, or right-clicking in the Jobs pane of the Deployment Console and selecting New Job Wizard. The New Job Wizard appears to guide you through basic deployment jobs.
1.
Select a job option: Create an image. This wizard guides you through the steps required to create an image of a computers hard disk and schedule the job. See Creating a Disk Image (page 158). Deploy and configure computers. This wizard guides you through the steps required to lay down a new disk image on a selected computer and install software and personality settings. See Distributing a Disk Image (page 163). Deploy software packages. This wizard guides you through steps required to install software packages. You can set conditions, select packages, assign to computers, and schedule the job. See Distributing Software (page 175). Restore a computer. This wizard guides you through the steps required to restore a computer to a known working state by re-imaging the hard drive and reinstalling software packages, personality settings, and defining configuration values. This option reschedules jobs saved in each managed computers history record, which contains all deployment tasks previously processed. See Restoring a Computer from its Deployment History (page 129). Migrate computers. This wizard guides you through the steps required to move a computer hard disk image, applications, and personality settings from a source computer to a destination computer. You can perform one or more migration operations using provided options.
2. 3.
Give the job a unique name. You can type a name with up to 64 characters. Follow the steps in each wizard to create a job (some New Job wizards build multiple jobs). After creating a job, the job appears in the Jobs pane of the Deployment console with deployment tasks listed in the Tasks list for each job selected.
Note You cannot define return codes when using the New Job Wizard. See Building New Jobs (page 152) to build customized jobs and set up return codes. See also Modifying Tasks in a Deployment Job (page 189).
149
Migrating Computers
From the New Job Wizard you can select Migrate computers to quickly distribute hard disk images, software, and settings from a users current computer to a new computer. You can image a new computers hard disk with a new operating system and install software and personality settings. Or perform different levels of migration to distribute only software or to simply capture and distribute personality settings to the new computer.
150
Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page 163) and one or more Install Package tasks to update software, if selected (see Distributing Software on page 175).
151
Summary of Options
After selecting the options in the New Job Wizard, you can view a summary of the job names, assigned computers, conditions, and other selected choices. To change any options, click Back to return to the previous dialog. Click Finish to complete the steps in the wizard. See also New Job Wizard (page 148) and Job Scheduling Wizard (page 153).
Create a new job by clicking New Job on the Deployment Console. Click File > New > Job, or right-click in the Jobs pane of the Deployment Console, and select New Job. You can modify jobs by double-clicking the job or right-clicking, and selecting Properties. Add tasks to each job by clicking Add.
1.
Create a new job. Enter a unique name and description for the job. You can type a name with up to 64 characters. A new job is added to the Jobs pane in the Deployment console. You can group and organize jobs, and access and apply them to computers or computer groups from an index of prebuilt jobs.
2.
Set conditions to apply the job to specified computers meeting defined criteria. Order multiple conditions to run jobs on computers that match the first applicable condition. See Setting Conditions for Task Sets (page 153). This is optional. Click Add to open a list of possible deployment tasks to add to each job. See Deployment Tasks (page 156).
3.
152
4.
Set task options using the provided wizards. After you complete the steps to create a task, it is added to the task list box. Click Add to add another task. Use the up and down arrows to change the order of execution of the tasks in the Task list box. Tasks are executed in the order that they appear in the task list. As a result, ensure you do not run a task that overrides the previous tasks. Example: list Distribute Disk Image above Distribute Software or Distribute Personality, letting the hard disk to be imaged before installing applications and settings.
5. 6. 7.
Set Return Codes. The last action in each task wizard lets you set return codes for each deployment task. See Setting Up Return Codes (page 193). This is optional. After adding tasks, click OK. To schedule the job, drag it to a computer or computer group. The Schedule Jobs dialog appears. See Scheduling Jobs (page 155).
Select Job(s)
Select the job(s) or group(s) of jobs to assign to computers or computer groups. Use the SHIFT and CTRL keys to select multiple jobs or job folders. Click Next.
153
In addition, if a task is associated with the default condition the task always executes when a computer does not meet any other conditions associated with this job. 1. 2. Select a job in the Jobs pane of the Deployment Console. The Job Properties dialog appears. Click Setup next to the Condition field. A menu appears with options to create a New condition, Modify a condition, or Delete a condition. To reorder conditions, click Order and reorder them using up or down. See Order Condition Sets (page 154). 3. 4. Click New in the menu to open the Condition Settings dialog. Enter a name for the condition up to 64 characters. Click Add to open the Condition dialog. Click the Field list and select a data field heading from the list. You can define conditions based on common client features such as operating system, software and hardware version, hard drive space, operating system language, RAM, and other characteristics. Click Operation and select a compare statement. In the Value box, type a string to search for in the selected database field. You can set conditions based on computer properties stored in fields in the Deployment Database. Example: you can set a condition to match a particular asset tag, Altiris agent version, or IP address. You can use wildcard characters and AND/OR operators. 5. 6. To set up custom conditions based on custom tokens, select User Defined Tokens from the Field list. Click OK.
The task set you create appears in the Task list for each condition. When you select a new condition, the tasks for that condition appear. You can set Condition A to distribute the XPImage.img file to Windows XP computers using a Deploy Image task. You can set Condition B to distribute the W2KImage.img file to Windows 2000 computers using another Deploy Image task. When the job is applied to a computer group, the conditions are evaluated for each computer and the appropriate task executes on the appropriate computer. Note When using User Defined Tokens to set conditions for some client property values, you may be required to use the decimal value rather than the hex value. Example: when setting conditions based on the NICS table on the nic_device_id and nic_vendor_id columns, you are required to use decimal values. See also Deployment Tasks (page 156).
154
Scheduling Jobs
After a job has been created, and it has been assigned to multiple computers or computer groups, the Schedule Job dialog appears, letting you schedule the job to run immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected from the Jobs pane of the Deployment Console are scheduled in the order they were selected, even across multiple Deployment Servers.
To schedule a job
1. 2. Drag a job to a computer or computer group. The Schedule Job dialog appears. In the Schedule Job dialog, click the Job Schedule tab. The following options are available: Do not schedule. This option lets you apply jobs to computers but does not run the job until you return to the Schedule Job dialog and set a run time. Run this Job immediately. This option lets you run the job now. Schedule this Job. This option lets you type the date and time to run the job at a specified time and date. To run it at regular intervals, specify a time and date to repeat. Repeat this job every x. A job can be scheduled to execute by minute(s), day(s), hour(s), week(s). Allow this job to be deferred for up to x. A job can be deferred when the server is busy executing other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to five minutes. Schedule in batches of x computers at y minute intervals. This option lets you schedule computers in batches to maximize efficiency. 3. 4. 5. Click the Computer(s) Selected tab. This is a list of computers, their associated group, and IP address that the job is scheduled to run. Click the Job(s) Selected tab. The job name and folder located in the Jobs pane appear. Use the up and down arrows to change the order of the scheduled jobs. Click OK.
Note The Schedule Job dialog is the same for Rescheduling Jobs, New Job Wizard, and Job Scheduling Wizard.
To reschedule a job
1. From either the Computers or Jobs panes in the Deployment console, select a job or computer that has been previously scheduled. A job icon appears in the Details pane identifying the computers assigned or the name of the job. 2. Select the job icon, click the scheduled computers in the Details pane, right-click and click Reschedule. If you selected a computer icon, click the job icon in the Details pane, right-click and click Reschedule. The Schedule Jobs dialog appears. 3. To immediately start a scheduled job that has not yet run, right-click the job icon and select Start Now.
155
4.
To stop a repeating job, right-click the job in the Details pane and click Discontinue Repeat. At this point you need to schedule a new time to run the job or click the Do not schedule option.
Deployment Tasks
A task is an action of a job. Jobs are built with tasks. Each task is executed according to its order in the task list contained in a job. You can resize the task pane by dragging the bottom pane (horizontal bar) that separates the task list and the scheduled computer list of the Deployment Console. This lets you view a greater number of tasks in a deployment job without using the scroll bar to navigate up and down. The Deployment Console has multiple tasks available from the Add menu, including:
156
Create Disk Image. Create a disk image from a reference computer and save the image file (.IMG or .EXE files) for later distribution. See Creating a Disk Image (page 158). Distribute Disk Image. Distribute previously created disk images (.IMG or .EXE files) or create a disk image from a reference computer on the network and simultaneously distribute it (.IMG or .EXE) to other managed computers on the network. See Distributing a Disk Image (page 163). Scripted OS Install. Run scripted (unattended) installs using answer files to install computers remotely over the network. See Scripted OS Install (page 168). Distribute Software. Distribute .RIPs, .MSI files, scripts, personality settings and other package files to computers or groups. See Distributing Software (page 175). Manage the SVS Layer. Instantly activate, deactivate or reset layers and completely avoid conflicts between applications, without altering the base Windows application. See Managing the SVS Layer (page 177). Capture Personality. Capture the personality settings of a selected computer on the network using the PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing Personality Settings (page 179). Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid Altiris packages and assign passwords and command-line options to Personality Packages. See Distributing Personality Settings (page 180). Modify Configuration. Modify the IP address, computer and user name, domains and Active Directory organizational units, and other network information and computer properties. See Modifying Configuration (page 182). Get Inventory. This lets you gather inventory information from client computers to ensure that the deployment database is up-to-date with the latest computer properties. See Get Inventory (page 183). Run Script. Create custom commands using scripts to perform jobs outside the bounds of the pre configured tasks. Use the Run Script dialog to select or define a script file to run on specified computers or groups. See Run Script (page 183). Copy File to. Copy a file from the Deployment Share or another source computer to a destination computer. See Copy File to (page 187). Power Control. Perform power control options to restart, shutdown, power off, and log off. See Power Control (page 189). Wait. Use the Wait dialog to retain a computer in automation mode after a task is performed. See Wait (page 189). Tasks are listed for each job in the task list box. Each task executes according to its order in the list. You can change the order using the up and down arrow keys.
Task
Restore Computer History
x64
Yes Yes
IA64
Yes Yes
SPARC
Yes Yes
157
Task
Configure Quick Disk Image Power Control: Wake Up Power Control: Restart Power Control: Shutdown Power Control: Log off Remote Control Execute Copy File Chat Advanced: Clear Computer Status Advanced: Prompt User for Properties Advanced: Reset Connection Advanced: Install Automation Partition Advanced: Get Inventory Advanced: Reject Connection Advanced: Uninstall Windows Agent Advanced: Install BIS Certificate Advanced: Remove BIS Certificate Advanced: Apply Regular License New Job Wizard New Group New Computer Rename Delete Change Agent Setting Permissions Job Scheduling Wizard
x64
Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Yes
IA64
Yes Yes Yes Yes Yes Yes No Yes Yes No Yes Yes Yes
SPARC
Yes Yes Yes Yes Yes No No Yes Yes No Yes No Yes
Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Create an image file using the New Job Wizard or adding the task when Building New Jobs. You can distribute the disk image file using the Distributing a Disk Image task. This task will run Altiris RDeploy.exe from the console to capture and migrate hard disk images.
158
Note To create an image of a computer, you must boot to DOS, Linux, or Windows PE. This requires that you set up an Altiris PXE Server or install an automation partition.
159
When storing images locally on the managed computer's hard drive, be sure to enter the path relative to the managed computer (Example: C:\myimage.img). When you store an image locally on a managed computer instead of a file server, you save server disk space and reduce network traffic. Prerequisite: To store images locally on the managed computers hard drive, you must have a hidden automation partition installed on the managed computer's hard disk with the required disk space to hold the images you want to store. Caution When imaging computers where images are stored on the managed computers hidden automation partition, use the option to remove the automation partition only when you want to clear all images from the computer. 5. Select Prepare using Sysprep to use Sysprep to prepare system for imaging and click Sysprep Advanced Settings. See Advanced Sysprep Settings for Creating a Disk Image (page 162). From the Operating System drop-down list, select the operating system. Note Click Add new to go to the Sysprep Settings dialog and select the OS Information. 7. 8. From the Product Key drop-down list, select the product key. From the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list, select the required pre-boot environment to perform the Create Disk Image task in the selected pre-boot environment. By default, the DOSManaged Boot Option type is selected. Note ImageX requires a Windows PE x86 pre-boot environment. 9. (Optional) To select Media Spanning and additional options, click Advanced. See Create Disk Image Advanced (page 162).
6.
10. Click OK (if you are using the New Job Wizard) or click Next. 11. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 12. Click Finish. The task appears in the Task list for the job. Tip If an imaging Job fails on a managed computer, the Deployment agent configuration page appears on the client. This screen displays a prompt to confirm if the user wants to configure the client or restore the original settings. On the client screen, select Cancel > Restore Original Settings. See also Deployment Tasks (page 156).
160
2.
Provide the disk number in the Additional Parameters field using the following format: -d[disk#] By default, all partitions of disk 1 are imaged. To image a different disk, provide the disk number in the Additional Parameters field using the same format.
3.
Enter the path and file name to store the disk image. Caution The captured disk image must be stored on an AppleTalk Filing Protocol (AFP) share.
4.
Specify the share using the following format: //server/sharepoint/path/filename.dmg If no credentials for this server are provided in the automation configuration, the guest account is used by default.
5.
Provide the account credentials as part of the path using the following format: //username:password@server/sharepoint/path/filename.dmg
6. 7. 8.
Click Next. The Return Codes dialog appears. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Mac image is created.
Note The Sysprep settings option is disabled if you select Mac Image as the Imaging Tool. The Automation pre-boot Environment for Mac Image is the Default Automation when capturing Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help.
161
5. 6.
To use Microsoft Sysprep, select the Prepare using Sysprep check box and specify the operating system and product key. From the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list, select the required pre-boot environment to create the disk in the selected pre-boot environment. By default, the Default Automation (Auto-select) type is selected.
7.
8. 9.
(Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Ghost image is created.
162
Additional Options Do not boot to Production. Select this option to create an image of the hard disk while booted to DOS without first booting to Windows to save network settings (TCP/IP settings, SID, computer name, and so on). If you select this option, these network settings are not reapplied to the computer after the imaging task, resulting in network conflicts when the computer starts up. Compression. Compressing an image is a trade-off between size and speed. Uncompressed images are faster to create, but use more disk space. Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to create a larger compressed image file with a faster imaging time. The default setting is Optimize for Speed. Note Configuration restoration after imaging a compressed drive is not supported for this release. Enter an image description (optional) in the Description field to help identify the image.
Distribute a hard disk image using the New Job Wizard or adding the Distribute Disk Image task when Building New Jobs. You can create the disk image file using the Creating a Disk Image task.
Note If you deploy a Windows image over a Linux computer or a Linux image over a Windows computer, you must change the path of the Deployment Agent for the Windows log file.
163
This option saves an image of a selected computers hard disk in its current state each time the job executes. You can schedule the job to image a specified computer every time it runs, which updates the image each time. Select the Save the disk image as a file while distributing option to save the newly created image file to a specified disk drive. If you use a reference computer as the image source, you can also choose to save the image as a file for later use. Select the check box to save the image and type in or browse for the location where you want to store the file. 5. Select Prepared using Sysprep to use Sysprep to prepare the system for imaging. Then, click Advanced Sysprep Settings. See Advanced Sysprep Settings for Distributing a Disk Image (page 166). From the Operating System drop-down list, select the operating system. Note Click Add New to go to the Sysprep Settings dialog and select the OS Information. 7. 8. From the Product Key drop-down list, select the product key. Click Automatically perform configuration tasks after completing this imaging task to restart the computer and push the configuration settings to the imaged computer. (Optional) Click Advanced to resize partitions and set additional options. See Distribute Disk Image-Resizing (page 166). Click OK.
6.
9.
10. From the Automation pre-boot environment drop-down list, select the required pre-boot environment to perform the Distribute Disk Image task. The option reported by the PXE Manager is the default pre-boot environment option. 11. If you are using the New Job Wizard, click OK. Otherwise, click Next. 12. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 13. Click Finish. See also Deployment Tasks (page 156).
164
5. 6. 7.
Click Next. The Return Codes dialog appears. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Mac image is deployed.
Note The Image is stored locally on the client and the Sysprep settings options are disabled when you select a Mac image. The Select a computer on the network feature is not supported when using Mac Imaging. The Automation pre-boot Environment for Mac Image is Default Automation when deploying Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help.
8.
10. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 11. Click Finish. The Ghost image is deployed.
165
166
Text Mode[RDeployT]. Click this option to choose the imaging executable as RDeployT. Text Mode or RDeployT is the default choice. Automation Partition:
Leave the client's existing BW partition as it is. If the image file contains no automation
partition information, by default, this option is selected. The automation partition remains unchanged when distributing disk images.
Delete the client's Automation partition [-nobw]. Select this option to delete the existing Automation partition from client computers. Replace the client's existing BW partition from image file [-forcebw]. Select this option to replace
the existing automation partition on the client computer with the automation partition from the image file. OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition information, by default, this option is selected. The OEM partion remains unchanged when distributing disk images. Delete the client's OEM partition [-nooem]. Select this option to delete the existing OEM
Note The checkdisk command-line option should not be used from a Deployment console. The post-configuration task fails after an image restore. See also Deployment Tasks (page 156).
Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment Server\RDeploy\DOS directory to the device. 5. Copy the <Filename>.img file to the device.
167
6.
Create an Autoexec.bat with the script and command-line option, rdeployt -md -
fc:\IMAGE.img -d2
Note The -d2 switch is the most important part of the script, as it specifies the flash drive. 7. Create a Config.sys with the following:
DEVICE=C:\HIMEM.SYS switches = /f DOS=HIGH,UMB SHELL=command.com /p /E:1024 BUFFERS=20 FILES=20 STACKS=0,0 FCBS=1,0 LASTDRIVE=Z
8. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and images correctly.
Scripted OS Install
The Scripted OS Install task performs remote, automated, and unattended operating system installations over the network using answer files to input configuration and installation-specific values. Scripted installs let you deploy server and client computers across the network from installation files and perform post-installation configuration tasks. You can run scripted installs for Windows or Linux computers. Note Scripted Install requires either an automation boot disk or an Altiris PXE Server. Using embedded automations causes the selected image (DOS, Linux, Windows PE) to load and halt. It does not let the scripted install to run. When running a Scripted OS Install task, you can identify the type of operating system to install for supported languages, run the scripted install, and update with service pack installations. This task provides easy-to-use features to create an answer file for each scripted installation. Scripted installs are flexible in performing post-configuring tasks, but much slower and bandwidth intensive. Complete network and Web server installation and configuration tasks profit most from scripted installs. Windows. Use complete unattended install features to copy Windows operating system source files quickly to the Deployment Share and easily create an answer file. Configured operating system install sets can be reused to build and run scripted install jobs as needed. See Scripted Install for Windows on page 169. Linux. Run scripted install jobs to remotely install different versions of Linux. You can customize sample scripted install jobs installed with the Deployment Server system and
168
create a kickstart answer file to remotely run a scripted install. See Scripted Install for Linux (page 174).
4. 5.
169
8. 9.
Import an answer file to the Deployment Database. See Import an Answer File (page 172). Click Next. Create the Answer file. See Answer File Setup (page 172). Click Next.
10. Set command-line options for cmdlines.txt files and for the WINNT installation program. See Command-line Switches for Scripted Install (page 173). Click Next. 11. View and modify the Deployment Agent for Windows configuration file from the dialog. See Deployment Agent Settings for Scripted Install (page 173). Click Next. 12. View the summary of the selected options. See Scripted Install Summary (page 174). Click Next. 13. Set up return codes for the Scripted Install task. See Setting Up Return Codes (page 193). Click Finish. See also Scripted OS Install (page 168).
170
171
selected by default. You can create your own MS DOS image from your Windows 98 CD and build a job. Advanced. Select advanced options to set the size of the partitions, or to remove hidden partitions and add command-line options. See Create Disk Image Advanced (page 162) and Distribute Disk Image-Resizing (page 166). Continue without distributing DOS image. Click this option to not install a DOS image from Deployment Server. Skip this step if you are installing DOS using custom procedures for your environment. See also Scripted Install for Windows (page 169).
172
Enter a name for the value or section. If you add a value, this name appears in the list and entered in the cell if selected. If you are adding a section, this name appears in the new tab in the Answer File setup dialog. Enter a value to be displayed instead of the real value. Enter an alias that appears in the cell or on the tab. See the Microsoft Windows Unattended Setup Guide for your specific operating system values for an unattended setup file. See also Scripted Install for Windows (page 169).
173
5.
7.
174
and locate the answer files. You can also modify and run Sample deployment jobs to remotely run a scripted install on Linux servers and workstations. Directory. Browse to or enter the path and name of the Linux answer file (Kickstart file). Command-line. Enter the command-line options. Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Select the required pre-boot environment from the Default Automation drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOSManaged Boot Option type is selected. See also Scripted OS Install (page 168) and Scripted Install for Windows (page 169).
Distributing Software
Send .MSI Packages, .CAB, .EXE, and other package files to selected computers or computer groups, including EBS, and .RPM files for Linux computers. This task identifies valid Altiris packages and assigns passwords and command-line options.
Distribute software packages to managed computers using the New Job Wizard or adding the Distribute Software task when Building New Jobs.
1.
Enter the name and location of the package to distribute in the Name field. Note Information about the package appears in the Description area for valid packages. If no description appears, the file is not a .RIP or a Personality Package.
2. 3. 4.
For .RIPs, if you set the password option when you created the .RIP, you must enter the password for the package to run. Select Run in quiet mode to install the package without requiring user interaction. Specify the users to associate with the .RIP or the Personality Package. Click Apply to all users to run the package for all users with accounts on the computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: to install a .RIP for a specific user accounts on a computer add values to the Additional command-line switches field:
-cu:JDoe;TMaya;Domain\BLee
175
Note The command-line switches are specific to any package you are distributing that supports command-line options, such as .MSI and Personality Packages. For a complete list of command-line options, see the Wise MSI Product Guide and the Altiris PC Transplant Pro Product Guide. 5. If distributing an install package or other types of packages with associated support files, you can click Copy all directory files to install all peer files in the directory. Click Copy subdirectories to distribute peer files in the directory and all files in associated subdirectories. Note Some clients may have software installed on the client computer that, for protection against harmful software, only lets software programs on a list of "well-known" executables to run. Therefore, whenever the system administrator wanted to install a patch on client computers, he or she would have to update the well-knownexecutable list on all the client computers, which could be a lot of work. To save the work of updating that list, or of manually renaming distribution packages, the "RenameDistPkg" feature was added. Now, the system administrator may update the well-known-executable list once with a filename of their choosing. The well-known filename may be entered into the Windows registry of the Deployment Server computer (the computer running axengine.exe), as the "Value data" of a string value named "RenameDistPkg" under the "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options" key. If the RenameDistPkg registry entry is set, Deployment Server renames the installation files that are copied to the client computers. This feature only affects files that are temporarily copied to the client computer as part of a "Distribute Software" task. The file that is to be executed only during the installation, sometimes referred to as the "package", is the file that gets renamed, not the files that actually get installed to various locations on the target computer. If the Copy all directory files option is enabled task, only the main (installable) file is renamed. 6. Click Advanced to specify how files are distributed to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Software Advanced (page 177). Click Next. Provide additional command-line options for distributing software. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.
7. 8. 9.
Notes When a .RIP or Personality Package is executed through Deployment Server, the quiet mode command-line option is applied. This means the user cannot interact with the user interface on the managed computer.
176
If the Personality Package is configured to run only if a particular user is logged in and only if the user has an account on the managed computer, the package runs the next time that user logs in. If the user does not have an account, the package aborts and sends an error back to the console through the Deployment Agent. If the package is not run through Deployment Server, a message appears on the managed computer and the user is prompted to abort or continue.
Manage the SVS Layer using the New Job Wizard or adding the Manage SVS Layer task when Building New Jobs.
177
1. 2.
After creating a job, click Add > Manage SVS Layer. Enter the .VSA file name in the Layer name drop-down list, or browse and select a .VSA file. You can also enter a .VSA file path in the Layer name drop-down list. The Console checks if the path entered is correct. If it finds that the file path is correct and it is a valid .VSA file, it replaces the path name with the layer name in the .VSA file. Note The console displays a list of the previously selected layers in the Layer name drop-down list. This makes it easier for you to select a layer from the list, instead of browsing or typing the .VSA file name again.
3.
Select Import Package to import the selected layer and apply the actions present in the Action drop-down list. The actions are:
Action Name
(none) Activate Activate on startup Activate and Activate on startup
Description
Only import package. Import package and immediately activate it. Import package and activate it on startup. Import package, and immediately activate it and activate it whenever the computer starts up.
4. 5.
Click Advanced to copy files using the Deployment Server or copy files directly from the file source. SeeImport Package Advanced (page 179). Select Manage Layer to manage the selected layer using actions present in the Action drop-down list. The actions are:
Action Name
Activate Activate on startup Activate and Activate on startup Deactivate Deactivate on startup Deactivate and Deactivate on startup Delete Reset
Description
Activate layer. Activate layer on startup. Activate layer and activate it whenever the computer starts up.
Deactivate layer. Deactivate layer on startup. Deactivate layer and deactivate it on startup.
178
Action Name
Reset and Activate Reset and Deactivate 6. 7.
Description
Reset and activate layer. Reset and deactivate layer.
Select User defined action to enter a command line. Set Return Codes. See Setting Up Return Codes (page 193). This is optional.
Note SVS clients have an automatic 120-day license. To purchase a permanent license, please visit the Altiris Sales Web site (www.altiris.com/sales.aspx).
Capture personality settings using the New Job Wizard or adding the Capturing Personality task when Building New Jobs. See Distributing Personality Settings to migrate settings to another user.
1. 2.
After creating a job, click Add > Capture Personality. Enter the name of a personality template, or browse and select a template. A default personality template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). Enter the name of the folder where you want to store the package. The personality template lets you define the settings, files, and options to be captured during run time. Click Template Builder to open a wizard to build a custom template.
179
3.
In User account and folder login, enter the login credentials for the managed computer from which the personality settings are captured, and the file server where the Personality Package is stored. In Package login, enter a password for the Personality Package. This is a run time password that is required when the Personality Package runs on the destination computer. Click Advanced to specify additional features. Set the Advanced options and click OK. Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish. You have now captured a personality setting and saved it as a PCT file in the selected location (most often in the PCT folder on the Deployment Server shared directory on the Deployment Share). The Capture Personality task appears in the Task list. See Distributing Personality Settings (page 180). Notes To capture a personality on a Windows 98 computer, ensure that all users have Write access to the Deployment Server share (by default at C: Program Files\Altiris\eXpress\Deployment Server in a Simple install). Also, ensure that the User account and folder login fields are blank. A user must also be logged on at the client computer to capture the client profiles. An error is returned if you attempt to capture personality settings on Windows 9x computers that are not authenticated. We recommend that you don't capture personalities for mixed groups of Windows 98 and Windows 2000/XP/2003 computers. Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers to ensure that the appropriate Capture Personality task runs on the appropriate computers.
4.
5. 6. 7. 8.
180
Distribute personality settings using the New Job Wizard or adding the Distribute Personality task when Building New Jobs. See Capturing Personality Settings to create a Personality Package.
1.
In the Name field, enter the file name and location of the PCT file. Note The information about the Personality Package appears in the Description area for valid Personality Packages (PCT files). If no description appears, the file is not a valid package. If you use a token, such as %COMPNAME% in this field, and you proceed with the job, when you apply the job to a Windows XP computer, the user must enter input before the job completes. Altiris recommends you enter a valid Personality Package name and use the Additional command-line switches fields for token values. See the Altiris PC Transplant Reference Guide for a complete list of valid commandline options.
2. 3. 4.
In the Password field, type the password set for the PCT file when created. Select Run in quiet mode to install the package without displaying the PC Transplant screens. Specify the users to associate with the Personality Package. Click Apply to all users to run the package for all users with accounts on the specified computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: to install a Personality Packages for a specific user accounts on a computer, add values to the Additional command-line switches field:
6. 7.
181
For more information about capturing a computer's personality settings, see the Altiris PC Transplant Help. See also Distributing Software (page 175) and Modifying Tasks in a Deployment Job (page 189).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the Modify Configuration dialog. The Deployment Agent updates the property settings and restarts the computer for changes to take effect. 1. 2. After creating a job, double-click the job, and click Add > Modify Configuration. Select the Reboot after Configuration check box to restart client computer after the configuration changes are complete. By default, the check box for Reboot after Configuration is selected. Enter or edit the property settings in the Configuration dialog. Click the category icons in the left pane to set additional values for each property setting group. See Computer Configuration Properties (page 103). Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.
3.
4. 5. 6.
182
Copy registry files of selected computers using the Back up Registry task and save the registry file settings to a selected directory. You can also create a Restore Registry task to copy the registry settings to a managed computer.
Copy registry settings by adding the Back up Registry task when Building New Jobs. Restore registry settings by adding the Restore Registry task.
1. 2.
Enter the directory path to back up or restore registry files. Select the required pre-boot environment from the Automation - PXE or Bootworks environment (DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in the selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. Select the required pre-boot environment from the Automation - PXE or lets you environments (DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOSManaged Boot Option type is selected. Click Advanced if Windows was installed on client computers in a directory other than the default. Enter the correct path to the root of the Windows directory. Select Include registry information for all users to back up registry keys for all user accounts. Note If you clear this check box, only the Administrator and Guest user accounts are backed up or restored.
3.
4.
5. 6. 7.
Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that the Deployment database is up-to-date with the latest computer properties information. You can view the history of the Get Inventory task in the Computers History pane. See Viewing a Computers History (page 129). Click Add, and select Get Inventory from the list.
Run Script
Select an existing script or write a new script file to run on selected managed client computers.
183
Run script files on client computers by adding the New Script task when Building New Jobs. See Script Information to identify how the script appears, script security, and an option for server-side execution of the script.
1.
If you have a script file defined, click Run the script from file and browse from the folder icon to select the file. To read or edit the script file, click Modify. Note To run scripts that call an executable, use the start command. Example: start C:\windows\notepad.exe opens the Notepad application on the client computer.
2.
To create a new script, click Run this script. Type the script in the provided text box, or click Import and select a script file to import. When a script is imported you can modify it in the text box. Specify whether the script should be run from DOS, Windows, or Linux. Click Next. Set Script Information. See Script Information (page 184). Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.
3. 4. 5. 6. 7. 8.
Notes When a computer is in an automation mode using a DOS configuration, it does not see DOS partitions. To run a script using the DOS Automation Agent, use FIRM (Filesystem Independent Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive. Deployment Server assumes a return code of zero (0) as a successful script execution. Some programs return a code of one (1) to denote a successful script execution. If a program returns a one (1), you see an error message at the Deployment console even though the script ran correctly. To modify the return codes, you can edit the script file to return a code that the console interprets correctly. See also Modifying Tasks in a Deployment Job (page 189).
Script Information
Click an option to run the script on a selected managed computer or to run the script on the Deployment Server computer. Script Run Location On the client computer. The option runs the script on the managed computer to which you assign the job. Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of the managed computer. In most cases you can create a serverside script task that runs in context with other tasks. Example: you can add a task to
184
image a computer and add a task to execute a server-side script to post the imaging return codes to a log file stored on the Deployment Server computer. Use the -id option for running scripts on Deployment Server when using the WLogEvent and LogEvent utilities. See Using LogEvent and WLogEvent in Scripts (page 186). Note Scripts requiring user intervention do not execute using this feature. The script runs on the Deployment Server of the managed computer, but is not visible. Example: if you run a DOS command locally on the Deployment Server, the Command Prompt window does not open on the Deployment Server computer when the script executes. When running the script on the Deployment Server, it executes specifically for the assigned managed computer. Example: if you create a job with a script to run locally on the Deployment Server and assign the job to 500 computers, the script runs on the Deployment Server 500 times. Client Run Environment Select the environment for your client. You can run in either production or automation mode. Production - Client-installed OS (Windows/Linux) This is the type of Security Context. This identifies the security options for running scripts. Default (local system account). Use the network security account established to administrate all managed computers. Specific user. If you have selected to run the task on the local Deployment Server, you are required to enter an administrator user name and password for that Deployment Server account. (In most cases Deployment Server does not have the Deployment Agent installed, prohibiting it from using a network security account.) Script Window. Select how you want the script window to appear: minimized, normal, maximized, or hidden. Script Options - (Windows/Linux) Additional command-line switches. Enter in commands to execute when the script runs in Windows or Linux. Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the automation environment. Select a pre-boot automation environment from the drop-down list. If you select Linux as the operating system type, the Locally on the Deployment Server option is disabled and only the Additional command-line switches under the Production Client installed OS (Windows/Linux) is enabled. If you select DOS as the operating system type, the Locally on the Deployment Server option and the Production - Client-installed OS (Windows/Linux) option is disabled. Example Script The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful completion. Here is an example of the file that is modified to return a code of 0 (which is the success code recognized by the Altiris Console and utilities). You can make similar changes to your script files as needed. CONVERT /FS:NTFS
185
if ERRORLEVEL 1 goto success goto failure :success set ERRORLEVEL = 0 goto end :failure echo Failed set ERRORLEVEL = 1 goto end :end
186
Example Scripts REM Bootwork unload Set ImageName=F:\Images\XPIntel.img rdeploy -mu -f%ImageName% -p1 logevent -l:1 -ss:Created %ImageName.
REM Execute WLogEvent.exe from CMD script REM This script requires WLogevent.exe to reside on the client REM in the temp directory .\WLogevent.exe -c:0 -l:1 -ss:Running Dir on %NAME%" dir .\WLogevent.exe -c:0 -l:1 -ss:Finished with the DIR command on %NAME%"
Copy File to
Copy all types of files to managed computers. You can send selected files or directories to a computer or computer group.
Send files to client computers by adding the Copy File to task when Building New Jobs. Use the Copy File to operation (see the Remote Operations Using Deployment Solution menu) to copy files quickly from Computers pane in the console.
1. 2.
Click either the Copy File or Copy Directory option. Click Copy Subdirectories to copy all subdirectories. Enter the directory path and name of the file or directory. The Source path defaults to the Deployment Share, but you can type or browse to a file or directory. To copy files or directories through Deployment Server from the Deployment Share, you can enter a relative path in this field. To copy files or directories directly from the Deployment Share to the managed computer, you must enter the full UNC path name. See Copy File to Advanced (page 188). Note When entering the source path for copying files through the Deployment Server, you can only access the shared directories through an established user account. Specifically, you can only use UNC paths when you have sufficient authentication rights established.
3.
Select the Allow to run in automation check box to run this task in automation mode.
187
Note This option is only applicable for Linux and WinPE automation. 4. Type the destination path. The Destination path field automatically enters a sample path, but you can enter the directory path you require. If the destination path does not exist on the destination computer it is created. Click Advanced to specify additional features to copy files through Deployment Server or directly from a file server. See Copy File to Advanced (page 188). Click Next. Set Return Codes. See Setting Up Return Codes (page 193) (Optional). Click Finish.
5. 6. 7. 8.
188
Power Control
Start the computer using Wake on LAN or run standard power control options to restart the computer, shut down, or log off the current user.
Wake up, shut down or log off client computers by adding the Power Control task when Building New Jobs. See the Power Control operation to send commands quickly from the console.
1. 2. 3. 4. 5. 6. 7.
Create a job. Click Add > Power Control. Select an option: Restart, Shut down (if available), Log off or Wake up (Send Wake-On-LAN). Select Force application to close without message, if applicable. Click Next. Set Return Codes. See Setting Up Return Codes (page 193) (Optional). Click Finish.
Wait
Use the Wait task to boot a computer in the automation mode and wait for user interaction. 1. 2. Create a job. Click Add > Wait. The Wait Information dialog appears. 3. 4. 5. 6. From the Select automation pre-boot environment (DOS/Windows PE/Linux), select the appropriate pre-boot environment. Click Next. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.
189
2. 3. 4. 5.
Click Add and select another task from the menu. Follow the basic instructions on each dialog provided for each task. Select the type of task you want to add and follow the directions. After finishing task configuration, a new task appears in the Jobs list. Change the order of the tasks using the up and down arrows. The tasks execute in the order listed.
3. 4. 5.
3. 4. 5.
190
191
6. 7.
Drag the Batch.bat file to a computer or computer group where you want to schedule the job. Specify the scheduling options, and click OK. See Scheduling Jobs (page 155).
To import jobs
1. Right-click in the Job pane, and select Import or Click File > Import/Export > Import Jobs. 2. 3. 4. 5. Browse to or type the path and name of an existing import file (a .BIN file). Select Import to Job Folder to import the jobs to an existing folder in the Jobs pane. If you have a folder already selected, it appears in the edit field. Select Overwrite existing Jobs and Folders with the same name to replace identical jobs and folders. Select Delete existing jobs in folder to overwrite and replace all jobs in the selected Jobs folder. Click OK to import the job(s).
To export jobs
1. Right-click the job or Jobs folder you want to export and select Export. or Click File > Import/Export > Export Jobs. 2. 3. 4. Select the destination folder and enter a file name. Click Export subfolders to export all folders subordinate to the selected job folder. Click OK.
192
193
Master Return Codes. This is a list of all the return codes existing in the Deployment database. You can add, modify, and delete the codes and their values so that setting codes for other tasks is easier. Add. This lets you add a new custom return code for the task. You can also add the return code to the Master Return Codes list. Modify. This lets you modify the return codes listed in the Other return codes area. The changes you make do not update the Master Return Codes list. Delete. This lets you delete return codes listed in the Other return codes area, but not from the Master Return Codes list.
Note The OK and Cancel options apply to the return codes selected. If no return codes are selected, or none exist in the list, OK is disabled. Click OK on the Master Return Codes List dialog to add the selected return codes to the current job.
194
return code (a non-zero) in the Default box, and how to respond to a custom or externally generated return code defined in the Other return codes box. The example below describes how to set up a simple process to deal with custom and system return codes, and how to interpret the status of user defined return codes: 1. 2. 3. 4. 5. In the Success list box, keep the default value Continue. This lets the job continue running additional tasks in the job after successfully completing this task. Click Add to add custom return codes. The Add Return Code dialog appears. In the Code field, enter a value of 10 (ten). Click the Response drop-down arrow and select Continue from the list. Click the Result drop-down arrow and select Success from the list. Even if the return code was not zero, which is success by default, the task is considered a success as per the users choice. Enter a description for the return code in the Status field. This is the message that appears when the task within a selected job, executes. Select the Add to Master return code list check box to add the custom code to the master return code list. The code is listed in both, the Other return code and Master Return Codes list. This is helpful if you want to use the return code again. Click OK. The return code is added to the list of Other Return Codes. If the code you added already exists, a message dialog displays the return code and asks if you want to replace it. Click Yes to replace the return code, and click No to return to the Add Return Code dialog.
6. 7.
8. 9.
10. Select Select a job from the Default box to select a job to be executed when a default condition is reached. The Select a Job dialog opens, letting you select an existing job that runs if the task returns a failed system return code (non-zero) or a return code not defined as a custom return code. Note The status of the tasks executed in a job also appears in the history of a computer.
195
Note When upgrading versions of Deployment Solution, we recommend that you copy and rename modified sample jobs to avoid overwriting by new sample jobs.
Initial Deployment
Initial Deployment is a default job designed to help in the process of setting up computers that do not exist in the Deployment Database. Initial Deployment lets you define how computers are initially set up after being identified by the Deployment Server. You can define various computer configuration sets and deployment jobs for the user during startup, letting the user select the computer settings and hard disk images, software, and personality settings for their specific needs and environment. New computers appear in the New Computers group in the Computers pane of the Deployment Console.
To access Initial Deployment, double-click Initial Deployment from the Jobs pane or right-click Initial Deployment and click Properties. The Properties of Initial Deployment dialog appears.
Notes Initial Deployment is ideal for small-scale deployments, from 1 to 10 computers. We do not recommend this feature for large deployments -- from 10 to 100 computers - or mass deployments -- from 100 to 5000 computers. We also do not recommend this feature where you use virtual computers, customized jobs, and the computer import feature. Although Initial Deployment is commonly used on computers that support PXE, you can also configure a boot disk to run Initial Deployment. In this case, the image you deploy must include automation pre-boot environment so that post imaging tasks can run successfully. Installing an Automation Partition on the client computers hard disk ensures that future imaging deployment jobs run successfully. Note To completely deploy and configure a computer using Initial Deployment, you must define at least one Configuration and one Job. Initial Deployment consists of a dialog with three tabs with separate features to deploy new computers: Configurations Jobs Advanced
Configurations
Click the Configurations tab on the Initial Deployment dialog to configure different sets of computer properties. Each configuration set is presented to the user as a menu. The
196
user can select the configuration set designed for their environment. Compare the Configuration tab with the Jobs tab. Note If you do not create any configuration sets, the deployment process automatically sets TCP/IP information to use DHCP and names the computer to match the computers asset tag, serial number or MAC address -- in that order, depending on what is available. 1. 2. 3. 4. Double-click Initial Deployment in the Jobs pane drop-down list. The Properties of Initial Deployment dialog appears. Click the Configurations tab. Click Add. Enter values to set computer and network properties for new computers. See Modifying Configuration (page 182) for a list of property categories. Click Add again to configure another set of property settings. You can add multiple configuration sets for the user to select from a menu after connecting to Deployment Server. After setting the properties, click Apply. Click the Default Menu choice drop-down list and choose a configuration set as the default configuration. Click the Timeout after ___ seconds and proceed check box to specify that the default job runs automatically after a specified time. Click OK, or click the Jobs tab to define a task.
5. 6. 7. 8.
Advanced Configuration
Click Advanced on the Configurations tab to open the Advanced Configuration dialog. This dialog lets you set advanced configuration settings for client computers and provides different options for processing jobs for client computers. Select Process this job as each client becomes active. This job is processed only when clients become active. Select Process this job in batch mode. This job is processed for a batch of clients after specifying Minimum clients and the Timeout in minutes. Select Hold all clients until this time. You can specify the Start time for this job, which runs for all clients at the specified time. Click OK.
Jobs
Click the Jobs tab on the Initial Deployment dialog to add existing jobs or create new jobs to run on the new computer. The jobs you add or build using this dialog are listed in a menu and presented to the user during startup. The user can select the deployment jobs to image the computer and install applications and personality settings. Compare the Jobs tab with the Configurations tab. The conditions on jobs are limited to the data that can be accessed at the DOS level (Example: serial number, manufacturing number, NIC information, manufacturing name). 1. Double-click Initial Deployment in the Jobs pane drop-down list. The Initial Deployment dialog appears.
197
2. 3. 4. 5. 6.
Click the Jobs tab. Click New to build a new job. See Building New Jobs (page 152). Click Add Existing to add an existing job. Click the Default menu choice drop-down list to select the job as a default. Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the computer automatically starts the default job. The default setting is 60 seconds. Click OK, or click the Advanced tab to stop servers or workstations from running configuration task sets and jobs automatically.
7.
Advanced
Click the Advanced tab to set options to stop Initial Deployment from running the default configuration task sets and jobs automatically. This avoids accidental re-imaging or overwriting of data and applications for either workstations, such as desktop, laptop, handheld computers, or servers, such as Web and network servers identified by Deployment Server. When a computer not yet identified by the Deployment Database is first detected, it is placed in the New Computers group and run an Initial Deployment configuration set and job. However, in many cases you do not want Web or network servers to be automatically re-imaged without confirmation from IT personnel. Select Servers. Stops servers from automatically running Initial Deployment configuration jobs. Servers are identified as the managed computers running multiple processors or identified as a specific server model from specific manufacturers. Example: both an HP Proliant and a Dell computer with multiple processors are identified as servers. Identifying a computer as a server by the operating system cannot be accomplished for new computers until the server operating system has been installed. Select Workstations/Clients to force desktop, laptop, and handheld computers to stop before automatically running Initial Deployment.
198
Part IV
Best Practices
This section provides details on many of the management tasks available in Altiris Deployment Solution software.
199
Chapter 12
Account
Service
Description
The main account used to run the Deployment services, manage the database, and mange the Deployment Share.
200
Account
Domain Join Deployment Share Read/Write
Description
Used to join computers to a domain during configuration. Provides access to the Deployment Share in the automation environment.
These accounts should not be part of any group, and should not posses interactive login privileges. The following sections outline each Deployment Server account: Service Account (page 201) Domain Join Accounts (page 202) Deployment Share Read/Write Account (page 202)
Service Account
This account executes the Deployment Server software and manages the Deployment Database. This is the account provided when you install Deployment Solution:
If your Deployment Database, Server, and Share are on the same computer, create a local account or optionally use the local system account. If your Deployment Database or Share is on a different computer than your Deployment Server, create a domain-level account, or create local accounts with the same credentials on each computer hosting a Deployment Solution component. This account requires the following rights:
Rights
Services
Description
This account executes the following services: Altiris Deployment Server Console Manager Altiris Deployment Server Data Manager Altiris Deployment Server DB Management Altiris eXpress Server Altiris PXE Manager If this account is provided during installation, these services are already configured with the proper credentials. If not, this can be changed using the Services applet.
201
Rights
File System
Description
This account requires full control of your Deployment Share, and does not require administrative privileges on the computer hosting your Deployment Share. This account requires the db_owner role on your Deployment Database. See Part 3: Database Security (page 205) for more information.
Database
Rights
Domain
Description
Grant privileges to add computer to domain.
After these accounts are created in Active Directory, complete the following procedure to add them using the Deployment Console.
202
efficient to access the Deployment Share directly rather than accessing it through the Deployment Server. Grant the rights recommended in the following table:
Rights
File System
Description
Grant read/write privileges to your Deployment Share.
This account is provided when creating boot configuration using Boot Disk Creator:
203
One major advantage of the Deployment Solution security model is that administrators do not need to be granted explicit rights on any managed computers. All access is filtered through the integrated role-and-scope based security in the Deployment Console. Example: if you grant an administrator rights to install software on a managed computer in the Deployment Console, it does not allow him to log in to that computer and install software. All actions must go through the Deployment Console. Implementing a strong policy to manage the access granted to your Deployment administrators protects managed computers from unauthorized access.
To enable security
You must add at least one user or group to enable security. 1. 2. In the Deployment Console, click Tools > Security. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly. Security is automatically enabled after a user or group is added.
3.
Manage By Exception
The Deployment Solution role and scope-based security model uses the concept of managing by exception. To manage permissions, you make an assignment at a container level that applies to most of the members of the container and you manually add exceptions where needed. We recommend planning administrator, computer, and job groups so that all permission assignments can be made at the group level.
Permissions
204
Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find and uses the same. If a console user does not have permissions to run all tasks the job contains, the user is not allowed to run the job.
Example
Your domain or central Deployment administrator creates a new domain-level account with no interactive login, file system ownership of a single folder (Deployment Share), and ownership of the Deployment Database. The password is provided to run the Deployment Solution services and is stored securely. No additional Deployment administrators need this password, and an intruder would need to compromise a higher level administrator account in order to access these credentials.
205
3. 4.
Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. Click the Server Roles tab, and enable System Administrators:
5.
206
3. 4.
Double-click the account you are using to run the Deployment services. If the login is not listed, add it. Click the Database Access tab, select the eXpress database, and enable the db_owner role:
5.
207
This prevents you from manually granting this access to individual administrators as they are added or removed from Deployment management responsibilities. 1. 2. 3. 4. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins. Add each user or group that will manage computers using Deployment Solution. For each user or group, on the Database Access tab, grant the public role for the eXpress database:
Key Authentication
Key authentication is enabled on the Server Connection agent configuration page. After you enable this option, you are prompted to provide the server.key file containing the server public key for your trusted Deployment Server. This key is located on your Deployment Share. After enabling this option the Agent connects only to the trusted Deployment Server.
208
209
210
To lock the keyboard, enable the lock option when creating boot configurations in Boot Disk Creator:
\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights.
211
4.
Click Update.
HKLM\Software\Altiris\Altiris eXpress\Options\Security\ServerSecurity
This security key should be backed up to a secure location in case this Deployment Server needs to be re-installed. If you re-install without this key, each agent using key authentication needs to be updated to use the newly generated server.key file. The public key is located on your Deployment Share and should be backed up as well.
212
Chapter 13
213
Chapter 14
File Systems
Hard disks are imaged differently depending on the file system that is used. The source disk or partition is not changed. FAT, NTFS, EXT2, and EXT3. Imaging is file-based. RapiDeploy copies real data file by file, resulting in a clean, defragmented image that can be resized and restored to a disk of a different size. Other File Formats. For other file systems, the disk is read sector by sector regardless of which sectors are in use. The image mirrors the contents of the disk. These formats are not resizable.
214
Partitions
When you create an image, you can image a partition, a group of partitions, or an entire hard disk. Any partition on a hard disk can be imaged. When a computer receives an image, you can select which partitions to download. The default setting is to restore all partitions, which would overwrite any existing partitions. To keep an existing partition, you can specify which partitions to download and which to ignore. You can also use command-line switches to keep existing partitions. Partition slots on the target computer will be, by default, the same as the image source PC. A partition occupying slot 3 in the image file will be by default in slot 3 on the target computer. By default, the following partition types will not be overwritten: Automation partitions OEM system partitions The default behavior can be overridden.
Partition Size
When you are restoring an image to a computer, the destination hard disk may be a different size than the disk imaged. If there are multiple partitions, the partition size percentage of the Client PCs will, by default, be the same as the image source. Example: If you image a 100 GB hard disk where 40% (40 GB) of the disk is a Windows XP partition and 60% (60 GB) is a data partition, a Client PC with a 200 Gigabyte disk will use the same percentages. The size of the Windows XP partition will be 80 GB and the data partition will be 120 GB. RapiDeploy also offers a partition resize feature that allows you to manually resize the partitions to a size you specify.
Spanning Media
The maximum size for a single image file is 2 GB. Images which exceed this amount are automatically split into multiple files. Example: If you named your image file basepc.img, and the image is split into four files, the following files are created: basepc.img basepc.002 basepc.003 basepc.004 You can set the split image file size to be between 1-2040 MB.
215
Multicasting
How Multicasting Works
The Master PC manages the multicast session. The multicast transmission is synchronized by the Master PC, so it will only go as fast as the slowest computer in the group. If a single computer fails, it will drop out of the session and the session will continue. The Master PC can multicast images to Client PCs in the following three ways: While the Master PC downloads an image from a file server and manages the simultaneous imaging of the Client PCs While the Master PC creates an image on a file server and manages the simultaneous imaging of the Client PCs While using its own hard disk as the source and sending the contents to Client PCs
HTTP Imaging
When capturing or deploying an image, you have the option of providing a URL as the path to an image file. This is non-typical interaction, and requires some configuration on your Web server. Your Web server needs the following: Unlimited keep alives enabled. Upload access if you want to upload images In Apache 2, enable unlimited MaxKeepAliveRequests in your httpd.conf file. You also need to obtain and install mod_put module to enable image uploading. In IIS, consult your documentation for information on enabling keep alives and uploads. Basic authentication is supported, Windows digest authentication is not supported. You might also need to specify a file type of application/octet-stream for your images to prevent errors.
Capturing Images
See Creating a Disk Image on page 158.
Deploying Images
Distributing a Disk Image on page 163.
Post-Imaging Configuration
Because images contain a generic operating system, you will probably want to set up unique configurations such as operating system license, networking, TCP/IP, and user account settings on each computer that receives an image. This section briefly describes the options that are available in the Post-Imaging Configuration wizard page.
216
Important To use this feature, you must ensure that the Deployment Agent is installed on the computer you will create the image from. After a computer has received an image, the Deployment Agent applies the configurations you set, and reboots the computer so the changes take effect.
Managing Images
You can view and make changes to RapiDeploy image files (*.img) using the Altiris ImageExplorer. For more information, see Altiris ImageExplorer on page 313.
217
Chapter 15
ImageX Imaging
Deployment Solution provides native support for imaging computers using ImageX. Windows Vista and Windows XP are currently supported.
218
Mac Imaging
Deployment Solution supports native imaging of Mac PowerPC and Intel-based computers. Using an OS X Server to provide the boot image, Deployment Solution can capture and deploy images to most Mac computers.
Requirements:
A Mac computer running OS 10.4 to provide the source for the automation image. Instructions for creating this image are contained in Creating an Automation Image (page 219). A separate image is required for PowerPC and Intel-based computers. OS X Server. Instructions for enabling NetBoot to provide the boot image are contained in Configuring NetBoot (page 221). One or more AppleTalk Filing Protocol (AFP) shares to host disk images. Mac PowerPCs. Intel-based Macintosh computers are not currently supported. Use of OS X is subject to the Apple license agreements, see your operating system documentation for information.
Process Overview
The following provides a basic overview of the Mac imaging configuration process: 1. Create an automation image. This image is a standard OS X operating system with the Deployment Agent installed and configured for automation. 2. Enable NetBoot. This is an OS X Server feature that enables network booting similar to PXE Server. 3. Add your automation image as the default NetBoot image. When an imaging job is assigned to a Mac computer, the Mac agent in the production operating system shuts the computer down and instructs it to restart and contact your NetBoot server. When the NetBoot server is contacted, the automation image is loaded, and then the Deployment Agent inside this image starts and contacts your Deployment Server. The computer then receives any automation jobs assigned.
219
1. 2. 3.
Configure a computer with OS 10.3.x. Optionally, you can create an additional volume on an existing computer to store this operating system. Start the operating system you installed in the previous step, and then log in using the Administrator account you created during installation. Change any settings that might require user interaction. For example: Enable automatic login (System Preferences > Accounts). Disable the Sleep option (System Preferences > Energy Saver). Disable software updates (System Preferences > Software Update).
4. 5.
In network options select Using DHCP. Verify Apple Remote Desktop 2.2 is installed by browsing to /System/Library/ CoreServices/RemoteManagement. If this folder is not present, download and install from apple.com/support/downloads/appleremotedesktop22client.html. Install the Altiris Agent. For instructions see Installing The Mac Deployment Agent (page 260). After the installation completes, open /etc/altiris/deployment/agentinstall.conf in a text editor. Change the following:
6. 7.
export OS_TOOLBOX=darwin
To:
export OS_TOOLBOX=automation
8. Re-install the Deployment Agent.
2. 3.
2.
220
3.
Extract and run the program contained in AddCredentialstoKeyChain, providing the username, password, and hostname for each AFP share hosting images.
This computer is ready to be imaged. In Step 4: Image the Source Computer (page 221), we use the imaging utility, hdiutil, to capture and store an image of this computer.
afp:\\server_ip\NetBootSP0
Replacing server_ip with the IP address of your server. 2. From the terminal on the source computer, run the following command to capture and store the disk image:
Configuring NetBoot
NetBoot provides Mac computers with the automation operating system. To configure NetBoot complete the following procedures: Step 1: Configure the NetBoot Image (page 221) Step 2: Start the NetBoot Service (page 222)
221
6. 7. 8. 9.
Leave the default NFS option selected. On the Contents tab, select disk image, then browse to the image file volume you mounted in step 1. Click Create. Provide Automation as the folder name and save it to the /Library/netboot/ NeBootSP0 folder. If that location is unavailable, save the folder to a different location and then copy it to the correct location after the operation completes.
222
Chapter 16
Symantec Ghost is now available for selection in the Create Disk Image and Distribute Disk Image tasks. A configuration file called ImageTools.ini, located in the root of your Deployment Share, contains settings you can change to customize the behavior of Ghost. For example, the default command-line in DOS is:
CreateImageCommandLine=clone,MODE=create,SRC=1,DST=%IMAGE_FILENAME% -sure
This setting and others can be customized by modifying ImageTools.ini.
223
Chapter 17
Software Packaging
Deployment Solution includes the robust Wise Packager for Altiris Deployment Solution. This article presents an overview of the Wise Packager, including a walk-through of the software capture and distribution process. Information for users migrating from RapidInstall to the Wise tools is provided as well.
224
Step
Setting up a Reference Computer (page 225) Capturing a Software Package (page 225) Customizing a Software Package (page 226) Distributing a Software Package (page 226)
Description
This computer hosts the capture process. Using Wise Setup Capture to capture changes to the reference computer. Adding and removing files, registry settings, and other installation options. Getting your package to the right managed computers.
225
vendor-supplied MSIs is not recommended since it could introduce incompatibilities with future updates. Hardware drivers, operating systems and updates should not be captured, due to their complexity and Windows File Protection.
226
A set of guidelines. An Application Programming Interface (API). A runtime service that makes application installation and management part of Windows services. Windows Installer is not a installation authoring tool, but rather an installation engine and rule set. The Windows Installer engine resides on the destination computer as part of the operating system. Instead of an installation executable (such as setup.exe), the Windows Installer executable (msiexec.exe) reads the installation database (.MSI) which contains instructions and installation files. The .MSI uses highly structured, uniform data tables. There is 100% accountability of where each file installs and a thorough log of which files belong to which applications, so individual files are restored to repair damaged applications. Each table contains different installation information such as Class, Components, Features, Files, Execution Sequence, and Registry. Logic built into the Windows Installer engine prompts for a reboot, checks disk space, and follows file-version-replacement rules. When opening an .MSI, msiexec.exe reads the database and builds a transaction list that it follows to complete the installation. If the installation fails, Windows Installer performs a rollback, which returns the computer to its previous state.
227
Description
With self-healing (also called automatic repair and selfrepair), the application repairs missing components. When an application starts, Windows Installer checks a list of key files and registry entries. If it detects any problems, Windows Installer repairs the application using a cached database that contains key paths to application components. Applications appear in the Add/Remove Programs applet and can be installed to the destination computer by the user. When the installation fails, the installation reverts to the previously installed state. This prevents having an incomplete or broken application. Also called install-on-demand, advertised features do not install but appear installed to the user. When the user selects an advertised feature, the installation occurs. Components group resources together so they move as a unit, which gives you more control during installation. Applies rules to installed application files that look at a files version and its shared .DLLs to prevent conflicts between applications. Decides whether to install a file to a directory by looking at a files date, language, version, and the modified date on a non-versioned file. Tracks which applications have installed every file and registry key on the computer on the component level, so the Windows Installer service always knows exactly what is needed for an application to run, and what is no longer used during uninstall. Transforms customize an .MSI to a particular user groups needs. Runs an installation using administrative rights. This invokes the systems security rights, restricts data and commands, and enforces rules when running the installation. Msiexec.exe and the Windows Installer service approve the elevated privileges request. Assigns advertised or installed applications to a users profile so when the user logs in, these applications appear on the destination computer. Lets you choose from a variety of authoring software and allows you to customize previously created installations. Windows Installer makes installations easier to install, maintain, and support.
Publishing
Rollback
Advertisement
Componentization Standardization
Version Rules
Reference Counting
Assignment
228
Description
Provides sources for the MSI to repair from and enable advertising. Multiple possible locations for the MSI package are listed, ensuring access even between different networks. Sets privileges to control the user and application rights, and provides a more secure environment. Defines a users privileges. Lets you set policies on a per-computer basis, which lets you run an entire installation in elevated privileges and define only those rights users have while an installation runs.
229
Registry keys that define an environment variable are converted to an environment variable in the repackaged installation.
230
Chapter 18
Deploying Scripts
Altiris Deployment Solution provides a number of pre-defined tasks you can combine to create complex management jobs. When you need to perform a management task that isnt covered effectively by the predefined tasks, DS provides an environment to pre-process, deliver, and execute VBScripts, batch files, and shell scrips. These scripts have access to the full processing capability of the operating system command processor, as well as several additional features provided by Deployment Server: Access to your eXpress share and any other network resources available in the production or automation environment. Intelligent access to values stored in your DS database. DS retrieves values based on the computer currently running the script, so a single script can provide unique values for 1000s of computers. Firm, logevent, and other Altiris tools. The following diagram illustrates how scripts are processed by DS. Each step of this process is discussed in greater detail in this section:
When creating a script, you target it for the automation or production environment, and specify the operating system for the script. When a scripting task runs, the server preprocesses the script for database tokens, delivers and executes the script, returns any error messages generated by the script.
231
Using the flexibility of tokens and the processing power of the command processor of your OS, you can develop and deploy scripts ranging from a simple file search to a full system customization. This chapter discusses how to effectively create and deploy scripts in your DS environment.
Writing a Script
Scripts can be deployed to the DOS, WinPE, and Linux automation environment, or to the Windows or Linux production environment. Unlike other tasks, the scripts you write vary greatly depending on the target environment and OS. The core of each script you write uses the functionality provided by the command processor of your OS. There are utilities and commands for each environment to perform a broad range of management tasks. One of the biggest advantages to deploying scripts using DS is that a script is processed independently for each computer. Database values specific to each computer can be retrieved using the same token in your script, saving you from polling the computer and executing a database query before you can perform a task. The same %COMPNAME% token can provide a unique value for each computer that runs this script. When a script is processed, DS first parses each script for two things: tokens, and predefined server scripting commands. Tokens are replaced, additional action might be taken based on the commands found before the script is delivered to the target. The predefined server scripting commands are keywords defined for replacing tokens in other files, running vbscripts, performing scripted installs, unloading BootWorks, and a special deployment command for Blade servers. These additional keywords are discussed in the Server Scripting Commands section.
REM
REM [servercommand] #
Linux shell scripts.
# [servercommand]
Visual Basic scripts.
[servercommand]
232
BootWorks Unload
ReplaceTokens [source] [destination] ScriptedInstall Indicates that this script is launching a scripted install. 394k of free
memory is required for the Windows scripted install to run. BootWorks is automatically unloaded for scripted installs.
vbscript
233
After replacing tokens in the script itself, the server processes the next command in this script: ReplaceTokens. Since the token replacement process already replaced the compname token, the ReplaceTokens command works as expected and creates a unique system.inf file for each computer, containing values unique to that computer. The script is delivered to the client, and the Firm utility finds the correct file on the eXpress share to copy to the production drive. A similar process can be used to deploy configuration files to Linux computers, as a large number of Linux configuration files are text-based. If you perform Linux configuration often, you might want to set up an additional database containing common configuration values you can retrieve using tokens.
Reporting Errors
One of the biggest challenges when running scripts is implementing effective error reporting and feedback. In DS, every task has the ability to handle error codes returned from a job, and take action based on this code. By default, a scripting task returns a 0 for success, and a 1 if the script fails to execute. This might be sufficient for a simple script, but scripts can often execute successfully yet still fail to perform the intended tasks. Additionally, if you create a batch file with three commands, the status reported on completion is the status of the final command in the script. The first two commands might return errors, but if the final command is successful you receive a status of success.
234
To provide additional feedback when running scripts, Altiris provides an error logging utility, called logevent, for DOS, Windows, and Linux. This utility lets you send error, warning, and informational messages back to your server from within scripts, and job execution can be stopped based on the messages you return. When executing scripts, it is important to note that DS cannot stop script execution directly; DS delivers the script and returns the execution status, but the operating sytem handles the actual execution. DS does not automatically stop script processing when an error is encountered, you must provide that logic in your script.
Usage:
LOGEVENT
Logevent Parameter
[-c:#] [-l:#] [-ss:Msg] [-n:Prog]
Description
A ReturnCode between -32768 and +32767. Default = 0 Additional indicator of type of message.Where # = 0-3; 0 = Unknown, 1 = Information, 2 = Warning, Any string enclosed in double quotes. Default = "No Message" Name of the program that was executed. Default = "User Defined"
@ECHO OFF REM Call requestNewHardware.exe. This fails and returns an error.
requestNewHardware.exe
:TWO
235
LOGEVENT -c:2 -l:3 -ss:Bad command or file not found. GOTO END
:END
' look on the local computer strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") ErrNum = Err.Number If ErrNum = 0 Then Set colNetCards = objWMIService.ExecQuery _ ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True") 'cycle through all of the nics For Each objNetCard in colNetCards ' if it is the nic we are looking for change the dns For Each objAddress in objNetCard.IPAddress If objAddress = "%NIC1IPADDR%" Then ' Set up the array of DNS entries for the NIC arrDNSServers = Array("172.17.0.202", "172.17.0.201") objNetCard.SetDNSServerSearchOrder(arrDNSServers) WSHShell.Run ".\WLogevent.exe -c:0 -l:1 -ss:""Changing DNS for NIC1""", 1, true
236
End If Next Next Else WSHShell.Run ".\WLogevent.exe -c:" & ErrNum & " -l:3 ss:""Error:" & _ Err.Description & """" , 1, true Err.Clear End If
#!/bin/sh export PATH=$PATH:/opt/altiris/deployment/adlagent/bin grep foo foo.txt ERRVAL = $? if [ $ERRVAL -ne 0 ]; then logevent -c:$ERRVAL -l:3 -ss:error executing grep" fi;
237
Chapter 19
Typically, managed computers at remote locations would be required to access image files often over several gigabytes over this LAN link. Implementing an image distribution framework enables you to replicate your images to a local image store for use during imaging tasks.
238
PXE Redirection
PXE solves this problem by enabling you to redirect a shared PXE configuration to a configuration on a local PXE server. This lets you assign a job across multiple locations, and have computers at each location boot using a local PXE server with configuration specific to this location. Within this configuration, you can map local file shares containing disk images. Important: If PXE is available, we recommend using up PXE redirection instead of following the process outlined in this document.
Tools
The tools referenced in this document, such as getsrv.bat and server.lst, are available on your Deployment share in the TechSup\DOS\getsrv folder.
239
and password on each server. This account should not possess group membership, interactive login privileges, or any additional rights. This account is specified when creating the boot configuration in Boot Disk Creator, and the username and password must be the same for each share.
Create a Configuration
Open getsrv.bat in a text editor. This batch file calls getsrv.exe to populate the server name variable. Getsrv.bat should look similar to the following:
c:\tools\srvenv.bat
This example copies the server lookup file, server.lst, from the Deployment Share to the automation drive. Getsrv.exe is called with these parameters set correctly. To use this example in your environment, place your server lookup file in a tools folder on your deployment share and name it server.lst. If you are using PXE, change the drive references from C: to A:, since PXE uses a virtual boot floppy represented by A:. This modified file is added to your boot configuration in a later section.
240
Parameter
/s [filename]
Description
File containing the list of servers hosting local image stores. This file is typically placed in the deployment share. See Create a Server Lookup File (page 240). Environment variable containing the selected server. This token is used when creating the boot configuration, and is set to SERVERNAME in these examples.
/v [variablename]
\\%SERVERNAME%\[share]
Replace [share] with the share name of your local image stores. 3. Managed computers must be able to resolve the name of the central Deployment Server. If using DOS automation, NetBIOS is used to resolve names, so we recommend adding your Deployment Server to the lmhosts file. We also recommend adding the name and IP address of each server hosting an image store. After the wizard completes, within the configuration, create a folder named Tools and copy the following files: getsrv.exe getsrv.bat
4.
241
call c:\tools\getsrv.bat
The completed file should look similar to the following:
net use F: \\[your_ds_servername]\eXpress /yes call \tools\getsrv.bat net use [drive]: \\%SERVERNAME%\[share] /yes
242
Chapter 20
Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, or any Linux OS), multiple processors, and specific vendor server models. Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers. See Server Management Features on page 243. Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides serverspecific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options on page 244.
243
Server icons. The Deployment consoles display icons to identify servers across the network. Like other computer icons in the console, server icons can be selected to view server properties or assign specific jobs and management tasks
Icon
Description
Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up the operating system install files using a wizard. See Scripted OS Install on page 168. Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings on page 107. Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server.
244
computer with Sample Jobs in Deployment Solution. Initial Deployment includes a feature to prohibit servers from being deployed automatically. 1. 2. 3. Click Initial Deployment and select Properties. Click the Advanced tab. Click the Servers check box and click OK.
Initial Deployment will not run for any computer identified in the console as a server.
Following these steps will assure that the BootWorks message will not come up and things will move forward when a job is scheduled.
245
Using Deployment Solution, you can employ rip and replace technology that allows you to insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, allowing you to replace any downed server and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade.
HP Proliant BL e-Class
Proliant BL 10e Proliant BL 10e G2
HP Proliant BL p-class
Proliant BL 20p Proliant BL 20p G2 Proliant BL 40p
HP blade servers allow you to employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/ servers/rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server is displayed along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and displayed in both the physical and server views within the Computers pane of the Deployment console.
246
For HP blade servers in the physical view the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features on page 243 and Server Deployment Options on page 244.
Virtual Bays
Blade servers now have a Virtual Bay feature that allows you to pre-assign deployment jobs to the rack, the enclosure, or to a specific server blade in the bay. Any blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. The Virtual Rack/Enclosure/Bay icons will change from virtual icons to managed server icons in the Deployment console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the virtual computer is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays will be truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you will need to recreate the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades on page 246.
For Dell blade servers in the physical view, the Rack name will always be Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example:
247
Dell <enclosureName> <bayName> See also Server Management Features on page 243 and Server Deployment Options on page 244.
For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features on page 243 and Server Deployment Options on page 244.
248
Part V
249
Chapter 21
64-bit Platforms
Deployment Solution has been designed to make managing different platforms as seemless as possible. This section walks you through the enhancements added to support 64-bit, and includes tips to more effectively manage these computers.
250
Chapter 22
ADLAgent
ADLAgent is the client software which provides connectivity to Deployment Server from Linux, Unix, and Solaris.
Distributing Software
The software distribution task now supports a number of Linux and Unix file types. When using this task with these formats, the file is copied to the system, extracted, The configure script is executed (./configure) and the make install command is executed. A large number of software packages can be installed using this process. If you have software which requires configuration beyond this, or if you are using a package management system, use a file copy task along with a shell script to install the software.
251
Linux Bootloaders
There are a few considerations you must use to preserve the functionality of Linux bootloaders. First, if your bootloader is located on a reiserfs partition, you must use the -raw switch when imaging this partition to preserve the structure. Second, if you are using an automation partition, your MBR is modified to boot this partition. If you install a new version of a bootloader, your MBR is modified and you might not be able to access your automation partition. If this occurs, you can reinstall the automation partition. To prevent this, do not update any software which modifies your MBR without uninstalling the automation partition first. The automation partition can be reinstalled after the software update.
252
Chapter 23
253
Distribute disk images Remote Control clients (24 bit color depth only. No chat or send file features) Power Control (restart/shutdown/wake up jobs) Set computer properties Create conditions to run jobs and filter computers Modify client properties via Windows and Linux agent settings
Manufacturer
Fujitsu-Siemens
Model
Futro B, S, and C series thin clients running the Windows XP Embedded operating system. Currently, Deployment Solution does not support Futro thin clients running Linux. Futro S series thin clients come pre-installed with the Deployment Agent and a license for Deployment Solution. However, the Futro B series requires that you install the Deployment Agent before obtaining a Deployment Solution license from Altiris. See Managing Licenses (page 352)or the Altiris Getting Started Guide for more information.
HP
HP t5000 thin client series, which includes the t5300, t5500, and t5700 clients. Thin clients come pre-installed with Windows XP Embedded, Windows CE .NET, or Linux, depending on the model of the device. All HP thin clients come pre-installed with the Deployment Agent. CapioOne G150 and Eon E100 series thin client models. The thin clients come pre-installed with Windows XP Embedded, CE. Net 4.2 or 5.0, or NeoLinux. All Neoware thin clients come pre-installed with the Deployment Agent, but if your device is missing the agent, contact Neoware for a Snap-In.
Neoware
254
Because application developers can choose from over 10,000 individual feature components, the image footprint is smaller and can boot basic images as small as 8MB. The Deployment Agent used for computers running 2003\XP\2000 is the same agent that is installed on thin clients running the Windows XP Embedded operating system. There are no limitations when installing the Deployment Agent to thin clients from the Deployment Console. However, you must turn off The Enhanced Write Filter on the thin client before installing the Deployment Agent, so that the agent will be saved to the clients memory. See also: Installing Deployment Solution Agents (page 344)and Deployment Agents (page 112).
Notice that the first line item disables the Enhanced Write Filter, and the second line item checks to verify that EWF is disabled. The Create Image task creates a copy of the thin clients image and stores it in the Images folder on the Deployment Share. When the image task completes, the Enhanced Write Filter is re-enabled, and the thin client reboots. Because this script handles EWF automatically, thin clients can be managed from the Deployment Console without concern that data tasks will not be saved to managed thin clients. When creating your own Deployment jobs, use the Samples in the Job pane of the Deployment Console to help you create your own scripts to handle EWF automatically. If
255
EWF is not disabled and enabled properly, after you run a Deployment job, the next time a thin client reboots, data will be lost. See also: Building and Scheduling Jobs (page 147), Deployment Agents (page 112).
Switch
-all
Description
Performs a specified command (such as disable or enable) on all protected volumes. The default command is to display protected volume information. Disables the overlay on the specified protected volume.
-disable
-enable
Enables the write filter so that data written to the protected media is cached in the overlays. The current overlay level becomes 1 as soon as EWF is started, and a new overlay is created at level 1.
-commitanddisable
Commits all current level data in the overlay to the protected volume and disables the overlay.
The following are a few examples of how to use the ewfmgr.exe program.
256
Example
ewfmgr -all
Description
This displays the current Enhanced Write Filter settings.
This disables the Enhanced Write Filter on the C: volume. This enables the Enhanced Write Filter on the C: volume.
Although the enhanced Write Filter manager can be run from a thin client, it is more efficient to include it as part of your Deployment Job.
Windows CE .NET
Microsoft Windows CE .NET is designed for a broad range of intelligent hardware devices that require a small-sized operating system, and usually run disconnected from other computers. Window CE .NET can run on multiple processors, supports Win32 Application Program Interface (API), and runs in Realtime right out of the box. Application developers can choose from a wide range of modules and components, creating small image footprints booting the basic image from 350KB. Deployment Solution lets you mange thin clients running Windows CE .NET from a centralized location, but the Deployment Agent for Windows CE .NET must be installed on each device. Many of the thin clients supported by Deployment Solution come preinstalled with the Deployment Agent and can be managed after they are connected to the network. However, due to limitations of the Deployment Console, you cannot push the Deployment Agent for CE .NET to thin clients running the Windows CE .NET operating system. Rather, you must run the Deployment Agent installation from the thin client directly. See Deployment Agent for CE .NET (page 122).
Linux
HP and Fujitsu-Siemens distribute their own proprietary versions of Linux for thin clients supported by Altiris. Contact the manufacturer for more information.
257
Chapter 24
Windows Vista
Installing the Deployment Agent on Vista
The installation program is contained in the Agents folder on the Deployment Share. To install, launch the installation MSI on the computer using and admininstrator account and complete the prompts. To perform a silent installation, use a command similar to the following:
258
Vista Imaging
RDeploy fully supports imaging Vista computers similar to other Windows operating systems. Additionally, support is provided for the WIM format using ImageX. See ImageX Imaging (page 218).
259
Chapter 25
Power Mac
Installing The Mac Deployment Agent
1. 2. 3. 4. Connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. Browse to the Agents/ADLAgent folder. Extract and run the program contained in altiris-adlagent-x-darwin.zip. Complete the prompts, providing the IP address of your Deployment Server and the IP address of your NetBoot Server.
When the installation completes the computer appears in the Deployment Console.
260
Part VI
261
Log in to the Deployment Server you want to manage. Open the Deployment Server Configuration Utility by clicking Start > Programs > Altiris > Deployment Server > Configuration.
From the main view of the Deployment Server Configuration Utility, you can view Deployment Server statistics, start and stop the Deployment Server, access Deployment Server configuration options, and more.
Item
Server activity and statistics Start Stop Restart
Description
Lists the number of Deployment Server sessions (clients) and Deployment Server Consoles currently running on the network. Starts the Deployment Server on the local computer. Stops the Deployment Server on the local computer. Restarts the Deployment Server on the local computer.
262
Account
Opens the Server Login Account dialog, which lets you specify the account used by the Deployment Server service. The LocalSystem account requires a simple install that runs Deployment Server services on the local computer, prohibiting access to network shares or components. With the LocalSystem account selected, you can click the Allow service to interact with desktop box to place an icon in your system tray. This icon lets you quickly shut down the Deployment Server services or to view server statistics (just as you can do from the Manage > Services and Applications > Services > Altiris eXpress Server service). The default setting is to provide a user name and password during installation. With this option you can install the service on different computers and access components across the network.
Options
Opens the Deployment Server Options dialog, which lets you specify Deployment Server options.
Logon Account
This Service Logon Account dialog is used to set up the user account used by Deployment Server.
Item
Use the Local System account
Description
Specifies that the LocalSystem account should be used by the Deployment Server service. You can use this option if your Deployment Server directory is located on the same computer as the Deployment Server and if you don't need to access any other file servers. Specifies that a user-defined account should be used by the Deployment Server service. If this option is selected, you must supply the appropriate username and password. The account must have Administrator equivalent rights on the Deployment Server computer. You must use this option if your Deployment Server directory is located on a different server than the Deployment Server.
4.
263
General Option
Update Inventory on active computers. Inventory provides software and hardware information about a client computer. You can update inventory on active computers at specified intervals. The Deployment Agent or any other agent sends the inventory when it connects to the server for the first time. It also updates the inventory according to a specified schedule. Click Schedule to schedule updated inventory. Update active client connections. Due to network glitches, the console may show the client active, when it is inactive. The Deployment Server sends a CACK (Client Acknowledgement) request to client computers. It waits for a response from the client for a specified timeout value. If it does not receive a response from the client within that specified time, it terminates the connection. Click Schedule to schedule updated active client connections. Reset inactive client connections. Due to network glitches, the console may show the client inactive, whereas the client is active. If this option is selected, inactive client connections are reset according to a specified schedule. Click Schedule to schedule the resetting of the inactive client connections. Encrypt communication between IIS and Data Manager. Select this option to encrypt all communication between IIS and the Data Manager. Send Wake on LAN to inactive computers when scheduling. Select this option to send a Wake on LAN request to the client computer. You can retry sending this request through the Retry every _______ minutes option.
Item
Drive Letter and UNC Path Add
Description
Displays the drive mappings with the mapped drive letters and the corresponding UNC paths. Opens the Map Drive dialog, which lets you create a drive mapping. Driver Letter. Drive letter to which the drive mapping is mapped. UNC path. UNC path to which the mapped drive points.
Modify Remove
Opens the Map Drive dialog, which lets you edit the drive letter or UNC path of the selected drive mapping. Removes the selected drive mapping.
264
Specifies the path to stored packages and files and other DS functions (such as license verification). The default path is
Transport Option
The Transport tab lets you specify settings for the Deployment Server transport protocols.
265
Item
Disable multicast support (agents must connect using TCP) Multicast Address Multicast Port Multicast TTL
Description
Disables multicast support, which means clients must connect to the Deployment Server using TCP.
The multicast address. This is used only if multicast is not disabled. Port used for the multicast. This is used only if multicast is not disabled. Specifies the number of "hops" or hubs that the client can go through to multicast. This is used only if multicast is enabled. The TCP port. This is used whether multicast is enabled or disabled. Automatically updates the Altiris Client for Windows on managed computers if there is a difference (older or newer) between the client available in the Deployment Server directory and the managed client. Note If any agent is upgraded to the Deployment Solution 6.8 version, this agent does not downgrade automatically if it connects to a Deployment Server of an earlier version. To downgrade any agent, install the older version of the agent manually.
Allows encrypted sessions between the Deployment Agent and Deployment Server. If the Deployment Agent data encryption is turned on, this Deployment Server option must also be turned on to pass encrypted data between client and server.
266
Item
Use disk image multicast threshold of n clients
Description
Specifies the number of clients that must be involved in a job before image multicasting is used. If the number of clients is less than or equal to the number specified, multicasting is not used. Set this value to 0 to disable multicasting. If this option is not selected, multicasting is used whenever there are two or more clients. When multicasting is not used, all clients become Masters and read from the image server independently. This option can be used if your clients can read an image file from the server faster than trying to coordinate masters and clients. Limits the bandwidth used in a multicasting session to a user-defined number of Mbps. This option prevents the multicasting operation from using all available bandwidth on a network, so other network traffic can take place at a reasonable rate.
267
Authentication Option
The Authentications tab lets you authenticate to an existing SQL Server database, to the NetWare Server as a file access point, and to Deployment Solution.
Database Authentication To access and authenticate to a specified Microsoft SQL Server database
1. 2. 3. Click the Use SQL Server account authentication check box. Enter the username for the specified database. Enter the password.
Connections Option
The Connections tab lets you allow or reject connections from the Deployment Agents based on the IP subnet, IP address, and local interfaces.
Define Subnets
Select the Allow/reject agents based on their IP subnet box and click Define Subnets. Click Add or Modify to enter or edit a network IP address and the corresponding mask.
268
Define IP Addresses
Select the Allow/reject agents based on their IP address box and click Define IP Addresses. Click either the Allow or Reject option. Click Add or Modify to enter or edit a specific a range of IP addresses to connect to the Deployment Server.
Define Interfaces
Select the Allow/reject agents based on their IP address box and click Define IP Addresses. Select from the list of network adapter cards to allow or reject when connecting to Deployment Server.
Debug Option
The Debug tab lets you set debug options for Deployment Server and communication between managed computers. Engine Debug Logging. Select this option to set the name and location of the logging report and the logging level for Deployment Server. The Engine Debug Log is a single report that captures debug information for Altiris support personnel. Log File Name: Set the path and name for the log text file. The default name is axengine.log in the Deployment Server shared directory. Max File Size: Set the size of the text file by entering the maximum file size allowed. Logging Level: Enter the logging level. This number can be from 1 to 9, with nine the deepest logging level and one the most cursory logging level. Altiris support can instruct you on the required logging level for your issue. Log Agent Communication with Engine. Select the directory path and name to log error messages between managed computers and the Deployment Server. Log Directory. Set the path of the folder to collect the client error messages. Each managed computer has its own log file in this directory named <the computer ID of the managed computer>.log. Max File Size. Set the size of each log file by entering the maximum file size allowed.
269
270
Example: You can install DOS, Linux, or Windows PE operating system files so you can create any type of configuration any time you want. Or, you can install only DOS and Windows PE system files and install Linux later. You can only create configurations for the type of pre-boot operating system files you have installed. This feature also lets you update pre-boot operating system files when you receive new releases of software and makes it easy to install system files any time you want. See Install Pre-boot Operating System Files (page 285). The New Configuration Wizard is the main process of Boot Disk Creator. This is how you select the type of pre-boot environment configuration you want to create, along with other settings such as, the type of network adapter, network server information, TCP/IP information, and more. After the wizard completes, the Create Boot Disk Wizard automatically appears. This is the production process of Boot Disk Creator that lets you select the boot disk creation method for how you want to implement the configuration you created. You can create floppy boot disks, which are use for DOS configurations since Linux and Windows PE system files are too large to fit on a floppy. Network and automation boot disks can create ISO images, which you can save to bootable CDs using your own third party CD burning software, or you can select a flash drive from the Bootable drive drop-down list. You can also create a Windows Installation package to run in a Windows production environment, which installs an embedded (recommended) or hidden automation partition on the client computers hard drive. See Automation Partitions, Network and Automation Boot Disks (page 280). If you create an Automation boot disk, the Automation Agent is added to the configuration so that when you boot client computers, they try to connect to the Deployment Server. If you select Network boot disk, client computers boot to the network server you specified in the New Configuration Wizard, displaying only a users prompt. See New Configuration Wizard (page 272). Boot Disk Creator can also be accessed from the PXE Configuration Utility, so that you can create boot menu options using the New Configuration Wizard. You can also create boot configurations directly from Boot Disk Creator, and import the boot images into the PXE Configuration Utility. The PXE Configuration Import feature lets you import images that have been created by Boot Disk Creator or any other third party imaging software, but you cannot edit the boot images after they have been imported. See PXE Configuration Utility Help. To help you manage the configurations you create, Boot Disk Creator uses colors to inform you which type of pre-boot configuration you are editing. The colors on the display change when you select a configuration in the treeview of the utility. The colors indicate the following: Black: No configuration has been selected or there are no configurations to select. Blue: DOS configuration Green: Linux configuration Red: Windows PE configuration See Edit Configurations (page 278). The Boot Disk Creator Utility is easy to use because each process guides you through the settings and options you can select to create pre-boot environment configurations to help manage automation tasks used by the Deployment Server.
271
To start the Boot Disk Creator tool, open the Deployment Console and click the icon on the toolbar, or click Tools > Boot Disk Creator.
Toolbar Description
The icons on the toolbar help you navigate to the tasks you want to perform within Boot Disk Creator in one click. The options are:
Buttons
Description
New Configuration Wizard (page 272): Creates new configurations that is used when booting client computers to automation or a network prompt. Create an Automation Install Package (page 281): Creates and installs an embedded automation partition to a client computers hard disk, using an installer package. Remove Automation Partition (page 283): Removes an automation partition from a client computers hard disk. Create Automation Boot Disk (page 282): Creates automation boot disks to manually boot client computers to automation. Create Network Boot Disk (page 283): Creates network boot disks to manually boot client computers to a specified network server.
To start the New Configuration Wizard, click the icon on the toolbar of the Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or Windows PE. You must enter a name of for the configuration to make the Pre-boot Operating System for this Configuration fields active. The description field is optional but helps you to know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add.
272
Field Definitions
Name: The configuration name you enter appears in the Configurations treeview after the wizard is completed. Description: Enter a description for the configuration. (Example: enter the type of computer, operating system, network adapter, and any other characteristics that help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the treeview, the description you entered for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and Windows PE operating systems to create pre-boot environments. Select the pre-boot operating system and click Install Pre-boot Operating System Files (page 285) to install pre-boot operating system files.
273
Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk (page 274) button lets you install network adapter drivers from a disk, CD, or network folder. The Internet (page 275) button lets you connects to an Altiris supported Web site to download and install network adapter drivers. The Advanced (page 275) button lets you further define network adapters and their drivers.
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you are creating. You can install pre-boot operating system files for DOS, Linux, or Windows Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 285). Example: After installing the pre-boot operating system files for Windows PE, the Windows NIC drivers that are available to create a Windows PE configuration appear, and are automatically added to the new configuration. If you select Auto-detect network adapter, Windows PE determines which network adapter driver to use. Select a driver from the network adapters driver list. You must create a new configuration for each type of network adapter that is installed on client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations (page 273). If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced (page 275). If the network adapter you want; does not appear in the list, you can click Have Disk, Internet, or Advanced (if they are available for the type of configuration you are creating) to add additional drivers. See Have Disk (page 274), Internet (page 275), Advanced (page 275). Field Definitions Auto-detect network adapter: Select this to have Windows PE auto-detect the type of adapter that is in a client computers when the boot image runs.
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be installed later. New network adapters come with a floppy disk or CD to install the appropriate drivers.
274
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want and unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded is added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they work correctly when using DOS configurations. If you are creating a Linux or Windows PE configuration, this option is not available. From the Network Adapter page, click Advanced. Refer to the following properties and values.
Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file.
Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file.
275
need to resolve IP addresses and naming conventions. This option also requires that you create a configuration for each client computer, so that the IP address is not the same for all computers.
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet is broadcast across the network to find where the Deployment Server is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server. Port: This option defines which port client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet is broadcast to the server you specify. If you leave this field blank, the client computer connects to any server responding to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation or call the manufacturer or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required.
276
Port: This option defines which port client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more.
Lock Keyboard
Select this option for additional security. This prevents someone on the remote computer from ending the automation session and possibly accessing your network.
Network Configuration
This option lets you define how client computers connect to the Deployment Share or a file server where image files are stored.
Window
Workgroup: Enter the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different than the default value of 802.2. User name: Enter the authorized user name that was set up when the Deployment Share directory was created. If you did not assign a User name and Password when for the Deployment Share or file server was created, leave this and the Password field blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name as confirmation that you entered the proper password in the Password field.
277
NetWare users: server\volume:directory Linux users: //server/mount point Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where image files are stored. Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings.
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If you find a setting mis-entered or not what you want, click Back to re-select the option. When you click Finish, the Create Boot Disk Wizard automatically appears for the next process to begin. See Automation Partitions, Network and Automation Boot Disks (page 280) and Edit Configurations (page 278). If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configurations (page 278).
Edit Configurations
This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that have already been created. As you select files and folders from the treeview in the left pane, the configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Black: You have not selected or created any configurations. Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux preboot environment. Red: The configuration you selected or created is based on the Windows PE pre-boot environment. To change configuration settings, right-click on a configuration folder and select Edit Configuration, and click Back until you find the page for the options you want to change. You can also make text edits to files (selected from the treeview) in the right pane.
278
All other files within a configuration can be edited as needed. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat See also: New Configuration Wizard (page 272), Install Pre-boot Operating System Files (page 285)
Additional Files
Boot Disk Creator lets you add additional files to folders that either apply to a specific configuration or to all configurations of the same type of pre-boot operating system. However, any files you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder is the same name as a file in a specific configuration folder, it is overwritten. Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file 5684_Drivers exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected. Add files to all configuration When you install a pre-boot operating system, a new folder is added to the bottom of the treeview on the main page of Boot Disk Creator. If you install pre-boot operating system files and the <OS> additional files folders do not appear, press F5 to refresh Boot Disk Creator. The folders that appear are as follows: DOS additional files Linux additional files WinPE additional files Boot Disk Creator copies the files from the <OS> additional files folders to all corresponding operating system configurations and is added to the boot images. These folders are considered global, since they can affect configurations of the same type. Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE additional files folder. Each WinPE configuration you create adds the files in the WinPE additional files folder to the boot image.
279
Right-click a configuration and select Add File. A browser dialog appears to navigate to the file you want to add. Right-click on a configuration and select File > Text file. A new empty text file is added to the treeview. Enter a name for the file and write text as needed in the left pane.
280
The pre-boot environment you specified in the configuration you created However, based on your selections, Boot Disk Creator shows the appropriate dialog pages when creating bootable media. Example: if you right-click on a configuration in the treeview and select Install automation partition, the number of dialog pages thereafter are different than if you select the option, Create an automation partition install package, from this page. Both options achieve the same result even though the dialog steps may be different. Choose this dialog and return to the editor: Select this option to close the Create Boot Disk dialog without creating an automation boot disk, installer package, or network boot disk. You can select any of these options from the Boot Disk Creator toolbar or from the File menu. Create an automation partition install package: Select this option to create an automation install package that installs an embedded automation partition to any client computer on the network. See Create an Automation Install Package (page 281). Create an automation boot disk: Select this option to create automation boot disks so you can manually boot a client computer to automation. See Create Automation Boot Disk (page 282). Create a network boot disk: Select this option to create network boot disks so you can manually boot a client computer to a network server. See Create Network Boot Disk (page 283).
Field Definitions
DOS bootable disk: Select this option to install the automation partition using a DOS bootable disk. Linux bootable disk: Select this option to install the automation partition using a Linux bootable disk. Windows setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows CE .NET production environment. Create an embedded DOS automation partition (recommended): Select this option to install an embedded partition to a client computers hard disk. Create a hidden DOS automation partition (for partitions greater than 50 MB): Select this option to install a hidden automation partition. Partition size in MB: The default partition size value changes, depending on the type of operating system you selected. Example: If you are creating an automation partition
281
for a Windows PE configuration, the partition size is 150-200 MB. However, the partition size for a DOS configuration would range is only 5-50 MB. Installer package file path: By default, installation packages are stored in the Deployment Share bwpkgs folder. The name of the configuration you selected before starting the Create Boot Disk process is the name of the setup package unless you define it otherwise. Click Browse to navigate to the folder where you want the setup package stored. Run silent install: Select this option to install the automation partition without user input. Install the Altiris Deployment Agent for Windows (Aclient): Select this option to install the Deployment Agent on client computers in the production environment after the automation partition is installed. Advanced: If you selected to install the Deployment Agent (above), click this button to set limited properties for the Deployment Agent. Creating automation partition installer: This is a progress page to display the automation installation package process. The process does the following: Copying files to production area, Creating the FRM files, Preparing install environment, Inserting into the installer package. The setup package is located at: After the automation partition installation package is created, the Boot Disk Creation Complete page appears, and confirms where the installer package is located.
Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to automation or manually install an automation partition. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to rescan the physical drives that are attached to the server. A list of available drives is updated in the drop-down list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.
282
Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to a network server. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to re-scan the physical drives that are attached to the server. The list of available drives is updated in the dropdown list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.
Field Definitions
DOS bootable disk: Select this option to remove an automation partition using a DOS bootable disk. Linux bootable disk: Select this option to remove an automation partition using a Linux bootable disk. Windows setup package: Select this option to remove an automation partition using an installation setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to remove an automation partition using an installation setup package that runs in a Windows CE .NET production environment. Bootable ISO CD Image: Select this option to create an ISO CD boot image that removes an automation partition. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD.
283
Bootable disk: Select this option to create a boot disk that removes an automation partition from a client computer. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to re-scan the physical drives that are attached to the server. The list of available drives is updated in the dropdown list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.
Field Definitions
Directory: Enter a path to where the configuration files you want to convert are located. Browse: Click to navigate to the directory path where configuration files are located. Config File Name: This is the name of the old configuration files you have selected to convert and import into this release of Boot Disk Creator. Description: This is the description for the old configuration files.
284
installed are supported by the file you added, this screen appears prompting you to add additional files or ignore the warning.
DOS
You can install FreeDOS (page 285), MS-DOS (page 286) or both. However, you can only run one version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Altiris Solution Center Web site and saved to any location on the network. When newer versions of FreeDOS become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases.
285
MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly. Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator only installs DOS files from the A drive. If you select BFloppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator. Boot Disk Creator requires the following MS-DOS files.
Required
HIMEM.SYS EMM386.EXE SMARTDRV.EXE SYS.COM XCOPY32.MOD
Optional
EDIT.COM MEM.EXE ATTRIB.EXE MODE.COM FORMAT.COM FDISK.EXE
Note The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Altiris Solution Center Web site and saved to any location on the network. When newer versions of Linux become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you install Windows PE, you are asked to supply 2 CDs: Windows PE 2005 and Windows Server 2003 SP1.
286
In most instances, the Welcome to Microsoft Windows Server* 2003 page appears after inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows Server. There are two dialog pages to complete the Windows PE installation. You first are asked to provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating system CD you need to enter for each of these pages. Example: On the Windows PE CD page, the text Windows PE 2005 (Windows Server 2003- SP1) appears, while the Windows CD page displays Windows Server 2003SP1 (Windows PE 2005). The first operating system listed on each page is the CD you want to use.
287
PXE Manager
PXE Manager is a service that synchronizes Deployment Server and all PXE Servers installed and configured across the network. It keeps track of all PXE Server boot menu options, and whether they are Shared or Local. PXE Manager also gathers data from all PXE Servers and stores the information in the PXE Manager.ini file. Whether you are in Use Shared properties or select a server to Customize PXE Server (Shared Configuration), the changes you make to the properties settings are saved to the PXE Manager.ini file when you click Save. Then, when you close the PXE Configuration Utility, PXE Manager creates and distributes the appropriate PXE.ini file for each PXE Server on the network. See PXE Manager (page 309).
288
environment. By default, the pre-boot operating system selected at install time is set for Initial Deployment. See DS Tab (page 306).
See also: Boot Menu Tab (page 290), PXE Server Tab (page 304), DS Tab (page 306), MAC Filter Tab (page 307), Multicast Tab (page 308), BIS Tab (page 310), Data Logs Tab (page 310), Remote PXE Installation (page 311).
289
1. 2.
Click Start > Programs > Altiris > PXE Services > PXE Configuration Utility. Click each tab to set the category in the PXE Server properties.
View Area
When you are in Shared Configuration mode, only configurations you create for all Altiris PXE Servers appear in the view area. When you are in Customize PXE Server <server
290
name> mode, both Shared and Local configurations appear. You cannot create a configuration named the same as any other configuration in the view area, regardless of the mode you are in. Example: if you are in Customize PXE Server <server name> mode, you can view both Shared and Local configuration. You can create a Local configuration named DOS Clients since there are no other configurations with the same name. Now, change to Shared Configuration mode and create a configuration named DOS Clients because the Local configuration of the same name does not appear in the view area. When you change back to Customize PXE Server <server name> mode, both DOS Clients configurations appear in the view area. When client computers perform a PXE boot, both configurations appear and users cannot know which boot menu option to select. See Redirect Shared Boot Menu Option (page 293).
291
Save: Click to save all changes you made to the PXE Manager.ini file. When you close the PXE Configuration Utility, PXE Manager creates and sends PXE.ini files to each Altiris PXE Server on the network. You can view the status of these updates on the Status tab.
292
pre-boot operating system files. See Install Pre-boot Operating System Files (page 294) and New Configuration Wizard (page 296).
293
5.
Click OK. The Shared configuration displays the redirected configuration in the list.
Option 1:
1. 2. 3. 4. From the New Shared Menu Option dialog, select Direct from floppy and click Import Boot Image. Insert a floppy disk. The path and name of the new MenuOption<number> appears. Click Next. A progress bar displays the PXE boot file image being read as it is imported. Click Finish.
Option 2:
1. 2. 3. From the New Shared Menu Option dialog, select User Supplied. Copy the PXE files you want in the MenuOption<number> folder. Click OK.
294
If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files. However, any existing operating system files are deleted before the newer files are installed. Example: if you installed Windows PE, and Altiris supports a newer version that is available, click Update to install the new files. All existing Windows PE files are deleted from the hard disk before the new files are installed. If you experience any problems with the new version of Windows PE, you must install the older version to restore Boot Disk Creator functionality for Windows PE.
DOS
You can install FreeDOS (page 295), MS-DOS (page 295) or both. However, you can only run one version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of FreeDOS become available, an updated .FRM file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations. Note: FreeDOS may not support newer motherboard chip-sets.
MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly. Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator only installs DOS files from the A drive. If you select BFloppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations. Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator.
295
Required
HIMEM.SYS EMM386.EXE SMARTDRV.EXE SYS.COM XCOPY32.MOD
Optional
EDIT.COM MEM.EXE ATTRIB.EXE MODE.COM FORMAT.COM FDISK.EXE
Important: The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of Linux become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you install Windows PE, you are asked to supply 2 CDs: Windows PE 2005 and Windows Server 2003 SP1. In most instances, the Welcome to Microsoft Windows Server 2003 page appears after inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows Server. There are two dialog pages to complete the Windows PE installation. You are first asked to provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating system CD you need to enter for each of these pages. Example: on the Windows PE CD page, the text Windows PE 2005 (Windows Server 2003- SP1) appears, while on the Windows CD page Windows Server 2003-SP1 (Windows PE 2005) appears. The first operating system listed on each page is the CD you want to use. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations.
296
To start the New Configuration Wizard, click the icon on the toolbar of the Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or Windows PE. You must enter a name for the configuration to make the Pre-boot Operating System for this Configuration fields active. The description field is optional but helps you to know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add.
Field Definitions
Name: The configuration name you enter appears in the Configurations pane after the wizard is completed. Description: Enter a description for the configuration. (Example: enter the type of computer, operating system, network adapter, and any other characteristics that can help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the treeview, the description you entered for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and Windows PE operating systems to create pre-boot environments. Select the pre-boot operating system and click Install Pre-boot Operating System Files (page 294) to install pre-boot operating system files.
Field Definitions
Microsoft Windows: Select this option to store images on a Microsoft server using TCP/IP network communications (recommended). However, if you use IPX to communicate with a Microsoft server, select the IPX check box at the bottom of the page. Create multi-network adapter configuration: Select this option to add multiple network adapter drivers to a single PXE boot file configuration. This feature lets you build configuration files to boot multiple computers that contain different types of network adapter cards. See Multi-Network Adapter Configurations (page 298). Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using IPX network communications. Novell NetWare (Client32): Select this option to store images on a NetWare server with 32-bit clients. Use IPX to communicate with Netware: Select this check box if IPX is the network protocol for the Novel NetWare (Client32) server.
297
Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk (page 299) button lets you install network adapter drivers from a disk, CD, or network folder. The Internet (page 299) button lets you connects to an Altiris supported Web site to download and install network adapter drivers. The Advanced (page 299) button lets you further define network adapters and their drivers.
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you are creating. You can install pre-boot operating system files for DOS, Linux, or Windows Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 294). Example: after installing the pre-boot operating system files for Windows PE, the Windows NIC drivers that are available to create a Windows PE configuration appear, and are automatically added to the new configuration. If you select Auto-detect network adapter, Windows PE determines which network adapter driver to use. Select a driver from the network adapters driver list. You must create a new configuration for each type of network adapter that is installed on client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations (page 298). If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced (page 299). If the network adapter you want does not appear in the list, you can click Have Disk, Internet, or Advanced (if they are available for the type of configuration you are
298
creating) to add additional drivers. See Have Disk (page 299), Internet (page 299), Advanced (page 299).
Field Definitions
Auto-detect network adapter: Select this option to have Windows PE auto-detect the type of adapter that is in a client computers when the boot image runs.
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be installed later. New network adapters come with a floppy disk or CD to install the appropriate drivers.
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want and unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded is added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they work correctly when using DOS configurations. If you are creating a Linux or Windows PE configuration, this option is not available. From the Network Adapter page, click Advanced. Refer to the following properties and values.
Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file.
Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file.
299
Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file.
Field Definitions
Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an IP address from a DHCP server. Use a static IP address: Select this option if you want a client computer, using this configuration, to be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can also enter a primary and secondary WINS address if you need to resolve IP addresses and naming conventions. This option also requires that you create a configuration for each client computer, so that the IP address is not the same for all computers.
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet broadcasts across the network to find where the Deployment Server is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server.
300
Port: This option defines which port client computers use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet broadcasts to the server you specify. If you leave this field blank, the client computer connects to any server responding to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation or call the manufacturer or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required. Port: This option defines which port client computers will use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more.
Network Configuration
This option lets you define how client computers connect to the Deployment Share or a file server where image files are stored.
Window
Workgroup: Enter the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different from the default value of 802.2. User name: Enter the authorized user name that was set up when the Deployment Share directory was created. If you did not assign a User name and Password when the Deployment Share or file server was created, leave this and the Password fields blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name as confirmation that you entered the proper password in the Password field.
301
Field Definitions
Manually create drive mapping: Select this option if you want the drive mappings to be included in the autoexec.bat file when client computers boot to automation. Drive: By default, the mapped drive that appears is F: \\<Deployment Share server>\eXpress. Click the drop-down arrow and select a different drive letter if F: is already in use. Path: Enter the path for the Deployment Share. The path you enter maps to the drive letter you selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are unsure of the directory path or if the image files are store on a file server. Example: Windows users: \\server\share NetWare users: server\volume:directory Linux users: //server/mount point Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where image files are stored. Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings.
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If you find a setting mis-entered or not what you want, click Back to re-select the option. When you click Finish, the Create Boot Disk Wizard automatically appears for the next process to begin. If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configurations (page 302).
Edit Configurations
This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that have already been created. As you select files and folders from the left pane, the configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux pre-boot environment. Red: The configuration you selected or created is based on the Windows PE preboot environment.
302
To change the configuration settings, right-click a configuration folder and select Edit Configuration and click Edit until you find the page for the options you want to change. You can also make text edits to files (selected from the treeview) in the right pane. All other configuration files can be edited as needed. If PXE Config is launched and exited without any changes, no updates are made to the Altiris PXE Server. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat The edited configuration settings are saved to the PXE Manager database. The PXE Server is updated in the background. To view the updated status of the Altiris PXE Server, go to the PXE Status Screen tab. See also: New Configuration Wizard (page 296), Install Pre-boot Operating System Files (page 294)
Additional Files
Boot Disk Creator lets you add additional files to folders that either apply to a specific configuration or to all configurations that are of the same type of pre-boot operating system. However, any files you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder is the same name as a file in a specific configuration folder, it is overwritten. Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file 5684_Drivers exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected.
303
Field Definitions
Automation PXE image: The automation agent for the type of pre-boot operating system configuration you created is added to the settings you selected throughout the New Configuration Wizard. Network PXE image: The configuration you created does not contain an automation agent. When client computers boot with this image file, they map to a network server and be at a users prompt. (This option is not available in Shared Configuration mode.) Force 2.88 MB PXE image: Select this option to increase the size of PXE boot images.
304
Enter the IP address for the specific Altiris PXE Server you selected from the File menu. When client computers perform a PXE boot, the IP address helps them communicate with the Altiris PXE Server. Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific Server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Response Time: This lets you set the Altiris PXE Server response time for when client computers request a PXE boot. Example: if you have three Altiris PXE Servers, you can set the first Altiris PXE Server to Short delayed response (1/2 second), the second to Immediate response, and the third to a Delayed response of your choice. This helps control which Altiris PXE Servers will respond to client computers when they perform a PXE boot. In this example, the second Altiris PXE Server would respond to client computers before the first server. PXE Server image update: This lets you control options for how updated PXE boot images are distributed to your Altiris PXE servers. Limit bandwidth throttles the amount of network bandwidth consumed by the transfer, but might result in your images taking longer to update. Enable checkpoint restart enables the Altiris PXE server to resume a transfer if connectivity is lost. DHCP Server discovery: Auto detect Microsoft DHCP Server and configure for PXE: Select this option for an Altiris PXE Server to auto detect the ports used for DHCP when Deployment Server and the Altiris PXE Server are installed to the same server. Third party DHCP Server installed on PXE server (Do NOT use DHCP port): Select this option if you are not using a version of Microsoft DHCP Server. Note: If Microsoft DHCP Server is installed on the Altiris PXE server, but is not active and non-functioning, the Altiris PXE Server sets option 60. This can cause conflict with client computers. Select the No DHCP Server installed on PXE Server (Use DHCP port) instead. No DHCP Server installed on PXE Server (Use DHCP port): Select this option if DHCP is installed to a different server than the one where Altiris PXE Server is installed. The Altiris PXE Server uses only one port for DHCP. Enable Automation Only: This lets you send a selected PXE boot image to the managed computer that has a job actively assigned. You can do this by selecting the Only managed computers with active assignments will be processed check box. If this check box is selected, and Deployment Solution has reported to the Altiris PXE Server that a specific MAC address (a selected managed computer) should be put into Automation mode with a specific PXE Menu Option image. Only that specific MAC address PXE booting client is processed. Scenario: There are 1000 computers known to Deployment Solution as managed computers and only one of those computers has an active job assigned. Deployment Solution relays this information to the Altiris PXE Server. If all 1000 computers are restarted, 999 computers are not given any PXE boot instructions from the Altiris PXE Server. They are ignored and the one computer that has a job actively assigned is sent the selected PXE boot image.
305
DS Tab
This lets you set properties so that all Altiris PXE Servers can communicate with the Deployment Server. Altiris PXE Servers and the Deployment Server work together to perform tasks, such as creating and distributing an image, scripted OS installs, and more. The Altiris PXE Server must access the Deployment Server and the Deployment Database to retrieve the information required to carry out these tasks on client computers. The Deployment Server IP address, the Engine Port, and the Data Manager Port are critical fields because they define how the Altiris PXE Server establishes communication with the Deployment Server. Example: the TCP port on the Deployment Server is set to 402 and the Engine port on the Altiris PXE Server is set to 502. This would result in the Altiris PXE Server not communicating with the Deployment Server because the port numbers do not match. To establish communication between the two servers, change the Engine port field on the Altiris PXE Server to 402.
306
of 5 minutes. If you select this option, PXE responds immediately but Initial Deployment still waits 5 minutes before running. Wait indefinitely: Select this option so that a user must press <F8> to start the Initial deployment job. Use default timeout: Select this option to use the time-out value set in the Initial Deployment Advanced properties from the Deployment Console. Timeout: Select this option to enter a time-out value of your choice. The boot menu appears on new client computers for the length of time you set before booting to Initial Deployment.
307
Delete: Select a MAC address from the list and click this button. Import: This option lets you import comma-separated text file MAC address list. You can create the import text file manually, or you can import a file that has previously been exported from any Altiris PXE Server on your network. When the Windows navigation dialog appears, go to the folder or disk drive where the text file is located and click OK. Export: This option lets you export the MAC address list to a comma-separated text file. You can use the export feature to save a large MAC address list and import the file to another Altiris PXE Server or to the same Altiris PXE Server in the event you need to uninstall and install Altiris PXE Server. You can export all or part of the list by selecting the MAC addresses. When the Windows navigation dialog appears, go to the folder or disk drive where you want to save the text file and click OK.
Multicast Tab
This option lets you set properties for the way Altiris PXE Servers download the boot image to client computers. Altiris PXE Servers communicate with client computers using the Multicast Trivial File Transport Protocol (MTFTP) and support larger transport packets, which reduces the time it takes to download files. The PXE Manager multicast properties lets you set a beginning multicast address, the number of multicast addresses available, and the number of addresses available for a single Altiris PXE Server. A multicast address is automatically assigned to the files an Altiris PXE Server uses to download the boot menu to client computers. A PXE boot menu option consists of two files. The MenuOption<number>.0 file is the boot menu, and the MenuOption<number>.1 file is the additional file needed to execute whichever menu item is selected by the user. Example: the PXE.ini file consists of information gathered by PXE Manager and includes a section called MTFTP\Files. This section lists the MenuOption files and their assigned multicast addresses.
[MTFTPD\FILES]
308
MenuOption129\x86pc\MenuOption129.0.cr-1005309736=224.1.1.5 MenuOption129\x86pc\MenuOption129.1=224.1.1.6
Notice that the multicast address increments by 1 for each file that is created when a new PXE configuration is added and the boot image is created. These are the files that an Altiris PXE Server downloads when a user selects a boot menu option from the menu list on a client computer.
PXE Manager
PXE Manager creates a PXE Manager.ini file, which gathers data from all Altiris PXE Servers on the network. The PXE Manager.ini file creates and sends a PXE.ini file specific to each Altiris PXE Server. PXE Manager.ini and PXE.ini are both used by the PXE Manager service to synchronize the boot images across all Altiris PXE Servers and Deployment Servers on the network. Important: Do not edit the PXE Manager.ini or PXE.ini files. If these files are edited, you lose the ability to access the boot images stored on all Altiris PXE Servers, and the PXE Manager service does not function properly. See PXE Manager in the Automation & Imaging section of the Deployment Solution Product Guide.
TFTP/MTFTP properties
Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Enable MTFTP: Clear this option if you do not want to use MTFTP to download the boot menu from the Altiris PXE Server to client computers. If an Altiris PXE Server is going to service client computers on the same subnet, you can select this option to communicate. If you disable MTFTP, TFTP is used to communicate. PXE-enabled client computers listen for broadcast messages sent by the Altiris PXE Server through MTFTP. If an Altiris PXE Server is going to service client computers across subnets and this option is enabled, the Altiris PXE Server tries to communicate with clients using MTFTP. If the router is not configured to pass a multicast packet, an error message appears on client computers, stating that MTFTP is unavailable. The Altiris PXE Server tries to connect to client computers using TFTP. Enable larger packets for TFTP/MTFTP: Select this option to increase the packet size transport. Packet size: Enter the transport packet size if your infrastructure does not have the capability of handling the default packet size of 768. Do not allow IP fragmentation: Clear this option to use IP fragmentation. This is helpful if you have a narrow bandwidth on the network and want to Enable Larger packets for TFTP/MTFTP when downloading files from the Altiris PXE Server to client computers. IP fragmentation allows larger packets to be broken up into smaller packets during transport. However, you must use a Third Party application to reassemble the smaller packets into the original packet size.
309
BIS Tab
PXE configurations always create a .0 and .1 file, which are an open source on the network when PXE downloads these boot items to client computers. With Boot Integrity Services (BIS), you can encrypt the files to ensure that the Altiris PXE Servers communicating with the client computers are secure. You can use BIS Certificates if you meet the following requirements: Client computers must be PXE and BIS compliant. PXE must be installed on your Deployment Server system. You must Enable BIS on this page first, go to the Deployment Console and right-click on a computer or group of computers, and select Advanced > Install BIS Certificate. The client computers receive their certificate from the Altiris PXE Server. The next time BIS installed client computers try to boot to the Altiris PXE Server, the BIS Certificates must validate before any files can be downloaded. Note: If you have BIS enabled in Deployment Server 6.1, you must remove all BIS certificates before upgrading to Deployment Server 6.8.
310
Status Tab
View the status of the Altiris PXE servers in your environment and track whether updates have been applied to each Altiris PXE server.
311
2. 3. 4. 5. 6. 7. 8. 9.
Run axInstall.exe. Select Component Install, and click Install. Click Yes to accept the licensing agreement. Enter or Browse to the Deployment Share folder. Select Install an additional Altiris PXE Server. Select Yes, I want to install PXE Server on a remote computer. Enter the computer name or Browse the network to select a remote Altiris PXE Server. Enter the PXE Server IP address.
10. Enter the Altiris PXE Server install path, and click Next. 11. Click Install.
312
Altiris ImageExplorer
Altiris ImageExplorer provides features to view and edit image files. Image files are created using the RapiDeploy utility, a tool used most commonly in Deployment Solution to create and distribute hard disk image files, an .IMG or .EXE file containing a replication of the source computers hard disk. Using ImageExplorer, you can modify an image fileadd or delete data files, folders and applicationsbefore distributing and restoring its contents to a client computer. You can view properties and perform operations, such as extracting and saving files to another destination volume, or excluding files from being restored when distributing the image file to a client computer. You can also print the contents of a folder or edit a file using its associated application. See also: Using ImageExplorer (page 318)
ImageExplorer Features
Add new files and folders Command line mode Convert images Create image indexes Extract files and folders Exclude (or include) volumes, folders, and files from being restored Find files in an image Open a file with its associated program and edit Make self-extracting images Print image tree structure of files, folders, and volumes Replace files Revert back to original image file contents Split images View, add, or change the image description View properties of files, folders, and volumes in an image
Click the ImageExplorer icon on the toolbar or select Tools > ImageExplorer. This opens the ImgExpl.exe program located in the Deployment Share. You can open and edit image files in the native .IMG file type or image files with packaged rdeploy.exe runtime versions in an .EXE file type.
313
Altiris ImageExplorer provides the following features to view, manage, and modify the volume, folder, and file elements of an image file.
Feature
Add File
Description
Adds a new file to the image file. See Add New Files (page 320). Add File is available when you rightclick a volume, folder, or a file in the treeview. When you right-click a file and select Add File, the new file is added to the same folder.
Button
Access
Option 1: Ctrl-A
Add Folder
Adds a new folder to the image file. Click any item to add a folder to the container object. Add Folder is available when you right-click a volume, folder, or a file in the treeview.
Option 3: Rightclick an item and select Add Folder Convert Image Converts image files from file format 4 to the format most currently used by RapiDeploy. See Convert an Image (page 320). Option 1: Ctrl-T
Copy
Copies a file or folder from one location and lets you paste it to a destination image file. Note Copying large amounts of data and large numbers of files between image files can take several minutes.
Creates an image index to make the process of restoring images easier. See Create an Image Index (page 321).
314
Feature
Exclude
Description
Marks volumes, folders, and files not to be included when deploying the image file to client computers. Note You can also exclude a file by clicking the check box next to the file in the Details pane. The the check box. icon replaces
Button
Access
Option 1: Del key
Extract
Extracts a complete volume, a folder (with its sub-folders), or a file from the image file. It lets you select a destination volume or directory to save the folders or files. See Extract a Folder (page 322). Note Extracting large amounts of data and large numbers of files can take several minutes.
Find
Search for files or folders within an image file using specific names or wildcard characters. You can use ? as a variable for a single character or * (asterisk) for multiple characters. See Find Files (page 322).
Option 3: Rightclick a container object and select Find Include Allows volumes, folders, and files that were previously marked Excluded to be included in the image file when it is deployed to a client computer. Note You can also include a previously excluded file by clicking the next to the file in the Details pane. A check box will reappear. Option 1: Insert key
315
Feature
Make SelfExtracting
Description
Creates a self-extracting file from an existing image file. See Make SelfExtracting Images (page 323).
Button
Access
Option 1: Ctrl-M
Option 2: Select File > Make Self-Extracting Open File (available for files) Opens a file using its associated application, if the application exists on the computer where ImageExplorer is being run. Option 1: Doubleclick
Option 3: Rightclick the file and select Open Open File with Lets you open a file with a selected program. If the file is already associated with a program you can simply double-click to open. Use Open file with to change the program or select the default Quick Open feature. Note Image files created with IBMaster 4.5 do not open. However, you can use the Convert an Image (page 320) feature to convert image files to the current RapiDeploy file format. Open Image File Opens image files created with RDeploy.exe or IBMaster.exe. Files created with IBMaster are Read-only; however these files can be viewed and extracted. You need an older version of ImageExplorer (Deployment Solution 5.5 or earlier, or RapiDeploy 4.5 or earlier) to edit files created with IBMaster.exe. Places a file or folder from one location to another. Option 1: Doubleclick (if not associated)
Option 3: Rightclick the file and select Open with Option 1: Ctrl-O
Paste
Option 1: Ctrl-V
316
Feature
Print
Description
Folders: Prints the folder structure. Includes sub-folders and files with their modification date, time, and size. Files: Prints the actual file. You must have the associated application program installed to print the file (example: MS Word to print DOC files). See Print Folder Contents (page 324) and Print a File (page 325).
Button
Access
Option 1: Ctrl-P
Properties
Provides general information about the folder or file, such as size, modification dates, and attributes. Properties appear differently for images, volumes, folders, or files. See View Properties (page 318).
Option 1: AltEnter
Option 3: Rightclick an item and select Properties Replace Files (available for files) Provides a way to update a file in the image with a file from another source. Both files must have the same name. Option 1: Ctrl-L
Option 3: Rightclick a file and select Replace File(s) Revert (available for files) An undo feature for the Replace File option. This reverts a previously changed file to its original file. Option 1: Ctrl-R
317
Feature
Split Image
Description
Splits an image file of one size to be the segment size of another. See Convert an Image (page 320).
Button
Access
Option 1: Ctrl-S
Using ImageExplorer
With the ImageExplorer running, open the image file you want to view or modify by selecting Files > Open from the program menu bar. Note Older image files created with IBMaster.exe instead of the current RDeploy.exe cannot be modified with the version of ImageExplorer that ships with Deployment Solution 5.6 or higher. However, image files created with IBMaster can be viewed and files can be extracted. The ImageExplorer always displays the files created with IBMaster as Readonly even when the file attributes are Read-write. To modify older image files you will need to use the version of Altiris ImageExplorer that ships with the earlier versions of Deployment Solution. See also: View Properties (page 318), Add New Files (page 320), and Extract a Folder (page 322).
View Properties
After opening an image file with ImageExplorer, basic information about the image file and its elements can be viewed by selecting a file or volume (partition) name and clicking Properties. You can open the properties page for an image file, volume, or file by right-clicking and selecting Properties, clicking File > Properties, or typing AltEnter. Depending on the type of image element, a property page opens with the appropriate tabs:
318
Open a File
To open a file in an image, double-click the file in the Details pane of the ImageExplorer or right-click and select Open. The file opens with its associated program. If no associated program is located, an Open with dialog appears, allowing the user to select and associate a program for the file. Note You can also associate a file with a program by right-clicking the file and selecting the Open with command. The Quick open feature lets you select a default program to open files without associated programs (Microsoft Notepad is the default program). You can change the default program for the Quick Open feature by clicking View > Settings and editing the Open with program box. See also: Print a File (page 325) and Settings (page 326).
319
or browse to the missing files. ImageExplore keeps track of all files in a split image and prompts you for any missing split image files if they are not located in the same folder.
Convert an Image
The internal file format for images changed from file format 4 in Deployment Server version 5.5 and earlier, to file format 6 in Deployment Server 5.6 or later. File format 6 has remained the same since its release, but minor changes have been made to improve the overall format structure. This feature lets you select any previously created image file and convert it to the current file format that RapiDeploy uses today. If the file format changes in future releases of Deployment Server, when you convert an image file, it will always be to the most current file format. When converting image files, be aware of the following: If an old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code is removed and the image is restored to a .IMG file. You do not receive a message warning that the embedded self-extracting code was removed. If an old image has a password, the new image file created does not have a password. However, the user receives a message indicating that the password has been removed. File conversions may vary in length of time because ImageExplorer reads each segment in the image before converting it to the new image file. If you have large files with many segments, this process takes longer.
Field Definitions
Image File to Convert: Select the image file you want to convert.
320
Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: The number of segments in the image file. New Output Image File: Select a folder and filename for the image file you want to convert, based on the new segment size. New segment size (MB): Select a size for image segments from the drop-down list. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is converted. Estimated segment count: The estimated number of segments in the file you selected to convert.
Field Definitions
Image File to Index: Select the image file you want to index. Output Folder for Index (optional): If you do not select a folder for the index output, the .IMX file is created in the same folder as the image you selected to index.
321
4.
Click OK.
Extract a Folder
Use this feature to save a folder or file from an image to an external destination folder: 1. 2. 3. 4. 5. 6. Open Altiris ImageExplorer. Select File > Open. Select an image file. Click OK. Select a folder in the image, right-click, and select Extract Folder. The Browse dialog appears. Select a folder on your local disk or on the network to place the extracted folder. Click OK.
Note Extracting large amounts of data and large numbers of files can take several minutes.
Find Files
To search for files or folders in an image file, enter a string or characters (alpha and numeric) in the Find what box. You can use the ? (question mark) as a variable for a single character, or use the * (asterisk) for multiple characters. To search for a file, select the image file, volume name, or folder name from the treeview to set a search domain. You can change the search domain before clicking Find.
Field Definitions
Include folders: Select this option to include matching folders in the search results. Include files: Select this option to include matching files in the search results. Files and folders meeting specified search criteria are listed in the results box, organized by File Name and Location.
Filter Results
Click Filter on the Find Files dialog to open an advanced search for files based on associated system attributes (Read-only, Hidden, System) and ImageExplorer attributes (Added, Excluded, Replaced).
Field Definitions
Find What: Enter the string or characters to find a file based on system attributes or ImageExplorer attributes of the file or folder. Click Include matching files to select files. Click Include matching folders to select folders. Note To search in a specific directory, select that directory in the treeview pane and open the Find dialog. The following attributes use three-way check boxes with these features:
322
A solid checkmark means the item must contain the attribute. An empty box means the item must not contain the attribute. A dimmed checkmark means the value is NULL and the item can either have the value or not. Attributes: These are the system attributes of the files assigned by the operating system when the image was created. Flags: These are the attributes assigned by ImageExplorer.
Field Definitions
Current self-extractor type: The image file you selected is of this operating system type. Keep original image file: Select this check box for ImageExplorer to make a selfextracting image file without affecting the original image file. Note If you clear this check box and the Make Self-extracting process fails, the original image file may become damaged or corrupted, and you can no longer use the original image file to create a self-extracting file.
323
Image file size: The size of the current image selected. Remove existing self-extractor: Use this option to remove the .EXE code from a self extracting image. The image file will return to its original state with a .IMG file extension. This option is available only if the image file has self-extracting code, otherwise, this option is unavailable. DOS: This mode uses the RapiDeploy graphical user interface to display the image files progress while it is running. DOS text mode: This is a text version user interface. You can view the progress bar at the bottom of the client computers display while the image file is running.
Field Definitions
Title: Enter a title for the top of the report page.
324
What to print Just this folder: Print only the files in the selected image, volume, or folder. This will not print the subfolders. This folder and subtree: Print the files in the image, volume, or folder and all the subfolders and files. Print excluded items: Print the files that were marked previously as Excluded. Print < . > entries: Print an entry in each folder identified as < . > (a dot notation). Attributes and date/time properties will be saved for this hidden folder in the image file. Fields to Print Include modified date and time: Print the date and time that the file or folder was modified. Include size: Print the size of the file. Include attributes: Print the Read-only, Archive, Hidden, System, or Compressed system attributes (Read-only, System, Hidden) and the ImageExplorer attributes (Added, Excluded, Replaced). Include file number: Print the file number associated with each file. See also: Print a File (page 325).
Print Preview
View an online display of the print report for image files, volumes, or folders. The name of the report will appear at the top of the page with details in a table that were selected in the Print Folder Contents dialog.
Field Definitions
Save: Click to save the report to a text file. Lines: View the number of lines in the report. Print: Click to print the report.
Print a File
From the ImageExplorer dialog, you can select and print an actual file using its associated program. If your file is not associated with a program, you can associate it by selecting from a provided list of installed programs on the computer. You can also attempt a Quick print to open the file using a standard program, such as Microsoft Notepad.
Field Definitions
Quick print: Click this button to run a default program to open and print the selected file. The default program is Microsoft Notepad. You can change the default program to print files using the Print With program box in the Settings dialog. See also: Print Folder Contents (page 324)and Open a File (page 319).
325
Field Definitions
Current password: Enter current password. New password: Enter new password. Confirm password: Type the password again to confirm that is was correctly typed in.
Settings
You can set preferences for the Altiris ImageExplorer by clicking View > Settings. The Settings dialog appears to set options to confirm specific operations using message boxes in the user interface, to set options for displaying items or excluding items, or to select default programs when using the Quick print (see Print a File (page 325)) or Quick open (see Open a File (page 319)) options.
Confirmations
Read-only Open operations: Present a confirmation message to the user when opening a file in a Read-only state, and as a result any changes cannot be saved. Example: if an image file created in RapiDeploy 4.5 or earlier is opened, it is Read-only and any operation performed cannot be saved. As a result, when opening this file a confirmation box appears reminding the user that the file cannot be saved. File Overwrite operations: Present a confirmation message to the user when extracting a file from an image file and overwriting an existing file on a destination drive. File Revert operations: Present a confirmation message when executing a Revert operation that returns the image file to its original file structure and content after replacing files. Paste & Drop operations: Present a confirmation message when dragging a file to a new folder in an image file, when using the copy and paste operation to move files to another folder, or when using the Add New Files command. Exclude operations: Present a confirmation message to the user when assigning the Exclude option to a file (to not distribute the selected file as part of the image). This message appears when clicking the check box on the file or folder or selecting the Exclude operation. Folder Overwrite operations: Present a confirmation message to the user when extracting a folder from an image file and overwriting an existing folder on a destination drive.
Display Settings
Keep help on top: Select to keep open help file on top of the ImageExplorer user interface. This lets you view the help side-by-side with the program rather than allowing it to be sent behind the ImageExplorer user interface. Show file numbers: View the associated file numbers in the image. In NTFS the files are numbered automatically. In FAT, EXT2, EXT3, and other file systems the files are numbered by RapiDeploy when creating the image file.
326
Show excluded items: View the files marked as Excluded in the image. Files will be shown after refreshing the screen. Extract excluded items: Allow the Excluded files and folders to be extracted from the image file to a destination folder. This setting lets you include all files previously marked as Excluded to be saved to an external destination folder when running the Extract command. Color added items: Select this option to mark files/folders added to the image with blue text. See Add File (page 314) and Add Folder (page 314). Color replaced items: Select this option to mark files/folders replaced to the image with magenta text. See Replace Files (available for files) (page 317). Color excluded items: Select this option to mark files and folders added to the image with red text. See Exclude (page 315).
Split Image
This feature lets you select an image file to split (rewrite) into a new image file based on the segment size you select. While Convert an Image (page 320) changes the file format of an image to be the current format used by RapiDeploy, split an image keeps the format of the original image but changes the size of its segments. Example: if you have a 2 GB image file, and you wanted to split the image so it could fit on CDs, you could select 650 MB or 700 MB as the new segment size and the result would be one image file with multiple segments. You could copy the segments to CDs and use them to restore the image file at client computers. When splitting image files, be aware of the following: If the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If this occurs, a message appears to verify if this is what you want to do. If you proceed, all the principles of Convert and Image apply. If an old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code remains, and the new image contains the same version of RapiDeploy as when it was originally created. However, if the image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If you proceed, the self-extracting code is removed. If an old image has a password, the new image file has the same password. However, if the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If you proceed, the password is removed.
327
Field Definitions
Image File to Split: Select the image file you want to split. Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: The number of segments in the image file. New Output Image File: Select a folder and filename for the image file you want to split. New segment size (MB): Select a size for image segments from the drop-down list. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is split. Estimated segment count: The estimated number of segments in the file you selected to split, based on the new segment size.
Command line
Parameters
Description
Image files to open or operate (can be repeated, such as w2k.img, xp.img).
328
Command line
Switches
Description
-register: register file types in the Windows Registry. -unregister: unregister file types in the Windows Registry. -add <src> <dst>: add file, folder, or volume to an image. Accepts the <-overwrite> option. You can use wildcards when entering the source (src). -extract <scr> <dst>: extract a file, folder, or volume from an image. Accepts the <-overwrite> and <-size> options. -convert <dst>: convert an old format image to the current image format used by RapiDeploy. Accepts the <-overwrite> and <-size> options. -split <dst>: split an image into new size file segments. Accepts <-overwrite> and <-size> options.
Options
-lang <lang code>: *specify the Language code for the user interface. -silent: *do not display confirmation or errors. -password <pwd>: *passwords for image files being opened. -overwrite: when in silent mode, do not confirm actions. -size <size in MB>: size of the new image segment in MB. * Indicates the options that can be used with any command.
0 2 4 6 8
Success. Command line syntax error. Error registering or unregistering file types. Operation cancelled by the user. Attempted to write to a Read-only image.
10 Invalid password. 12 Error performing an operation. 14 The Image file was not found or an error occurred opening an image. 16 The Source was not found, or an error occurred option the source. 18 The destination was not found or an error occurred opening the destination. Examples: Open a W2k.img that requires the password develop. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop Open two image files that each have different passwords, password and sales.
329
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop f:\w2k.img -password sales Add all *.txt files in e:\to the temp folder of the volume in slot 1 of w2k.img. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -add e:\*.txt 1:\temp Extract kernal.dll from the Windows folder of the volume sys in w2k.img to e:\dump. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -add e:\*.txt 1:\temp Convert the old format image file, w2k.img, to the new image, new2k.img, in 650 MB segments. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -convert f:\new2k.img -size 650
330
331
All these components can be installed on the same computer or distributed across multiple computers as per your environment.
Deployment Console
The Deployment Console is the Win32 user interface for Deployment Solution. You can install this Windows console on computers across the network to view and manage resources from different locations. In addition, from this console, you can access the Deployment Database on other Deployment Server systems to manage sites across the enterprise. See Connecting to Another Deployment Server on page 95. Deployment Console communicates with the Deployment Database and Deployment Server services. In a Simple Install for Deployment Server, the Deployment Console is installed on the same computer as all other components. In a Custom Install for Deployment Server, you must ensure that a connection is available to these computers and security rights are set. You must have administrative rights on any computer running the Deployment Console. See also Deployment Web Console on page 335, Managing from the Deployment Console on page 72, and Deployment Server Components on page 331.
Deployment Server
Deployment Server controls the flow of the work and information between the managed computers and the other Deployment Server components (Deployment Console, Deployment Database, and the Deployment Share). Managed computers connect and communicate with the Deployment Server to register inventory and configuration information and to run deployment and management tasks. The computer and deployment data for each managed computer is stored in the Deployment Database. Note To view, start, or stop Deployment Server, go to the Altiris Server services in your Windows Manager. Managed computers require access to the Deployment Server at all times, requiring that you have administrative rights on the computer running the Deployment Server.
Create a user account to run the Deployment Server. The service runs as a logged-onuser, not as a system account. You must create this account on all Deployment Server computers. The account must have full rights to the Deployment Share. The account must have a non-expiring password. Assign a static IP address to the Deployment Server computer. Other components cannot connect to the Deployment Server if you use DHCP and dynamically change the IP address. To install the Deployment Server on a remote computer, the default administration shares must be present. Restore any shares that have been removed before you install the Deployment Server.
332
Note Creating an administrative account using the same name and password on each computer is easier to remember than using the names and passwords of existing accounts. Most packages (.RIP, Personality Packages, and .MSI files) are passed through the Deployment Server. Therefore storing these files on the same computer as the Deployment Server can speed up the deployment of these packages. Image files, however, are sent directly from the Deployment Share to the client computer when executing an imaging task. See also Deployment Server Components on page 331.
Deployment Database
The Deployment Database can be installed on Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000. See Deployment Server System Requirements on page 336. Note In Deployment Solution 6.0 and later, if you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific instance using this format: <database instance>\express. Example: if you have a clustered Microsoft SQL Server named SQLClusterSvr to manage multiple Deployment Solution systems on different network segments, you can enter the name SQLClusterSvr\salesSegment or
SQLClusterSvr\marketingSegment during the Deployment Server setup depending on the previously established database instance. This feature is
supported in the silent install .INI file and the GUI install executable. The database maintains the information about the managed computers, such as: Hardware. RAM, Asset tag, and Serial numbers General Information. Computer name and MAC address Configuration. TCP/IP, Microsoft Networking, and User information Applications. The applications installed and information about these applications, such as the name of the application, Publisher, and Product ID Services. Windows services installed Devices. Windows devices installed such as network adapter, keyboard, and monitors Location information. Contact name, phone, E-mail, Department, Mail Stop, and Site The Deployment Server Database also contains jobs and other data used to manage your computers. Note You can install a single Deployment Database per Deployment Server systemyou cannot have two databases storing data for a single computer. If the computer you are installing the database to has an existing Microsoft SQL Server, the Deployment Database is added to that instance of the database engine.
333
Deployment Share
Deployment Share is a file server or shared directory where Altiris program files and packages are stored. The Deployment Share can be a shared directory (default Simple install in Program Files\ Altiris\eXpress\Deployment Server) or another file server (in the Custom install you can assign a Microsoft Windows or Novell NetWare file server). Deployment Share is where you store image files, registry files, .MSI packages, Personality Packages, script files, and more. When a computer is being deployed or managed, Deployment Server stores and retrieves these packages from the Deployment Share as needed.
If you are installing Deployment Solution on a remote file server (not the computer where you are running the install program), create a share (or give Read/Write rights for NetWare) on the file server where Deployment Server can be installed. The share must allow access to all other components, including managed computers and the user account that runs the Deployment Server. This share must be created before you begin installing. If you are not installing to a remote computer, you can select the option to create the share during install.
Note You can install only one Deployment Share per Deployment Server system. However, if the Deployment Share's hard drive gets full, other computers can be used as additional, backup storage points. In some cases, other systems emulating a Microsoft or NetWare environment can be used as the Deployment Share. Note for NetWare users: If you have trouble using the Novell NetWare server as a Deployment Share, install the Novell Client rather than the Microsoft NetWare Client. See also Deployment Server Components on page 331.
334
Server they discover, which communicates with the Deployment Server and the client computers. You can install an Altiris PXE Server on a Microsoft Server 2003, Windows 2000 Server and Advanced Server. The Altiris PXE Server also functions on the same protocols as a standard DHCP Server so you can place the Altiris PXE Server anywhere you would place a DHCP server. You can also install as many Altiris PXE Servers as required in your system, but you must also install a DHCP Server. The Altiris PXE Server sends a boot menu option list to the client when the computer performs a PXE boot. The deployment job, which contains at least one automation task, uses the default automation environment or the environment specified by a user who has the persmissions to create a deployment job. The boot menu options the request boot menu files from the Altiris PXE Server and are downloaded from the Altiris PXE Server to the client computers RAM storage. The client computer always boots according to the request and reply communications taking place between the Deployment and Altiris PXE Servers. Altiris supports DOS, Linux, and Windows PreInstallation Environment (Windows PE) as pre-boot environments. These options let you create a single job, but may contain multiple automation tasks. The default automation environment (the first pre-boot operating system files installed during the Deployment Solution installation) is used for Initial Deployment, unless you specify otherwise. Using an Altiris PXE Server to boot client computers to automation, saves you from having to install an automation partition on each client computers hard disk, or manually start computers using Altiris supported bootable media. See Boot Disk Creator Help. See also Pre-boot Operating System (Simple) on page 361, Install Automation Partition on page 137, and PXE Configuration Utility Help.
DHCP Server
The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/ IP address to the client computers. This server is not an Altiris product, but it is required if you intend to use the Altiris PXE Server. We recommend that you use DHCP to manage the TCP/IP address in your network regardless of whether you use PXE or not. This greatly reduces the amount of time it takes to set up and manage your computers. See also Deployment Server Components on page 331.
335
Note The DS Installer does not detect the version of MDAC that is installed. The Deployment Web Console requires MDAC version 2.71 or later to install. If the version of MDAC is earlier than 2.71, the Web console displays a target of invocation error. See also Deployment Console on page 332 and Deployment Server Components on page 331.
Network
TCP/IP is used for communication between all Deployment Server components. If you have a NetWare file server for your Deployment Share, IPX can also be used to communicate with this component. For Windows 2000 systems, you must set up Active Directory with the Permissions compatible with pre-Windows 2000 option. If you select the Permissions compatible only with Windows 2000 servers option the Deployment Server cannot manage domain accounts for you. If you are using Windows 2000 only permissions, change them to the pre-2000 option from the Windows Start menu. Open a DOS prompt to add the group Everyone by typing the following:
Deployment Server
RAM: 256 MB Disk Space: 200 MB
Component
Hardware
Software
All components require Pentium III processors Deployment Server RAM: 256 MB Disk Space: 200 MB RAM: 128 MB
Disk Space: 3.5 MB
Windows 2000 Server and Advanced Server Windows Server 2003 (SP1)
Deployment Console
Windows 2000 Professional, Server and Advanced Server Windows XP Professional Windows Server 2003 (SP1)
336
Component
Altiris PXE Server
Hardware
Memory: 128 MB Disk Space: 25 MB (for boot files)
Software
DHCP server (must be on the network, but does not have to be on the same computer as an Altiris PXE server) Windows 2000 Server or Advanced Server Windows Server 2003 (SP1)
Deployment Database
Memory: 128 MB Disk Space: 55 MB (for program files), plus space for data. Memory: 128 MB Disk Space: 100 MB for Deployment Server program files plus space for storing files (image, boot, .RIP, and so on) Memory: 128 MB
Windows 2000 Server or Advanced Server Windows Server 2003 (SP1) NetWare (File server only. Cannot be used for any other components). Windows 2000 Professional, Server or Advanced Server Windows XP Professional Windows Server 2003 (SP1) MS IIS 5.5 MDAC 2.71 or later.
Deployment Agents
Deployment Agent requirements are the same as the target operating system. The Deployment Agent requires around 5 MB disk space. See the following sections for additional information: Installing the Deployment Agent on page 346 Installing Deployment Agent on Linux on page 350 Installing the Automation Agent on page 352 Managing Licenses on page 352
337
You can download the Altiris Deployment Solution either from the Altiris product CD or from www.altiris.com.
AltirisDeploymentSolutionWin_6_8 installs all Windows components of Deployment Solution. Using the Simple Install option, you can install MSDE 2000 on a local computer if a database is not already installed.
Note Simple installation works only with a default Microsoft SQL 2000, SQL 2005, or MSDE install.
b.
c.
338
Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. d. Enter an administrator user name and password for the Deployment Server system. This account must already exist. By default, the name you are currently logged on as appears. If you use a domain account, enter the domain and the user name (Example: Domain1\administrator). Click Next. The Installation Information dialog displays the selected Deployment Server components to be installed. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears, stating that the share is already in use and you need to manually set the share to point to the correct directory. Click OK to this message. 8. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins and can take several minutes to complete. The Installation Information dialog appears asking if you want to install clients. Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Remote Install Clients. Select this option if you want to push the Deployment Agent to computers running the Windows 2000, XP, and Windows Server 2003 operating systems. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. 10. After the installation is complete, click Finish. You have successfully completed a Simple install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all computer resources running Deployment Agents configured for your Deployment Server. Note Antivirus applications can delete service .EXE files or can disable services. For example: when you run the Deployment Server Win32 Console, the Unable to connect to the Altiris Deployment Server DS Management Server. Please ensure this service is started and running currently. error appears. This occurs because the service files are deleted by the antivirus application during scanning. To resolve this issue, disable the antivirus software and reinstall Deployment Server. See Custom Install for Deployment Server on page 340.
e.
9.
339
AltirisDeploymentSolutionWin_6_8 installs all Windows components of Deployment Solution. Select the Custom install option to add new components or to install Deployment Solution to an existing database.
4.
340
installation continues and lets you use a free evaluation license file. See the Altiris Getting Started Guide for further licensing information. Click Next. Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. 7. Enter the Deployment Server information. Select the computer to install Deployment Server, the services that controls the flow of the work and information between the managed computers and Deployment Server components. Install the Deployment Server on this computer or on a remote computer. Enter a static IP address for the Deployment Server computer to ensure that the IP address remains constant. Type the port information in the Port field. Enter the path where the Deployment Server should be installed. Provide the account information that already exists on the Deployment Share and the Deployment Server. Click Next. See Deployment Server on page 332. 8. Enter the Deployment Database information. Identify where you want to install the database, or select an existing Microsoft SQL Server from the list of computers. See Deployment Database on page 333. Note If you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific database instance in this field using the format: <SQL Server Name>\<database instance>. Depending upon the selection of SQL Server instance, the default port at which the selected instance is listening appears in the SQL Port Number field. You can edit the port number if you have manually entered the SQL Server name or if the port number does not appear automatically due to some firewall restriction. You can select a different name other than eXpress for your Deployment Database. Type the alternate name in the Database Name field and click Next. 9. Identify the type of Deployment Database authentication to be used. Enter the user name and password if SQL Server authentication is used. Click Next. If a previous installation of the Deployment Database is detected, a message appears asking whether you want to preserve or overwrite the existing database. Note You cannot use the remote SQL database with NT authentication on a remote computer if you don't have administrative rights on the computer. 10. Enter the Pre-boot Operating Systems information required for Boot Disk Creator. Select any one of the four options from FreeDos, MS-DOS, Linux, and Windows PE. Click Browse to select the FIRM file (for FreeDos and Linux operating systems) or enter the path for the location of the operating system files (for MS-DOS and Windows PE). Note If you are using a free evaluation license you cannot use the WinPE Add On Packages.
341
11. Enter PXE Server information. Click Next. See Altiris PXE Server on page 334. Select the pre-boot operating system to use as the default PXE boot menu item. You can select DOS, Linux, or Windows PE. If you want to use the previously installed pre-boot operating system, select the Keep Default option. 12. Enter information on how you want to connect your managed computer to the Deployment Server. Click Connect directly to Deployment Server and provide the DS IP address and Port or click Discover Deployment Server using TCP/IP multicast and provide the Server name. If the Server name field is left blank it finds the first Deployment Server that responds. 13. Enter Deployment Console information. Select whether you want to install the Deployment Console on the computer you are working or on a remote computer. 14. Provide information for installing the Deployment Web Console on the computer you are currently installing from. This computer must be running Microsoft IIS .NET framework. You must provide information about the path where you want to install the Deployment Web Console and also valid user credentials. Click Next. See Deployment Web Console Information on page 364. Note This option is disabled if Microsoft IIS is not detected. 15. The Installation Information dialog displays the selected Deployment Server components to be installed. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears stating that the share is already in use and you need to manually set the share to point to the correct directory. Click OK. 16. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins, and can take several minutes. 17. Install Deployment Agent to the client computers. The Installation Information dialog appears asking whether you want to install clients. Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Remote Install Deployment Agent. Select this option if you want to push the Deployment Agent to computers running the Windows 2000, XP, and Windows Server 2003 operating systems. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. 18. After the installation is complete, click Finish.
342
You have successfully completed a Custom install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all the computer resources running Deployment Agents configured for your Deployment Server. See Simple Install for Deployment Server on page 337.
To install components
1. 2. Start the server and log on with the administrator account you created to run Deployment Server. See Deployment Server System Requirements on page 336. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Deployment Server self-extracting install dialog appears. 3. 4. 5. 6. 7. Click Extract and Execute App. Click Add Component. Click Install. Click Yes to the Software License Agreement. Enter a path for the Deployment Share. Click Next. Select the Components to install. Install an additional Deployment Console. Click this option to install another Deployment Console (a Windows executable) on another computer. You can add as many Deployment Consoles as required to manage from multiple consoles across your system, but you can install only one at a time.
343
Install an additional Deployment Web Console. Click this option to install an additional Deployment Web Console on the local computer. The Web console is installed on the local computer if the computer is running Microsoft IIS. See Deployment Web Console Information on page 364. Install an additional Altiris PXE Server. Use this option to add additional Altiris PXE Servers across a network segment to handle boot requests for large environments. Master PXE Server. When you add another Altiris PXE Server, the Altiris PXE Server installed initially is designated as the Master PXE Server. The Master PXE Server works concurrently with any additional Altiris PXE Server to handle boot requests across the network segment, but it also allocates additional blocks of IP addresses to other Altiris PXE Servers in the system. For all the available options for installing Altiris PXE Server, see Altiris PXE Server Install on page 363. Install additional Deployment Agents. Click this option to install additional Deployment Agents on client computers, setting up managed computers in the Deployment Server system. Add Microsoft Sysprep files. Click this option to install the Microsoft Sysprep files, if you did not install them earlier. See Sysprep on page 365. 8. Click Next. The Deployment Console Information dialog appears. 9. Select the computer to install the component and click Next. Note If you select the On a remote computer option, you have to browse and select the remote computer. 10. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins, and can take several minutes. 11. The Installation Information dialog appears specifying that the installation has been successful. Click Finish. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. Note Install add-ons to provision server hardware is the only option available on the Installation Information Summary dialog when you select Component Install.
344
Deployment Database. For Windows and Linux client computers, Deployment Solution lets you push agent software to a client computer from a Deployment console, or you can pull the Deployment agent from the client computer from the Deployment Web Console (or pull it from the Deployment Share). You can install an embedded (recommended) or hidden automation partition, which contains an Automation Agent that establishes communications with the Deployment Server to run the deployment jobs that have been assigned to the client computer. See Install Automation Partition on page 137. The Deployment agents for handhelds are also easily installed from the console using prebuilt jobs. Deployment Agent. Install a Production Agent to a Windows desktop, notebook, or server, computer. You can also install this agent to any supported Linux workstation or server. See Installing the Deployment Agent on page 346. Deployment Agent on Linux. Install on any supported Linux workstation or server. See Installing Deployment Agent on Linux on page 350. Automation Agent. Install on any Windows desktop, notebook, or server computer. See Installing the Automation Agent on page 352. Installing Deployment Agent for Pocket PC. Install on handheld computers running the Pocket PC operating system. See Managing Licenses on page 352.
[netcard] NGRPCI=NETGEAR FA310TX Fast Ethernet PCI Adapter,0,ndis,ethernet,real,NGRPCI,NGRPCI_NIF [NGRPCI] (This header must be the sixth item listed in the line above) Device=NGRPCI.DOS (If this line is missing, add it. The syntax is device=drivername.)
345
If there is no protocol.ini file, create a text file that contains the following command:
Click Remote Agent Installer on the Deployment Console toolbar, or click Tool > Remote Agent Installer to open the utility program. You can also download aclient.exe from the network share or Deployment Web Console to install a Deployment agent.
Windows 9x. For Windows 98 clients, you must install the agent software locally. There are several ways to do this: You can add commands to the client login script to map to the Deployment Agent on your file server and run the executable, or you can e-mail the executable or a shortcut to users and run the install program from the client computer. Windows XP. When remotely installing the Deployment Agent on a Windows XP computer, each user must have an account password. Remote Agent Installer returns an error message if it is unable to get to the Administrative share on the remote XP computer for each user. Windows XP does not allow access to any Administrative shares if the user on that computer does not have an assigned password (including the guest account). When all users have passwords and the network setup wizard has been run, you can successfully install the Deployment Agent using the Remote Agent Installer.
346
347
assigned. If you are using the default settings, you do not need to specify an input filename. Each computer entry must be on a separate line. Export. You can export the computers listed into an export file for future use. The default extension is *.RCI. Remote Agent Installer first looks for an RCI file extension, but any DOS text file can be used. When the computers appear in the installer list and the properties have been set, click Finish. The status of the agent install appears on screen. After the Deployment Agent is installed, it connects to Deployment Server automatically and appears in the Computers pane of the Deployment console.
Update file system permissions when changing SIDs. Click to automatically update file system permissions to maintain the individual file permissions that may have been set. This also includes the individual network shares that may exist on this client. Checking this option also includes those individual permissions. This takes a long time to convert the SIDs. To make the SID utility run faster, do not select this option. Note SIDgen is no longer supported and should not be used. Altiris recommends using Microsoft Sysprep in situations where SID replacement is required. To install Microsoft Sysprep, you need to download the install files required for the Windows operating systems running on the client computer. Windows 2000/XP/2003 (deploy.cab) We recommend installing these files from a Windows 2003 server CD.
Click Next.
Change Settings
Click Change Settings to modify access, security and other settings on the Deployment Agent to be installed. See Deployment Agent Settings on page 113.
348
After the Deployment agent is installed, it connects to the Deployment Server and appears in the Computers pane of the Deployment console. See Installing Deployment Solution Agents on page 344.
349
to create the template file to import computers (*.rci) as well as the template file (*.inp). Example: if you have computers named PC-1 and PC-2 listed in the Selecting Clients window and export these computers using the file name Export.rci, the following two template files are created: Export_PC-1.inp Export_PC-2.inp
Option
-install -remove -silent -stop
Definition
AClient.exe runs and installs the Deployment Agent on the computer as opposed to just running it in memory. Permanently removes Deployment Agent from the computer where it was installed. Lets you use the options without being prompted for further input. Stops the Deployment Agent from running, but does not remove it. The next time the computer is booted, the Deployment Agent runs in production mode. Starts the Deployment Agent. This option works only when Deployment Agent is installed on the computer.
-start
Processors
Disk space Operating systems:
Pentium
5 MB contiguous RedHat 7.2, 7.3, 8.0, 8.1 RedHat Advanced Server 2.1 United Linux 1.0
RAM
32 MB
350
To install from the command line, browse to the directory where you saved the .BIN file, switch to the root user (su) and change the directory to the location of the .BIN file by typing
adlagent directory.
2. You can change the adlagent configuration file settings by updating the adlagent.conf file. This file is located in the /opt/altiris/deployment/ adlagent/conf directory. You can also change the adlagent configuration file settings by executing the configure script from the /opt/altiris/ deployment/adlagent/bin directory. To run the script to change settings for the adlagent configuration file, browse to the /opt/altiris/deployment/adlagent/bin directory from the shell and type the following:
./configure
You are prompted to select Multicast options to identify a Deployment Server to manage the current client computer, or you can select a specific Deployment Server by setting the Multicast option to false and adding the IP address of the desired Deployment Server. To edit the configure file directly, open the adlagent.conf file located in the
/opt/altiris/deployment/adlagent/conf
directory and make setting changes to the configuration document. In many cases, you can edit the configuration file to change the functionality or properties. Example: you can open the adlagent.conf file in an editor and scroll to the [Transport] section and the UseMcast line. Change UseMcast=true to UseMcast=false. Type the IP address of the specific Deployment Server you want to manage the client computer into the TCPAddr=<IP address> line. Additional configuration settings can also be identified and edited in the configuration file. 3. After editing the configuration file, restart the Deployment Agent for Linux. To start and stop the Deployment Agent for Linux, you must enter the full path or browse to the /etc/rc.d/init.d directory (with administrator/root rights) and use the adlagent stop and adlagent start commands, or the adlagent restart command. You can also use the Package Manager installed with Linux to restart the Deployment Agent for Linux. By stopping and starting the Deployment Agent for Linux, the service updates the changes made in the adlagent configuration file. You can now view the Linux managed computer from a Deployment console. See Installing Deployment Solution Agents on page 344.
351
Processors
Disk space Operating systems RAM
Pentium
5 MB contiguous MS DOS and Linux 32 MB
Here are some other ways to create and install an Automation Agent, which is saved in an embedded (recommended) or hidden partition on the client computers hard disk. For Windows 98 computers, create boot disks to install locally. For Deployment Solution systems running the Altiris PXE Server, create boot menu options from the PXE Configuration Utility, using one of the following methods: Boot Disk Creator, Direct from floppy, or User Specified. See PXE Configuration Utility Help. To install an Automation Partition on Windows 2003/XP/2000 computers, you can create a Microsoft Install Package (MSI) and deploy it using a job from the console. See Distributing Software on page 175. You can also create floppy disks, bootable CDs with an ISO image, or bootable USB devices. See Boot Disk Creator Help
Managing Licenses
From the Deployment Console you can find the number of licenses used, detect an expired license, or apply a license to a client computer. Although you can install multiple Deployment Servers, but licensing is based on the number of managed client computers. The Deployment Server system also provides the license utility to install or update regular licenses, or add licenses to computers installed with Deployment Solution. This utility shows the license status, install a new license, and add additional licenses.
352
Licensing Terms
Term
AUP - Annual Upgrade Protection
Description
Altiris Annual Upgrade Protection or AUP lets registered Altiris software users upgrade to any version of the registered product that is released during the coverage period without paying an upgrade charge. Regular production licenses never have a license expiration date, but always have an AUP date. As long as this date is not expired you can use that license to register any version of Deployment Server. The total number of client and server computers that a Deployment Server is licensed for. Each client computer that has an agent and that communicates actively with the Deployment Server uses a single license node. You can view this information on the About Deployment Console box. This detail appears in the License Details when you apply a license with the Product Licensing Utility, and select a license file.
Licensed Nodes
DS and PCT
These are common abbreviations for Deployment Server and PC Transplant. Both of these products are licensed with the same licensing model, and very often a single license applies to both products at once, although some licenses apply only to PC Transplant. All regular licenses (that are purchased) never expire. Evaluation licenses however do have an expiration date. After the expiry date those trial or evaluation licenses no longer function, and need to be replaced with a regular license.
Expired License
See also: Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
353
The License Utility shows the license status, install a specific product, install new or updated licenses for installed software, and additional licenses for installed software. To open the Altiris License Utility Option 1: Click Start > Programs > Altiris > Deployment Solution > Product Licensing Utility.
Option 2: 1. 2. Browse to the location where you installed the Deployment Share. Run license.exe.
354
a. b.
Select the product you want to license. Use the Shift key to select multiple products. Click Finish to apply the license to the selected products.
Option 2: c. d. e. Click Add to browse to the location of an Altiris product folder. Select the program filename and click Open. The product is added to the license list. Select the products to license and click Finish.
Option 3: f. g. h. Select the products you do not want to apply a license to. Click Remove. Select the products to license and click Finish.
Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console.
See also: Managing Licenses on page 352, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the
355
Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
See also: Managing Licenses on page 352, Using the License Utility on page 353, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358.
356
357
3. 4.
Enter the IP address of the correct Deployment Server in the Address/Hostname field. Click OK.
See also: Managing Licenses on page 352, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, and Expired Licenses on page 358.
Expired Licenses
Regular Deployment Server licenses do not expire, however the 7-day trial license, or the 30-day evaluation licenses do expire, and can cause some problems if not replaced properly after adding regular licenses. Computers with expired licenses become dead nodes and can no longer be managed by the Deployment Console. When a license is first installed on the Deployment Server, each computer in the database takes a license node. If this node is a temporary license, that computer has a tag in the database that says it is a trial node. If that license is not replaced before the time limit, the computer stops accepting jobs or any type of remote management. When the Deployment Server receives new regular licenses, it does not by default release the trial license nodes that it was using before. This can cause problems if the trial licenses are still being used and they expire even after you apply a regular license. There are 2 ways to deal with this lingering expired license issue. First you can set up a global option that automatically replaces any trial license with a regular license as soon as they become available. This is a long term and preventative solution to expired license issues. 1. 2. 3. In the Deployment Console, go to Tools > Options. Click the Global tab. Select the Automatically replace expired trial licenses with available regular licenses check box. This resolves the computer node licenses expiry issue.
The second way you can deal with expired licenses is reapply all regular licenses to the computer nodes. This is helpful if you want to see an immediate resolution to a license issue. 4. 5. In the Deployment Console, right-click the All Computers computer group (or any other computer group you need to do this to). Select Advanced > Apply Regular License. This makes all computer nodes in that group release the license node they were using and take a regular license node.
See also: Managing Licenses on page 352, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 357, Computers Not Using a Regular License on page 357, and Detecting an Expired License on page 357.
DS Installation Help
The following are the help file topics for the Deployment Server installation program that you can access by clicking Help or pressing the <F1> key. These topics identify and explain the screen elements on the dialogs used in the installation process.
358
Install Configuration
The Deployment Server system supports a Simple Install and as well as a Custom Install option. A Simple installation lets you install all components on a single computer. The Custom installation lets you distribute individual components of a Deployment Server system on multiple computers. The Thin Client Install lets you install the Thin Client view of the Deployment Console on your computer. Use the Component Install option to install additional components on your system. Pre-Installation Simple Install Helper. Click this option to check for an installation of Microsoft SQL Server for a Simple install. If Microsoft SQL Server or MSDE is located, the installation program continues. If not, the installation program prompts you to automatically install MSDE 2000 from an Altiris download Web site. Installation Type Simple Install. Click this option to install all Deployment Server components on a single computer. This configuration is recommended for managing computers on a single LAN or across a site with few subnets. See Simple Install for Deployment Server on page 337. Include PXE Server. Select this feature to install the Altiris Altiris PXE Server when running the Simple install option. The PXE Server requires a DHCP server also installed on your network. Custom Install. Click this option to install Deployment Server components on multiple computers across your system. A Custom install lets you balance network activity for large enterprises with multiple subnets. Example: use this option to distribute the Deployment Database on a separate computer or assign another file server as the Deployment Share to store image and package files. See Custom Install for Deployment Server on page 340. Thin Client Install. Click this option to install the Thin Client view of the Deployment Console on your computer. You do not require a license file to install this view. See Thin Client Install for Deployment Server on page 343. Include PXE Server. Select this feature to install the Altiris Altiris PXE Server when running the Simple install option. The PXE Server requires a DHCP server also installed on your network. Component Install. Click this option to install additional Deployment Server components to your system. Example: use this option if you want to add an Altiris PXE Server to your Simple or Custom installation, or if you need multiple Deployment consoles. See Component Install for Deployment Server on page 343. If you have multiple network adapter cards, a secondary dialog appears asking you to select the IP address for the Deployment Server interface. See also Deployment Server System Requirements on page 336. Note If you are running Deployment Server on a MS Windows Server 2003 Domain Controller with SMB Signing enabled you cannot execute any imaging and DOS jobs. When running jobs on MS Windows Server 2003, you must change the SMB Signing Registry Key to execute DOS-based deployment jobs.
359
2. 3.
360
See Deployment Server Components on page 331 and Installing Deployment Server on page 331.
361
Altiris Solutions Center. You can select the Altiris FIRM file for the following operating systems. x86 x64 ia64 Windows PE. Browse to the Windows PE files and the Microsoft Windows operating system path. Altiris supports Microsoft Windows PE 2005, and Microsoft Windows 2003 SP1. You can select the WinPE files for the following operating systems. x86 x64 ia64 See Boot Disk Creator Help, and PXE Configuration Help.
362
363
Type the IP address for the Altiris PXE Server and the Deployment Server. Type the path on the computer to install the Altiris PXE Server. Select the pre-boot operating system that can be used as the default PXE boot menu item. The pre-boot operating system options that are enabled depends on the options selected for pre-boot operating system in the Pre-boot Operating Systems page. Example: if you select Linux in the Pre-boot Operating Systems page, the Linux option is enabled as the default PXE boot menu item. See also Installing the Automation Agent on page 352, Pre-boot Operating System (Simple) on page 361, and PXE Configuration Utility Help.
2. 3.
364
Note If you are installing an additional Deployment Web Console using Add Component, the Do not Install option is disabled. See also Deployment Console on page 332 and Deployment Server Components on page 331.
Sysprep
Enter the location of the Microsoft Sysprep files according to the operating system. Type the location or click Browse and select the required files. If you install the Itanium Windows operating system to a computer that is not an Itanium box, an error message appears that the file is valid, but is of the wrong type for the computer. To resolve this issue, access the Deploy.cab file from an Itanium box and save it on the server before you install Deployment Solution.
Installing Components
Click Install, or click Back to change settings. See also Deployment Server Components on page 331.
365
Download Adobe Acrobat. Select this option to download the Adobe Acrobat Reader to read the documentation in the .PDF format. Click Finish. See also Deployment Server Components on page 331.
Add Components
If you have already installed Deployment Server, you can add components to the existing system. Select the type of component you want to add. See also Deployment Server Components on page 331.
Console Install
You can install the Deployment Console on either the local computer or multiple remote computers. Installing the Deployment Console to remote computers lets you manage computers from multiple Deployment Consoles across the Deployment Server installation. Click On this computer to install the Deployment Console to the local computer. Click On a remote computer to install the Deployment Console to a remote computer. Type the computer name or browse and select a computer. See also Deployment Server Components on page 331 and Installing Deployment Server on page 331.
366
367
The Web console for Deployment Solution provides standard Computers, Jobs, and Details panes to view computer icons and properties, perform remote operations, schedule deployment jobs, and identify the state and status of computers in your system. See Deployment Web Console Basics (page 369). Deployment from the Altiris Console lets you manage and generate reports across multiple Deployment Server systems and integrate additional Web applications available in the client and server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, and Application Metering solutions. Deployment from the Altiris Console lets you generate enterprise-wide reports that track deployment resources and integrate features such as Package Servers for location-sensitive software distribution. Notification Server also provides collection features to group computers by defined criteria. See Deployment from the Altiris Console (page 386). The Deployment Console is a Windows-based console with complete deployment and management features, including remote control, security, PXE server configuration, image editing, and other deployment utilities and features. To launch the Deployment Server Console, double-click the icon on the desktop or click Programs > Altiris > Deployment Solution > Console. See the Deployment Server Help and Deployment Product Guide for additional information.
368
The Deployment Web Console also provides features and functionality to integrate with Microsofts Automated Deployment Services (ADS). See Automated Deployment Services (ADS) (page 385). See Basic Tasks from the Deployment Web Console (page 372) for steps to manage and deploy computer devices from the Deployment Web Console.
Up/Down arrows. Click to change the order of items in a list. Example: the order of tasks in a deployment job.
Task User Passwords. Click to change the users task password on multiple Deployment servers. Users have access to the job tasks: Copy file to, Distribute Software, Run Script, Distribute Personality, and Capture personality. Find. Click to find or filter selected computers in a group or jobs in a folder. You can also filter computers by operating system or jobs by task types.
369
Deployment Web Console options. Click to set these features set properties for the Deployment Web Console and the ADS features. About Deployment Web Console. Click to view supported Deployment Servers, licensing information for each system, and general information. Help. Click to open help documentation for the Deployment Web Console.
Like all Deployment consoles, the Deployment Web Console is divided into several panes to organize computers, deployment jobs, software packages and scripts. It gives you a graphical view of your network and provides features to build jobs, store and access jobs and packages, and report the status and state of all of your computer resources.
Computers pane
From the Computers pane, you can traverse multiple Deployment Server systems and navigate the treeview of each system to select computers or computer groups. You can view Computer Details, run Remote Operations, or Assigning and Scheduling Jobs for each selected computer or group. Elements of each group appear in the Details pane with features to view properties and run management tasks. By drilling down into a selected Deployment Server system, you can view and select New Computers and other computer groups defined for your organization. When running Deployment from the Altiris Console, you can also identify managed computers within the Altiris Console Collections created by Notification Server. These collections identify only managed computers with the Deployment Agent installed, displaying computers by operating system, computer model, type, or other properties. You can now manage computers by defined groups or filtered by client type.
When a computer or group is selected, the Details pane shows a list of computers in the group and gives basic information about each computer. The Find detail bar appears in the Details pane to filter computers by a set criteria. When a computer is selected, you can view the computer status in the Details pane, including a list of jobs that have run or are scheduled to run on the computer and the status of each job. See Managing
370
Computers from the Deployment Web Console (page 398) for complete information about organizing computers, running remote operations, and viewing properties from the Computers pane.
Jobs pane
Use the Jobs pane to create and build jobs with specified deployment tasks. You can organize the job objects using the New job folder command from the Select Action list. Jobs in one Deployment Server group can be scheduled to computers in another Deployment group, where they are replicated to the source Deployment Server. Jobs can also be replicated directly to another system using the Move job command in the Details pane. From the Jobs pane you can schedule and execute deployment jobs such as creating images, deploying computers, changing configurations, or installing software. Once a job is created, you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a particular time, or saved for a later time. See Scheduling Jobs from the Deployment Web Console (page 419) for complete information about setting up, importing, and managing computers from the Jobs pane.
Jobs are organized by Deployment Servers, listing all job folders and individual jobs for a specific site under the name of the managing Deployment Server. When a job is selected, the Details pane displays a list of jobs in the folder and provides basic information about each job object, such as its state, status, and task list. It also shows the computers or computer groups to which the job is assigned.
Details pane
The Details pane is the right-hand pane in the Deployment Web Console. It extends the user interface features when working in the Computers or Jobs panes. When you select Deployment Servers in the Computers pane, the Details pane lists all associated Deployment Server in your organization and displays links to access the computers and jobs for that site. When you select a specific Deployment Server, all computers and computer groups for that system appear. When you select a Deployment Server in the list, the computer groups and managed computers for that system appear. When you select a job icon in the Jobs pane, the Details pane displays information about the job to set up conditions, order tasks, and add, modify, or remove tasks.
371
The Deployment Web Console appears with the following console options. Clear the computer and job selections after scheduling. Select this option to clear selected computers or computer groups and the associated jobs assigned to them. Prompt before performing operations. Verify actions to the user before scheduling jobs or performing other operations. Show physical devices. Show blade servers as Rack/Enclosure/Bay objects in the Computer pane.
3.
372
2. 3.
To clear the computers or jobs and reselect, click the clear icon. 3. Click Run Now or Schedule to run the selected jobs on the selected computers. Secondary pages appear to set scheduling values.
Scheduling Jobs
After selecting computers or computer groups and assigning jobs, you can now select to run the job immediately or schedule it for another time. See Scheduling Jobs on page 373.
373
appears in the Details pane. Then, double-click a particular Deployment Server in the Details pane to view the Deployment Server Options page. You can change the following options: Global (page 374) Maintenance (page 375) Agent Settings (page 375) Security (page 380) Logon (page 385)
Global
Set global options for the selected Deployment Server. Synchronize display names with windows computer names. Automatically updates the display name of the managed computer names in the Web console when the managed computer name changes. If this option is not selected, changes to computer names is not reflected in the Web console. Synchronization option is off by default. The computer names do not have to be synchronized for the Deployment Server to manage the computer. Display imaging status on console (percent complete). Shows the status, in percentage, for the scheduled imaging job. Deployment Agent/Deployment Server file transfer port. Specify a static TCP port for file transfers to the clients or choose to assign it dynamically. The default value for static port is 0 and causes the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamically assigned port. The transfer port range is 1 to 2147483647. Remote control ports. You can specify the two ports; Port 1 and Port 2 by selecting the Remote control ports check box. By default the check box for Remote control ports is not selected and dynamic port is used while remote controlling. If the Port 1 is already in use, Port 2 is used for remote control. The remote control port ranges from 0 to 65535. Key. Specifies the primary lookup key type used to associate a new computer with a managed computer. The options are Serial Number (SMBIOS), Asset Tag (SMBIOS), UUID (SMBIOS), or MAC Address (SMBIOS). Speed. This is the file transfer speed between the Deployment Server and client computers. Select a transfer rate from the Speed list. Change Sysprep Settings. Enter the global Sysprep values you want to use when creating or distributing disk images. Click Change Sysprep Settings to view the Sysprep Settings dialog.
SysPrep Settings
OS Product Key tab Click the drop-down arrow and select an Operating System from the list. Then, click Add product key to enter product key (up to 29 characters) information. Add as many product keys as needed and select a product key from one of the keys listed. To modify a product key, select the product key and click Modify product
374
key. To delete a product key from the list, select the product key and click Delete product key. Note If a product key is being used by another task, a message prompt appears that the product key is currently in use and you cannot delete the product key until the task completes.
Maintenance
Retry failed imaging jobs immediately. Immediately retry a failed image deployment job. The program continues to retry until the job succeeds or until the job is cancelled. Automatically replace expired trial licenses. Allows Deployment Server to automatically assign a permanent license to the managed computers after the trial license expires. Delete History older than _____ days. Specify the number of days an entry is kept in the history until it is deleted. If the number of days is set to 0, no entries are kept in the history. If this option is not selected, log entries remain in the history. Remove inactive computers after _____ days. Specify the number of days you want to keep inactive computers in the Deployment database before they are deleted. The default value is 30 days, but any number between 1 and 10,000 is valid.
Agent Settings
Use the Agent Settings tab to control the default agent settings for new computers. These default settings are applied only for new client computers that have never connected to the Deployment Server and have no information stored in the Deployment Database. Production Agent Settings Force new Production agents to take these default settings. Select this option to force these settings when adding a new computer. Modify default settings. Click this link to change Deployment Agent Settings for Windows and Linux systems. See Production Agent Settings (page 375). Automation Agent Settings. Force new Automation agents to take these settings. Select this option to force these settings to effect new client computers until you can change the settings using the Deployment Console. Modify default settings. Click this link to change Automation Agents Settings. See Automation Agent Settings (page 379).
375
Click the Modify default settings link to set or modify Deployment Agent for Windows and Deployment Agent for Linux properties from the same dialog. The Production Agent Settings dialog appears.
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the Deployment Agent connects to the Deployment Server you selected to configure. Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server computer. Port. Enter the port number communicating with the Deployment Server. Enable key-based authentication to Deployment Server. Select this option to valid the client computers that are trying to connect to the Deployment Server. This helps keep rogue computers from connecting to unauthorized Deployment Servers. Key file. Enter or browse to an authorized key. The client computer checks the Deployment Server authentication key and if a match is made, the client connection is allowed. Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast address if they are on the same segment as the Deployment Server or if multicast is enabled on the network routers. Ensure that the multicast address and port match those set up on the Deployment Server. Try using defaults on both the client and Deployment Server if you are having problems connecting. Managed computers should use the Deployment Server IP address if multicasting is disabled on the network routers or if they are not on the same network segment as the Deployment Server. The port number must match the number set on the Deployment Server. Otherwise, your clients cannot connect. Server Name. Enter the NetBIOS name of the computer running the Deployment Server. Port. Enter the port number distributing the multicast address. Multicast Address. Enter the group multicast address. TTL. Specifies the number of routers the multicast request is can pass through. Change this setting if you need to find a Deployment Server that is more than 32 routers away (default setting) or if to restrict the search to a smaller number of routers, making it easier to find the closest Deployment Server. Refresh connection after idle. Select the Refresh connection after idle check box and set the refresh time by seconds, minutes, hours, or days. The Deployment Server closes the connection after the specified time and immediately tries to re-open the connection. This forces clients to realize the network is down. The default checking is of 28800 seconds or 8 hours. It is recommend keeping this setting above 28800. Do not set this option too low--reconnecting to the Deployment Server increases bandwidth when connecting. If this option is set too low you can run into problems where it takes longer for your clients to connect than to refresh their connections. Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by selecting this option, which saves bandwidth when running deployment tasks on slower connections.
376
Access
Set these commands to control how the client handles requests from the server. Allow this computer to be remotely controlled. If you select this option, the administrator can remote control the selected computer. The default setting is to NOT allow the computer to be remote controlled. Prompt the user before performing actions Shut down and Restart. Select for the user to be prompted before shutting down or restarting the computer. This feature overrides the Power Control option from the Deployment Server to Force applications to shut down without a message. Copy file and Run command. Select for the user to be prompted before running a program or executing file copy commands Remote Control. Select for the user to be prompted before running the Remote Control commands. You can set a default time before running or aborting the commands. Select the time for the user to respond and either continue with the operation or abort the operation. Time to wait for response. If one of the Prompt the user before performing actions is selected and the user is not at the computer to respond, you need to decide whether to continue or abort. Select the amount of time you want to wait for a response, and select one of the following: Continue the operation. Click to continue without receiving a response from the user. Abort the operation. Click to not continue without receiving a response from the user. Select when the Deployment Server is denied access to the Deployment Agent. Select the days and set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set a password so that the user on the client computer can only view and modify the User Properties of the Altiris Client Settings on the managed computer. Encrypt session communication with Deployment Server. Select to allow encryption from this managed client computer to the Deployment Server. This allows encrypted data transmissions between the Deployment Server and the Deployment Agent on the client computer. If selected, the client computer can connect (but is not required to connect) using encryption. To enable encryption protocols, you must open the Deployment Configuration tool (Start > Programs > Altiris > Deployment Server > Deployment Configuration tool), and select the Transport tab. Select the Allow encrypted sessions with the servers check box to allow Deployment Server to transmit using encryption protocols. Require encrypted sessions with the servers. Select to require encryption between the managed client computer and the Deployment Server. If this option is selected and the option to allow encryption in the Deployment Configuration tool is not selected, the Deployment Server does not communicate with the Altiris Client on the managed client computer.
377
Note Selecting encryption options slows down the communication path between Deployment Agent for Windows and the Deployment Server, so do not use encryption unless it is necessary for high security environments. Password protect Admin properties. Select to allow users on the managed computer to access the Admin properties only if they enter the set password. If the option is selected and the user does not know the password, they have rights only to open the User Properties, which includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog. Click Edit Password to change the password settings for users trying to access the Admin properties. Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer. If you hide the icon you are required to run AClient.exe -admin to view and modify the complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system, allowing you to save different types and levels of information to the log files. You can save a text file with log errors, informational errors, and debugging data using this dialog. If the log exceeds the specified size, older data is dropped from the files. You can maximize the size of the log file to save all selected data. Save log information to a text file. Click to save information to a log file. File name. Enter the name and path of the log file. The default is to save the log file to the \Program Files\Altiris\AClient\AClient.log file. Maximum size. Enter the maximum number of bytes for each log file. Log errors. Select this option to save only the errors returned when running a job or operation between the Deployment Server and the Deployment Agent. Log informational messages. Select this option to save a list of procedural steps run on the client computer. Log debugging information. Select this option to list comprehensive debugging information in the text file. Use this tab to save the Deployment Agent for Windows log file. By default, the option Save log information to a text file is cleared. Select it to enter a file name for the log and the maximum size for the log file. Note If the log exceeds the specified size, older data is dropped from the files, so it is recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake On LAN packets from the Deployment Server. Setting the managed computer as a proxy client computer forwards or re-creates the multicast packets. A
378
managed client computer set up as a multicast proxy simply acts as a Deployment Server and advertises the servers name and IP address through multicasting. Or you can set the managed computer as a proxy to send Wake On LAN packets. Set these options to control how the managed computer can act as a proxy agent, identifying the type of traffic this managed computer can forward from the server. Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN packages. Forward Deployment Server multicast packets. Select if you want to advertise the Deployment Server to client computers on another LAN segment or if the client computer is on the other side of the router. Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed computers to delay jobs until after system startup. Specify the Windows boot drive. Specify the drive that the client computer can boot from. The default is C: Force all programs to close when shutting down. Select this option to shut down applications when using Power Control features. The user is still prompted to Abort or Continue the shutdown. Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of managed computers with the time of the Deployment Server. Prompt for a boot disk when performing automation jobs. Select this option to prompt for a boot disk while doing any automation jobs. Advanced Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication. Select this option to disable the direct disk access for automation communications.
Drive Mappings
Set drive mappings used by the Automation Agents to access hard disk image files and other packages from a specified network drive. It is required that the F Drive be
379
mapped to the Deployment Share. You can also map other file server directories when storing large numbers of image files or deployment packages. Drive. Select the drive letter of a shared folder. Example: F: \\WebDeploy\Image
files.
Note You must select a shared folder in this field. From the browse window you are allowed to select any type of folder, but the Automation Agents can only map and access files from a shared folder. Path. Enter a UNC path.
Authentication
Enter the login credentials that Automation requires to map network drives. The associated credentials for each network drive must have the appropriate rights for the Automation Agents to access files. Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Automation Agents can log on to map the network drives. User name. Enter the user name that the Automation Agents can use to log on so they can map to the specified network drives. Password. Enter the password.
Network
These settings allow you to match the IP address with the computer name, as maintained in the LMHosts file in automation partition. 1. 2. 3. Click the Add LM Hosts icon. Enter the Computer Name to associate with an IP address. Enter the IP Address. You can click Lookup IP and the IP address field automatically fills in the IP address of the computer you entered in the Computer Name field. Click Apply.
4.
Security
This features lets you enable or disable security for the Deployment Server. You can also add local users and local groups, import both Active Directory users and groups, and assign rights for users to perform Deployment Solution operations. Use the Security tab to provide enable/disable security and to add local users and local groups. You can also import both Active Directory users and groups and assign rights to all of them. You can create users and groups and set scope-based rights. Enabling Security (page 381) Rights (page 382) Setting Permissions (page 383)
380
Enabling Security
You can enable security by first creating a user with Administrative rights or selecting a user who belongs to a group having Administrative rights and selecting Enable Security.
To enable security
1. 2. 3. 4. Click the Deployment Servers link in the Computers pane. A list of all available Deployment servers appears in the Details pane. Select or click the specific Deployment server in the Details pane to view the Deployment Server Options page. Click the Security tab. Click New User to add new user information. Type the user details. Note The first user automatically gets the administrative rights. Any subsequent users do not have rights and cannot be added to any group by default. You can also import new users from the Active Directory. See Importing user groups from Active Directory (page 382). 5. 6. 7. 8. Click Membership to view the membership groups and all available groups. Click Rights to view the available rights. Click Apply to add the user. Now that you are an administrator, select the Enable Security check box. Security is now enabled. You can now create users and groups and assign permissions to computer groups and job folders.
Membership Groups
Assign the user to previously created groups. If enabling security, you can assign the user to a group with Administrative rights. 1. 2. Click New Group from the toolbar. Enter a name for the group and a description, and click Apply.
381
DS Authentication
If the user is already in the DS database, and it tries to access the Deployment Server Console, DS checks the authentication with the logged on user, and upon matching doesn't prompt for user credentials. Similarly, if a group has already been added in the DS database, and any user who is a part of the group tries to access the Deployment Server Console, DS doesn't prompt for credentials. This method of authentication is the same for AD user and AD group also.
Rights
Rights allow you to set general rights for a user or group. To verify, add or change the rights assigned to each console user, use the following steps: 1. 2. 3. From the Security tab, click a user and click Rights. Select the check box for every right you want to grant. After selecting all applicable rights, click Apply to save your changes.
A brief explanation of each deployment server right that can be assigned is detailed below:
Administrator
Lets you access all available features from Deployment Web Console. You must have Administrator rights to enable security. Lets you view and set console options. Lets you view and set global options Lets you view and set domain accounts options. Lets you view and set RapiDeploy options. Lets you view and set agent settings options. Lets you create custom data sources options. You can view, create, and set database tokens. Lets you view rejected computers in Deployment Solution and change their status. Lets you Refresh Deployment Solution clients. Lets you schedule jobs on all computers. If you have Administrator rights, by default you have the rights to schedule job on all computers, irrespective of the state of the Allow scheduling on All Computers check box. You can grant this right to a specific user or a group.
Options Console Options Global Options Domain Accounts Options RapiDeploy Options Agent Settings Options Database Tokens Manage Rejected Computers Refresh Clients Allow scheduling on All Computers Groups
382
Administrator
Lets you access all available features from Deployment Web Console. You must have Administrator rights to enable security. Lets you import and export any jobs/computers. Lets you centrally update passwords for users and groups so they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating or modifying jobs. You must have administrative rights to access this option. Lets you set up and modify PXE Configurations.
Setting Permissions
Set permissions for jobs, job folders, computers, computer groups, and physical devices. 1. 2. 3. 4. 5. 6. Click the Deployment Servers link in the Computers pane. Select or click a specific Deployment server in the Details pane to view the Deployment Server Options page. Click the Security tab. Log on as a user with administrative privileges. A list of all computers belonging to the selected Deployment Server appears. Click a specific computer to view its property, inventory, and scheduled jobs status. Select Permissions from the Computer actions drop-down list. Notes If you do not have administrator privileges, you cannot view Permissions option. You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers pane without selecting a job or computer object. 7. 8. A list of users or user groups appears. You can select a user or a group and grant permissions accordingly. Select the check box for the permission group to allow the permissions you want to grant for the selected user or user group. Notes Administrators have access to all objects with unrestricted rights and permissions. The description of each permission group appears under Description column. You cannot explicitly deny permissions to computer or job objects for users with administrator rights. 9. Click Advanced to view the advanced options associated with the selected permission group. This page contains Allow as well as Deny check boxes. For information on evaluating permissions, see Evaluate Permissions (page 384).
383
10. To assign permissions to multiple groups, click Apply permissions recursively to all child objects to assign the permissions. 11. Give permissions as per your requirements, and click Apply. Notes If a user does not have the Schedule this job permission for a particular job, the user cannot schedule it. This is irrespective of any other privileges. If a user has Schedule this task permission for a certain task and the user schedules the job and the user modifies the job by adding another task, for which the schedule task permission is not allowed, the second task also gets executed. This is because the Web console checks the permissions only before scheduling the job, and not after the execution of the job.
Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are to be enforced: Permissions cannot be used to deny the user with Administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is the one enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find, which is the one it uses. If a Web Console user does not have permissions to run all tasks the job contains, the user is not allowed to run the job.
Evaluate Permissions
Identify the combined permissions of groups and containers with contrasting permissions. You can identify effective permissions for each object by resolving any possible conflicts. Permissions are represented in three different stages according to the state of the check box, which is called tri-state check box. This tri-state displays a full check mark when all permissions in the selected group are allowed. It displays a partial check mark (check mark with a grey background) when at least one, but not all permissions in the selected group are allowed. And finally, it displays no check mark if none of the permissions in the selected group are allowed. You can evaluate permissions in three ways: If none of the Allow or Deny options are selected for a permission associated with a subfolder, it inherits the options specified for the permission associated with its parent group. This type of inheritance can be confirmed with the message that appears for the subfolder. If a user group is associated with some permission, the users belonging to that group inherits the same permissions as that of the group. This is true only if none of the 'Allow' or 'Deny' options are specified for a permission for that user.
384
The Deployment Web Console displays the simple as well as advanced options of granting permissions. The simple option displays only the Allow column, whereas the Advanced option displays both the Allow and Deny column. Security permissions are grouped together and appear as a single Permission group under Simple option. You can use the Advanced option to view all the individual permissions that together form the Permission Group. This grouping of permissions varies from object to object. Example: a Modify permission for a job folder can contain different security permissions than a Modify permission for a computer group. To view all the permissions related to a specific permission group, select the check box for a specific permission, and click Advanced to view the individual permissions related to the selected permission group. If you want to exclude a specific security permission, click Advanced to view the individual permissions related to the selected permission group. A list of all permission with Allow and Deny check boxes appears. Select the Deny check box or clear the Allow check box for the specific security permission, and click Apply.
Logon
This option lets you set user credentials for the Deployment Server, but only if Role Base Security is enabled for the server you selected. The user can access the server through the Deployment Web Console. If you want to change the Task Password for multiple Deployment Servers, select the servers from the Details pane and click the Task Password icon on the toolbar. Username. Enter the name of the user. Password. Enter a password for the specified user. Confirm Password. Enter the password to confirm the entry. Domain. Enter the domain name for the specified user.
1. 2.
Click the Console Options icon Console. Select the Enable ADS option.
An ADS Controllers collection appears in the Computer and Jobs pane. 3. 4. In the Computers pane, click ADS Controllers. From the Details page, click the Add icon to enter the computer name where the ADS controller is installed. Enter the login credentials and access paths on this page. All specified ADS controllers are listed. In the Jobs pane, click ADS Controllers. Enter credentials and ADS paths as in step 4. All ADS controllers, devices and job templates appear. You can now manage computer devices using standard ADS features.
5.
385
386
387
3. 4.
388
2.
In the left pane, select Configuration > Solutions Settings > Deploy and Migrate > Deploy > Deployment Server AClient Configuration > Deployment Server AClient Package. On the Package tabview, specify the Name and Description for the package. Click the Programs tab. Check the command line and the specified parameters in the Command line field. Click Update Distribution Points. Click Apply.
3. 4. 5. 6. 7.
The Deployment Server AClient package is created. For more information, see Exporting and Importing Deployment Jobs (page 393).
3.
Database Login ID. Enter credentials for the Deployment Database selected in the list. Role-based user name. Enter credentials if Deployment Solution security has been enabled using the Deployment Server Console.
389
3.
Select reports specific to Client Information, Job Information, Job Status, Server Information, or Software Deliver Execution Status. A description of each report appears in the Details pane after it is selected. Click a report option to run, view, or schedule a report to run.
4.
390
Replication of packages from a central Deployment Server to other Deployment Servers is a one-way process: You can build and copy packages from the Library of a central Deployment Server to replicate to other Deployment Servers; however, any changes made to a destination Deployment Server cannot be replicated back to the central Deployment Server. After the package files have been copied once (per each package server), they can never be copied again unless the files are updated, new files are added to the package, or files are set manually to be copied down to other destinations again. When the Deployment is installed and enabled on the Altiris Console (on Notification Server), default packages, collections, and policies are created to take advantage of Package Server technology. To complete the setup process, however, additional configuration steps are required. Setting up Package Servers requires three basic steps: 1. 2. 3. Setting Up a Central Deployment Server Library (page 391) Setting Up Package Servers (page 392) Exporting and Importing Deployment Jobs (page 393)
Note Before delivering packages, check the Package Server settings and the package settings to ensure that the package can be delivered. The DS install package by default is not set to use any Package Servers. There is a global configuration variable that says not to allow any package downloads from the server, leaving the DS Install in a state where there is no way to access the package.
Files\Altiris\eXpress\Deployment Server).
391
2. 3. 4. 5.
Create a Library directory. Under the Library directory, create subdirectories to use for images, RIPs, or other package files. Create a Temp directory for deployment tasks that require a temp directory. Copy into this structure any required files accessed during execution of the jobs.
Note Any job that is automatically created needs to be modified before running or the default directories cannot be correct. Example: if you choose to change the configuration of a computer by choosing the Configure option in the Deployment on the Notification Server, the task creates a CFG file in the temp directory located in the Deployment Server directory. For this task to replicate correctly, you must copy the file into a temp directory under the Library structure and edit the task to point to the file in the Library\temp directory. Remember that only the files under this structure are replicated to the other Deployment Server installations. After installing Deployment from the Altiris Console, you have two packages and one policy created to help facilitate replication. You can manually modify the packages and enable the policy.
392
3.
Select the applicable Package Source method and enter the correct path to the Central Deployment Server Library. Choose from one of the following options: Access Package from a local directory on the Notification Server computer Use this option when the central Deployment Server is installed on the same computer as the Notification Server. Fill in the Package Location box with the correct path for the Library. Access Package from Existing UNC Use this option when the Deployment Server that has been configured as the Central Deployment Server Library is not installed on the same computer as the Notification Server. When using this option, read and follow the instruction on this page. Note Depending on the amount of data in the Central Deployment Server Library, a message warning you about the size of the files in the Package can appear. This message is to remind you that all files in this directory will be sent when this package is used.
4.
Select Package Servers. This option lets you specify to which Package Servers you would like this package to be replicated to.
5. 6. 7.
Enable all applicable Package Servers by clicking the Enabled check box. To identify the destination directory (where the package files will be sent) on the destination Deployment Server, select the Advanced tab. At the package destination location, enter the destination path:
\\%COMPUTERNAME%\eXpress\Library
8. Select Apply to save the changes.
As soon as the Notification Server Clients Configuration request interval time (on the destination Deployment Servers) has elapsed, the files in the central Deployment Server are sent to the Package Servers on other Deployment Servers.
393
2.
394
As can be seen in the figure above, the default command-line parameters for the aximport.exe program are configured to use the Task.bin file. This file contains the exported Deployment Server deployment tasks (jobs). Note The /o switch causes the import to replace any tasks with the same name as those being imported. If this is not the desired result, change the command-line options. If you have Console Security enabled, the username (/u) and password (/p) command line options need to be included for this process to work correctly. /u Database user name /p Database user password Example: aximport.exe task.bin /o /u administrator /p yourpw See the command-line chapter in the Altiris eXpress Deployment Solution User Guide for additional command-line options for aximport.exe. 4. Select Apply.
You can choose to force an update of the package to ensure that the task export file is in the package.
The policy is now enabled. The next time the Notification Server Clients configuration timer elapses on the Deployment Servers with Package Server installed, the policy is executed. On the destination Deployment Servers, a DOS box appears on this computer and aximport.exe is run.
395
(from the Solutions tab of the Notification Server Administration Console) and selecting the Update Distribution Point option. From a destination Deployment Server, the policy to import the Deployment Server jobs can be forced to run again by manually scheduling the policy.
Setting polling intervals and configuration request intervals requires that you plan how often you want to refresh console and deployment information based on network traffic requirements. If you set frequent updates (such as setting a polling interval to 1 minute), your console information is relatively up-to-date, but network traffic is heavy because data is extracted and transmitted every minute from every Deployment Database to update the Notification Database. In contrast, if you set polling intervals and configuration requests for a larger polling interval (such as one day), your network traffic is light--and you can plan the polling updates for off-hours--but report data is more static and out-of-date. The balance between timely deployment information appearing in the Deployment view on the Notification Server and the level of network traffic should meet your IT policies, organizational requirements, and network design. See Setting the DS Agent Polling Interval (page 396). See Setting the Altiris Agent Configuration Request (page 397).
396
Multiple policies to configure or install Deployment Server Agents are provided. 3. Select the Deployment Server Agent for all Deployment Servers. You can also select settings for each Deployment Server installation. 4. 5. Set the Computer/Job Polling Interval. Click Apply.
397
To select a computer to run remote operation or schedule a job, select a Deployment Server group icon from the Computers pane and select the computer or computer group in the Details pane. Select a job and click Run Now or Schedule.
Manage multiple Deployment Server sites. From the Deployment Web Console, you can now access different Deployment Server systems and manage all sites or network segments across your organization. Each Deployment Server site is identified in the Computers pane under Deployment Server. You first select a Deployment Server icon and expand the treeview to see the computers and computer groups managed by the selected Deployment Server. See Managing Multiple Deployment Server Systems (page 399).
Manage with Computer icons. Major computer types are identified by a computer icon in the console, with a listing of scheduled jobs and operations associated with each computer. In the Deployment Web Console, you assign and schedule deployment jobs to computers or groups with easy-to-use Web features. See Viewing Computer Details (page 402). Add new computers. Deployment Solution lets you add new computer accounts and set configuration properties for new computers before they are recognized by the Deployment Server system. Preset computer accounts automatically associate with new computers when they start up, or can be associated with virtual computers. See Adding New Computers (page 403). Deploy to groups of computers. Organize computers by department, network container, hardware configuration, software requirements, or any other structure to meet your needs. You can deploy and provision computers on a mass scale. To filter computers in a computer group to schedule jobs only to the appropriate computer types, see Creating a Computer Group Filter (page 417).
398
Configure Computer Agents. See the property pages for modifying Deployment Agent settings. See Deployment Agents (page 410). View and configure computer properties. You can modify computer settings for each computer from the console. See Computer Configuration Properties (page 406). Or you can view the Computer Properties page for detailed access to a computers hardware, software, and network property settings. See Computer Details (page 412). Run remote operations from the console. Perform operations quickly in real-time from a Deployment console. Configure property settings, send a file, run deployment jobs or select from additional management commands. See Remote Operations (page 415). Build and schedule jobs. Build deployment jobs with one or more management tasks to run on selected computers. Create jobs, add tasks, assign the job to computer groups. Jobs can be organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling Jobs on page 102.
Note To push down a new installation of Deployment Server using Deployment from the Altiris Console, see Installing Deployment Solution from the Altiris Console on page 14. 2. 3. Enter the computer name for the computer running Deployment Server. Enter the port number if it is different from the provided default. Use Logon tab to set security options, if required. This lets you authenticate to a role if security has been set up in the Deployment Server Console. The Deployment Server appears in the Computers pane with its job folders listed in the Jobs pane.
399
Note This tab is visible only to the administrators and those users who have the rights to modify password.
4. 5. 6.
The job from the original Deployment Server appears in the Deployment Share of the targeted Deployment Server. If the job includes associated files, a linked icon appears with the job identifying that the associated files are referenced from the original Deployment Server system.
400
2. 3.
Select Copy job/folder in the Select Action list. The Job/Folder Selection page appears with all Deployment Server systems and their job folders. Select a folder in another Deployment Server system from this page and click OK. The job is replicated from the original Deployment Server system to the targeted Deployment Server system. If the job includes associated files, a linked icon appears with the job identifying that the associated files are referenced from the original Deployment Server system.
Note To successfully replicate a job from one Deployment Server to another Deployment Server, both Create and Modify Permissions are required for the Job objects if security is enabled. Otherwise, the job does not appear in the target Deployment Server Console, and an error appears in the Altiris Console Manager log in the Event Viewer.
401
Computer connected to Deployment Server but the user is not logged on.
Computer not currently connected to the Deployment Server but known to the Deployment Database. The computer is designated as a master computer and is used to broadcast images to other client computers.
A virtual computer with values defined in advance using the New Computer feature. As soon as the computer connects and the Deployment Server recognizes the new computer and changes the icon. See Adding New Computers on page 63. A client computer waiting for user interaction before running deployment tasks. This icon appears if the Workstations check box is selected on the Advanced tab of Initial Deployment. See Advanced on page 131.
A managed server connected to the Deployment Server with a user logged on. Additional icons identify different states of server deployment. A managed Linux computer connected to the Deployment Server with a user logged on. Additional icons identify different states of Linux computer deployment.
402
View the Physical Devices by clicking the drop list in the Computers pane and selecting Show Physical Devices. Physical view of Rack/ Enclosure/Bay components for high-density server systems. These icons appear as physical representations to allow management of different levels of the server structure. In addition, server icons identify logical server partitions. See Bay on page 70 for properties and rules to deploy Rack/ Enclosure/Bay servers.
Select the New Computers or All Computers group to run jobs or operations for these default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar computer types or to list computers of similar departments or locations. Click New Group or select New > Computer Group to create a new group.
403
The New Computer icon appears for a new computer if the MAC Address is provided when creating a new computer account using any import or new computer account feature. A virtual computer icon appears if specific hardware data (MAC Address) is not known. As soon as the computer starts up and is associated with a virtual computer account, Deployment Server recognizes the new computer and the icon changes.
A virtual computer account can be associated with a new computer using the Initial Deployment feature. You can create multiple virtual computer accounts and associate the account with a new computer when it boots to automation. At startup, the configuration settings and jobs assigned to the virtual computer can be associated with the new computer.
Virtual Computers
Deployment Solution provides features to create a virtual computer to pre-define a computers configuration settings and assign customized jobs to that computer even if you do not know that computer's MAC address. This type of computer is known as a virtual computer. Virtual computers offer a great deal of power and flexibility, especially when you need to deploy several computers to individual users with specific needs. The virtual computer saves time because you can configure the computer before it arrives on site. You can set up as much configuration information (computer name, workgroup name, and IP address, for example) you know about the computer and apply it to the new computer as it comes online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer using customized images, MSIs and RIPs based on a user's specific needs. When the new computer finally arrives, you are ready to deploy it because have done all the work ahead of time. Just set the managed computer option in PXE or automation and the new computer can connect to the server as a managed computer. The virtual computer you created now turns into a managed computer in the console.
404
Computer actions drop-down list or click the new computer icon in the Details pane.
The Computer Configuration Properties appears. 2. Type the name of the new computer (up to 15 characters) and configure settings. A virtual computer icon appears in the selected group.
When a new computer starts up, you can assign it to this preset account.
Enter the number of computers to be placed in the name range. Enter the core name in Fixed text and a numeral for the range start. Select Append to incrementally add the numeral to the end of the Fixed text. If you clear this box, the numeral is added to beginning of the name.
405
Networking Settings
Use the Sysprep utility to generate unique SIDs. This can be done by manually using these utilities or when installing the Deployment Agent. Computer name This is the NetBIOS name for the computer. The name must be unique in the network and is limited to 15 characters. Computer Name box is disabled for multiple computer configurations.
406
Create a sequential range of computer names. You can identify a root name and automatically increment its associated number. This option is available when selecting groups of computers. For new computers, set a range of names for multiple new computers: Number of computers. Enter the number of computers to be automatically named. Fixed text. Enter the text portion of the name you want associated with each computer, for example: Marketing. Use Token Select the check box to specify the computer name using tokens. Selecting this option enables Fixed text combo box and disables the Range start, Label, and Append options. Note This option is applicable for multiple computers and not for single computer.Fixed Text: You can select one of the six tokens from the drop-down list. %NAME%- Complete computer name. %NICyMACADDR%- MAC address of the computer with NIC specific number. Selecting this option enables the NIC Number option where you need to specify the NIC number which can range from 1-8. Note The default value for NIC number is 1. %SERIALNUM%- Serial number from SMBIOS. %NODENAME%- First 8 characters of actual computer name. Range start. Enter a numeral to add to the fixed text, for example: Marketing1. Append Select to add the range after the fixed text in the computer name. If you clear this box, the number is added as a prefix to the fixed text.
Microsoft networking
Click Workgroup or Domain and enter the name. Enter either the fully qualified domain name, the DNS domain name, or the WINS domain name. You can enter the fully qualified domain name (example: mjones.yourcompany.com), and specify the organizational unit (OU) using this format: OU/ newOU/users. The complete entry to place the computer in the users OU is the following:
407
TCP/IP Settings
Host name Network adapter The Windows name of the managed computer that is hosting Deployment Server. A list of all network adapters installed in the selected computer. The network adapter with the lowest bus, device, and function number is the first listed (NIC0 - zero based). If the bus, device, and function information cannot be determined for a network adapter, it is enumerated in the order it is detected. When configuring multiple network adapters, ensure that one network adapter is not using an Intel Universal NIC driver (commonly called UNDI driver) to connect to Deployment Server. If one network adapter uses the native driver and one uses an UNDI driver, your computer appears twice in the console. Add. Click the Add icon for additional network adapters installed on the client computer. If a computer in the group has only one network adapter, it is configured only with the IP settings listed first. If IP settings are provided for additional network adapters not present in the computer, they are disregarded. MAC. The MAC address is a unique number assigned to the network adapter by the manufacturer. This is read-only. Domain suffix. Enter this to add domain suffixes to the root address. Use DHCP to obtain IP address. Click to obtain an address from a DHCP server. Assign a static IP address. Click to set static IP address values.
408
Show advanced
Select Advanced to set multiple IP Interfaces. Name. Enter a name for the IP interface. Ensure you use the eth syntax when naming new interfaces, for example: eth0:1 or eth0:new interface. IP Address. Enter or modify the IP address common to all interfaces. Netmask. Enter the appropriate subnet mask. State. The default value of the interface state is Up, which denotes that the named interface is operating. Shut down the named interface by selecting Down.
Broadcast Address. Enter the Broadcast address for the specified IP interface. Gateway. Click this tab to enter the gateway address for this IP interface. DNS. Click this tab to add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS suffixes (in order): Add the name of the Domain Suffix and use the up and down arrows to set the DNS suffix search order. DNS Suffix. You can enter DNS Suffix and specify DNS Suffix order search also. WINS. Click this tab to add additional WINS settings for this network adapter. You can select one of the three available options; Enable NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, and Use NetBIOS setting from the DHCP Server. Static Routes. Click this tab to enter the router settings information for this IP interface. All the fields, that is, Designation, Netmask, Gateway, Interface, Metric, Flag, Ref, and Use are mandatory.
409
Click and enter the name of the user object for the NetWare client. Click and enter the organizational unit context for the user. Select this option to run the NetWare client login scripts.
Marketing, Management
User must change password at next logon User cannot change password. Password never expires. Select to force the user to change the password after setting the configuration properties.
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each computer in the Deployment Server system. Deployment Agents are
410
provided for various computer types, including Windows, Linux, DOS, and PPC Handhelds. The following Deployment Agents reside on the client computer and communicates with the Deployment Server. Deployment Agent on Windows Deployment Agent on Linux Automation Agents The Deployment Agent runs on Windows computers, including desktops, notebooks, and servers. This Deployment Agent runs on Linux workstations and server. The Automation Agents boot client computers when the Deployment Server sends a deployment job. Altiris supports DOS, Linux, and Windows PE preboot operating systems. This agent runs on the HP T5000 computer devices running the CE .NET 4.2 operating system. The NS client is an Altiris agent that runs on computers supported by Notification Server. This agent runs on the Deployment Server computer when running Deployment Solution on Notification Server. This agent runs on the Deployment Server computer when running Deployment on Notification Server.
411
Computer Details
View and edit the computer properties and inventory for each managed computer. See Properties (page 412) and Inventory (page 414).
Properties
The following are the general properties of the selected managed computer. General (page 413) Network (page 413) TCP/IP (page 413) Location (page 413) Bay (page 413) Lights-Out (page 414)
412
General
View or change the name of the computer as it appears in the console. View logged in user name, operating system installed, name of the Deployment Server, whether or not an automation partition is installed, version of the Deployment Agent, and other client information.
Network
View Microsoft Networking, Novell Netware settings, and user information for the selected managed client computer.
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the selected computer. Click Change to open the configuration window allowing you to modify settings.
Location
View and edit user-specific properties such as contact name, phone number, e-mail address, department, mail stop, and site name. As the administrator, you can enter this information manually or you can let the user populate this screen using Prompt User for Properties.
Bay
View location information and other properties for Rack / Enclosure / Bay components for high-density and blade servers. Set rules for automatic re-deployment of blade servers based on physical location changes.
Rule
Re-Deploy Computer
Action
Restore a blade server using deployment tasks and configuration settings saved from the previous server blade in the bay. This lets you replace new blades in the bay and automatically run deployment tasks from its deployment history.See Restoring a Computer from its Deployment History on page 88 All deployment tasks in the bay's history are executed starting from the last Distributing Disk Image task or Scripted OS Install task, or from any script (in a Run Script task) with this command: rem deployment start.
The server processes any specified job. Select a job to run automatically when a new server is detected in the bay.
413
Rule
Ignore the Change
Action
This option lets you move blades to different bays without automatically running jobs. The server blade placed in the bay is not identified as a new server and no jobs are initiated. If the server existed in a previous bay, the history and parameters for the server are moved or associated with the new bay. If the server blade is a new server (never before identified), the established process for managing new computers is executed. (default) No job or tasks are performed (the Deployment Agent on the server blade is instructed to wait). The icon on the console changes to reflect that the server is waiting.
Lights-Out
View information about the remote management hardware installed on the selected computer (most often a server) used to power up, power down and restart the computer remotely, or to check server status. You can also enter the password for the remote management hardware by clicking Password. Note This feature is currently only available for selected HP Integrated Lights Out (ILO) and Remote Insight Lights-Out Edition (RILOE) features.
Inventory
The following are the inventory details of the selected managed computer. Hardware (page 414) Drives (page 414) Applications (page 414) Services (page 415) Devices (page 415)
Hardware
View processor make and type, processor count, RAM installed on the computer, display configuration, manufacturer, model, product name, MAC address of each network adapter installed, serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and configured.
Drives
View information about each drive on the computer. If you have multiple drives, you can select a drive from the list box to view its settings, such as capacity, serial number, file system, volume label, and number of drives installed.
Applications
View the applications that are installed on the computer, including description, publisher, version number, product ID, and systems components.
414
Services
View the services installed on the computer as well a description, start type, and path for each service.
Devices
View the devices installed on the computer, including display adapters, disk drives, ports, storage volumes, keyboards, and other system devices.
Remote Operations
After selecting a specific computer device, click the Computer actions drop-down list and select a remote operation to perform on the selected computer. This menu provides a variety of commands to remotely manage all computers in your site or network segment. Configure Set network and local configuration properties for each computer, including computer name, IP address, domains, Active Directory context. See Computer Configuration Properties (page 406). Select a computer and image its hard disk. This creates and stores the image to distribute now or later. To run a disk image job you must have have an Automation Partition installed on the client computer. You can also manually boot a client computer using bootable media created in Boot Disk Creator, or create a boot menu option in PXE Server. When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Image Jobs folder. The job name has a generic format of Create Image: <computer name>. Copy File to Copy selected files, directories, or entire directory structures and send them to the selected computer(s). See Copy File (page 437). Type and run commands remotely. Send a command from the Deployment console as if you were entering a command from the command-line prompt. View a history of deployment tasks. Click Save to save the deployment history to a file or click Delete to delete the history. To manage unwanted client computers from attaching to the Deployment Server, use the Reject Connection computer action to remove the client's MAC address and other information from the Deployment database. If the client tries to connect to the server, the MAC address cannot be found and the client-server connection is rejected. See Reject Client Computer Connections (page 372).
Run command
415
Wake Up
The Wake Up feature is hardware-dependent and is only available for inactive computers. Select this command to start a computer that has been turned off. Your operating system and network adapter must be capable of recognizing and processing the wake-on-lan packets. Nonembedded network adapters must be properly configured.
Restart
Click to reboot the selected managed computer. Select Force Applications to close without a message box to restart immediately without prompting the user. Click to shut down the selected managed computer. Select Force Applications to close without a message box to shut down immediately without prompting the user. Click to log off of the selected managed computer. Select Force Applications to close without a message box to log off immediately. Clear computer status as shown in the Status field on the Details page. Query for computer location and user information. This feature sends a form to the user to fill out and writes it directly to the database, appearing in the Location properties for the selected computer. If the user changes the computer name, the name in the Computers pane of the Deployment console also changes. These settings are stored directly to the Deployment Database.
Shut down
Log off
Click Install Automation Partition from the drop-down list, and select a pre-boot operating system for the automation partition. You can select DOS, Linux, or Windows as the preboot operating system. Update property settings for a selected computer. These inventory settings can be viewed in Computer Details (page 412). Select it to ensure you have the latest inventory of the computer. Apply a permanent license if a client computer is using a timelimited license or requires an updated license. Assign the computer or group a new name in the console. Delete a computer, a computer group, or any combination of computers and groups from the database. Select Change Production Agent Settings to modify the production agent settings. See Production Agent Settings (page 375). Select Change Automation Agent Settings to modify the automation agent settings. See Automation Agent Settings (page 379). Click to move the selected computer to a new group.
Apply Regular License Rename Delete Change Production Agent Settings Change Automation Agent Settings Move to Group
416
A list of computers meeting the search filter requirements is listed in the Details pane. This search is not case-sensitive and allows wildcard searches using the *.
Click a computer group in the Computers pane. The Filter feature appears in the Details pane for the selected computer group. Click Setup to add new filters, or modify and delete existing computer filters.
417
3.
Type a name for the filter in the Filter Name box, and click Edit Filter Name. By default, the filter name is Filter N, where N is a sequentially generated numerical.
4. 5.
Click New Filter Item in the Filter Definition area. Define the conditions you want to filter. Click the Field box to see a list of computer values stored in the Deployment Database. Select a computer value and set the appropriate operation from the Filter list. In the Value box enter an appropriate value for the selected database field. Example: You might choose Computer Name as the Field, Contains as the Filter, and Sales as the Value.
6.
418
Job icons appear in the Jobs pane of the Deployment Web Console. To run a job, select a job and select a computer or computer group from the Computers pane. Select the Schedule Job(s) option from the Select action drop-down list.
The Job Scheduling Wizard (page 422) guides you through common deployment and management jobs. It provides three easy steps to select computers, select a job, and schedule the job to run. Jobs include one or more Deployment Tasks (page 423). You build jobs by adding tasks to a job and customizing the task for your specific needs. You can add tasks to capture and distribute images, software packages, and personality settings. Or you can write and run a script task, or run scripted installs, configure settings, copy files and back up registry settings. You can also modify existing jobs by adding, modifying, or deleting tasks to fit your needs. See Building New Jobs (page 420). Set conditions on jobs to run only on computers with properties that match the criteria you specify. You can build one job to run on different computer types for different needs, and avoid mistakes by ensuring that the right job runs on the right managed computer. Initial Deployment lets you run predefined jobs and configuration tasks on new computers when they start up. You can automatically deploy new computers by imaging and configuring TCP/IP, SIDs, and other network settings and installing basic software packages. See Initial Deployment (page 442). Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs pane. You can run many sample jobs as they are, or you can set environmental variables and run.
419
Job status icons that update to display the state of the job in running deployment tasks. These icons are graphical symbols in the Deployment console used to identify the status of an assigned job.
Indicates that a job is associated with a computer or group of computers but is not scheduled. Indicates error conditions when individual tasks run.
A description of the job, if available. If a job defines error conditions when individual tasks run, the Status field displays any errors incurred and the tasks that completed successfully. View all jobs, failed jobs, pending jobs, jobs not scheduled, scheduled jobs, and successful jobs from the Details pane. Job Schedule details. This is the job's run time, beginning when the job started and ending when it completed successfully. Currently applied conditions. You can add conditions to different task sets for different computer properties within a job. Conditions specify characteristics that a computer must have before the job is run. A list of tasks assigned to the job and task descriptions also appear. Change the order of the task execution with the arrows. Tasks are executed in the order they are listed. See Deployment Tasks (page 423). Features to add, modify, and delete tasks for each job. A list of assigned computers and its deployment history.
420
Create a new job by selecting the New Job command from the dropdown list in the Jobs pane. You can add tasks and create condition sets in the Details pane.
Create and build jobs by adding tasks and setting conditions to run the job. 1. 2. 3. Click a Deployment Server in the Jobs pane. The job is created in the selected Deployment Server system and saved to the shared folder in its Deployment Share. Select the New job action from the list in the Jobs pane. The Job Details page appears. Enter information for the new job: Job name: Enter a unique name for the job and click the apply icon Description. Enter a description for the job and click the apply icon 4. . .
At Condition sets, select a previously created condition set from the list to run the job only on managed computers meeting specified criteria. Click the expand in the Conditions area to create a new condition set. Note The Tasks area is not enabled when the Conditions area is expanded.
5. 6.
In the Tasks area, click the New icon information and the condition set.
In the Task type field, select from the list of tasks to add to the job. The configuration page for the selected job appears. Enter the configuration information for each job and click OK. See Deployment Tasks (page 423). Repeat steps 5 and 6 to add more tasks to the job. From the Job Details page, set the order of Tasks to run in the job. After creating and building a job, click the Job Actions list and select Schedule job or another option. Delete Job. Select to eliminate the job. Schedule Job. Select to schedule the job to run immediately or at another time. If no computers are selected, the Computers page appears to select a computer or computer group. The Job Scheduling page appears. Move Job. Select to move the job to another folder.
7. 8. 9.
10. Schedule the job to run immediately or at another time. If no computers are selected, the Computers page appears to select a computer or computer group. The Job Scheduling page appears. After scheduling a job, the selected computers assigned to the job appears in the Scheduled computers list box.
421
Select Computers
1. Click a Deployment Server group and select individual computers or computer groups. If you are running Deployment from the Altiris Console, you can select by defined computer collections in the Altiris Console Collections. See Managing Computers from the Deployment Web Console (page 398). Click Next.
2.
Select a Job
1. 2. Select a job in the left pane to assign to the selected computers. Select a predefined condition to run the job in the Conditions list. Click Next.
Schedule Job
1. 2. Set scheduling options. See Scheduling Jobs (page 422). Click Close.
Scheduling Jobs
After a job has been created, assign it to computers or computer groups. Click Run Now or Schedule to schedule the job to run immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected from the Jobs pane of the Deployment Web Console are scheduled in the order they were selected, even across multiple Deployment Servers. Note When a software package or deployment job is scheduled to run on client computers, e the Altiris Client Service Message dialog appears, warning them that a job is about to execute. If a user clicks Abort when the message appears, an event is logged to the client's history so that Deployment Solution administrators know when users abort a scheduled event.
To schedule a job
From the Schedule Job page, select the appropriate options: Assign but do not schedule or run. This option lets you apply jobs to computers but does not run the job until you return to the Schedule Job dialog and set a run time. Run immediately. This option lets you run the job now. Schedule to run at a later time. This option lets you type the date and time to run the job at a specified time and date. When you select this option, Date and Time fields are enabled to specify a time and date to repeat.
422
Repeat this job every x. A job can be scheduled to execute by minute(s), day(s), hour(s), week(s). Defer this job up to x. A job can be deferred when the server is busy executing other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to five minutes. Schedule in batches of x computers at y minute intervals. This option lets you schedule computers in batches to maximize efficiency. Click OK.
Deployment Tasks
A task is a subordinate action of a job. After creating a job, you can add tasks to perform basic operations, including: Create Disk Image. Create a disk image from a reference computer and save the image file (IMG or EXE files) for later distribution. See Creating a Disk Image (page 424). Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or create a disk image from a reference computer on the network and simultaneously distribute it (IMG or EXE) to other managed computers on the network. See Distributing Disk Image (page 426). Distribute Software. Distribute RIPs, MSI files, scripts, personality settings and other package files to computers or groups. See Distributing Software (page 429). Capture Personality. Capture the personality settings of a selected computer on the network using the PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing Personality Settings (page 432). Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid Altiris packages and assign passwords and command-line switches to Personality Packages. See Distributing Personality Settings (page 433). Change Configuration. Modify the IP address, computer and user name, domains and Active Directory organizational units, and other network information and computer properties. See Modifying Configuration (page 434). Get Inventory. This lets you gather inventory information from client computers to ensure that the Deployment database is up-to-date with the latest computer properties information. See Get Inventory (page 435). Back up Registry Files. Back up an individual registry file for a selected computer and save it to a selected directory. See Backing up and Restoring Registry Files (page 434). Restore Registry Files. Restore registry settings previously saved for a selected computer. This lets you recover from a hard disk crash or other disaster. See Backing up and Restoring Registry Files (page 434). Run Script. Create custom commands using scripts to perform jobs outside the bounds of the pre configured tasks. Use the Run Script dialog to select or define a script file to run on specified computers or groups. See Run Script (page 435). Copy File to. Copy a file from the Deployment Share or another source computer to a destination computer. See Copy File (page 437).
423
Shutdown/Restart. Perform power control options to restart, shutdown, power off, and log off. See Power Control (page 438). Tasks are listed for each job in the task list box. Each task executes according to its order in the list. You can change the order using the up and down arrow keys.
5.
424
7.
Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/Windows PE/Linux) drop-down list to perform the Create Disk Image task in selected pre-boot environment. By default, the DOSManaged Boot Option type is selected. (Optional) Click Advanced to select Media Spanning and additional options. See Create Disk Image Advanced on page 425. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
8. 9.
10. Click OK. The task appears in the Task list for the job. Tip If an imaging Job fails on a managed computer, the Deployment agent configuration screen appears on the client. This screen displays a prompt to confirm if the user wants to configure the client or restore the original settings. Select Cancel > Restore Original Settings on the client screen. See also Deployment Tasks (page 423).
425
Additional Options Do not boot to Windows. Select this option to create an image of the hard disk while booted to DOS without first booting to Windows to save network settings (TCP/IP settings, SID, computer name, and so on). If you select this option, these network settings cannot be reapplied to the computer after the imaging task, resulting in network conflicts when the computer starts up. Note This check box should be selected when imaging Linux computers. Compression. Compressing an image is a trade-off between size and speed. Uncompressed images are faster to create, but use more disk space. Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to create a larger compressed image file with a faster imaging time. The default setting is Balanced for Size and Speed. Command-line switches. You can add command-line switches specifically for the RapiDeploy program to execute imaging tasks. See the Altiris RapiDeploy Product Guide located in the Docs folder in the Deployment Share.
2.
4.
5.
426
6. 7.
Select the product key from the Product Key drop-down list. Click Automatically perform configuration task after completing this imaging task to reboot the computer and push down the configuration settings to the newly imaged computer. This is optional. By default, the DOSManaged Boot Option type is selected. Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/Windows PE/Linux) drop-down list to perform the Distribute Disk Image task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. Click Advanced to resize partitions and set additional options. See Distribute Disk ImageResizing (page 427) and Distribute Disk ImageAdditional Options (page 428).
8.
9.
10. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). 11. Click OK. See also Deployment Tasks (page 423).
427
if you want to replace the existing Automation partition on the client computer with the Automation partition from the image file. OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition information, by default, this option is selected. The OEM partion remains unchanged when distributing disk images. Delete the client's OEM partition [-nooem]. Select this option if you want to delete the existing
you want to replace the existing OEM partitions on the client computer with the OEM partition from the image file.
Additional Command-line switches. You can add command-line switches specifically for the
RapiDeploy program that runs imaging tasks. See the Altiris RapiDeploy Product Guide located in the Docs folder of the Deployment Share. Note The checkdisk command-line option should not be used from a Deployment console, because the post-configuration task fails after an image restore. See also Deployment Tasks (page 423).
428
fc:\IMAGE.img -d2
Note The -d2 switch is the most important part of the script, as it specifies the flash drive. 8. Create a Config.sys with the following:
DEVICE=C:\HIMEM.SYS switches = /f DOS=HIGH,UMB SHELL=command.com /p /E:1024 BUFFERS=20 FILES=20 STACKS=0,0 FCBS=1,0 LASTDRIVE=Z
9. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and images correctly.
Distributing Software
Send MSI, CAB, EXE, and other package files to selected computers or computer groups, including EBS, and RPM files for Linux computers. This task identifies valid Altiris packages and assigns passwords and command-line switches. 1. Enter the name and location of the package to distribute in the Name field. Note Information about the package appears in the Title area for valid packages. If no description appears, the file is not a RIP or a Personality Package.
2.
429
Note The Import Software Delivery Packages option is enabled only if the Notification Server is installed on the Deployment server computer. A dialog appears containing a list of all available Software Delivery packages and programs. 3. Select the Software Delivery package from the Software Delivery Packages dropdown list. After you select the package, all available programs for that package are listed in the Software Delivery Programs drop-down list. Select the required program from the Software Delivery Programs drop-down list. Select Package distribution options. Select Run in quiet mode to install the package without user interaction. Select Apply to all users to run the package for all users with accounts on the computer. If sending the package to a managed computer with multiple users and if you only want it installed for certain users with a unique password, clear the Apply to all users box. If distributing an install package or other types of packages with associated support files, you can select Copy all folder files to install all peer files in the directory. Select Copy sub folders to distribute peer files in the directory and all files in associated subdirectories. Note Some clients may have software installed on the client computer that, for protection against harmful software, only allows software programs on a list of well-known executable to run. Therefore, whenever the system administrator wanted to install a patch on client computers, he or she would have to update the well-known-executable list on all the client computers, which could be a lot of work. To save the work of updating that list, or of manually renaming distribution packages, the RenameDistPkg feature was added. Now, the system administrator may update the well-known-executable list once with a filename of their choosing. The well-known filename may be entered into the Windows registry of the Deployment Server computer (the computer running axengine.exe), as the Value data of a string value named RenameDistPkg under the HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options key. If the RenameDistPkg registry entry is set, Deployment Server renames installation files that are copied to the client computers. This feature only affects files that are temporarily copied to the client computer as part of a Distribute Software task. The file that is to be executed only during the installation, sometimes referred to as the package, is the file that gets renamed, not the files that actually get installed to various locations on the target computer. If the Copy all folder files option is enabled, only the main (installable) file is renamed. 5. 6. For RIPs, if you set the Package password option when you created the RIP, you must enter the password for the package to run. Add values to the Command-line switches field, for example:
4.
430
-cu:JDoe;TMaya;Domain\BLee
Note The command-line switches are specific to any package you are distributing that supports command-line options, such as RIPs and Personality Packages. For a complete list of command-line switches, see the Wise MSI Editor and the Altiris PC Transplant Pro Product Guide. 7. Click Advanced to specify how files are distributed to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Software-Advanced on page 431. Click Next. Set Return Codes. See Setting Up Return Codes (page 440). This is optional. Click OK.
8. 9.
Notes When a RIP or Personality Package is executed through Deployment Server, the quiet mode command-line switch is applied. This means the user cannot interact with the user interface on the managed computer. If the Personality Package is configured to run only if a particular user is logged in and only if the user has an account on the managed computer, the package runs the next time that user logs in. If the user does not have an account, the package aborts and sends an error back to the console via the Deployment Agent. If the package is not run through Deployment Server, a message appears on the managed computer and the user is prompted to abort or continue.
Distribute Software-Advanced
Copy files using Deployment Server. Click this option to distribute packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. This option is run for Simple installs and is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share if this data store is located on another server (a custom install). It copies the file and runs it, avoiding running through Deployment Server and diminishing processor output. Run directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying.
431
2. 3.
4.
5. 6. 7.
Notes To capture a personality on a Windows 98 computer, ensure that all users have Write access to the Deployment Server share (by default at C: Program Files\Altiris\eXpress\Deployment Server in a Simple install). Also, ensure that the User account and folder login boxes are blank. A user must also be logged on at the client computer to capture the client profiles. An error is returned if you attempt to capture personality settings on Windows 98 computers that are not authenticated. We recommend that you don't capture personalities for mixed groups of Windows 98 and Windows 2000/XP/2003 computers. Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers to ensure that the appropriate Capture Personality task runs on the appropriate computers.
Capture Personality-Advanced
Domain users. Select this option to capture personality settings for all domain users on the computer. Local users. Select this option to capture personality settings for all local users on the computer. Custom. Specify users or groups to capture personality settings. Select the Custom check box and enter the Users or Groups you want to capture personality settings. Also, instead of specifying names, you can also select users that have been either created or last accessed in a specified number of days. Use condition. Set conditions for personality files that were accessed (a user logged on) or created (a personality package created) in the past defined days or months.
432
Command-line switches. You can add command-line switches specifically for the PC Transplant program that migrates personality settings. See the Altiris PC Transplant Guide in the docs folder of the Deployment Share.
7. 8.
For more information about capturing a computer's personality settings, see the Altiris PC Transplant Pro Product Guide.
433
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the Modify Configuration task. The Deployment Agent updates the property settings and restart the computer for changes to take effect. 1. Enter or edit the property settings in the Modify Configuration page. Click a tab to set additional values for each property setting group. See Computer Configuration Properties (page 406). Select the Reboot after Configuration check box to restart client computer after the configuration changes are complete. By Default, the Reboot after configuration check box is selected. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
2.
3. 4.
2.
3.
434
4.
Select Include registry information for all users to back up registry keys for all user accounts. Note If you clear this check box, only the Administrator and Guest user accounts are backed up or restored.
5. 6.
Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that the Deployment database is up-to-date with the latest computer properties information. The status of the task shows Received Inventory and Received Inventory in the Scheduled Details pane below the task list on the Jobs page. 1. 2. 3. Click one of the jobs in the Jobs pane Click the New Task icon, and select Get Inventory from the Task type drop-down list. Click OK.
Run Script
Select an existing script or write a new script file to run on selected managed client computers. 1. 2. 3. 4. 5. 6. 7. If you have a script file defined, click Run script from file and browse from the folder icon to select the file. You can now modify the script in the edit box. To create a new script, click Run this script. Type the script in the provided text box. Click Import to import the scripts from a text file. In the Choose the script operating system area, select Windows, DOS, or Linux as the operating system for running the specified script. Click Advanced to provide the advanced details. See Advanced Run Script Options (page 436). Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
Notes When a computer is in Automation mode using the DOS Automation Agent, it does not see DOS partitions. To run a script from Automation, use FIRM (File-system Independent Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive. Deployment Server assumes a return code of zero (0) as a successful script execution. Some programs return a code of one (1) to denote a successful script execution. If a program returns a one (1), you see an error message at the Deployment console even though the script ran correctly. To modify the return codes, you can edit the script file to return a code that the console interprets correctly.
435
436
If you select DOS as the operating system type, the Locally on the Deployment Server option and the Production - Client-installed OS (Windows/Linux) option is disabled. Example Script The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful completion. Here is an example of the file that is modified to return a code of 0 (which is the success code recognized by the Altiris Console and utilities). You can make similar changes to your script files as needed.
CONVERT /FS:NTFS if ERRORLEVEL 1 goto success goto failure :success set ERRORLEVEL = 0 goto end :failure echo Failed set ERRORLEVEL = 1 goto end :end
Copy File
Copy all types of files to managed computers. You can send selected files or directories to a computer or computer group. 1. 2. Click either the Copy file or Copy folder option. Click Copy sub folders to copy all subdirectories. Enter the directory path and name of the file or directory. The Source path defaults to the Deployment Share, but you can type or browse to another file or directory. To copy files or directories through Deployment Server from the Deployment Share, you can enter a relative path in this field. To copy files or directories directly from the Deployment Share to the managed computer, you must enter the full UNC path name (see Copy File Advanced on page 438 features). Note When entering the source path for copying files through the Deployment Server, you can only access the shared directories through an established user account. Specifically, you can only use UNC paths when you have sufficient authentication rights established. 3. Type the destination path. The Destination field automatically enters a sample path, but you can enter the directory path you require. If the destination path does not exist on the destination computer it is created. Click Advanced to specify additional features to copy files through Deployment Server or directly from a file server. See Copy File Advanced (page 438).
4.
437
5. 6.
Set Return Codes. See Setting Up Return Codes (page 440). Click OK.
Power Control
Start the computer using Wake-on-LAN or run standard power control options to restart the computer, shut down, or log off the current user. 1. Select a power control option: Restart, Shut down (if available), Log off, or Wake up (send Wake-On-LAN). 2. Select the Force applications to close without prompting check box to force applications to close without saving unsaved data,.
438
If you use this option, any unsaved data in open applications is lost. If you do not use this option, open applications with unsaved data do not close until the user chooses to save or not save the data. As a result, the managed computer cannot complete the selected power option until the user makes a selection. 3. 4. Click OK. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
To import jobs
1. 2. 3. 4. From the Deployment Web Console, click a job or job folder in the Jobs pane. Click the Job Actions drop-down list, and select Backup/Restore job. The Backup Job Restore Job dialog appears. By default the Backup Job(s) option is selected. Click the Restore Job(s) option. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field, or browse to the file you want to import. The file must be a valid .bin file or have been created with a current version of the database schema. By default the job or job folder name you selected in the Jobs pane appears in the Restoring to selected folder field. If you did not specify a job or job folder, the Deployment Server imports the file at the root level in the Jobs pane. Select the Overwrite existing Jobs and Folders with the same name check box to replace jobs and folders with the imported data. Select the Delete existing Jobs in folder check box to delete all the jobs in the folder you selected. The folder is populated with the jobs from the imported file. If you did not specify a specific job folder to import (restore), this option is disabled.
5.
6. 7.
439
8.
Click OK. The import file restores the jobs on the Deployment Server.
To export jobs
1. 2. From the Deployment Web Console, click on a job or job folder in the Jobs pane. Click the Job Actions drop-down arrow and select Backup/Restore job. The Backup Job Restore Job dialog appears. By default the Backup job(s) option is selected. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field, or browse to a directory where you want to save the exported file. If you do not enter a file extension, the file is saved with a .bin file extension. Click Save. Click Browse associated with the Select job(s)/folder(s) to backup option. Select a job or folder in the dialog, and click OK. Click OK. The jobs or folders on the Deployment Server back up to the file name you specified.
3.
4. 5. 6.
440
Continue. This action continues with subsequent tasks in the job after the task runs. Select a job. This action lets you select existing jobs to run after the task. These actions also apply to custom return codes designed specifically for your system.
3. 4. 5. 6.
441
7. 8.
Enter a description for the return code in the Status field. This message appears when the task within a selected job, executes. Select the Add to master return code list check box to add the custom code to the master return code list. The code is listed in both, the Other return code and Master Return Codes list. This is helpful if you want to use the return code again. Click Apply.
9.
Note The status of the tasks executed in a job appears in the history of a computer.
Initial Deployment
Initial Deployment is a default job designed to aid in the process of setting up computers that do not yet exist in the Deployment Database. Initial Deployment lets you define how computers are initially set up after being identified by the Deployment Server. You can define various computer configuration sets and deployment jobs to present to the user during startup, allowing the user to select the computer settings and hard disk images, software, and personality settings for their specific needs and environment. New computers appear in the New Computers group in the Computers pane of the Deployment Web Console.
To access Initial Deployment, select a Deployment Server group in the Jobs pane and select Initial Deployment from the Details pane. The Initial Deployment page appears with three tabs: Configurations, Jobs, Options.
Notes Initial Deployment is ideal for small-scale deployments (1 to 10 computers). This feature is not recommended for large deployments (10 to 100 computers) or mass deployments (100 to 5,000) where you would use virtual computers, customized jobs, and the computer import feature. Although Initial Deployment is most commonly used on computers that support PXE, you can also configure a boot disk to run Initial Deployment. In this case, the image deployed must include automation pre-boot environment so that post imaging tasks can run successfully. Installing an Automation Partition on the client computers hard disk ensures that future imaging deployment jobs run. Note To completely deploy and configure a computer using Initial Deployment, you must define at least one Configuration and one Job. Initial Deployment consists of three dialogs with separate features to deploy new computers: Configurations Jobs Options
442
Configurations
Click the Configurations tab in Initial Deployment to configure different sets of computer properties. Each configuration set is presented to the user in a menu. The user can select the configuration set designed for their environment. Compare the Configuration tab with the Jobs tab. Note If you do not create any configuration sets, the deployment process automatically sets TCP/IP information to use DHCP and names the computer to match the computers asset tag, serial number or MAC address (in that order, depending on what is available). 1. 2. 3. Click a Deployment Server in the Jobs pane. Double-click Initial Deployment. Click the Configurations tab. Click the Add icon . Enter values to set computer and network properties for new computers. See Modifying Configuration (page 434) for a list of property categories. Name the configuration in the Configuration set name field. You can provide a descriptive name that identifies the configuration set for the user. Click the Add icon again to configure another set of property settings. You can add multiple configuration sets for the user to select from a menu after connecting to Deployment Server. Add as many different configuration sets as required. After setting properties, click Apply. Click Default menu item to select the configuration set you want to be the default. Click Timeout after ___ seconds and proceed so that the default job runs automatically after a specified amount of time. Click OK, or click the Jobs tab to define a task.
4.
5.
6. 7. 8. 9.
Jobs
Click the Jobs tab in Initial Deployment to add existing jobs or create new jobs to run on the new computer. The jobs you add or build using this dialog are listed in a menu and presented to the user during startup. The user can choose the deployment jobs to image the computer and install applications and personality settings. Compare the Jobs tab with the Configurations tab. Conditions on jobs are limited to the data that can be accessed at the DOS level (example: serial number, manufacturing number, NIC information, manufacturing name). 1. 2. 3. 4. 5. Double-click Initial Deployment in the Jobs pane drop list. The Initial Deployment page appears. Click the Jobs tab. Click the Add icon .
Click New to build a new job. See Building New Jobs (page 420). Click Default menu choice to select the job as a default.
443
6.
Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the computer automatically starts the default job. The default setting is 300 seconds. Click OK, or click the Options tab to stop either servers or workstations from running configuration task sets and jobs automatically.
7.
Options
Click the Options tab to set options to stop Initial Deployment from running the default configuration task sets and jobs automatically. This avoids accidental re-imaging or overwriting of data and applications for either workstations (desktop, laptop, handheld computers) or servers (Web and network servers identified by Deployment Server). When a computer not yet known to the Deployment Database is first detected, it is placed in the New Computers group and run an Initial Deployment configuration set and job. However, in many cases you do not want Web or network servers to be automatically re-imaged without confirmation from IT personnel. Servers. Stop servers from automatically running Initial Deployment configuration jobs. Servers are identified as those managed computers running multiple processors or identified as a specific server model from specific manufacturers. Example: both a HP Proliant and a Dell computer with multiple processors are identified as a server. (Identifying a computer as a server by operating system cannot be accomplished for new computers until the server operating system has been installed.) Select Workstations to force desktop, laptop, and handheld computers to stop before automatically running Initial Deployment. Select Process as each agent becomes active if you want to run the job as soon as the computer connects to the Deployment Server. Use this option for imaging 1 to 5 new computers. Select Process in batch mode if you want to run the job once a certain number of computers are connected to the Deployment Server. Enter the minimum number of agents in Minimum agents field. You can set a timeout deadline so that the job does not run if the number of computers you specify fail to connect during a certain amount time. Multicast technology sends the image over the network once, and all computers listen for and accept the image, reducing network traffic and increasing speed. Enter the timeout in Timeout field. Select Hold all agents until this time if you want to process the job on all computers at a particular time of day. All clients are held before the task sets. The message states: Deployment server has instructed Automation to wait.
444
Part VIII
Technical Reference
This section technical information for command-line switches, return code values and other detailed information for Deployment Solution components.
445
Appendix A
Command-Line Switches
This section provides detailed information about command-line switches for specific executables within Deployment Solution.
Job Utilities
The Job Utility applications allow you to import, export, create and schedule jobs from the command line. Each action is performed from separate binaries installed in the Deployment Share file directory. axExport.exe Exports jobs from Deployment Server. See Job Export Utility (page 446). axImport.exe Imports jobs in to Deployment Server. See Job Import Utility (page 447). axEvent.exe Creates jobs in Deployment Server. See Create Job Utility (page 448). axSched.exe Schedules jobs in Deployment Server. See Schedule Job Utility (page 450). axComp.exe Imports computers to the Deployment Server from a DOS mode. Axcomp allows you to import .csv and .txt files that are in a comma separated format. ImportComputers55.txt in the Samples folder off of the eXpress share is an example of the format needed. There are various command-line options available depending on whether the user is in a Trusted or Non-Trusted account environment. See Import Computer Utility (page 451). Each utility connects to the Deployment Server Database to perform specific operations. As a result, the appropriate ODBC and security rights are required. Each job utility supports the /o /d /u /p switches. The /o option (ODBC datasource) allows connectivity to the Deployment Server SQL database using a different DSN. By default the standard Deployment Database DSN is used. This is helpful when connecting to a second system from a common machine. The /d /u /p options can be used if no DSN is set up for a particular server. However, the SQL driver must be installed for any of these utilities to work. Each utility has the /? switch to show the version of the utility and all command-line options.
446
Options
/f <folder-name> /e <job-name> /s /i /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password> Job folder to be exported Job to be exported Process all subfolders also Include the Initial Deployment Job Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Example 1:
axExport /e "Deploy Office 2000" backup2.dat Example 3: Export all jobs in the Projects folder.
axExport /f Projects projects.dat Example 4: and instance. Export a job to a binary backup file without supplying the SQL server
axExport Backup.dat /e "Image Job" Example 5: Export a job to a binary backup file with the database server name.
Options
Job folder to be imported Delete current contents of this folder Don't notify consoles of the changes Overwrite jobs that have the same name and parent folder Suppress confirmation prompts ODBC data source name
447
Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Note When new jobs are created in a console, by default, Deployment Server will notify all other consoles that changes have been made so they can refresh and show the newly imported jobs. If several batches of jobs are imported, the '/n' option should be used until the last batch to reduce the amount of refreshes performed. Example 1: Restore all jobs from a binary backup file.
axImport /r backup.dat Example 2: Jobs). Restore jobs from a backup file into pre-created folder (named Test
448
Tasks
/tci <filename> /tdi <filename> /tds <filename> /tbr <path> /trr <path> /trs <path> /tcf <source> <dest> /tgi /tre /tsd /tlo Create disk image Distribute disk image Distribute software Backup registry files Restore registry files Run Script Copy file Get Inventory Restart Shutdown Logoff
Options
/a /r /x <parameters> /f <folder-name> /i /w /lnx /n /nc /de /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password> Add task to existing job Replace all tasks within this job Command-line parameters for task Job folder to be created in Import script into task definition Run the script from Windows Run the script in Linux Don't notify consoles of the changes Dont do post image config Add Description to task Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Note To use the Run Script option (/trs), a script must be created in a file first. If you want the script to be embedded, include the /i option. Otherwise, the task will link to the script filename. Example 1: Create a Job that makes an image of a computer named "Oscar" and run it immediately.
449
axEvent CreateOscar /tci .\Images\oscar.img axSched oscar CreateOscar /t "2000-12-31 08:00" Example 2: Shutdown Oscar's computer right now. axEvent Shutdown /tsd axSched oscar Shutdown /t "2000-12-31 08:00" Example 3: Run a Windows program on all computers right now. (Calc.exe is the only line in script.txt.) axEvent /w /i RunCalc /trs script.txt axSched oscar RunCalc /t "2000-12-31 08:00" Example 4: Create a Job (named Win2000 and Off2000) that reimages a computer with Windows 2000 and deploys an Office 2000 Rapid Install Package. axEvent "Win2000 and Office 2000" /tdi .\Images\w2000.img axEvent "Win2000 and Office 2000" /a /tds .\RIPs\off2000.exe To migrate Oscar to Windows 2000: axSched Oscar "Win2000 and Off2000" /t "2000-12-31 08:00"
Options
/t <yyyy-mm-dd hh:mm> /n /f <folder-name> /q <filename> /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password> Time to schedule Don't notify servers of the changes Schedule the job-name found in this folder File used for exporting jobs Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Note The format for <time> is yyyy-mm-dd hh:mm. If the date is omitted, the current date is assumed.
450
If the /t switch is not used, the job is assigned to the computer but not scheduled. As a result, it will not execute. If you would like the job to run immediately, choose a date in the past. If you have a group or computer name which include spaces, put the name in quotes. All Computers can now be used as a group option. Example 1: Schedule a job called Office2000 to run on Oscars computer at midnight on 12-31-2002. axSched Oscars Office2000 /t "2000-12-31 00:00" Example 2: Schedule a job called Office2000 to run on the Accounting Group computers tonight at 10PM. axSched Accounting Office2000 /t "2001-2-15 22:00" Example 3: Schedule a job called ShutDown to run on all computers at tonight at 10 PM. axSched "All Computers" ShutDown /t "2001-2-15 22:00"
Options
/n /y /dsn <odbc-dsn-name> /d <db-server> /u <db-user> /db <db-databaseName> /p <db-password> /lu <login-user> /lp <login-password>
Don't notify consoles of the changes Suppress confirmation prompts ODBC data source name Database server name Database user name Database name Database user password Deployment Server login user name Deployment Server login password
Example 1: Import a computer using trusted account axcomp <filename> /u <db-user> /p <db-password> /lu <login-user> /lp <loginpassword> Example 2: Import a computer using non-trusted account. axcomp <filename> /u <db-user> /p <db-password>
axengine.exe
The Altiris eXpress Server (axengine.exe)is the Deployment Server component of the Deployment Solution infrastructure. Command-line start parameters
451
for this service are set in the registry setting rather than in the Start Parameters property of the service. If you want to add start parameters after the install, you can modify the registry settings. The registry key is LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Altiris Express Server.
Switch
-ver -install
Details
Function: Shows the version of aclient.exe running on the computer. Function: Installs the client. Option: -silent allows install to complete without sending output to the client. Example: To install aclient.exe from the Deployment Server directory without sending messages to the client, type
aclient -remove
-start Function: Manually starts aclient.exe on a computer. Option: -silent starts the aclient.exe without sending output to the client. -stop Function: Manually turns off Deployment Agent for Windows on a computer. Option: -silent turns off Deployment Agent for Windows without sending output to the client.
452
Aclient.inp Parameters
You can use this input file to set installation parameters for aclient.exe, so you can install the client program from a script file. The file is copied to the Deployment Server program directory when you install the product. Command-line parameters are included in the file, but are marked with a REM statement. To use the input file, open it and remove the REM commands from the parameters you want to use. When you have the file set up the way you want it, you can run it by entering the file name as the first parameter after the aclient command.You can also put the same line in a script file if you want to run it from a file. Type
aclient aclient.inp
The input file name (aclient.inp) and InstallDir parameters are required; all others are optional. Parameters are case sensitive. Note Many parameters will work after setting other parameters first. Example: you can only use ServerName after the multicast parameters, MCastAddr and MCastPort, are set.
Parameters
ForceReboot
Details
Function: Specifies how the system should be shut down and rebooted. Applications are forced closed and the system shuts down even if programs hang. (User data could be lost.) Example: To force clients to reboot when a reboot task is assigned, type
ForceReboot=Yes
The default is No. HardTimeout Function: Specifies the length of time (in seconds) that aclient.exe will maintain an idle connection with the Deployment Server. After the time limit is exceeded, the client will disconnect and establish a new connection with the Server. Example: To establish a new connection with the Deployment Server whenever the connection is idle for 900 seconds, type
HardTimeout=900
InstallDir (required) Function: Specifies the full path name to the directory where aclient.exe will be installed. The default location is c:\altiris\aclient. Example: To change the default location, replace it with a new path. Type
InstallDir=c:\programs\aclient
LogFile Function: Specifies the full path name to the log file. Example: To write log entries to a log file in your aclient directory, type
LogFile=c:\altiris\aclient\aclient.log
453
Parameters
LogSize
Details
Function: Sets the maximum log file size (in bytes). Example: To set the log file size limit to 4096 bytes, type
LogSize=4096
MCastAddr Function: Specifies the multicast group address to be used to find the Deployment Server. Example: To set the IP address for multicasting, type
MCastAddr=225.1.2.3
MCastPort Function: Specifies the port number to use for multicasting. Example: To use port 402 for multicasting, type
MCastPort=402
Password Function: Sets a password on the client to prevent users from accessing aclient.exe settings. Example: To lock the settings, type
Password=clientmanager
PromptExecute Function: Sends output (messages) to the client when tasks are being executed. Options: Yes, No Examples: To allow prompts and messages to be sent to the client, type
PromptExecute=Yes
To suppress output, type
PromptExecute=No
PromptOverride Function: Specifies the default action to take when there is no user response to a restart prompt. Options: Abort, Continue Examples: To abort the client reboot, type
PromptOverride=Abort
To reboot the client, type
PromptOverride=Continue
PromptReboot Function: Prompts the user before restarting the client. Options: Yes, No Examples: To prompt for user input before restarting a client, type
PromptReboot=Yes
To restart a client without requiring user input, type
PromptReboot=No
454
Parameters
PromptSeconds
Details
Function: Specifies the length of time (in seconds) that the client will wait for a response from the user. Example: To wait 30 seconds for user input, type
PromptSeconds=30
ShowTrayIcon Function: Specifies whether or not to show the Altiris client icon in the system tray. If the icon is not in the tray, users cannot access Aclient. Example: To not show the icon, type
ShowTrayIcon=No
The default is Yes, which loads the icon into the system tray. SpeedLimit Function: Sets the minimum transfer rate accepted from the Deployment Server (in bytes per second). If aclient.exe cannot receive data from the Server at this rate, it will disconnect and retry at specified intervals. See HardTimeout below. Example: To set a minimum ransfer rate of 7500 bytes per second, type
SpeedLimit=7500
TcpAddr Function: Specifies the IP address of the Deployment Server that the client will connect to. Using this parameter causes the client to use TCP instead of multicasting to connect to the Server. Example: To have the client connect to a Deployment Server using its IP address, type
TcpAddr=192.1.2.3
TcpPort Function: Specifies the port number of the Deployment Server listening for requests. Using this parameter causes the client to use TCP to connect to the Server. Example: To specify the port number of the Deployment Server to connect to, type
TcpPort=402
TTL Function: Sets the maximum number of hops to multicast through. Example: To limit the number of hops to 32, type
TTL=32
UpdateFileSystemSids Function: Specifies if you want SIDgen to update permissions on any local NTFS volumes. This parameter only applies if you have domains and use SIDgen to manage the computer IDs. Example: To update permissions on the local NTFS volume, type
UpdateFileSystemSids=Yes
The default is No.
455
Parameters
UseRCDrivers
Details
Function: Specifies whether or not to install keyboard and mouse filter drivers that enable remote control on Windows NT and 2000 client computers. (The default is No, so the drivers are not installed. This parameter is not necessary for Win 95/98 computers, because they do not require Ctrl-Alt-Del input to log in. Example: To install the drivers for remote control, type
UseRCDrivers=Yes
UserName Function: Associates a computer with the primary user or users. This is used to target RIP deployments to a specific user or group of users. To assign more than one user, separate the names with semicolons. Examples: To associate user Fred with the client being installed, type
UserName=Fred
To associate users Fred and Sam with the client, type
UserName=Fred;Sam
ServerName Function: Specifies the computer name of the Deployment Server you want the client to connect to. This is useful if you have multiple Deployment Servers on your network and you do not want the client to connect to the first Server it finds. The ServerName parameter is only valid if you are using multicasting (by setting MCastAddr and MCast Port parameters).
Note ServerName can only be set after the multicast parameters, MCastAddr and MCastPort, are set.
ServerName=Server3
Note A CR/LF (blank line) is needed at the end of the aclient.inp file in order for it to be utilized when installing Deployment Agent for Windows.
ADLAgent.config Parameters
You can use the ADLAgent.config file to configure the ADLAgent service settings. When the ADLAgent service is suspended, certain information is needed to restore the previous settings. This information is saved in the ADLAgent configuration file. This ensures that the next time the computer reboots, the ADLAgent service starts up without any problems.
456
Parameters
DebugTrace
Details
Specifies whether or not to log any messages. Changes to the DebugTrace field may not be recognized until the ADLAgent is stopped and restarted. Example: DebugTrace=True.
LogErrors
Specifies the types of messages to be written in the log file. Example: LogErrors=True.
LogInformation
Specifies the types of messages to be written in the log file. Example: LogInformation=True.
LogDebug
Specifies the types of messages to be written in the log file. Example: LogDebug=True.
UseLogFile
Specifies whether or not to write messages in the log file. Example: LogFile=True.
LogFile
LogSize
This is the maximum file size for all trace files in bytes (optional). Example: LogSize=409600.
IPTrace
Specifies whether or not to log messages between the ADLAgent and the Deployment Server. Changes to the IPTrace field may not be recognized until the ADLAgent is stopped and restarted. Example: IPTrace=True.
IPUseLogFile
IPTraceFile
Specifies the IPTrace log file path and name. Example: /opt/altiris/deployment/ adlagent/log/adlagentlpTrace.txt
IPLogSize
This is the maximum file size for all trace files in bytes (Optional). Example: LogSize=409600.
SyncTimeWithServer
Synchronize the agents time with the Deployment Server. This may be set to True or False. Example: SyncTimeWithServer=True.
457
Parameters
GetApps
Details
Specifies whether or not to get the Applications at a Get Inventory request. Example: GetApps=True.
GetServices
Specifies whether or not to get the Services at a Get Inventory request. Example: GetServices=True.
GetDevices
Specifies whether or not to get the Devices at a Get Inventory request. Example: GetDevices=True.
GetSmbios
EncryptSessions
Specifies whether or not the ADLAgent will attempt to make an encrypted session with the server. Example: EncryptSession=True.
RequireEncrypt
Specifies whether or not the ADLAgent will fail to connect if an encrypted session cannot be established. Example: RequireEncrypt=True.
UseMCast
Specifies whether or not to use multicast to find a Deployment server or make a connect directly to the Deployment server using the specified IP port and address. Example: UseMCast=True.
MCastAddr
Specifies the multicast group address to be used to find the Deployment Server (Optional). Example: MCastAddr=225.1.2.3.
MCastPort
Specifies the port number to use while multicasting (Optional). Example: MCastPort=402.
TTL
Specifies the maximum number of hops to multicast through (Optional). Example: TTL=32.
ServerName
TcpAddr
Specifies the IP address of the Deployment Server to connect to (Optional). Specifying this parameter will switch the ADL Agent to use TCP to connect to the Deployment Server. Example: TcpAddr=127.0.0.1.
458
Parameters
TcpPort
Details
This is the IP port number of the Deployment Server listening for requests (Optional). Specifying this parameter will switch the ADL Agent to use TCP to connect to the Deployment Server. Example: TcpPort=402.
WakeOnLANProxy
MCastProxy
Specifies whether this agent will advertise the presence of the Deployment server. Specifies whether to proxy Multicast packets. Example: MCastProxy=True.
UseFQDN
Specifies whether the ADLAgent should attempt to reverse the IP address to return a proper fully qualified domain name to the Altiris Deployment Server. If the network is set up to properly resolve PTR record requests this option will return the fully qualified name of the agent, such as myhost.mydomain.com. However, if the network does not resolve PTR records, this option may delay adlagent connection by as much as a minute or two. Example: UseFQDN=True.
UseHardTimeout
Specifies whether to use the hard time out or not. Example: UseHardTimeout=True.
HardTimeout
Specifies the number of seconds of inactivity the agent will wait before reconnecting to the Deployment Server. The default is 12 hours. Example: HardTimeout=43200.
APPEND_HOSTNAME_TO_L OCAL_HOST
This is used should the ADLAgent attempt to append the new hostname to the hosts file as an alias to localhost. Example: APPEND_HOSTNAME_TO_LOCAL_HOST=True.
USER_CHECK_INTERVAL
Interval at which adl_users should report changes to the logged in users. This value is in seconds, with the default being 6 seconds. Example: USER_CHECK_INTERVAL=6. Note: A value of 0 will not send user updates.
KILL_TIME
The amount of time in seconds to wait for the agent to the Deployment Server before killing the adlagent. This will reboot the system in automation mode. Currently, this is only supported in automation mode. The default is 3 minutes. Example: KILL_TIME=180.
459
Parameters
MAKE_LOWER_CASE
Details
Changes the file path and file name to lower case when copying a file from the Deployment Server. Example: MAKE_LOWER_CASE=True.
FORCE_NEW
This is for the agent in automation mode only. It forces the agent to run the Initial Deployment event, even if it is already in the database. Example: FORCE_NEW=True.
AUTO_UPDATE
This allows the agent control as to whether it will automatically update to the newest or only adlagent on the Deployment Server. Example: AUTO_UPDATE=True.
AClient.config Parameters
You can use the AClient.config file to configure the system. This file is used to modify the AClient settings.
Parameters
Global MACAddrList
Details
Specifies the list of MAC Addresses for every NIC installed on the PC separated by a comma. Example: MACAddrList=000C29C63002, 000C29C6300C.
Serial-Number
Specifies the serial number of the PC. Example: Serial-Number=VMware-56 4d db 10 9f cd 9d 7e-d4 7e 52 4e 88 c6 30 02.
Reboot
Specifies whether to reboot the computer. By default, AClient will reboot the computer only when it is necessary for the changes that have been made. Example: Reboot=True.
RebootAfterConfig
Specifies whether to reboot the computer after the configuration task. Example: RebootAfterConfig=True.
Status-Code
Specifies the status code of the last executed job. Example: Status_Code=0.
Status_Module
Specifies the module that reported the status code. Example: Status_Module=AClient.
460
Parameters
SIDgenCount
Details
Specifies the number of times SIDGen has run. Example: SIDGenCount=0. Note: This value is set by the AClient and the user need not set it.
TaskSequence
Specifies the task sequence of the task executed by the AClient. Example: TaskSequence=0.
ScheduleID
Specifies the schedule ID of the last job executed by the AClient. Example: ScheduleID=100000008.
Remove
Config
Specifies whether to configure the PC. Example: Config=None, Config=New or Config=Reply. Note: Config=Configure.
License Sysprep2KLicense Specifies the Sysprep License number. Example: LicenseNumber Specifies the operating system License Key. Example: LicenseNumber=5274-649-647895323135. RegOrganization Specifies the operating system Registered Organization. Example: RegOrganization=Altiris. RegUser Specifies the operating system Registered User. Example: RegUser=Altiris. Prompt Specifies whether to prompt the user for the computer name and to join a Workgroup/Domain during configuration. Example: Prompt=True. Networking DomainPassword Specifies the domain password. Example: DomainPassword=FVZSiJELzmpvn[^][@ DomainUsername Specifies the domain user name. Example: DomainUserName=FVZS@J\iYI ^Vjpsp DSDomainController Specifies the Domain Controller. Example: DSDomainController=mycompany.
461
Parameters
DSOrganizationalUnit
Details
Specifies the organizational unit for Deployment Solution. Example: DSOrganizationalUnit=myou.
ChangeSID
Computer Name
DNSDomain
Specifies the DNS domain, which is the name of the Workgroup or Domain that this computer is a member of. Example: DNSDomain=cybage.com.
Workgroup
Prompt
Specifies whether to prompt the user for the computer name and whether to join a Workgroup/Domain. Example: Prompt=True.
Netware RunScrits Specifies whether to run NetWare login scripts. Example: RunScrits=True. Context Specifies the NDS Context. Example: Context=NDS Context. PreferredTree Specifies the preferred Netware tree. Example: PreferredTree=Tree. LoginTree Specifies whether to login using the Preferred Tree or Preferred Server. Example: LoginTree=True or LoginTree=False. Username Specifies the NDS User Name. Example: Username=User. Prompt Specifies whether to prompt the user for Netware Client Settings. Example: Prompt=True. TCP/IP MACAddress Specifies the MAC Address. Example: MAC Address=0007E97FD73C. Description Specifies the description of the NIC (Network Interface Card). Example: Description of NIC=AMD PCNET Family PCI Ethernet Adapter.
462
Parameters
VendorID
Details
Specifies the Vendor ID for the NIC. Example: Vendor ID=32902.
DeviceID
PCIFunction
Specifies the PCI Function for the NIC. Example: PCI Function=0.
PCIDevice
Specifies the PCI Device for the NIC. Example: PCI device=8.
PCIBus
Specifies the PCI Bus for the NIC. Example: PCI Bus=1
WINS-Server1
WINS-Server0
WINS-Server-Count
WINS-Enabled
SetWINSInfo
DNS-Server2
DNS-Server1
DNS-Server0
DNS-Server-Count
DNS-Domain
DNS-Host
DNS-Enabled
SetDNSInfo
463
Parameters
Gateway
Details
Specifies the Gateway information for TCP/IP. Example: Gateway=172.17.31.2.
Netmask
Address
DHCP
SetIPInfo
NIC-Section-Count
Interface0 State Specifies the state of Interface0. Example: State=Up. Gateway Specifies the gateway of Interface0. Example: Gateway=172.17.31.2. Netmask Specifies the netmask of Interface0. Example: Netmask=255.255.255.0. IP-Address Specifies the IP address for Interface0. Example: IP-Address=172.17.31.98. DHCP Specifies the DHCP value for Interface0. Example: DHCP=Yes. Name This is the name of Interface0. Example: Name=eth0. Interface1 State Specifies the state of Interface1. Example: State=Up. Gateway Specifies the gateway of Interface1. Example: Gateway=10.10.10.1. Netmask Specifies the netmask of Interface1. Example: Netmask=255.0.0.0. IP-Address Specifies the IP-Address for Interface1. Example: IP-Address=10.10.10.10. NICEntry
464
Parameters
MACAddress
Details
Specifies the MACAddress for NICEntry. Example: MACAddress=00-FF-3C-03-85-C0.
Description
Specifies the description of the computer for NICEntry. Example: Description=AMD PCNET Family PCI Ethernet Adapter.
VendorID
DeviceID
PCIFunction
PCIBus
Gateway
Netmask
Address
DHCP
SetIPInfo
WINS-Server-Count
WINS_Enabled
SetWINSInfo
DNS-Server1
DNS-Server0
DNS-Server-Count
Specifies the number of DNS servers for NIC Entry. Example: DNS-Server-Count=2.
465
Parameters
DNS-Host
Details
Specifies the DNS host for NICEntry. Example: DNS-Host=TESTWXP2.
DNS-Domain
DNS-Enabled
SetDNSInfo
ConfigSettings LogFile UseLogFile Specifies whether to save log information to a text file. Example: UseLogFile=Yes. LogFile Specifies the location and name of the log file to save logging information to. UseLogFile must be enabled for this setting to work. Example: Log File=File Location. LogSize Specifies the maximum size of the log file in bytes. UseLogFile must be enabled for this setting to work. Example: LogSize=4096. LogErrors Specifies the log errors. UseLogFile must be enabled for this setting to work. Example: LogErrors=Yes. LogInformation Specifies the log informational messages. UseLogFile must be enabled for this setting to work. Example: LogInformation=Yes. LogDebug Specifies the log debugging information. UseLogFile must be enabled for this setting to work. Example: LogDebug=Yes. Security ShowTrayIcon Specifies whether to show AClient tray icon. Example: ShowTrayIcon=Yes. EncryptSessions Specifies whether to encrypt sessions with the server. Example: EncryptSession=Yes. RequireEncrypt Specifies whether to require encrypted sessions with the server. EncryptSessions must be enabled for this setting to work. Example: RequireEncrypt=Yes.
466
Parameters
EncryptedClientID
Details
Specifies the encrypted client ID. Example: EncryptedClientID=0
Password
AllowMod
Specifies whether or not to enable or disable security for admin properties. If the value is 0, the security is disabled. if the value is 1, the security is enabled. Example: AllowMod=1
Transport TransportUse Specifies how AClient will find and connect to a Deployment Server. To use TCP/IP multicast, TransportUse=0. To use TCP/IP, TransPortUse=1. Example: TransportUse=0 or TransPortUse=1. MCastAddr Specifies the multicast group address to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: MCastAddr=225.1.2.3. MCastPort Specifies the multicast port to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: MCastPort=402. TTL Specifies the Multicast Time to Live to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: TTL=32. ConsoleName Specifies the server name to use to locate a Deployment Server via Multicast. If nothing is specified, AClient will connect to the first Deployment Server it locates. TransportUse must be 0 for this setting to work. This is optional. Example: ConsoleName=ALTIRIS. TcpAddr Specifies the IP Address or Host Name to use to locate a Deployment Server.TransportUse must be 1 for this setting to work. Example: TcpAddr=172.19.16.20 TcpPort Specifies the IP port to use to locate a Deployment Server. TransportUse must be 1 for this setting to work. Example: TcpPort=402. User Prompts
467
Parameters
PromptReboot
Details
Prompt before executing shutdown and restart commands. Example: PromptReboot=Yes.
PromptExecute
Prompt before executing program execution and file copy commands. Example: PromptExecute=Yes.
PromptRemoteControl
PromptSeconds
Specifies how long the user prompt should appear in seconds. Example: PromptSeconds=10.
PromptOverride
Specifies whether the AClient should continue the operation or abort it, when the user prompt times out. Example: PromptOverride=Continue.
Connection ConnectionParadigm Specfies whether to select to either stay connected to the Deployment Server, or check periodically for work. To remain connected, ConnectionParadigm=0. To remain mostly disconnected, ConnectionParadigm=1. Example: ConnectionParadigm=0 or ConnectionParadigm=1. UseHardTimeout Specifies whether to refresh connection after idle time specified in HardTimeout. ConnectionParadigm must be 0 for this setting to work. Example: UseHardTimeout=Yes. HardTimeout Specifies how frequently to refresh the connection to the server in seconds. ConnectionParadigm must be 0 and UseHardTimeout must be Yes for this setting to work. Example: HardTimeout=28800. ReconnectInterval Specifies how often in seconds to reconnect to check for work. ConnectionParadigm must be 1 for this setting to work. Example: ReconnectInterval=28800. CloseTimeOut Specifies how long, in seconds, to wait for work before disconnecting. ConnectionParadigm must be 1 for this setting to work. Example: CloseTimeOut=60. SetSpeedLimit Specifies whether to set speed limit for transfer files. If it is Yes, check transfer rate is slower than the rate specified in SpeedLimit. If it is No, do not transfer files. Example: SetSpeedLimit=Yes.
468
Parameters
SpeedLimit
Details
Specifies the minimum speed limit in Kbps to transfer files. If the rate is slower than the rate specified here, do not transfer files. SetSpeedLimit must be enabled for this setting to work. Example: SpeedLimit=10000.
Blockout ScheduledBlockStart Specifies the beginning of the period when the client cannot connect to the server. Example: ScheduledBlockStart=08:00. ScheduledBlockEnd Specifies the end of period when the client cannot connect to the server. Example: ScheduledBlockEnd=17:00. BlockedDaysSun Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Sundays. Example: BlockedDaysSun=True. BlockedDaysMon Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Mondays. Example: BlockedDaysMon=True. BlockedDaysTue Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Tuesdays. Example: BlockedDaysTue=True. BlockedDaysWed Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Wednesdays. Example: BlockedDaysWed=True. BlockedDaysThu Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Thursdays. Example: BlockedDaysThu=True. BlockedDaysFri Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Fridays. Example: BlockedDaysFri=True.
469
Parameters
BlockedDaySat
Details
Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Saturdays. Example: BlockedDaysSat=True.
Proxy WakeOnLANProxy Forward Wake On LAN packets sent from the Deployment Server. Example: WakeOnLANProxy=Yes. MCastProxy Specifies whether to advertise for the Deployment Server the client is connected to. This allows local clients to discover the server on a remote network through TCP/IP multicast. Example: MCastProxy=Yes. MCastProxyRate Specifies how often to send multicast advertisements in seconds. MCastPRoxy should be set to Yes for this setting to work. Example: MCastProxyRate=900. BootWorks EnableDirectDiskAccess Specifies whether to enable direct disk access to BootWorks. Example: EnableDirectDiskAccess=Yes. UpdateBootworkTransport Specifies whether to synchronize transport (IP/ multicast) settings with Bootworks. EnableDirectDiskAccess must be enabled for this setting to work. Example: UpdateBootworkTransport=Yes. UpdateBootworkIP Specifies whether to synchronize TCP/IP (static IP, netmask/DHCP) settings with Bootworks. EnableDirectDiskAccess must be enabled for this setting to work. Example: UpdateBootworkIP=Yes. BootDiskMessageUsage Specifies when the user should be prompted for a Bootworks boot disk when performing tasks from DOS. Example: BootDiskMessageUsage= 0 for Never; BootDiskMessageUsage=1 for Always; BootDiskMessageUsage=2 if Bootworks is not detected; BootDiskMessageUsage=3 if PXE is not detected; and BootDiskMessageUsage=4 if neither BootWorks nor PXE is detected. Other
470
Parameters
ForceReboot
Details
Specifies whether to force applications to close when shutting down. Example: ForceReboot=Yes.
BootDrive
SyncTimeWithServer
Specifies whether to synchronize the client systems date and time with the Deployment Server. Example: SyncTimeWithServer=Yes.
SettingsChanged
RequirePasswordForUserPro p
Admin password required to edit admin properties. If the value is 0, the password is not required. If the value is 1, the password is required. Example: RequirePasswordForUserProp=0
DownloadWait
Specifies in seconds whether and how long to wait for download. Example: DownloadWait=10.
ReconnectWait
Specifies in seconds whether and how long to wait for reconnect. Example: ReconnectWait=10.
EnableReconnectDownload Waits
Specifies in seconds whether to enable the reconnect and download waits. Example: EnableReconnectDownloadWaits=10.
UpdateFileSystemSids
UpdateSettings
UpdateAllSettings
471
Bootwork.exe
You can use either a forward slash (/) or a dash (-) with the command-line options. Commands are not case sensitive. Switch -dsbios Details Function: Disables reading of the BIOS for system information. This is typically used for troubleshooting, if a client computer crashes when it first starts running BootWorks. Example: To load and run BootWorks without reading the BIOS, type
bootwork -dsbios
-f Function: Causes a computer to pause during the BootWorks boot process and wait for a job from the Deployment Server, instead of booting to production if work is not assigned. This allows new computers that need to run Initial Deployment to wait for a connection to the Server. Example: To have a new computer wait for the Deployment Server to assign a job, type
bootwork -f
-hr Function: Specifies a hard reboot when a client computer boots to production. This is the default. It ensures the BootWorks boot data is cleared from memory, so the computer reads the MBR when booting to production. If this is not used, the client computer might lock up when it reboots. Example: Because this is the default, you do not need to enter anything. -ip<address> Function: Specifies the IP address of the Deployment Server you want the client to connect to. Use this if the network is not configured for multicasting, or if there is more than one Deployment Server on the network. Specifying the Servers IP address prevents the client from connecting to the wrong Deployment Server. The port number must also be specified if you change this parameter. (See -p<port>.) Example: To connect a client directly to a Deployment Server, type
bootwork -ip207.197.28.38
-mcdelay[xx] Function: Sets the number of seconds the client waits between multicast requests for a Deployment Server. The default is 5 seconds. Example: To set the interval for multicast requests to10 seconds, type
-mcdelay10
-mcwait[xx] Function: Sets the length of time (in seconds) that the client searches for a Deployment Server before rebooting to production. The default is 30 seconds. This parameter applies to multicast sessions only. It does not apply if the clients connect using the Console IP address. Example: To have the client search for a Deployment Server for 45 seconds, type
-mcwait45
472
Switch -mip<IPaddress>
Details Function: Specifies the multicast IP address of the Deployment Server. The default value is 225.1.2.3. If the address is changed on the Server, use this parameter to change the address in BootWorks so the client looks for the correct address. The port number must also be specified if you change this parameter. (See -mp<port>.) Example: If you changed the Deployment Servers multicast address to 225.12.12.13, you would change the address for BootWorks by typing
bootwork -mip225.12.12.13
-mp<port> Function: Specifies the multicast port address of the Deployment Server. The default value is 402. If you have changed the port number of the Server, use this parameter to change the number in BootWorks. (Any unassigned number that is less than 65536 is valid.) The IP address must also be specified if you change this parameter. (See mip<address>.) Example: If the Deployment Servers IP address was changed and you set a new port number of 1026, type
bootwork -mp1026
-name Function: Prompts the user to enter the name of the client computer. This name will be registered in the Console Computers list. If no name is specified, the client computers MAC address will be used. Example: To prompt for a computer name, type
bootwork -name
The client computer will prompt you to enter a name. The name appears in the Computers list on the Console. -new Function: Runs Initial Deployment. Example: To run Initial Deployment on a client computer, type
bootwork -new
-nologin Function: Loads the LAN drivers on the client so BootWorks can check the Deployment Server for work without completing a user login. Example: To load the network drivers and check the Deployment Server, type
bootwork -nologin
-p<port> Function: Specifies the port number of the Deployment Server you want the client to connect to. The default port number is 402. If you have changed the port number of the Deployment Server, use this parameter to change the number in BootWorks. (Any unassigned number that is less than 65536 is valid.) The IP address must also be specified if you change this parameter. (See -ip<address>.) Example: If the Deployment Servers port number has been changed to 1026 and clients are not multicasting to find the Server, type
bootwork -p1026
473
Switch -pause
Details Function: Causes the computer to pause for 5 seconds before beginning production boot processes. This allows time to access the bootworks program before the computer boots to production. Example: To add a 5-second pause before a production boot, type
bootwork -pause
-s<name> Function: Specifies the computer name of the Deployment Server you want the client to connect to. Otherwise, if you have more than one Console on the network, clients will connect to the first one they find. Example: If you want a client to connect only to a Deployment Server named ServerOne, type
bootwork -serverone
-sr Function: Specifies a soft reboot when a client computer boots to production. Example: To reboot a client using a soft reboot instead of the default hard reboot, type
bootwork -sr
-wb Function: Specifies a warm reboot when a client computer boots to production. Example: To reboot a client using a soft reboot instead of the default hard reboot, type
bootwork -wb
bwinst -mbr
-u Function: Uninstalls BootWorks. Example: To uninstall BootWorks from a client, type
bwinst -u
-c Function: Checks for Altiris MBR code. Example: To find out if BootWorks is installed on a client, type
bwinst -c
474
Switch -s[x]
Details Function: Works with the -old switch to set the partition size (in MB) for hidden BootWorks partitions. The minimum size is 5 MB, which is the default. Note If you install embedded BootWorks (new style for 4.x versions), this switch does not apply. A 5MB embedded partition is always installed. Example: To set the BootWorks partition size at 10 MB for a hidden partition, type
bwinst -q -f=f:\bootfile
475
Switch -f=
Details Function: Specifies the source path to the BootWorks files. The default is drive a:. Example: To install BootWorks from a directory named bootfile on a network drive, type
bwinst -f=f:\bootfile
-b Function: Reads the BIOS settings for the hard drive if IDE settings fail or return incorrect values. If you get the message, Error creating drive map when installing BootWorks, run bwinst with this switch to correct the problem. Example: To solve the Error creating drive map error and install bwinst, type
bwinst -b
For help when running the utility, type KBDSCLK ? The batch file includes keyboard and screen lock commands, which are marked out (REM). When you remove the REM commands and run the commands in a batch file, the utility behaves as a TSR. The defaults are:
476
The Altiris client graphic appears. The keyboard and screen are not locked. If options are added to the batch file, they are executed in the order they appear in the file. Option p=pwd [b] Description Function: Sets a password to enable/disable the keyboard and screen lock. Maximum character length is 128. Option: b Scans keyboard input for a password to set locks when they are not set. (Be careful using this option. It can interfere with keyboard input for applications that are running!)
+|- k
Function: Enables/disables keyboard input. To allow keyboard input, use +k. To lock the keyboard, use -k. Default: Locked.
+|- s
Function: Enables/disables screen output. To allow screen output, use +s. To disable it, use -s. Default: Disabled.
x [h#]
Function: Displays the wallpaper or graphic and then exits the KBSCLK utility. Once the utility has exited (no longer running as a TSR), the keyboard and screen are not locked. Default: 3 second graphic/wallpaper display, then unload TSR. Options: h Allows use of the Home key to bypass BootWorks and begin production boot processes. # Specifies the time (in seconds) for the graphic to appear (a maximum of 34 seconds is possible). During that time, you can use the Home key to bypass the BootWorks processes. If zero is used, the graphic appears for 3 seconds and no bypass is allowed.
c t w=file
Function: Clears the screen and exits the program. Used mostly for troubleshooting. Function: Sets video text mode (MODE CO80) and exits. Used mostly for troubleshooting. Function: Specifies the name of a graphic/wallpaper file to appear. This is valid only if the x option is used. Valid files are pcx files with 640x480x16 color.
Order Of Operations
The order of operations and utility behavior when KBDSCLK is run from the command line is as follows: When c or t is used, it performs its functions and exits without performing any other functions, regardless of order. KBDSCLK does not remain loaded as a TSR, so the keyboard is not locked and no screen output appears.
477
Use w to specify the name of a wallpaper/graphic file to replace the default. See the table above for details on using graphics files. When x is used, the wallpaper/graphic appears and the KBDSCLK program exits, ignoring all other commands except w and h, regardless of order. KBDSCLK does not remain loaded as a TSR, so the keyboard is not locked. If the utility is loaded as a TSR (in the autoexec.bat file), and you execute KBDSCLK on the command line and specify the k and s options, it changes the keyboard and screen lock settings of the TSR instance. Options w, p, and b are ignored, regardless of order. If the TSR is not loaded, w, p, and b can be used with k and s in any order. The p option can be used on the command line to set a password for unlocking the screen and keyboard.
Switch
-s
Details
Function: Runs a Simple install where all components are installed on a single computer. Example: axinstall -s
-a
Function: Adds a component when installing a custom install where componentsthe Deployment Server database, PXE server, Deployment Share, services can be installed on separate computers. Example: axinstall -a
-t
Function: Allows you to run a silent install (where the install application executes without asking for user input. Example: axinstall -t
478
Switch
-i -
Details
Function: Allows you to create a setup.ini file used for automation or a silent install Example: axinstall -i
Function: Allows you to run a silent install (where the install application executes without asking for user input) and read setting from an INI file. See Silent Install Options (page 479). Example: axinstall -t c:\silent.ini Sample Silent.INI file:
479
DAEncryptedPassword=z%l$qry^w InstallPXE=0 CreateExpressShare=FALSE | TRUE DOSFilesPath=c:\dos To install Sysprep files, specify the following fields AddSysprepFiles=FALSE | TRUE XPSysprepPath=c:\xp\deploy.cab 2KSysprepPath=c:\2k\deploy.cab NTSysprepPath=c:\nt\nt4prep.exe
480
To install FreeDos files, specify the following fields PBFreeDOS=FALSE | TRUE PBFreeDOSFile=c:\DSSetup\BDCgpl_6.8.8271.frm
If you install DOS files, the following fields are listed:
PBMSDOS=FALSE | TRUE PBMSDOSPath=c:\DOSFiles To install Linux files, specify the following fields
For Linux IA64, specify the path of the .FRM file in PBLinuxFileIA64. The PBLinuxIA64 field should be True. Example
PBLinuxFileIA64=c:\DSSetup\BDCgpl_6.8.8271.frm PBLinuxIA64=True
For Linux x64, specify the path of the .FRM file in PBLinuxFileX64. The PBLinuxX64 field should be True. Example
PBLinuxFileX64=c:\DSSetup\BDCgpl_6.8.8271.frm PBLinuxX64=True
For Linux x86, specify the path of the .FRM file in PBLinuxFileX86. The PBLinuxX86 field should be True. Example
PBWindowsPEX86AddOn=TRUE PBWindowsPEX86AddOnPath=c:\DSSetup\AddonX86.exe
To specify the WinPE disk path, specify the path in PBWindowsPEWinPEX86Path and the operating system path in PBWindowsPEX86OSPath. The PBWindowsPEWinPEX86 field should be True. Example
481
For WinPE x64, to use an add-on file, specify the path of the add-on file in PBWindowsPEX64AddOnPath. The PBWindowsPEX64AddOn field should be True. Example
PBWindowsPEX64AddOn=TRUE PBWindowsPEX64AddOnPath=c:\DSSetup\AddonX64.exe
To specify the WinPE disk path, specify the path in PBWindowsPEWinPEX64Path and the operating system path in PBWindowsPEX64OSPath. The PBWindowsPEWinPEX64 field should be True. Example
PBWindowsPEIA64AddOn=TRUE PBWindowsPEIA64AddOnPath=c:\DSSetup\AddonIA64.exe
To specify the WinPE disk path, specify the path in PBWindowsPEIA64 and the operating system path in PBWindowsPEIA64OSPath. The PBWindowsPEIA64 field should be True. Example
482
OR
DAEncryptedPassword=z%l$qry^w CreateExpressShare=FALSE | TRUE DOSFilesPath=c:\dos SEPath= C:\Program Files\Altiris\eXpress\Deployment Server SELocation=local | remote SERemoteComputerName=DESKPRO1 SEUsername=administrator SEPassword=password
OR
SEEncryptedPassword= z%l$qry^w SEIPAddress=172.16.2.123 SEDataManagerPort= 8080 SEDBLocation=local | same | remote | sqlserver SEDBRemoteComputerName=DESKPRO2 SEDBSQLPortNumber=<Enter SQL Port Number here> SEDBEnginePath=c:\mssql7 SEDBDataPath=c:\mssql7\data SQLAuthentication=FALSE | TRUE SQLMachineUsername=administrator SQLMachinePassword=password
OR
SQLEncryptedMachinePassword= z%l$qry^w InstallPXE=FALSE | TRUE PXLocation=dos | local | remote PXRemoteComputerName=DESKPRO3 PXMakeMasterServer=FALSE | TRUE PXIPAddress=172.16.2.123 PXDSIPAddress=172.16.2.123 PXPath=c:\Program Files\Altiris\express\Deployment Server PXUsername=Administrator PXPassword=password
OR
PXEncryptedPassword= z%l$qry^w
483
SQLEncryptedPassword=zlq%r*x+y DSConnectionMethod=multicast | tcpip DSConnectionServerName=* | <server name> DSConnectionDSIPAddress=172.16.2.123 DSConnectionDSPort=402 COLocation=local | remote CORemoteComputerName=DESKPRO4 COUsername=Administrator COPassword=password
OR
COEncryptedPassword=zlq%r*x+y WCLocation=local | remote | none WCPath= c:\Program Files\Altiris\express\Deployment Server WCRemoteComputerName=DESKPRO5 WCUsername=Administrator WCPassword=password WCEncryptedPassword= zlq%r*x+y WCConsoleManagerPort=8081
AddDSConsole=FALSE | TRUE AddPXEServer=FALSE | TRUE AddDSWebConsole=FALSE | TRUE DOSFilesPath=c:\dos DAPath=C:\Program Files\Altiris\eXpress\Deployment Server SEIPAddress=172.16.2.123
484
COEncryptedPassword=zlq%r*x+y PXLocation=dos | local | remote PXRemoteComputerName=DESKPRO3 PXMakeMasterServer=FALSE | TRUE PXIPAddress=172.16.2.123 PXDSIPAddress=172.16.2.123 PXPath=c:\Program Files\Altiris\express\Deployment Server PXCreateDefaultPXEBootFiles=FALSE | TRUE PXUsername=Administrator PXPassword=password
OR
PXEncryptedPassword= zlq%r*x+y WCLocation=local | remote | none WCPath= c:\Program Files\Altiris\express\Deployment Server WCRemoteComputerName=DESKPRO5 WCUsername=Administrator WCPassword=password WCEncryptedPassword= zlq%r*x+y WCConsoleManagerPort=8081
ON/ENABLED ON/ENABLED
485
Function
Installs the agent, or re-installs the agent if already installed. When used with -install, installs the agent without the installation dialog screens. Stops the agent. Starts the agent after it has been stopped. Stops and restarts the agent. Stops and uninstalls the agent. Example: to restart the agent, run
C:\Altiris\PPCAgent\PPCAgent.exe -restart
To use more than one command-line parameter, separate the parameters with a space. Example: ppcagent -install -silent.
Switch
-install -os LINUX -x86 e:\BDCgpl_6.8.8260.frm -install -os LINUX -x64 e:\BDCgpl_6.8.8260.frm
Details
Installs the Linux agent for x86 computers. Installs the Linux agent for x64 computers.
486
Switch
-install -os LINUX -ia64 e:\BDCgpl_6.8.8260.frm -install -os LINUX -x86 e:\BDCgpl_6.8.8260.frm -quiet -install -os LINUX -x64 e:\BDCgpl_6.8.8260.frm -quiet -install -os LINUX -ia64 e:\BSCgpl_6.8.8260.frm -quiet
Details
Installs the Linux agent for ia64 computers. Silently installs the Linux agent for x86 computers. Silently installs the Linux agent for x64 computers. Silently installs the Linux agent for ia64 computers.
Switch
-install -os WINPE -x86 e:\Altiris_DS_Preboot_WinPE2005_x86. exe -install -os WINPE -x64 e:\Altiris_DS_Preboot_WinPE2005_x64. exe -install -os WINPE -ia64 e:\Altiris_DS_Preboot_WinPE2005_ia64 .exe -install -os WINPE -x86 e:\Altiris_DS_Preboot_WinPE2005_x86. exe -quiet
Details
Installs the WinPE agent for x86 computers. Installs the WinPE agent for x64 computers. Intalls the WinPE agent for ia64 computers. Silently installs the WinPE agent for x86 computers.
487
Switch
-install -os WINPE -x64 e:\Altiris_DS_Preboot_WinPE2005_x64. exe -quiet -install -os WINPE -ia64 e:\Altiris_DS_Preboot_WinPE2005_ia64 .exe -quiet
Details
Silently installs the WinPE agent for x64 computers. Silently installs the WinPE agent for ia64 computers.
488
Chapter 26
See Also
RapiDeploy Executable Files on page 489 Running RapiDeploy from the Command-line on page 489 Using File System Independent Resource Management (FIRM) on page 502 Using File System Independent Resource Management (FIRM) on page 502 Troubleshooting RapiDeploy on page 89
Description
An Altiris program with a graphical wizard-like interface. When run on a computer, rdeploy.exe temporarily designates the computer as the RapiDeploy Master PC or as the Client PC. The Master PC controls how images are created, uploaded, and downloaded, and how they are sent or multicasted to other computers. Rdeploy.exe lets you set up configurations (such as TCP/IP and networking settings) on the computer after it has received an image. You can run rdeploy.exe with command-line switches and set up other options for imaging and multicasting.
rdeployt firm
A text-based version of RapiDeploy, this version does not provide a graphical interface but supports the command-line switches. File System Independent Resource Management (FIRM) lets you access files in automation. This is an advanced feature. You do not have to use it to perform normal management tasks. For more information, see Using File System Independent Resource Management (FIRM) on page 502.
489
Switches can be entered in any order and they are not case sensitive. When using multiple switches, leave a space between each option. You can also get a list of switches at the DOS prompt by typing the following:
rdeploy -?
If you want to redirect this list to a file, type the following:
Details
Function Shows command-line help. Function Sets partition alignment to the provided values. Function Determines the maximum bandwidth to be used by the multicasting session. Example To limit the bandwidth to 5 Megabits per second, type
rdeploy -bsl:5
-c[compression mode] Function Sets the compression mode for image creation. Speed is the default mode. Modes off turn compression off. size make smallest image size with slight speed penalty. speed (default) make a less compressed image in less time. balanced make a reasonable compressed image with a reduced speed penalty. Example To optimize image creation for speed, type
490
Details
Function Sets the configuration filename (default is lastrun.cfg). The configuration file provides information for post configuration. The default configuration file is lastrun.cfg that can be edited in a text editor with the specific information needed for the computer. This command is useful if you want to run imaging in a batch file using configuration information saved previously by the RapiDeploy program. (If you select the option to save settings in the RapiDeploy program, a configuration file will be created with the name lastrun.cfg.) You can rename lastrun.cfg and specify it in your batch file to apply configuration settings. Example If you have run RapiDeploy and have chosen the option to save configuration settings, you could rename lastrun.cfg to laptop1.cfg and use it in a batch file by typing the following:
491
Details
Function Specifies which hard disk to read from or write to, depending on whether you are uploading or downloading. This switch is used for computers that have more than one hard disk. Examples To download an image to disk 2, combine with the -md switch and type
492
Details
Function Forces boot fixup in cases when it does not normally occur. When imaging completes, certain files, such as boot.ini or grub, and the MBR are modified to ensure that the computer boots. This is used in circumstances when you want to keep existing partitions using the -kp switch. If you are replacing a boot partition use this switch to fix booting. If you are replacing a data partition this is not required.
-forcebw
Function Forces the automation partition to be restored. Use this switch when using PXE or to overwrite an existing automation partition on the hard disk with the automation partition in the image. Example To restore an image and have the automation partition in the image replace an existing automation partition on the hard disk, type
493
Details
Function Specifies a FIRM file that contains a list of FIRM commands to be executed after a restore. A FIRM file is a text file containing FIRM commands to execute. Example After a computer has received an image, you can copy a file that is not in the image to the computer. Example: you may want to copy a .cfg file that a computer needs but is not in an image.
-h -i:[20..25]
rdeploy -i:23
-i[IDnumber] Function Sets session ID when sending an image file to more than one computer. Use this switch with multicast sessions so the Master PC can identify Client PCs in the same session. Example To send an image to 10 Client PCs, type
494
Details
Function Sets the multicast IP address and port. This can be used for two purposes: 1) To allow multicasting through a router that is set up to use a different multicast IP address, and 2) to separate multiple multicasting sessions more efficiently. If you are manually running multiple multicast sessions, you can specify a different multicast IP address for each session to allow the NIC itself to filter out unwanted packets from other sessions. This speeds up all sessions involved. Important Remember to put the port number at the end of the IP address after a colon. Example
-kap -kp[1-31]
495
Details
Function Sets the operating mode. Modes u (Upload image) d (Download image) dd (Disk-to-disk) b (Multicast only) mm (Multicast master) ub (Upload and multicast image) db (Download and multicast image) client (Client mode) Examples To upload an image, type
rdeploy -mclient
See also -f[path & file name], -i[IDnumber] -makeimx Function Minimizes the number of disk swaps that occur when restoring a hard disk image that has been split across multiple CDs or other storage media. This switch causes RapiDeploy to create an .imx (IMage IndeX) file which contains data that may reside on other CDs. If RapiDeploy has access to the .imx file, it will not prompt you to insert any CD more than once. Use the -makeimx switch when you create an image. However, no switches are needed when restoring the image. Once the split image file has been created and you are ready to burn the image to CDs, put the .imx file on the CD with the first .img split image file. Subsequent split image files do not require the .imx file to be placed on the CD. -mcastspeed[speed] Sets the speed used in multicast operations. Range: 1 or greater. Deployment Solution 6.5 and previous use 1 as default, later versions use 5. Function Operate in client mode. When multicasting, set this flag to force the computer to not attempt to act as master. Function Specifies the interface used for multicasting. This is useful if you have a computer with multiple NICs and you want to force multicast data to use a specific NIC.
-mclient -mcint:[n.n.n.n]
496
Details
Function Used with the -f switch to convert an existing image file (.img) to a self-extracting .exe file. (Does not upload or download; just converts the file.) Example To convert a file named WINXP.IMG, type
-nobw
-nors
497
Details
Function Specifies which partition to process. Parameters n Number (1-31) uploads the partition (each partition must be designated separately) b images the BootWorks partition (works for both hidden and embedded types) oem images the oem partition rs images the recovery partition Examples To upload an image of partition 2, type
-rescan -restorebt
498
Details
Function Causes RapiDeploy to restore the unique disk signature in the MBR of the hard disk from which the image was created. Normally, RapiDeploy does not transfer the disk signature to the target computer when deploying an image. This switch can be used when restoring an image to the same or similar systems. The -szf switch may be needed in combination with the -restoresig switch. Example One This -restoresig switch has been added to the Distribute Disk Image job in the XP Embedded folder in the Samples folder to protect the Write Filter Partition. It is required for all Restore Image jobs for XPe Thin Clients. Example Two The -restoresig switch is needed when restoring an image to a Citrix Metaframe Server to preserve the alternate drive mappings. In this situation the -szf switch is also required. Note This switch will function only if no production partitions are being preserved on the hard drive when deploying the disk image.
Function Create a recovery solution checksum during upload. Function Specifies the number of Client PCs included in a multicast session. When the Master PC detects the specified number of Client PCs, it automatically starts the multicast session. The number specified does not count the Master PC. Example To set the number of Client PCs that will be connecting to the Master PC in a multicast session to 9 computers, type
499
Details
Function Use this switch to set fixed sizing for all partitions. By using this switch, RapiDeploy will use the original sizes that existed on the computer from which the image was created. Example If the original size of the partition to be downloaded was 250 MB and you want the destination partition to remain 250 MB, use the -szf switch. If the target disk has 500 MB of free space, you will have a 250 MB fixed partition and 250 MB of free space.
-sz[parameter]
Function Resizes partitions during imaging. Syntax rdeploy -sz[#]:[x{m|p}] where # is the partition number and x is the size based on the number of megabytes or a percentage. Parameters [x]m (Resize partitions in megabytes) [x]p (Resize partitions as a percentage of hard disk size for primary partitions or the percentage of the extended partition for logical drives) Examples If the size of partition 2 being downloaded is 300 MB and you want it to fit in half of the 500 MB of disk space on the client disk, type
Function Run in text mode instead of GUI mode. To use this switch, all settings must be specified at the command-line.
Examples
500
Details
Function This option applies only to the Restore and Send (mdb) mode. We have found that when using a small number of clients, it is faster to perform individual downloads on each client than it is to multicast to all of them. There is a point where it becomes more efficient to multicast than it is to perform individual downloads. This threshold is where it becomes faster to multicast than to do individual downloads and can be specified by the -threshold:[n] command line parameter. Depending upon the network environment, this number may vary. You should perform a few tests to pick a good threshold value for your network. It may be a small number, like four, or it could be much larger, like 15. Once you have found this threshold value, you can specify this number on the command line and then RapiDeploy will, depending on the number of clients that connect, have them do individual downloads or have them multicast. The number [n] specifies the minimum number of clients that will need to connect to the master in order for it to multicast. Example: if you specify -threshold=5, and four or fewer clients connect to the master PC, it will have them all do individual downloads of the image. If five or more clients connect to that master, it will multicast to them. This becomes more important when multicasting across subnets with a router that doesn't support multicasting. If you start one master and nine clients (10 PC's total), three of which are on one side of the router and seven of which are on the other side, RapiDeploy will detect that there are only three on one side of the router and do individual downloads to them. It will also detect that seven are on the other side and multicast to them. RapiDeploy does all of this automatically. All you must supply is the threshold value to let RapiDeploy determine when it should multicast or not. Example Suppose you have determined that the threshold value for your network is five. In other words, you have found that multicasting from one master to five or more clients is faster than doing individual downloads to those clients and the master. You could then specify the following threshold value on the command line:
501
Details
Function Set VESA screen resolution.
rdeploy -ve:31
-w[n] Function When multicasting, specifies the maximum number of minutes to wait for Client PCs to connect. If all Client PCs connect, it will start right away. Default: 5 minutes (or until the specified number of Client PCs is connected). Example To set the timeout to wait for PC Clients to 10 minutes, type
baseimag.exe -noprompt
You can combine this switch with any of the other switches.
502
Drive mapping comparison Sample Partitions Partitions recognized by Win 98 Partitions recognized by WIN NT Partitions Partitions recognized recognized by WIN 2000 by FIRM
* * * * * * * * * * * * *Drive letters are assigned according to where the drives physically reside on the disk. FIRM uses the following logic to determine which type of drive to use: Drives A: and B: are DOS drives. All other drives are assumed FIRM drives unless prepended with the drive type identifier D. Example: DC: indicates DOS drive C:. If a FIRM drive is not found, then a DOS drive is assumed. FIRM drives can also be explicitly specified by prepending the drive type identifier F. Example: FK: indicates FIRM drive K:.
Embedded BootWorks partition (always drive W:) FAT 32 FAT 16 NTFS EXT2/EXT3
Running FIRM
The computer must be booted to DOS. The firm.exe program must be on a disk or a server where you have rights to access it.
To run FIRM
1. 2. Put the disk containing FIRM.EXE into drive a:, or log into the server where the program files are located. Type FIRM to run the program.
503
Function
Function Used in place of the BootWorks partition letter (w: drive). Examples To delete the autoexec.bat file from the BootWorks partition, type
504
Options
Function Gets a list of all partitions/drives. Shows the file system and FIRM drive letters. Also shows the percentage of the drive used by the partition.
firm drives
type Function Sees the contents of an ascii text file. (Other file types do not display correctly.) Usage firm type [filename] Option [filename]= path and name of the file you want to read Syntax firm type[drive type][drive letter or token]:[path][filename] Example To see the contents of a file called disk32.txt, type
505
Options
Function Displays file and directory lists. Usage firm dir [directory] Option [directory]=directory letter or path Syntax firm dir [drive type][drive letter or token]:[path] Do not include a filename or you will get an error. The drive type is optional. Examples To see a list of directories and files in the BootWorks directory, type
506
Options
Function Backs up registry files. Usage firm backupreg [dest file][local path] Options -noprofile Backs up default registries without the user profiles. [destination file]=destination filename (must be a DOS filename) [local path]=local path to registry files (source) (Default source path for Win NT/2000 is c:\winnt\system32\config. Default for Win 95/98 is c:\windows). If files are stored in the default location, you do not need to enter the path. Syntax firm backupreg [destination path and filename] [drive letter or token]:[local path] Include the complete path. Examples To back up registries without user profiles to c:\regback.lst, type
507
Options
Function Backs up a set of files. Usage firm backuplist [destination file] [list file] Options [destination file]=destination filename (must be a DOS filename) [list file]=filename containing a list of files to back up (source) Must be in a DOS text/ascii file format. Syntax firm backuplist [destination path and filename][list filename] Include the full path. Example To back up the files in c:\backup.lst and store them in c:\backup.txt, type
508
Appendix B
System Tokens
The following table lists all predefined system tokens supported by Deployment Solution 5.6 or higher. System tokens are case sensitive. The percent symbol % at the beginning and end of each token is part of the token name and must be included.
Token
Description
Asset tag from SMBIOS The IP address of the NIC of the client computer connected to the Deployment Server. The IP address of the client computer connected to the Deployment Server. This token only works with Bootworks. It is deprecated and it is recommended that you use the token %AGENTIPADDR% instead. The name of the job that called this job (as used when Setting Up Return Codes) or the name of this job if not called by another job Actual computer name used by the OS Contact name defined in the Location properties Date string in the form of mm/dd/yyyy Department description defined in the Location properties MS Workgroup or domain name Domain organization units. Example: MyCompany.com/MyParentOU/MyOU The NetBios name of the computer where the Deployment Server is installed. Email from the Location properties Unique Computer ID Generated by Deployment Server
%CALLINGJOBNAME%
%DNSSUFFIXSEARCHORDER% The DNS suffixes under the DNS tab. %DOMAIN% %DOMAINOU% %DSSERVER% %EMAIL% %ID%
509
Token
Description
Full DNS name of the computer The name of the current job. The name of the user logged on to the Deployment console The LDAP format for AD domains. Example: dc=MyCompany, dc=com, OU=MyParentOU, OU=MyOU Mail stop from the Location properties Computer manufacturer from SMBIOS Complete computer name as it appears in the console The NetBios name for the Microsoft Domain IP Address for NIC y (y = 1-8). Example: the first NIC would be %NIC1IPADDR%I , second %NIC2IPADDR% DNS entry x for NIC y. Example: the second NIC fourth DNS entry would be %NIC2IPDNS4% All DNS IP addresses for NIC y. Example: All DNS entries for the second NIC would be %NIC2IPDNSALL%. Default gateway for NIC y (y = 1-8). Example: the first NIC would be %NIC1IPGATEWAY%, second %NIC2IPGATEWAY% IP HOst for NIC y (y = 1-8). Example: the first NIC would be %NIC1IPHOST%; the second would be %NIC2IPHOST%. Netmask for NIC y. Example: the first NIC would be %NIC1IPNETMASK%, second %NIC2IPNETMASK% WINS entry x for NIC y. Example: the third NIC first WINS entry would be %NIC3IPDNS1% All WINS addresses for NIC y. Example: All WINS entries for the second NIC would be %NIC2IPWINSALL%. MAC for NIC y (y = 1-8). Example: the first NIC would be %NIC1MACADDR%, second%NIC2MACADDR% NetBios options for NIC y. Example: the NetBios options for the third NIC would be %NIC3NETBIOSOPTIONS%. PCI Bus number for NIC y. Example: the PCI Bus number for the second NIC would be %NIC2PCIBUSNUMBER%. PCI Device number for NIC y. Example: the PCI Device number for the fourth NIC would be %NIC4PCIDEVICENUMBER%.
%MAILSTOP% %MANUF%
%NAME%
%NETBIOSDOMAIN%
%NICyIPADDR%
%NICyIPDNSx% %NICyIPDNSALL%
%NICyIPGATEWAY%
%NICyIPHOST%
%NICyIPNETMASK%
%NICyIPWINSx% %NICyIPWINSALL%
%NICyMACADDR%
%NICyNETBIOSOPTIONS%
%NICyPCIBUSNUMBER%
%NICyPCIDEVICENUMBER%
510
Token
Description
%NICyPCIFUNCTIONNUMBER% PCI Function number for NIC y. Example: the PCI Function number for the third NIC would be %NIC3PCIFUNCTIONNUMBER%. %NICyUSEDHCP% %NICyUSEWINS% %NODEFULL% %NODENAME% %NWCONTEXT% %NWSERVER% %NWTREE% %OS% %OSTYPE% %PHONE% %PROCDESC% %PROCSPEED% %PROCCOUNT% %PROD_LIC% %PROCTYPE% %RAMTOTAL% %SERIALNUM% %SITE% %TIME% %USER_NAME% %UUID% If you use DHCP, the valid values are Yes or No. If you use WINS, the valid values are Yes or No. Complete computer name First 8 characters of actual computer name NetWare context name NetWare preferred server NetWare preferred tree Specific operating system (WIN98, WIN2K, WINXP) Operating system type (WIN9x, WINNT, Linux) Phone defined in the Location properties Description of the processor Processor Speed The number of processors installed (not the number of processor slots) Product License Key Processor Type Total Random Access Memory Serial number from SMBIOS Site description defined in the Location properties Time string in the form of hour:minutes The Registered To user name that can be viewed on the System Properties page of Windows. The Universally Unique Identifier (UUID) of the computer, if supported by hardware.
echo This computer has %#FS2*"SELECT ram_free from hardware where computer_id = 5000001"% MB of free RAM
511
Explanation of Script
FS2 is the alias name. hardware is the table name Ram_Free is the column name to find the value in.
If a job using the above script was assigned to the PC-1 computer (with the computer_id of 500001), the values specified are located in the database and appear on the clients computer. The message shows the DS database search results. Users Display Message
C:\ This computer has 213 MB of free RAM Press any key to continue...
Tokens
An Altiris token is a type of variable that can be replaced with unique data from the Deployment Server database. Each computer can have its own unique value for each token. Example: the token name of %NAME% stores the name of a computer being managed as seen in the Deployment Server console view, while the token name of %DOMAIN% stores the Microsoft Workgroup/Domain a computer belongs to. Depending on the individual computer, there may or may not be a value stored in the Deployment Server database for every possible token. Token names are case sensitive. See System Tokens on page 509.
512
requires a Sysprep.inf file. This file is used, among other things, to set the NetBIOS computer name for a computer and which Domain the computer will belong to (see the sample Sysprep.inf file in the figure to the right.) If the image being deployed to the computers contained this Sysprep.inf file and no other changes were made, all computers would end up with the same computer name and Domain when the Sysprep.inf files was used to configure the computers being deployed. To solve this dilemma, a token replacement template file is used. The token replacement template file is a copy of the text file, which after being edited needs to be copied to each computer. In this example it is theSysprep.inf file. The unique text files that will be sent to the individual computers are created by taking the contents of this template file and adding the unique data using tokens. Therefore, any data in the template file that needs to be unique must be replaced with an applicable token. Example: to ensure that every computer gets a unique computer name, the Sysprep.inf file is edited to use a token to provide this information instead of using the real computer name. As seen in the figure to the right, this is accomplished by placing the %NAME% token after the ComputerName entry. Likewise, the entry that determines the Domain is changed to use the %DOMAIN% token instead of the real Domain name. After the tokens have been added as needed, this file is saved in the Deployment Server directory structure and becomes the template file. After going through the token replacement process, the tokens are replaced with unique data from the Deployment Server database and a new file containing that information is created. The end result is that the new file created would now have an entry such as ComputerName=Bryce in one file while another file might have an entry such as ComputerName=Jackson.
513
When the Job is executed the following happens: The template file (Sysprep.inf) is examined and all tokens are located. The unique token values for each computer are located in the Deployment Server database and are used to create a new file for each computer. The tokens in the new files have now been replaced with their applicable values and the files are saved in the Deployment Server directory path specified in the task. The name of the new file created is determined by a token variable used in the task allowing each new file to have its own unique name. Each unique file is then copied to the applicable target computer. As the files are copied, they are renamed back to the correct name needed. In other words, all computers will end up with a file by the exact same name (this may or may not be needed depending on what this process is being used for.) The destination of the file on the target computer and its final name are determined by the Run Script task in the Job.
Custom Tokens
Custom tokens can be defined in a script or answer file to extract data from any MS SQL Server database table. This is most commonly used when creating custom tables to store additional computer inventory information. This token replacement feature allows you to specify any SQL database, look up a specified value, and replace the custom token with the value from the selected database (whether it resides on the local computer or not).
Syntax One
%#Alias^!table name@column name%
% # Alias
Identifies the opening and closing of a variable token in the script. Indicates that this is a custom token. Specify the alias for an external database set up in the Tools > Options > Custom Data Sources dialog. See Custom Data Sources options on page 88. When used, this will provide the information and credentials to gain access to an external SQL database. If the Alias option is not used, the values will be obtained from the same Deployment Server database the Job containing this token is using.
Indicates that this is a global identifier token. All tokens by default will be looked up using the Computer_ID value for which the token ID is being replaced. This global identifier tells Deployment Solution to NOT use the value in the computer_ID column. Instead, it will use the first value found in the specified table. Specifies that the following text is the table name in the Deployment Database. This field is required for all user-defined tokens. Specifies that the following text is the column name in the table. This field is required for all user-defined tokens. Examples:
! @
514
%#!computer@computer_name%
To return the color column from a custom database and table that has the computer_id column in it:
%#DBAlias!table@color%
To return the color column from the first record from a custom database and table:
Examples
To return the names of the computer with an SQL statement:
515
Appendix C
Error Codes
This section presents some error messages generated by Deployment Solution. They are divided into the following groups: General Error Messages on page 517 Client Error Messages on page 519 Communication Error Messages on page 520 Memory Error Messages on page 522 Partition Error Messages on page 523 Installer Return Codes (page 524)
516
Description
Explanation: An error occurred while reading or writing to the disk. Possible causes: Faulty disk hardware. A write-protected disk. The BIOS in some computers has an antivirus capability which attempts to protect the disk from Master Boot Record (MBR) viruses by write-protecting the first sector or track on the hard disk.
"Error reading from file." "Error writing to file." "Error opening file for reading." "Error opening file for writing." "Error saving image info to file." "Error closing file." "Error reading image information." "Geometry Error . . ."
Explanation: An image file could not be accessed. Possible causes: The file does not exist, or cannot be read (for downloads). The image file is corrupt. The directory does not exist or cannot be written to (for uploads). The disk where the image file is being written is full.
"Invalid geometry exception . . ." Possible cause: Invalid or corrupt BIOS drive geometry settings. "No such drive . . ." Explanation: The specified drive could not be accessed. Possible cause: An invalid drive letter was entered. "Error reading drive parameters from BIOS." Explanation: The program received an error from the BIOS while trying to read disk geometry information. Possible Cause: Often occurs when trying to run a DOS application from Windows. "Bad image number. File is not an image file." Explanation: The file is not recognized as an image file.
Explanation: There was an error converting cylinders, heads, and sectors to logical blocks or vice versa.
Possible causes: "Bad image number. Buffer The file is not a valid image file. doesn't contain image data." File was created with a different version of the imaging "Bad file version number. program, which is not compatible. Cannot read the file." Data loss is occurring over the network. "Bad version number. Buffer doesn't contain image data." "Too many clients for current license count." Explanation: More clients connected to the Console or Master computer than the license allows. Action: Upgrade your license to support more nodes. Call your authorized reseller for more information.
517
Error Message
Description
"This program is not licensed Explanation: Multicasting works only when the license count for multicasting (peer-tois greater than one. peer imaging)." Action: Upgrade your license to support more nodes. Call your authorized reseller for more information. "Exiting with error code . . ." Explanation: The program failed. Possible causes: The operator aborted the program prematurely. A serious program error occurred. Action: A descriptive error message should appear before this message to give you information about the problem that is causing the program to exit. If you do not see a preceding descriptive message, notify Altiris Technical Support. Write down the error code and a description of what was happening before the error occurred.
518
Description
Explanation: The Master computer sent a "goodbye" packet before the image-transfer was finished. The download didn't finish, so the client disk will be in an indeterminate state. Possible cause: The user aborted the download before it was complete.
Explanation: The Master computer sent a packet with the "Error: Received cluster chunk with wrong version . . wrong version number. . (want .. .)." Possible cause: The Master computer and clients are "Client and master versions running different versions, and there are packet-header do not match." differences. "Error: Received cluster map Action: Ensure both master and client programs are updated with wrong version . . ." to the same software version. "Error: End of Block packet has wrong version . . . (want . . .)." "Error: Received Wrong NetBlock . . . (expected . . .)." "Received Wrong segment . . . (expected . . .)." Explanation: The Master computer moved on to the next segment in an image transfer before the client successfully received the data in the previous segment. Possible cause: The client may have lost contact with the Master computer during a download.
"Error: Master started before Explanation: The client received an unknown packet before we could register." it was ready to begin the download. Possible cause: The "download confirmation" packet sent from the Master to the client is lost. Action: Re-send the image. "Error decoding buffer." "Error while getting image info from master." Explanation: The client was unable to decode packet or image information. Possible cause: Data corruption in a packet somewhere between the Master computer and the client (likely), or a bug in either the master or client software (much less likely). Action: Call Altiris if you see this message and you believe your network is operating reliably.
519
Description
Explanation: An error was returned from a call to the network protocol stack. Possible causes:
"IP SendPacket error, code . The IP protocol stack isn't loaded. . ." An internal error occurred in the protocol stack code. "IP Error sending packet ..." "Error sending farewell packet: ECB code . . ." "IP error getting local target address." "Unable to bind socket 0x . . ." Note The same errors can occur with IPX.
Description
Explanation: Compression or decompression failure. Possible causes: A decompression failure can be caused by corrupt data in an image file or data accessed across the wire. A compression failure is probably caused by a bug in the program. Action: If you get a compression or decompression failure on a file you know to not corrupted, isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
Explanation: The program tried to send a packet that was larger than the internal limit. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
520
Error Message
"Unable to register multicast cleanup function."
Description
Explanation: Indicates a failure in the programs library routines. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
"Unhandled exception detected. Explanation: A top-level handler in the program detected an exception from an unknown location in the Please call technical support." program. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Error: Missing chunk number . . Explanation: Indicates an internal error in the client. . too big." Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Error: Received non cluster map block type 0x . . ." Explanation: The client received a block of data containing unexpected information. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris.
521
Error Message
Description
"Out of range index . . . in Explanation: Internal program error. removeItem. ElementCount is . . Action: Please report the error to Altiris. Write down the ." error code and message and a description of what was "Error removing child subtree." happening just before the error occurred. "Invalid item to remove." "Error: Attempted removal of top-level container segment." "Error: unable to copy source segment." "Error getting download info space requirements." "Error getting image info space requirements." "Error getting bitmap space requirements." "Error encoding image info into buffer." "Error encoding bitmap."
Explanation: A partition table in an extended partition contains a reference to a nonexistent slot in the partition table. Action: Please report this error to Altiris.
Description
Explanation: The program is out of memory.
Possible cause: The Altiris program requires 16 MB to run. "Ran out of memory while . . It could also be a lack of conventional memory. ." Action: Add the emm386.exe file, and load as many drivers, "Exception . . . while devices, and so on as possible into high memory. Check the allocating . . ." Altiris support forum for information on memory errors. "Error adding . . ." Explanation: There was a problem building an internal list structure. Possible cause: This is almost always a result of memory exhaustion.
522
Description
Explanation: More than one partition was defined for a given partition table slot. It can mean one of two things: Possible cause: The on-disk partition-tables (including partition tables in extended partitions) are corrupt. The program was unable to merge an image file with the local disk contents because both the image and the local disk contain a partition definition that must reside in the same slot.
"No partitions to process." "Segment boundary error: doesn't start on track boundary." "Invalid partition . . . "
Explanation: No partitions were found in the partition table. The program has nothing to image (upload). Explanation: An invalid partition definition exists. Possible cause: The invalid entry might be in the partition tables extended partitions. Action: Try running ibmaster.exe with the -sz or -szf switch. Explanation: An extended partition was found that contained no internal partition table, or contained no internal definitions. Action: The invalid configuration can be resolved by removing the invalid partition definition (using FDISK or similar utility). Explanation: The local disk doesn't have enough free space to accept the image being downloaded.
"Error: No partition-table segment to update." "Error: Expected container segment not found."
"Underlap error while placing Possible cause: The image may have more data than can fit segment." on the client computer hard drive, or the partition cannot be resized to fit the drive. "Overlap error while placing segment." "Collision at beginning of disk Explanation: The program was unable to place the boot while trying to place boot record on the disk. record." Possible cause: Another partition may be defined to cover the required space. This usually indicates corruption in the target disk's partition table, because it is illegal for a partition to occupy the space required by the boot record. Action: Run FDISK to remove all partitions, then reboot the computer and run FDISK/MBR. Also check for viruses.
523
Error Message
Description
"This image requires that the Explanation: The image being transferred contains a destination drive have the geometry-dependent partition, and the geometry of the same geometry . . ." source disk does not match the geometry of the target disk. This means the disks are not seen as identical drives by the drive controller. "Error flushing MBR sector." Explanation: The program was unable to write data to the first sector on the hard disk. The image transfer is incomplete because the partition-table and/or master boot record code was not successfully written, and the disk is in an indeterminate state. Possible cause: This may be caused by a BIOS setting that prevents programmatic access to the boot sector (see the CMOS setup).
Return Code
1000
ErrorID
IDS_ERR_SETUP_INSTALL
Error Description
This return code is for the DataStore component. This error occurs while setting up the installation on a remote computer. This signifies an error in opening the setup INI file. This return code is for the DataStore component. This error occurs while copying the license file to the remote computer. Please ensure that the temp directory on the remote computer has at least 100MB free space. This return code is for the Deployment Server component. This error occurs while setting up the installation on a remote computer. This signifies an error opening the setup INI file. This return code is for the Deployment Server component.This error occurs when it is unable to grant logon as service rights to the Deployment Server Service user. If you continue the installation, it will install the service, but will require you to manually set "Logon as Service" rights for the Deployment Server Service user.
1001
IDS_ERR_COPYING_LICEN SE
1002
IDS_ERR_SETUP_INSTALL
1003
IDS_ERR_GRANT_LOGON
524
Return Code
1004
ErrorID
IDS_ERR_INSTALLING_SE RVER_REG
Error Description
This return code is for the Deployment Server component. Thus error occurs while creating some registry entries required for the server to function correctly. If you choose to continue, you will need to set the options manually from the Altiris eXpress Deployment Server Configuration control panel applet. This return code is for the Deployment Server component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Server component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Server component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Server component. This error occurs while copying the license file to the remote computer. Ensure that the temp directory on the remote computer has at least 100MB free space. This return code is for the Deployment Server component. This error occurs when it is unable to execute package on the remote computer. Ensure that the username and password you have supplied has Administrator rights on the remote computer.
1005
IDS_ERR_CONNECTING
1006
IDS_ERR_INSTALLING_SE RVICE
1007
IDS_ERR_STARTING_SERV ICE
1008
IDS_ERR_COPYING_LICEN SE
1009
IDS_ERR_EXECUTE_PACKA GE
525
Return Code
1010
ErrorID
IDS_ERR_COPYING_PACKA GE
Error Description
This return code is for the Deployment Server component. This error occurs while copying the install package to the remote computer. Please ensure the temp directory on the remote computer contains at least 100MB free space. This return code is for the Deployment Console component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is for the PXE Server component. This error occurs while copying the PXE boot image files. If you continue the install, you will need to run the Boot Disk Creator from the PXE computer and create these files manually. This return code is for the PXE Server component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is for the Deployment Web Console component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is for the Deployment Web Console component. This error occurs when it is unable to grant logon as service rights to the Deployment Server Service user. If you continue the installation, it will install the service, but will require you to manually set "Logon as Service" rights for the Deployment Server Service user. This return code is for the Deployment Web Console component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer.
1011
IDS_ERR_SETUP_INSTALL
1012
IDS_ERR_COPYING_BOOT
1013
IDS_ERR_SETUP_INSTALL
1014
IDS_ERR_SETUP_INSTALL
1015
IDS_ERR_GRANT_LOGON
1016
IDS_ERR_CONNECTING
526
Return Code
1017
ErrorID
IDS_ERR_INSTALLING_SE RVICE
Error Description
This return code is for the Deployment Web Console component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Web Console component. This is an unknown error that occurs while starting the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for the Deployment Web Console component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is for a Hotfix installation. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. This return code is common for all the components of Deployment Server. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is common for all the components of Deployment Server. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer.
1018
IDS_ERR_STARTING_SERV ICE
1019
IDS_ERR_CONNECTING
1020
IDS_ERR_SETUP_INSTALL
1022
IDS_ERR_CONNECTING
1023
IDS_ERR_INSTALLING_SE RVICE
527
Return Code
1024
ErrorID
IDS_ERR_STARTING_SERV ICE
Error Description
This return code is common for all the components of Deployment Server. This is an unknown error that occurs while starting the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is common for all the components of Deployment Server. This error occurs when it is unable to execute package on the remote computer. Ensure that the username and password you have supplied has Administrator rights on the remote computer. This return code is common for all the components of Deployment Server. This error occurs while copying the install package to the remote computer. Please ensure the temp directory on the remote computer contains at least 100MB free space. This return code is common for all the components of Deployment Server. This error occurs while copying the setup.iss file to the remote computer. Please ensure that the system temp directory on the remote computer contains at least 100MB free space. This return code is common for all the components of Deployment Server. This error occurs while monitoring the remote install. The install has been started, but there is no way to find out if the install completed successfully. This return code is for all the components of Deployment Server. This error is encountered when any of the components encounter an Install shield problem. This error occurs when the package is terminated unexpectedly.
1025
IDS_ERR_EXECUTE_PACKA GE
1026
IDS_ERR_COPYING_PACKA GE
1027
IDS_ERR_COPYING_ISS
1028
IDS_ERR_MONITORING
1029
1030
IDS_ERR_PACKAGE_TERMI NATED
528
Appendix D
529
Imaging
Use these sample jobs for basic imaging tasks: Create Disk Image (page 530) Distribute Disk Image (page 530)
Simple Tests
Run simple commands and install software packages using these jobs: DIR Command at DOS (page 530) DIR Command at Windows (page 530) Distribute RapidInstall Package (page 531)
530
What this task does This task runs the DIR command in Windows from a command prompt. Steps to use Assign the job to a computer or computer group.
Migrations
With the aid of PC Transplant, capture various user settings using these jobs: Capture User Application Settings (page 531) Capture User Desktop Settings (page 531) Capture User Microsoft Office Settings (page 532) Capture User Printer Settings (page 532)
3.
531
will execute the PC Transplant Wizard using the specified template and create a file (computername.exe) at the specified location. Steps to use 1. 2. Edit the job. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers, then the logged-in user must have rights to the specified location for the template and package creation. Assign the job to a computer or computer group.
3.
3.
Misc Jobs
Misc jobs can be executed on computers, including installation and repair of Office XP, computer power control, and SQL service and installation: Install Office XP from Mapped Drive (page 533)
532
Install Office XP from UNC Source (page 533) SQL 2000 Unattended Install (page 534) SQL 2000 Unattended Install Using a RIP (page 534) Copy WLogevent to Client (page 535) Install MSI 2.0 Runtime (page 535) Repair Office XP (page 535) Restart Computer (page 535) Shutdown Computer (page 535) Start SQL Server Service (page 536) Stop SQL Server Service (page 536) Uninstall Office XP (page 536) Wake up Computer (page 536)
Note We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to be deployed. The setup should be customized using the proper tools, and an administrative install should be performed to place the setup files on the network share. For more details, consult the Office XP Resource Kit.
533
1.
To customize the script, change the location of the setup files, as well as the username and password. Note that the client computer must be in the domain if you are using domain authentication. To change the username, go into the advanced settings of the script. Assign the job to a computer or computer group.
2. 3.
Note We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to be deployed. The setup should be customized using the proper tools, and an administrative install should be performed to place the setup files on the network share. For more details, consult the Office XP Resource Kit.
2.
534
4. 5.
After the files have been added to the RIP, save it by choosing File>Save. Close the RapidInstall Editor. Assign the job to a computer or computer group.
Repair Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be repaired on the client computer. Additional files required The source that Office XP was originally installed from must be accessible in order for the repair to function successfully. What this task does This script will force Microsoft Office XP Professional with Front Page to be repaired on the client computer. You can substitute the Product ID of any MSI (Windows Installer) installed application in this sample. Steps to use Assign the job to a computer or computer group.
Restart Computer
Description Restarts the client. Additional files required None. What this task does Restarts the client if restart is supported. Steps to use Assign the job to a computer or computer group.
Shutdown Computer
Description Shutdown the client. Additional files required None. What this task does Shuts down the client if shutdown is supported.
535
What this task does This script will send the NET START MSSQLServer command to the computer.
Steps to use 1. 2. If you run the SQLServerAgent you need to remove the REM on the line that starts the agent service. Assign the job to a computer or computer group.
Uninstall Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be uninstalled on the client computer. Additional files required The source that Office XP was originally installed from must be accessible in order for the uninstall to function successfully. What this task does This script will force Microsoft Office XP Professional with Front Page to be uninstalled on the client computer. You can substitute the Product ID of any MSI (Windows Installer) installed application in this sample. Steps to use Assign the job to a computer or computer group.
Wake up Computer
Description Wake up a computer. Additional files required None. What this task does Sends a Wake On LAN packet to the computer. If the client supports Wake On LAN, then this will succeed. Steps to use Assign the job to a computer or computer group.
Pocket PC
These jobs are used to install agents and CAB files to manage handheld devices in Deployment Solution:
536
Distribute Software (page 537) Install Altiris Pocket PC Agent (page 537)
Distribute Software
Description Installs a simple application that displays the name of the Pocket PC. Additional files required None. What this task does This job allows you to set a condition for a MIPS, ARM, or SH3 processor for your handheld device. Once a condition is set then it will install the correct CAB file from the Samples directory. Steps to use Assign the job to the handheld device appearing in the Computers section of the Deployment Server Console.
Scripted OS Installs
These imported jobs allow you to run scripted, unattended installs on both Windows and Linux servers. These jobs are used for both Network installs and Hard Disk installs. To do a network scripted install of Windows, use the Scripted OS install task type in a job: Create W2K Install Disk Image (Target HD) (page 537) W2K Scripted Install (Target HD) (page 539) Create RH7 Install Disk Image (Network) (page 540) Create RH7 Install Disk Image (Target HD) (page 541) RH7 Scripted Install (Network) (page 541) RH7 Scripted Install (Target HD) (page 542) Create RH8 Install Disk Image (Network) (page 543) RH8 Scripted Install (Network) (page 543)
537
set up the image that will be repeatedly called from the "W2k Scripted Install (Target HD)" job. Additional files required
< DS install path >\Deployment Server\ \SAMPLES\SCRIPT~1\WINDOWS\W2KSETUP.BAT. DOS batch file that the job
calls to copy the Deployment Agent, other DOS utilities, and the Windows operating system files needed for the target HD install. If you need to supply drivers that are not included with the Windows installation you will need to create a $OEM$ directory under the i386 directory. If you have hardware or other devices that are not supported in the operating system distribution, you can add the drivers needed in the $OEM$ directory that is supported by the unattended install process. In our examples we have added drivers for Intel display, network and chipset. The $1 specifies the root of the %SYSTEMDRIVE% variable. You will need to verify that the directories are included in the OemPnpDriversPath value in the Unattended section of the unattended.txt file. Note The Windows unattended install process requires that all drivers in $OEM$ be fully extracted. Zip files cannot be used. See the "Microsoft Windows 2000 Guide to Unattended Setup" for more information. This guide is named unattend.doc and is in the deploy.cab file in the \Support\Tools folder of the Windows 2000 installation CDROM. What this task does This job creates a hard drive image that can later be used for installing Windows 2000 through the hard disk install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 GB, FAT16 DOS bootable partition. It reboots the client so that DOS will recognize the newly created DOS partition. It calls the w2ksetup.bat file to copy the Deployment Agent, and the Deployment Agent input file (aclient.inp) as well as various other DOS utilities to facilitate a Windows scripted install. It also copies the Windows operating system files (usually from the I386 directory) to the target's hard drive in the C:\I386 directory. It runs rdeploy.exe to create a disk image of the now populated DOS partition. Steps to use 1. 2. Make a copy of the sample job. If you want to create your own DOS_ONLY.img with MSDOS instead of using the supplied DR DOS image, you will need to manually create the image. To create your own DOS image, use a DOS boot floppy to run fdisk.exe to create a 2GB partition on a reference computer. Format the partition to be a system drive. Copy the appropriate DOS files needed (example: himem.sys, smartdrv, xcopy). Create an autoexec.bat file that runs smartdrv to speed the installation and then looks for a file called install.bat. Install.bat will be used in our examples to initiate the unattended installation.
538
@echo off smartdrv IF NOT EXIST c:\install.bat goto no_install call c:\install.bat goto done :no_install echo No Install File :done
Be sure to include smartdrv in the batch file. This command starts SMARTDrive, which creates a disk cache in extended memory. A disk cache will significantly speed up the imaging process. After the above tasks have been performed, create an image of the drive named MS_DOS.img. Once the MS_DOS image is created, copy the i386 folder of the Windows CD (along with the $OEM$ folder if supplemental drivers will be required) to the DOS computer. Now create another image of the drive and name it W2K_AS.img. This image will be used for hard drive scripted OS installs to provide the operating system files needed for the Windows installation. A total of two DOS images should be created with the second image containing Windows install files in a C:\i386 folder. If you use the MS_DOS.img then edit the task and replace DOS_ONLY.img with MS_DOS.img. 3. Edit the last Run Script task, Create Windows Install Disk Image, and change the SET ImageName=F:\IMAGES\W2K_HD.IMG line to the name of the image you wish to create. If you copied the Windows operating system files to a location other than <DS install path>\DEPLOY\WIN\W2K\I386, edit the second Run Script task, Copy Windows Files to Hard Drive, and specify the location on the SET OSFilesPath= line. Change the name of the job to reflect the desired purpose (optional). Note After this job finishes, it will leave the client computer in an unmanageable state. 6. Assign the job to a computer or computer group.
4.
5.
539
have changed the name. This image file contains a DOS bootable partition with the Deployment Agent and other various DOS utilities along with the Windows operating system files that are required for a Windows unattended install.
3. 4. 5.
540
2.
Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET ImageName=F:\IMAGES\RH71_FTP.IMG line to the name of the image you wish to create. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
541
INSTALL\REDHAT directory.
What this task does This job starts a RedHat Kickstart operating system install on a client using the Network install method. It downloads the RH71_FTP image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with files to facilitate a RedHat Kickstart install. It reboots the client so that DOS will recognize the newly created DOS partition. It uses a Scripted OS Install task to start the unattended install on the client. This task contains the location of the operating system install files located on the FTP server as well as the Kickstart file to be used for the operating system install. Steps to use 1. 2. Make a copy of the sample job. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH7 Install Disk Image (Network) job described above. Edit the Scripted OS Install task and change the location of the Kickstart answer file. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
5. 6.
INSTALL\REDHAT directory.
What this task does: This job starts a RedHat Kickstart operating system install on a client using the Target HD install method. It downloads the RH71_HD image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with the operating system files to do a Kickstart unattended install. It uses a Scripted OS Install task to get the Kickstart answer file copied to the client. This task contains the location of the answer file to be used for the operating system
542
install. It reboots the client. Upon reboot, the DOS partition is booted and the operating system install is automatically started. Steps to use 1. 2. Make a copy of the sample job. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH7 Install Disk Image (Target HD) job described above. Edit the Scripted OS Install task and point it to the desired Kickstart answer file. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID. Change the name of the job to reflect the desired purpose (optional). Assign the job to a computer or computer group.
3. 4.
5. 6.
3. 4.
543
HTTP server during the operating system installation. See the Deployment Solution User Guide for instructions on setting up an FTP server for this purpose. Additional files required
3. 4.
5. 6.
Scripts
These jobs are provided to give some ideas of things that can be accomplished by scripting. The scripts have been divided into scripts for Windows and scripts for Linux: Send Email if Disk Space Low (Linux) (page 545) Logevent Script (Linux) (page 545) Restart HTTPD Service (Linux) (page 545) Move Computer to Default Container (Windows) (page 545) Move Computer to Specific OU (Windows) (page 546) Send Error Email (Windows) (page 546) Server-side Embedded VBScript (Windows) (page 546) WLogevent CMD Script (Windows) (page 546) WLogevent VB Script (Windows) (page 547)
544
545
546
What this task does This job will copy the WLogevent.exe to the Windows client, then sends a status message to the console, then executes a dir command, then sends another message to the console. Steps to use Assign the job to a computer or computer group.
XP Embedded
These jobs are provided to give samples when working with XP embedded that have the Enhanced Write Filter enabled: Disable Enhanced Write Filter (page 547) Enable Enhanced Write Filter (page 547) Distribute RapidInstall Package (page 547)
547
What this task does This job will disable the Enhanced Write Filter, and then install a package that includes a utility that shows the computer name in a window. A shortcut is created in the startup group so that every time the computer is started the window displays the computer name. After installing the RIP, the Enhanced Write Filter will be enabled. Steps to use Assign the job to a computer or computer group.
Agent Update
This folder contains a list of agent update jobs that are generated dynamically during updation. These jobs are created whenever an auto update for agents is required. The job names can be AClient x64 Update, AClient x86 Update, and adlagent ia64 update.
SVS
This folder contains a sample script (.bin file) that enables installing the SVS fully licensed version to support customers when they upgrade. The sample script file contains commands that sets new license key to the SVS client. Note You should modify this key before scheduling this job.
548
Appendix E
Network Ports
This document lists the details of the ports used by Deployment Solution. It also includes the steps to configure the ports that are configurable.
Component
Service
Port
Protocol
PXE MTFTP
69 1758 1759
PXE Server
67 68 4011
No No No
PXE Manager
405
TCP
PXEConfig
Yes
406
TCP
PXECfg Service
Yes
PXECfg Service
407
TCP
Yes
Altiris Deployment Server Console Manager Altiris Deployment Server Data Manager
8081
HTTP
DSWeb
Yes
8080
HTTP
Yes
505
TCP
Yes
549
Component
Service
Port
Protocol
Deployment Server
402
TCP/UDP (multicast)
5001
TCP
AClient
Yes
5002
TCP
AClient
Yes
415
TCP
Remote Client
Yes
402
UDP
Deployment Server
Yes
401
UDP
No
PXE MTFTP
The Altiris PXE MTFTP Server service is used to transfer file data between the PXE Server and the PXE Booting client. This service supports both MTFTP and TFTP standard interfaces.
550
the PXE Manager to route, store, and retrieve information about the status, image availability, user input, and so on.
551
9.
10. Select the appropriate option, provide the authentication information and click Next. The Pre-boot Operating System dialog appears. 11. Enter the required information and click Next. The PXE Server Information dialog appears. 12. Enter the required information and click Next. The Deployment Agent Connection to Deployment Server dialog appears. 13. Enter the required information and click Next. The Deployment Console Information dialog appears. 14. Select the required option and click Next. The Deployment Web Console Information dialog appears. 15. The Console Port is 8081 by default. Click Next. The Installation Information dialog appears. Note: This port is used by the Console Manager service. You can change this port if required. 16. Click Install.
Deployment Server
The Altiris Deployment Server controls the workflow and information exchange between the managed computers and the other Deployment Server components, such as Deployment Console, Deployment Database, and Deployment Share. Managed computers connect and communicate with the Deployment Server to register inventory and configuration information and to run deployment and management tasks. Computer and deployment data for each managed computer is then stored in the Deployment Database. There are two methods to configure the 402 port.
552
2. 3.
Click the Transport tab. Enter 402 in the TCP Port field and in the Multicast Port field. Click OK.
Option 2:
1. 2. Open the Registry Editor. In the left pane, select HKEY_LOCAL_MACHINE > SOFTWARE > Altiris Altiris eXpress > Options > TCP Port 402 or Multicast Port 402. Note: This is the port where the server accepts all client connections, such as AClient (Windows Agent), ADLagent (Linux Agent), and DataManager. 3. 4. The Edit DWORD value dialog appears for each port. Set the required values for both TCP Port 402 and Multicast Port 402 and click OK. Restart the Altiris eXpress Server service. >
About the Multicast Port: On the client computers there is an option in the Altiris Client Service Properties dialog called Discover Deployment Server using TCP I/P Multicast. On selecting this option the client locates the deployment server by multicasting. You have to enter the Multicast Address for using the multicasting option. On finding a Deployment Server, the client computer connects to the port that is received from the server.
553
Deployment Agent on Windows runs on Windows computers, including desktops, notebooks, and servers.
554
RapiDeploy Ports
This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server. This allows you to deploy images to a group of computers simultaneously, download an image from a file server, or access a local hard drive, and manage the imaging of several client computers. Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter driver, you can enter a range of IP addresses when using the multicasting feature to speed computer deployment and management. Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and operating system layers. However, some network adapter cards do not handle multiple multicast addresses. In such instances, you can define a range of ports to identify these computers. On the first pass Deployment Server accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server accesses the selected computers using the port numbers.
555
Appendix F
556
The authentication process starts with the Deployment Solution installer generating a security key and writing it in the server.key file. You can find the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options > Security > ServerSecurity registry key. This security key is a random numeric value that is generated automatically. When the Deployment Server starts, the server reads this registry key. The AClient has to add the automatically generated security key to the AClient registry by specifying the server.key file path.
Note: The AClient also has to select the Enable key based authentication check box in Start > Program > Altiris > Deployment Solution > Configuration > Options > Transport tab. If this option is not selected, server authentication fails. The Deployment Server stores the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > DSAuthentication The AClient stores the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > SecurityKey A random challenge key is generated, which is unique to the AClient. The AClient encrypts this challenge key and stores the challenge key in the registry using the security key. The AClient sends the following connection request to the server in the form of Cipher Text.
Request=Authenticate CipherText=
The Deployment Server uses the ServerSecurity key stored in its registry and decrypts the Cipher Text. Using the same key, the server again encrypts the challenge key and sends the following reply in the form of Cipher Text.
Reply=Authenticate CipherText=
The AClient decrypts the Cipher Text using the challenge key already stored in its registry. It compares the decrypted Cipher Text with the random key it has generated. If the two keys match, the server authenticates the AClient connection. If the keys do not match, the authentication fails. The connection is closed and the AClient status is updated to Server Authentication failed. The keys stored on the Server and at the AClient are the same. These keys, however, look different because they are altered using random bytes, and are encrypted using a constant key. The Cipher text sent on the wire also looks different in request
557
authentication as well as in reply authentication, because it is altered using random bytes. These alterations ensure the safety of the key from malicious users.
558
Appendix G
The keys present in the Options folder are listed in the table below, with their description and purpose.
Description
Purpose
Specifies the path for client server communication log. Checks whether to create a communication log. Specifies the size of the log file.
This path is used to create the client-server communication log file. If the value is 0, it disables the logging, else, it enables the logging. The maximum the file can grow is up to the size specified by this key. If the size exceeds this, then it starts overwriting the file from the beginning. Used to create the engine log file at the specified path. If 1, creates the engine log file. The maximum the file can grow is up to the size specified by this key. If the size exceeds this, then it starts overwriting the file from the beginning.
Specifies the path and name of the engine log file. Checks whether to create the engine log file. Specifies the max log file.
PingIntervalMinutes
When sending CACKS to active clients, the server will not send CACK to an active computer if there was an activity on the socket associated with that computer in the last PingIntervalMinutes minutes. CACK timeout in seconds. If the client fails to respond to a CACK within the time out, then it is considered as inactive.
PingTimeOut
559
Description
Purpose
Specifies the number of threads for the read operation. Number of computers in a batch.
Creates the number of read threads. The default is 10, the minimum is 0 and the maximum is 200. While sending WACs to inactive computers, the engine processes n computers at a time. After processing n computers it waits for some time (Specified by ResetInactiveClientConnectionsRest Time) before processing the next batch of n computers. After every n hours, the engine will send WACs to inactive clients. While sending WACs to inactive computers, the engine processes n computers at a time. After processing n computers it pauses before processing the next batch of n computers. This entry defines this pause time. If the value is 13:25, it means 1.25 PM. The Engine will send WACs to inactive clients at 1:25 PM everyday or on a particular day of the week depending upon ResetInactiveClientConnectionWeek Day. Engine sends WACs to inactive computers at the given time everyday or on a specific day of the week.
ResetInactiveClientConnectionsBatch Size
ResetInactiveClientConnectionsHours
Reset inactive client connections every n hours. If it is positive, this key is activated. Wait time (in seconds) between two batches.
ResetInactiveClientConnectionsRest Time
ResetInactiveClientConnectionsTime
If ResetInactiveClientConnectionHo urs is negative, this key is activated. Stores time as a string in HH:MM format, where HH can have values 00-23 Hours. If ResetInactiveClientConnectionHo urs is negative, this key is activated. If positive indicates the day of the week (1=Sunday, 2=Monday,...). A negative value means everyday. Specifies the size of the buffer for the socket. For Backward compatibility. Specifies the install path of Deployment Server. Specifies password for SQL server. Specifies Username for SQL server.
ResetInactiveClientConnectionsWeek Day
Path of the DS. Connects to SQL server using this password. Connects to SQL server using this Username.
560
Description
Purpose
Specifies whether to create a log file in thread directory for threads. Number of minutes to wait before retrying to wake up the inactive computer.
If checked, creates a thread directory and threading related log files. If a job is scheduled on an inactive client, and if UseWOL is 1, the engine will try to wake up that computer by sending WOL every n minutes until it wakes up. If true, syncs the client time with the server. After every n hours the engine will send CACKs to active clients. While sending CACKs to active computers, the engine processes n computers at a time. After processing n computers it waits for some time (specified by UpdateActiveClientConnectionsRestT ime) before processing the next batch of n computers. While sending CACKs to active computers, the engine processes n computers at a time. After processing n computers it pauses before processing the next batch of n computers. This entry defines the time of this pause. If the value is 13:25, it means 1:25 PM, then Engine sends CACKs to active clients at 1:25 PM everyday or on a particular day of the week depending upon UpdateActiveClientsConnectionWeek Day. Engine sends CACKs to active computers at the given time everyday or on a specific day of the week.
ThresholdWOL
TimeSyncMaster UpdateActiveClientConnectionsHours
Specifies whether to sync the time with the client. Updates active client connection every n hours. If it is positive, this key is activated. Number of computers in a batch.
UpdateActiveClientConnectionsBatch Size
UpdateActiveClientConnectionsRest Time
UpdateActiveClientConnectionsTime
If UpdateActiveClientConnectionsHo urs is negative, this key is activated. Stores time as a string in HHL:MM format, where HH can have values 00-23 Hours. If UpdateActiveClientConnectionsHo urs is negative, this key is activated. If positive indicates the day of the week (1 = Sunday, 2 = Monday,...). A negative value means everyday.
UpdateActiveClientConnectionsWeek Day
561
Description
Purpose
While inventorying computers, engine processes n computers at a time. After processing n computers, it waits for some time (specified by UpdateInventoryRestTime) before processing the next batch of n computers. After every n hours the engine will send inventory for the active clients. While inventorying computers, engine processes n computers at a time. After processing n computers it takes a pause before processing the next batch of n computers. This entry defines the time of this pause. If the value is 13:25, it means 1:25 PM. The Engine will inventory active clients at 1:25 PM everyday or on a particular day of the week depending upon UpdateInventoryWeekDay. Engine inventories active computers at a given time everyday or on a specific day of the week.
UpdateInventoryHours
Update inventory for active computers every n hours. If it is positive, this key is activated. Wait time (in seconds) between two batches.
UpdateInventoryRestTime
UpdateInventoryTime
If UpdateInventoryHours is negative, this key is activated. Stores time as a string in HH:MM format, where HH can have values 00-23 Hours. If UpdateInventoryHours is negative, this key is activated. If positive, indicates the day of the week ( 1 = Sunday, 2 = Monday,...). A negative value means everyday. It is related to socket activity. 1 if Update active client connections, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0.
UpdateInventoryWeekDay
UseFD_READ UseResetInactiveClientConnections
This is being used for internal socket communication activity. If Reset inactive client connections is enabled, the engine periodically send WACs to the inactive computers. If the AClient is running on any of the inactive computers, it just resets the connection with server. If true, then connects to database using username and password specified in the configuration dialog. If Update active client connections is enabled, the engine periodically sends CACKs to the active computers and marks those computers, which fail to respond to CACKs as inactive.
UseSql
UseUpdateActiveClientConnections
1 if Update active client connections, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0.
562
Description
Purpose
1 if Update inventory for active clients, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0. Not Used. Not Used.
If Update inventory for active clients is enabled the engine periodically inventories the active computers.
WakeAgentWithPing AllowJobWOL
The key present in the Security folder is listed in the table below, with its description and purpose.
Description
Purpose
563
Appendix H
You can manage handhelds through a cradle attached to a host computer, or through direct connection to the network using a LAN or wireless network adapter. When connected through the cradle, the Pocket PC Agent software will reside on the host computer and the Pocket PC Client software will reside on the handheld computer. This configuration allows Deployment Server to recognize and update the handheld each time it returns to the cradle and synchronize with the host computer using Microsoft ActiveSync. Handheld computers connected directly to the network install only the PPC Client software and are managed like any other computer in your Deployment Server system.
System Requirements
Processors
Install from a cradle or cable. See Install a Pocket PC Agent from the Deployment Console on page 565 to install to a handheld computer in the cradle attached to a host computer. Download CAB files with ActiveSync. See Install Pocket PC Agent from the Host Computer on
page 566 to install the handheld by running or copying the Deployment agent install file or the Deployment Client CAB files over the network.
Install directly to the handheld. See Install Pocket PC Client on the Handheld on page 566 to install only
564
The Deployment Agent for Pocket PC (PA) runs on the host computer, which itself is a managed computer running the Deployment Agent (DS). The Deployment Agent for Pocket PC automatically installs the Deployment Client for Pocket PC (PC). You can also install the Deployment Client for Pocket PC directly to the handheld by installing the required CAB files.
565
When the Pocket PC Client is installed on the handheld, the Deployment Client icon will appear in the system tray of the handheld and the client details screen appears.
Note: For ease of use, the Pocket PC Client will first try to connect to a Pocket PC Agent. If it fails, the
Pocket PC Client will try to connect directly to the Deployment Server. 5 Click OK. The handheld appears in the Deployment Console as a unique computer displaying the handhelds name. See Installing Deployment Agent for PocketPC on page 564.
be executed from the C:\Altiris\PPCAgent directory (or the directory where you installed Pocket PC Agent if you chose a directory different from the default). This lets you access the features of this program even though the icon has been hidden. In addition, if you are using ActiveSync 3.5 or a later version, you can also log on to the Deployment Share in the Deployment Server > Pocket PC Client folder and copy the correct CAB file for the handheld (based on type of processor) to the host computer. You can then copy the CAB files directly to the handheld using the Explore feature in ActiveSync. To install Pocket PC Client directly with ActiveSync 1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from). 2 Connect your device to your desktop computer using a cradle or cable. 3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device. 4 In Windows Explorer, browse to the CAB file you want to copy. 5 Right-click the file and click Copy. 6 Place the cursor in the desired folder for your device, right-click, and click Paste. 7 From the device, tap Start > Programs > File Explorer. Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the handheld, the Deployment Agent icon appears in the handhelds system tray.
Note: If using ActiveSync 3.5, the Pocket PC Agent is not required after the Pocket PC Client is installed.
However, the Pocket PC Agent can still be useful for installing the Pocket PC Client onto the handheld, loading the client, and managing client settings. See Installing Deployment Agent for PocketPC on page 564.
566
To install Pocket PC Client using CAB files 1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from). 2 Connect your device to your desktop computer. 3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device. 4 In Windows Explorer, browse to the CAB file you want to copy. 5 Right-click the file and click Copy. 6 Place the cursor in the desired folder for your device, right-click, and click Paste. 7 From the device, tap Start > Programs > File Explorer. Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the handheld, the Deployment Agent icon appears in the handhelds system tray. See Installing Deployment Agent for PocketPC on page 564.
Command Line Switches for the Pocket PC Agent You can also manage the Pocket PC Agent through command-line switches. The Pocket PC Agent is started using the C:\Program Files\Altiris\PPCAgent\PPCAgent.exe program file. If you need to perform some function with a command-line switch, run the program file followed by the applicable switch. To restart the agent, you would run: C:\Program Files\Altiris\PPCAgent\PPCAgent.exe -restart The following is a list of the supported switches:
-stop
567
Appendix I
Managing Switches
To administer roles and configurations for network servers, it is necessary to discover and modify the network switch settings for the connected network servers. Deployment Solution provides the Switch Add-On program to discover and manage Virtual Local Area Networks (VLAN) settings on a LAN switch or to run commands from the command-line. This utility allows you to directly discover and provision the port settings of a LAN switch.
To open the Switch Management tool, click Tools > Altiris Tools > Switch Management. The Deployment Solution Switch Add-On utility tool appears. Network switches will be identified in the left pane. Click the star icon to Add New Switches.
568
All discovered switch information will be kept in a local database file (SwitchMngtDb.txt). To ease installation and support, this file will be text based and be located in the directory from which the Deployment Solution Switch Add-On applications are executed. Notes If a LAN switch supports the 802.1Q VLAN standard, Deployment Solution Switch Add-On will only provide PVID management on a port. Since most vendors do not support VLAN Add/Edit/Delete through SNMP, Deployment Solution Switch Add-On will not provide these features. All devices that are to be managed must support SNMP v1.
569
The following are port attributes appearing in the Details pane of the program: Switch The switch to which the port belongs Port The name of the port (vendor-specific port names will be shown when available) Description The description of the switch port VLAN The VLAN assignment for the switch port Connectivity Any user assigned mapping of clients or servers to the switch port By selecting a device in the tree view pane, the switch port display is updated to show its respective ports. By selecting Network in the tree view, all switch ports that have been discovered will be shown in the switch port view. You can sort on attributes by selecting the appropriate column.
570
Note When the device is available and the SNMP communities are correct, the application reads the MIB II system information from the device and add the device to the tree view. If the device is not available, an error message appears.
Discovering a Device
Once a device has been added to the database, all properties for that device can be discovered. By selecting the device in the tree view and right clicking, the following menu appears:
Click Discover Device to discover all the switch device properties and store these values in the Deployment Database. Once the discovery process is complete, the switch ports for that device will be seen in the port view.
Deleting a Device
A device can be deleted in two ways: 1. Press the Delete icon on the toolbar: Or, right-click and select Delete.
571
The Deployment Solution Switch Add-On application will then use the supplied SNMP community strings (passwords) and attempt to change the VLAN setting on the port. If successful, the VLAN column will be updated. Note It is possible to select more than one port in the port view and assign all selected ports to a particular VLAN in one operation. However, due to the number of operations required to change VLANs on some switching devices, this operation can be time consuming.
The Assign/View Connectivity dialog shows all visible devices, including the MAC addresses that are being forwarded by the switch. It also shows any previous connectivity mapping, such as an X in the Connected column). You can add a
572
hostname to a specific MAC address by right-clicking the appropriate MAC address. A menu appears. Click Add/Edit Host Info to enter the hostname on the dialog. Note If the IP address and Hostname columns are blank for a MAC address, the application does not have enough information about the global network to display an IP Address/ Hostname binding to that MAC address. You can assign connectivity to a particular switch device by selecting the device (or MAC address) in the list and clicking Assign Connectivity to Port. This will mark the MAC address as connected to this port. You can remove connectivity by selecting the MAC address you want to remove from connectivity and clicking Remove Connectivity from Port. When the dialog is closed, the client and server computers can be seen in the Connectivity column of the switch port view.
Command-line Parameters
The following command line parameters can be supplied to the Deployment Solution Switch Add-On program to launch the program with the appropriate -d=<switch IP address>: By supplying the IP address of the switch, the Switch AddOn program will launch and automatically select the supplied device in the tree view (thereby, showing all of its ports in the port view). -e=<end node MAC address>: By supplying the MAC address of a client or server computer, the Switch Add-On program will launch and automatically select the switch and port that the client or server computer is connected to (if the connectivity has been previously assigned).
GUI Tools
The Switch Management Console includes a Tools menu, providing a Ping IP Range command to assist in "pinging" a specified IP range in order to generate traffic to a range of devices that might otherwise be inactive. From this dialog you can specify the starting and ending IP addresses to ping. Success or failure messages will appear in the list. The Ping IP Range tool can be used to lookup the MAC address of the device being pinged. To be successful, SNMP must be enabled on the end device. The user can supply an SNMP Read community name to perform this operation. Otherwise, the user may clear the SNMP MAC Lookup box to ping only the end device.
573
Note If a device is inactive, the forwarding tables in the switch will not show the MAC address of the client or server computer. The Ping IP Range tool can be used to refresh the forwarding table in the switch.
574
-e=<end node MAC address> The MAC address of the workstation/server you want to be put in a particular VLAN. In order for the utility to perform this operation correctly, the connectivity of the MAC address must have already been assigned using the GUI application. When using this option, the user must only supply the SNMP write community (password) and the VLAN (name or number) to put the workstation/server in. The CLI application will use its database to lookup the appropriate (bound) switch and switch port to provision. -c=<SNMP retry count> The number of attempts that SNMP should attempt before giving up. -t=<SNMP timeout> The SNMP timeout value in milliseconds. Note Prior to executing any command to provision a switch, that switch MUST be discovered. Otherwise, the program will report errors.
Command-line Examples
Discover a Switch switchcfg.exe -m=discover -d=<target IP> -r=<SNMP read> Set VLAN on a Switch/Port switchcfg.exe -m=set -d=<target IP> -w=<SNMP write> -p=<port name> -n=<VLAN name> Set VLAN for a Workstation/Server (End Node) switchcfg.exe -m=set -w=<SNMP write> -e=<MAC address> -n=<VLAN name>
575
Index
Symbols A
access 377 account option, domain 87 account settings 410 AClient. see Deployment Agent for Windows adapter configurations 298 network 274, 298 add command 82 component 484 components 366 computer 100, 403 group 92 server 387 user 91 add components 366 adding servers 399 ADLAgent configuration 251 installation 251 administrative tools 80 ADS options 372 set up 385 agent see also Deployment Agent for... ADLAgent see ADLAgent configuring 389 installation overview 344, 411 polling interval 396 production agent settings 375 requirements 337 settings 88, 138, 375, 379 Altiris Console collections 370, 390 configuration request 397 deployment 386 reports 389 application properties 125 applications 414 assigning jobs from Deployment Web Console 373 with conditions 83 Atools.ini 82 authentication 268, 380 agent for DOS 120 database 366 user 92 autoexec.bat file editing 477 order of operations 477 Automated Deployment Services. see ADS Automation Agent settings 379 axengine 451 axinstall 478 CE.NET agent 122 Central Deployment Server Library 391 change password 400 chat feature 136 clear after scheduling 372 clear status action 416 operation 128 client BIOS setting 485, 485 client/server file transfer port 86 connections 364 connections, managing 123, 411 connectivity 345 driver 345 driver for Novell 346 Client Access Point. see Deployment Share codes, return 193, 440 collections Altiris Console 390 from Notification Server 370 command execute 135 to menu, adding 82 command line switches 215, 446 aclient.exe 452 Aclient.inp 453 add on 574 Bootwork.exe 472 Deployment Agent for DOS 471 Deployment Agent for Windows 452, 452 export job utility 446 import computer 451 import job 447 job utility 448 keyboard and screen lock (kbdsclk) 476 Pocket PC agent 486 schedule job 450 command-line switches rdeploy.exe 489 using 502 communication, server 276, 300 components add 366 Deployment Console 332 Deployment Database 333 Deployment Server 332 Deployment Share 334 installing 343
B
basics, Deployment Web Console 369 bay virtual 247 bay properties 413 deployment rules 413 server deployment 126 BDC additional files 303 best practices 89 BIOS settings 485, 485 blade server. see server blades boot bootloaders, Linux 252 Boot Disk Creator 270 advanced 275, 299 configuration summary 278, 302 server communication 276, 300 tool icon 80 toolbar 272 boot menu importing 294 tab 290 BootWorks see Deployment Agent for DOSt BootWorks. see Deployment Agent for DOS broadcast address 108 builder, lab 68 building jobs . see jobs bwinst.exe installation switches 474 bwinst.exe see Deployment Agent for DOS
C
capture personality advanced 432 capturing personality settings 179 packages 432
576
PXE server 334 computer adding 100 computers pane 73 configuring properties 103, 406 details 412 filtering 373 filters 83, 84 finding 144, 373 group filter 84 groups 73 history 129 icons 98, 402 import 451 managing 398 managment 97 migrating with wizard 150 new account 101 pane 370 preconfigured 100 properties 124 rejected 96 remote operations 127 removing inactive 85 restoring 129 select with wizard 153 showing 73 conditions 153 creating 83 order sets 154 configuration computer 130, 216 computer properties 103 Deployment Server 373 general 264 initial deployment 196, 443 modify 434 modifying multiple tasks 191 mulit-network adapter 273, 298 name 272, 297 new 296 properties 406 request, Notification Server 397 summary, Boot Disk Creator 278, 302 confirmation settings 326 connection to other sites 95 connections 268 rejection 372 console Deployment Console basics 73 Deployment Console features 73 extending the console tools menu 82 installation 366 managing from 72 options 85 Web console. see Deployment Web Console
Web. see Deployment Web Console copy file 187 folders 192 jobs 192, 439 copy file 437 advanced 438 copy folders 439 creating disk images 158, 424 new script 191 credentials, logon 263 custom data sources options 88 install 340 installation 482 tokens 514
install 346 Deployment Console basics 73 features 73 managing from 72 Deployment Database 333 connecting to new 95 installation 363 Microsoft SQL Server and 337 deployment from Altiris Console 386 Deployment Server adding 387 agent configuration 389 communication 276, 300 component install for 343 components of 331 console basics 73, 73, 369 console features 73, 73 custom install 340 installation 360, 360, 478 installation overview of 331 library 391 memory requirements 336 setting rights for 332 simple install 337 system requirements of 336 systems, managing multiple 399 Thin Client install for 343 Deployment Server configuration 373 Deployment Share 334 requirements 337 deployment tasks. see tasks Deployment Web Console 335, 364, 364 basics 369 computers pane 370 details pane 371 jobs pane 371 jobs, assigning 373 managing from 368 options 372 requirements 337 description property 319 details computer 412 pane 74, 371 detecting expired licences 352 devices 415 devices properties 125 DHCP server managing TCP/IP 335 DIR command DOS 530 Windows 530 disk image advanced 425 options 428 resizing 427 disk images
D
database authentication 366 connecting to new 95 Deployment Database 333 instances, installing to multiple 334 debug 269 default pre-boot operating system 361, 362 delete history entries 85 Dell server blades 143, 247 deployment reports,generating 389 server deployment 126 Deployment Agent installing 337, 411 settings 112, 113, 410 Deployment Agent for Automation. see Deployment Agent for DOS Deployment Agent for CE.NET 122 Deployment Agent for DOS autoexec.bat 477 bootwork.exe 472 bwinst.exe 474 command line switches 471, 472 installation 352, 474 settings 119 Deployment Agent for Linux install 350 Deployment Agent for PocketPC install 564 uninstalling 567 Deployment Agent for Windows aclient.exe 217, 452, 452 aclient.inp 453 command line switches 452
577
creating 158 distributing 163 disk imaging 267 disk partition properties 319 disk space requirement 336, 337 display options 326 distribute personality advanced 434 distribute software advanced 431 distributing disk images 163, 426 personality settings 180, 433 software 175, 429 distrubuting software 251 domains account option 87 DOS agent. see Deployment Agent for DOS drive mappings 264, 379 drive mappings for DOS 120 drive mappings, network 277, 301 drive properties 124 drives 414
replacing 86 explorer, image 81 exporting jobs 192, 393, 439 EXT2 file systems 214 EXT3 file systems 214 extending tools menu 82 extract folder 322 extract options 326
get inventory 183, 435 global options 85, 374 groups 92 adding 92 computer 73 importing 92 selecting with wizard 153
H
hardware 414 hardware properties 124 Hewlett-Packard server blades 142 history computer 129 deleting 85 restoring 129 HTTP imaging 216
F
FAT FAT16 503 FAT32 503 file systems 214 FIRM 502 file properties 319 file server requirement 337 file server type 273, 297 file system independent resource management. see FIRM file systems EXT2 214 EXT3 214 FAT 214 imaging 214 NTFS 214 file transfer port 86 file, copy 187 filter using to find 322 filters computer group 83 creating computer group filter 84 find files 322 finding computers 67, 144, 417 computers and jobs 373 licences used. see licenses FIRM 502 EXT2 502, 503 EXT3 503 FAT 502 firm.exe 489 tokens 504 folder property 319 folder, extracting 322 Fujitsu-Siemens server blades 248 Fujitsu-Siemens server blades 143
I
IBM server blades 144, 248 icons Boot Disk Creator 80 computer 98, 402 Image Explorer 81 jobs 147, 147, 419 PC Transplant Editor 81, 81 PXE Configuration 80 Remote Agent Installer 80 toolbars 80 utilities 80 image description properties 319 image file password 326 ImageExplorer 81, 217 convert image 320 create image index 321 flags 322 not enough free space 324 open file 319 self-extracting image 323 settings 326 split image 327 using 318 images 530 creating 158, 424, 530 distributing 163, 426, 530 HTTP 216 Linux 252 properties 318 quick disk 130 rescheduling failed 86 Unix 252 ImageX Sample Scripts 324 imaging, disk 267 Import Package Advanced 179 importing groups 92
E
editing autoexec.bat 477 packages 81 shared menu 293 editor PC Transplant 81, 81 enabling ADS 372 security 90 enabling security 381 errors client error messages 519 CMD error handling 235 communication error messages 520 critical error messages 520 DOS error handling 235 general error messages 517 implementing effective script reporting 234 memory error messages 522 partition error messages 523 Visual Basic error handling 236 evaluate permissions 94 rights 91 evaluate permissions 384 execute 135 expired licenses 357
G
general properties 124, 413 generating deployment reports 389
578
jobs 393 users 91 users from Active Directory 91 importing computers from text file 405 importing jobs 192, 439 inactive computers, removing 85 INI files 82 Initial Deployment 196, 442 initial deployment stopping servers 198, 444 initial deployment configuration 196, 443 installation 364, 364, 366 agent 344, 474 component 343, 360, 484 configuration 359 console 366 custom 340, 482 Deployment Agent for DOS 352 Deployment Agent for Linux 350 Deployment Agent for Windows 346 Deployment Database 363 Deployment Server 331, 360, 360 multiple database instances 334 options of 359 Pocket PC (PPC) client from the network 566 Pocket PC agent from the console 565 Pocket PC agent from the host 566 pre-boot operating system 294 PXE server 363 Remote Agent Installer 346 return codes 524 scripted 168 silent 479 simple 337, 480 software packages 152 summary 365 switches 478 Thin Client 343 unattended 168 intervals, setting polling 396 inventory get 183 inventory details 414 inventory update 264 inventory, get 435 IP interfaces 108
assigning 83, 373 associating destination computers 151 building 147, 152, 420, 448 conditions 83 conditions with wizard 152 conditions,creating 83 defined 147 details 147, 419 exporting 192, 393, 439, 446 filtering computers and jobs 373 finding 373 icon 147 icons 147 imaging 530, 530, 530 importing 192, 393, 439, 447 Initial Deployment 197, 443 Job Scheduling Wizard 153, 422 jobs pane 74 options 197, 443 pane 371 removing 156 removing tasks from 156 replicating jobs 400 rescheduling 155 running from resources view 156 sample 195, 529, 532 scheduling 147, 155, 373, 400, 422, 450 select with wizard 153 selecting computers with wizard 151 software installation with wizard 152 tests 530 using package servers 390 wizard 148
Command-line Switches 486 distributing software 251 imaging 252 scripted install 174 location properties 126, 413 log file 378 LogEvent utility 186 logon 263 logon option 385 lookup key primary 86
M
MAC addresses, add new 308 Macintosh Agent 121 maintenance 375 Managing 398 managing computers 97, 398 computers chat feature 136 from Deployment Console 72 from Deployment Web Console 368 licenses 352 user groups tab 92, 92 Managing the SVS Layer 177 map drives 268 mappings, drive 264, 379 mappings, network drive 277, 301 menu extending 82 menu, editing shared 293 Microsoft ADS. see ADS client driver 345 SQL Server 337 migrating computers with New Job Wizard 150 migration 531 capture settings 531, 531, 532, 532 see also personality package Missing File Cousins 284 modify task 189 modifying configuration task 182, 434 moving jobs to other systems 400 multicasting Master PC 216 process 216 multi-network adapter configuration 273, 298 load order 274, 298 multiple database instances, installing to 334 deployment servers 399 multiple image files 319
K
kbdsclk (keyboard and screen lock utility) 476
L
Lab Builder 145 lab builder 68 library package 392 setting up 391 licenses adding 356 expired 357 finding licenses used 352 replacing 86 licensing settings 410 lights out 127 lights out properties 414, 414 Linux 251 agent. see Deployment Agent for Linux bootloaders 252
J
jobs 147 applying computers with wizard 151
579
N
name, configuration 272, 297 NetWare authentication 268 NetWare client settings 409 network adapter 274, 298, 298
P
package editing tools 81 personality 179 Package Server jobs 390 overview 390 setting up 392 pane computers 73, 370 details 74, 371 jobs 74, 371 shortcuts and resources 75 partition properties 319 partitions OEM 215 password 380 password options for tasks 86, 387 password, change 400 password, image file 326 paste folders 192 jobs 192 PC Transplant Editor 81, 81 permission rules 384 permissions 89, 93, 383 evaluating 94 rules 94 personality package application settings 531 desktop settings 531 Microsoft Office settings 532 printer settings 532 see also migration personality settings 179, 432 distribute 433 distributing 180 physical devices options, show 372 ping time-out 264 ployment 195 Pocket PC Agent command line switches 486 PocketPC agent command-line switches 486 installing 564 polling intervals 396 for Deployment Server Agent 389 setting agent 396 port, TCP for file transfer 86 power control 189 operation 130 task 438 PowerEdge, Dell 143 pre-boot operating system 361, 362 install files 294
pre-configured computer account 100 primary lookup key 86 print file 325 folder contents 324 preview 325 printer settings, capture 532 product key tab 86 prompt before performing operations 372 user for properties 136 properties 412 application 125 bay 126 computer 124 configuring computer 103 devices 125 drives 124 general 124, 318 hardware 124 image 318 location 126 network configuration 125 prompting for 136 RILOE 127 services 125 TCP/IP 125 protocal settings 275, 300 Proxy settings 378 PXE additional files 303 BIOS settings 485 boot meny tab 290 client BIOS settings 485 configuration tool 80 server 337 server installation 363 PXE Server 334
configurations 273
drive mappings 277, 301 network adapter 345 network configuration properties 125 network properties 413 networking settings 406 new configuration 296 configuration wizard 272 Job Wizard 148 server blade 246 server blades 141 shared menu 292 new computer 100, 404 account 101, 404 new computers adding 403 Notification Server configuration request 397 Novell client driver 346 NTFS 214 FIRM 502
O
OEM system partitions 215 open site 95 operating system, preboot 361, 362 install files 294 operations, remote 415 options 184 agent settings 88 console 85 custom data sources 88 Deployment Web Console 372 domain account 87 for Deployment Solution 85 global 85 import boot menu 294 install 479 new shared menu 292 RapiDeploy 87 task password 86, 387 options tab 198, 444 order condition sets 154 of operations, autoexe.bat file 477 OS licensing settings 410 OS product key tab 86
Q
quick disk image 130
R
RapiDeploy options 87 RapidInstall distribute package 531 RIP, distributing 175 rdeploy.exe command-line switches 489, 492, 502 executable files 489 redirect shared boot menu options 293 refresh displayed data 85 view 96 registry settings backing up and restoring 182, 434
580
reject connection 372 rejected computers 96 remote computer operations 127, 415 control 131, 134 Remote Agent Installer 80, 81, 346 removing computers 85 computers from jobs 156 jobs 156 tasks jobs 156 replicating jobs 390, 400 reports,generating 389 requirements Deployment Web Console 337 Depoyment Server system 336 disk space 336, 337 file server 337 minimum agent 337 rescheduling jobs 86, 155 resizing disk image 427 resources view 75 restoring computers history 129 return codes 193, 440 return codes for installer 524 return codes, setting 440 rights 89, 382 evaluation 91 security 92 RILOE properties 127, 414 RIP. see RapidInstall rules, permission 94 run script 435 run script advanced 436 running jobs from resources view 156 script tasks 183, 435
scripted OS install 168 Linux 174 Windows 169 scripting DOS/CMD errors 235 reporting errors 234 retrieving values with tokens 233 running scripts on the server 234 server scripting commands 232 Visual Basic error handling 236 writing scripts 232 search for files 322 searching for computers 67, 144, 417 security 377, 380 best practices 89 DS authentication 92 enabling 90, 381 importing from Active Directory 91 Notification Security 386 permissions 89, 93 rights 89, 92 select computer 153 group 153 jobs 153 select computers 422 select job 422 server adding 387 communication 276, 300 connection to client 364 Deployment Server 332, 336 DHCP Server 335 file server requirements 337 file server type 273, 297 library 391 package server setting up 392 PXE
services properties 125 setting polling intervals 396 settings account 410 agent 375 Auotomation Agent 379 backing up and restoring files 182 capturing personality 179 changing agent 138 conditions 83, 153 Deployment Agent 112 NetWare client 409 networking 406 OS licensing 410 permissions 93, 383 personality 180 production agent 375 return codes 440 rights 382 Sysprep 86, 86 TCP/IP 408 TCP/IP protocal settings 275, 300 Share, Deployment 334 shared menu 292 edit 293 shortcuts view 75 show computers 73 physical devices 372 shutdown settings 379 silent install options 479 command line switches 479 simple install 337 simple install entries 480 simple tests 530 DIR command at DOS 530 DIR command at Windows 530 Distribute RapidInstall Package 531 software distributing 175, 429 Software Virtualization Solution (SVS) 81 spanning media 215 split image find 319 open 319 start parameters for axengine 451 startup settings 379 status detail 73 Stored Procedures, allowed 88 switches axengine.exe 451 bwinst.exe 474 command line 446 install 478 kbdsclk 476
S
sample jobs 195, 529 scan resource files for changes 85 schedule job 422 scheduling jobs 422 scheduling jobs 373, 400, 422 scheduling jobs. see jobs screen lock 476 switch 476 script 184 creating 191 options, advanced 184 scripting 186 task 183, 435 Scripted OS Install Windows Vista 174
server 334
server access 377 server blades 141, 245 Dell 143, 247 Fujitsu-Siemens 143, 248 Hewlett Packard 142 IBM 144 new 141 server deployment rules 126, 126, 413 settings 139 server deployment rules 413, 413 server management 139 deployment 244 features 243 server package 390 servers adding 399 services 415
581
LAN support 569 Switch Add-On 569 synchronize display names with Windows computer names 85 Sysprep file location 365 settings 86 Sysprep settings 86 system requirements 336
U
unattended install 168 uninstalling Deployment Agent for PocketPC 567 Unix 251 distributing software 251 imaging 252 user name 380 users add 91 defined token 83 importing 91 utilities 80 icons 80 kbdsclk 476 keyboard and screen lock 476 LogEvent 186
T
tabs manage user groups 92, 92 OS product key 86 rights 92 task user password 400 tasks 423 building jobs 152 change configuration 191 copy file to 187 get inventory 183 list of 156 power control 189 removing 156 rescheduling 86 run sript 183 setting conditions 153 task password options 86 TCP/IP properties 125, 413 protocol settings 275, 300 settings 408 tests 530 text file, importing from 405 Thin Client installing 343 Thin Client View 76 tokens create unique files 512 finding the right value 511 replacement 513 retrieving database values 233 template file rules 513 token replacement template files 512 tools 80 administrative 80 Boot Disk Creator 80, 272 extending tools menu 82 Image Explorer 81 package editing 81 PC Transplant Editor 81, 81 PXE Configuration 80 Remote Agent Installer 80 toolbar icons 80 Transplant Editor,PC 81, 81 transport 265
V
view refreshing 96 resources 75 shortcuts 75 virtual bays 247 centers 89 computer. see pre-configured computer account Virtual Bays 141 virtual computers 404 Vista Sysprep 30 VMware Virtual Center Web services 89 volume property 318
W
Wake-On LAN BIOS settings 485 warn user 85 Web console. see Deployment Web Console Win32 console. see Deployment Console window. see pane WinPE Command-line Switches 487 WinPE Boot Options 278 wizard Job Scheduling 153 new configuration 272, 296 New Job 148 Wtools.ini 82
582