0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
102 Ansichten583 Seiten
Altiris assumes no responsibility for any errors or omissions contained in this document. Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the products referenced herein. No part of this document may be reproduced, stored in a retrieval system, or transmitted without the express written consent of Altiris, Inc.
Altiris assumes no responsibility for any errors or omissions contained in this document. Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the products referenced herein. No part of this document may be reproduced, stored in a retrieval system, or transmitted without the express written consent of Altiris, Inc.
Altiris assumes no responsibility for any errors or omissions contained in this document. Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the products referenced herein. No part of this document may be reproduced, stored in a retrieval system, or transmitted without the express written consent of Altiris, Inc.
Notice Altiris Deployment Solution 6.9 2008 Altiris, Inc. All rights reserved. Document Date: February 12, 2008 Information in this document: (i) is provided for informational purposes only with respect to products of Altiris or its subsidiaries (Products), (ii) represents Altiris' views as of the date of publication of this document, (iii) is subject to change without notice (for the latest documentation, visit our Web site at www.altiris.com/Support), and (iv) should not be construed as any commitment by Altiris. Except as provided in Altiris' license agreement governing its Products, ALTIRIS ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. Altiris assumes no responsibility for any errors or omissions contained in this document, and Altiris specifically disclaims any and all liabilities and/or obligations for any claims, suits or damages arising in connection with the use of, reliance upon, or dissemination of this document, and/or the information contained herein. Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any foregoing intellectual property rights. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express written consent of Altiris, Inc. Customers are solely responsible for assessing the suitability of the Products for use in particular applications or environments. Products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. *All other names or marks may be claimed as trademarks of their respective companies. Deployment Solution 3
Chapter 1 About Altiris Deployment Solution Altiris Deployment Solution software provides a suite of tools to quickly install operating systems and software. Deployment Solution leverages a number of Altiris technologies to provide extensive management capabilities: In addition, the following technologies are integrated with the features of Altiris Deployment Server software to provide comprehensive deployment and migration: Altiris Technology Description RapiDeploy Imaging Capture and deploy computer images using PXE, DVDs, CDs, or USB drives. Scripted OS Installation and Sysprep Integration Perform automated scripted operating system installations using sysprep. PC Transplant Personality Migration Migrate user data and application settings to new hardware and operating systems. Software Virtualization and Software Distribution Deploy, activate, and manage SVS layers, and install other software packages. Wise Package Studio and Wise SetupCapture Build and capture custom installation packages using the latest Windows Installer technology. Script deployment engine Remotely execute Visual basic and Linux shell scripts. Deployment Server Feature Description Task-sequencer Management tasks provided by Deployment Server can be grouped and executed in order, enabling you to perform complex management operations in a single job. Computer groups Computers can be organized into multiple groups to simplify job deployment. Drag and drop a computer group onto a job and the job runs on all computers in the group. Dynamic insertion of database values (tokens) Scripts, Sysprep configuration files, and other values can use tokens to retrieve database values at run time. Computer discovery Quickly install the Deployment Agent on large numbers of Windows computers using the Remote Agent Installer. Inventory Managed computers are inventoried for software and hardware, and conditions and filters can be created based on this inventory. Example: a distribute software task could check the operating system and distribute the correct software version. Deployment Solution 22 About Altiris Deployment Solution
Deployment Solution Architecture Before installation, you should become familiar with the different components of a Deployment System and how these components interact. The following diagram provides an overview of the Deployment System components: Depending on the needs of your environment, multiple Deployment System components can be installed on the same computer. A single dedicated server could host your Deployment Server, Deployment Share, Deployment Database, Management Consoles, and PXE Server. Extensive supported platforms Support for 32- and 64-bit architecture, servers, blades, thin clients, and Itanium, running Windows and Linux operating systems. Power control, Wake on LAN Managed computers can be started or shutdown remotely. Deployment Server Feature Description Deployment Solution 23 About Altiris Deployment Solution
Deployment Server The Deployment Server is the central component of a Deployment System and manages the Deployment Database, the communication between the different components, and schedules jobs to run on managed computers. Deployment Database The Deployment Database provides the back-end datastore and stores details about the computers, groups, and jobs in your Deployment System. Most of the time, you do not need to interact directly with the database. Deployment Share The Deployment Share stores all files, such as installation programs, disk images, and SVS layers you want accessible to managed computers. This share can reside on your Deployment Server or on another computer, and is often replicated to different locations to provide better access, especially in distributed networks or when sharing large files. Management Consoles Deployment Solution provides three management consoles: Deployment Console: A Windows application that provides complete access to the Deployment System administration. Deployment Solution 24 About Altiris Deployment Solution
Deployment Web Console: A Web application that provides browser-based administration. This console can be executed remotely using any Web browser, and has built-in tools to manage multiple Deployment Servers. Deployment Tab in the Altiris Console: This interface is integrated into the Altiris Console to provide integrated management with other Altiris Solutions. Its features are the same as the Deployment Web Console. Automation Tools Automation is the preboot environment loaded by Deployment Server to perform tasks which need to happen outside of the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Deployment Solution provides several tools to boot computers to this environment and supports several automation operating systems. Deployment Agent This agent runs on managed computers to report inventory, run software and scripts, perform power control, and boot the computer into automation. A Remote Agent Installer is provided to quickly install the agent on multiple Windows computers. Linux computers can install the agent using startup scripts and other automated processes. Deployment Solution 25
Part I Planning and Installing Your Deployment System Deployment Solution is designed to meet deployment, management, and migration needs for small, medium and large organizations with diverse topologies and varying computer management requirements. This section provides steps for installing Deployment Solution components, but also includes system architecture details and discusses planning strategies to install and optimize your Deployment Solution system. The installation process is divided into the following sections: Preparing To Install (page 26) Installing (page 29) Post-Installation Configuration (page 31) Deployment Agent Installation (page 36) Deployment Solution 26
Chapter 2 Preparing To Install This sections lists the tasks you need to complete before you install Deployment Solution. Step 1: Log on to Your Deployment Server Computer as an Administrator (page 26) Step 2: Create a Services Account (page 27) Step 3: Gather Automation Operating System Install Files (page 28) Step 4: Obtain a License File (page 28) Step 5: Install .NET and MDAC (page 28) Step 6: Start Microsofts Internet Information Server (IIS) (page 28) Step 1: Log on to Your Deployment Server Computer as an Administrator The account you use to install Deployment Solution must be a Windows Administrator and must possess System Administrator rights on the SQL server that will host your Deployment Database to install the Deployment Database. These database rights can be granted temporarily and revoked after the installation completes. If you want to use a different account to create the database, you must select a custom install and provide SQL credentials instead of Windows NT authentication. Important In SQL Server 2005 TCP/IP is disabled by default. This must be enabled before you install Deployment Solution. To grant database rights 1. Open Enterprise Manager and connect to your SQL Server. 2. Browse to Security > Logins: Deployment Solution 27 Preparing To Install
3. Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. 4. Click the Server Roles tab, and enable System Administrators: 5. Click OK and verify that the role was added. MSDE Database Engine Optionally, in smaller installations, you can use the MSDE database engine instead of SQL Server. This is typically not recommended due to the lack of database management tools. MSDE must be installed on the same computer as the Deployment Server component. If you decide to use MSDE, it can be installed by selecting the Simple Install Helper option in the installation program. We recommend using the Simple Install Helper to install MSDE as this version is usable by Deployment Solution immediately after installation and requires no additional configuration on your part. Step 2: Create a Services Account Create an account to run the services and connect to the database. This account is used only by Deployment Server, and is not tied to a user. For security reasons, we dont recommend using an existing administrator account which might possess rights beyond those needed by Deployment Server. The account should not be part of a group and should not posses interactive login privileges. If your Deployment Database, Server, and Share are installed on the same computer, create a local account on that computer. If your Deployment Database or Share will be on a different computer than your Deployment Server, create a domain-level account, or create local accounts with the same credentials on each computer hosting a Deployment Solution component. Example: If your SQL Server is on another computer and you are not using a domain-level account, create a local account with the same credentials on your SQL Server computer. The same situation applies if your Deployment Share is hosted on another computer. Deployment Solution 28 Preparing To Install
To create a services account 1. On each computer where you host a Deployment System component, click Start > Administrative Tools > Computer Management. 2. Browse to Local Users and Groups, and add a new user: The process for creating domain-level accounts is similar. This is the only account that needs to be created before you install. Step 3: Gather Automation Operating System Install Files If you are ready to install an automation operating system, this can be done during the installation. If you are new to Deployment Solution and are not familiar with automation, we recommend skipping this step and installing automation operating systems later. Place your automation install files (BDC*.frm) in the same folder as the Deployment Solution installation program (by default, this is c:\DSSetup). During install, these files are detected automatically. Step 4: Obtain a License File For evaluation, you can use the integrated 7-day license, or you can use the 30-day 10- node trial license that is sent automatically when the software is downloaded. If you have purchased a license, you need to have the .lic license file available during installation. Step 5: Install .NET and MDAC Your Deployment Server computer requires .NET 1.1 and MDAC 2.7 SP1 or later. This software is available on the Microsoft download site. Step 6: Start Microsofts Internet Information Server (IIS) If IIS is running during the Deployment Solution installation, the Deployment Web Console is installed automatically. Deployment Solution 29
Chapter 3 Installing Simple or Custom Install? If you plan to install your Deployment Server, Database, and Share on the C drive of the same computer, select the Simple install. Otherwise, select Custom. Simple Install Installs to the C drive. Installs each of the Deployment System components (with the exception of the Deployment Agent) on the computer where the install was launched. Lets you install a single automation operating system (more can be added later). The Simple Install Helper installs the MSDE database engine if no database is detected. Custom Install Installs to a drive other than C. Lets you select a computer other than the computer the install was launched from to install each Deployment System component. If you select to do this, certain values regarding the installation are stored in the local Windows registry. This simplifies adding components or installing add-ons such as the Altiris packaged WinPE. Lets you select a custom name and instance for the Deployment Database. Lets you select a different computer to host the Deployment Share. If you plan on doing this, you must create the share and grant the account you created in Step 2: Create a Services Account (page 27) full control before installation. Lets you install multiple automation operating systems (more can be added later). Running the Setup Program After you have completed the steps outlined in the previous section, launch setup.exe. Use the administrator account you configured in the previous section to perform the installation, and provide the services account you created when prompted. If you need clarification during any of the installation steps, click Help. After Deployment Solution is installed, you have the option of enabling Sysprep support and remotely installing the Deployment Agent. Enable Microsoft Sysprep Support If you plan on using Sysprep to deploy standard images and scripted operating system installs, provide the location of the deploy.cab file for the operating systems for which you want to enable Sysprep. These are located on your Windows installation CDs. Deployment Solution 30 Installing
This can be installed later by running setup.exe and selecting Component Install. Enable Microsoft Windows Vista Sysprep Support Microsoft Windows Vista Sysprep lets Sysprep run on a Vista Client after an Imaging event. Vista Sysprep lets Administrators prepare generic images for deploying images to different types of systems within an environment to eliminate the support for multiple images. After building the basic image, the Administrator can run Microsoft Sysprep on a computer to delete unnecessary information and prepare the system for imaging and distribution to other systems. Remotely Install Deployment Agent After the installation completes, you have the option of remotely installing the Deployment Agent. Unless you are familiar with Deployment Solution and the Remote Agent Installer, we recommend you do not install the agent at this time. A full discussion of Deployment Agent rollout is contained in Deployment Agent Installation (page 36). Deployment Solution 31
Chapter 4 Post-Installation Configuration This section contains the tasks you should perform after installation to complete the set up of your Deployment System: Step 1: Grant Full Control of the Deployment Share to Your Service Account (page 31) Step 2: Create Domain Join and Deployment Share Accounts (page 31) Step 3: Grant Services Account the db_owner Role to Your Deployment Database (page 32) Step 4: Configure Your Deployment System (page 33) Step 5: Configure Security Settings (page 35) Step 6: Install the Deployment Agent (page 35) Step 7: Configure Automation (page 35) Step 8: (Optional) Configure PXE Server (page 35) Step 1: Grant Full Control of the Deployment Share to Your Service Account If your Deployment Share was created during the installation, grant the services account full control of this share. By default, this folder is C:\Program Files\Altiris\eXpress\Deployment Server. Step 2: Create Domain Join and Deployment Share Accounts After installation, we recommend creating some additional accounts. These accounts are different than the accounts used by the people who are going to manage computers. These accounts are not tied to users, and should not possess interactive login or any rights beyond what is recommended here. The domain join account is used to join or re-join computers to a domain after imaging or initial deployment. The Deployment Share read/write account is used to access this share from the automation environment. Domain Join Accounts Create a separate domain-level account for each domain in which you manage computers, granting the rights recommended in the following table: Rights Description Domain Grant privileges to add computer to domain. Deployment Solution 32 Post-Installation Configuration
Deployment Share Read/Write Account Create this account on the computer hosting your Deployment Share, granting the rights in the following table: Step 3: Grant Services Account the db_owner Role to Your Deployment Database 1. Open Enterprise Manager and connect to your SQL Server. 2. Browse to Security > Logins: 3. Double-click the account you are using to run the Deployment services. If the login is not listed, add it. 4. Click the Database Access tab, select the eXpress database, and enable the db_owner role: Rights Description File System Grant read/write privileges to your Deployment Share. Deployment Solution 33 Post-Installation Configuration
5. Click OK and verify that the change was successful. Step 4: Configure Your Deployment System The majority of tasks you perform in your Deployment System use the Deployment Console. To open the Deployment Console 1. Click Start > Programs > Altiris > Deployment Solution > Console. Add Your Domain Join Accounts If you are using accounts to join computers to a domain you need to provide the account credentials. To add domain join accounts 1. In the Deployment Console, click Tools > Options > Domain Accounts. 2. Provide the accounts you created in Step 2: Create Domain Join and Deployment Share Accounts (page 31). Enable Security and Add Administrators By default, the Deployment Console can be used on your Deployment Server by any user who possesses rights to log in and run applications. This works well in situations where you already have policies in place to control server access, and you have a group of administrators who will have full access to deployment functionality. If you want to provide more granular access to configuration options, jobs, and computers, you can enable security. To enable security You must add at least one user or group to enable security. Deployment Solution 34 Post-Installation Configuration
1. In the Deployment Console, click Tools > Security. 2. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly. Security is automatically enabled after a user or group is added. Additional users or groups can be added using this same method. Grant Console Rights to Administrators 1. In the Deployment Console, click Tools > Security. 2. Select a user or Group and click Rights. 3. Enable the rights you want granted. For a more complete discussion, see See Securing Deployment Solution 6.8 on the Altiris Knowledgebase. Grant Database Rights to Administrators Each Administrator with console access must be granted public rights to your Deployment Database. The best way to do this is by assigning public access to the Active Directory groups containing your Deployment administrators. This prevents you from manually granting this access to individual administrators as they are added or removed from Deployment management responsibilities. 1. Open Enterprise Manager and connect to your SQL Server. 2. Browse to Security > Logins. 3. Add a login for each user or group that will manage computers using Deployment Solution. 4. For each user or group, on the Database Access tab, grant the public role for the eXpress database: Deployment Solution 35 Post-Installation Configuration
Configure Deployment Server The Deployment Server Configuration Utility lets you configure advanced settings for the Deployment Server component. You can stop, start, or restart the Deployment Server services, update the services account, and configure additional options. You do not need to perform any configuration at this time, though you should become aware of the configuration options provided. To Open the Deployment Server Configuration Utility: 1. Click Start > Programs > Altiris > Deployment Solution > Configuration. Step 5: Configure Security Settings See Securing Deployment Solution 6.8 on the Altiris Knowledgebase for an in-depth discussion of Deployment Solution security. Step 6: Install the Deployment Agent The Deployment Agent needs to be installed on all computers you want to manage using Deployment Solution. See Deployment Agent Installation (page 36). Step 7: Configure Automation If you plan on imaging computers or deploying computers using scripted installs you need to configure your automation environment. See Deployment Solution 6.8 Preboot Automation Environment on the Altiris Knowledgebase for an in-depth discussion of automation. Step 8: (Optional) Configure PXE Server Preboot Execution Environment (PXE) is an open industry standard that enables computers to boot remotely using a network card. Deployment Solution 36
Chapter 5 Deployment Agent Installation The Deployment Agent runs on managed computers to perform local management tasks as directed by Deployment Server. Some of these tasks include: Software installations SVS layer management Script execution Remote control Inventory and configuration If you plan on doing more than computer imaging or scripted installations, you should install the Deployment Agent on managed computers. Without installing the Deployment Agent, you can still boot computers to automation using PXE, embedded partitions, or boot media to perform some tasks. The agent simplifies these tasks by automatically restarting the computer and controlling when to boot the embedded partition, but it is not required. About the Deployment Agent The Deployment Agent can be installed in the production environment of all the computers you want to manage. Additionally, the Deployment Agent is automatically included in each of the automation boot configurations you create using PXE, automation partitions, or boot media. There are three versions of the Deployment Agent: DAgent - Windows Vista, Windows 2008 AClient - Windows XP and previous ADLAgent - Linux, UNIX, Solaris, Mac DAgent provides experimental support for Windows XP, see the release notes for details. References in this document to the Deployment Agent refer to all versions; references to DAgent, AClient, or ADLAgent refer to the specific executable. Installing the Agent There are two standard methods to install the Deployment Agent on multiple computers: Using the Remote Agent Installer (Windows-only) (page 37) Using a Script, E-Mail Link, or Manual Installation (All Platforms) (page 37) For Additional details on the Vista, Linux and Mac agent see Operating System and Platform Reference (page 248). Deployment Solution 37 Deployment Agent Installation
Using the Remote Agent Installer (Windows-only) Advantage: Browse your network to quickly select computers, monitor installation status in real time, and retry failed installations. Disadvantage: Requires Local User rights on each computer. Does not work with simple file sharing in Windows XP. Windows XP Step 1: Disable Simple File Sharing on Windows XP 1. In Windows Explorer, click Tools > Folder Options > View tab. 2. Clear the Use simple file sharing check box in the Advanced settings section. Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall 1. Open the Security Center from the Windows Control Panel. 2. Manage the security settings for the Windows firewall to add an exception for File and Printer Sharing. Step 3: Get Local User Rights (admin$ Share) To initially install the agent on managed computers, you need an account with Local User rights. You need access to this account only when performing the one-time agent installation, so either use your domain administrator, a domain account with local user rights, or any other account with local rights. After the agent is deployed, you no longer need access to this account. To determine whether you have sufficient rights, browse to: \ \ host name\ admi n$ Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights. Step 4: Run the Remote Agent Installer In the Deployment Console, click Tools > Remote Agent Installer. If you need clarification during any of the installation steps, click Help. Using a Script, E-Mail Link, or Manual Installation (All Platforms) Advantages: You do not need Local User rights to install if you have individual logged- in users initiate the install, works for Linux and Unix computers. Disadvantages: Not as automated as the Remote Agent Installer, troubleshooting will likely require direct intervention. The remaining installation methods are grouped together because they perform the same functions: Execute the agent installation while providing a configuration file for a silent install. Deployment Solution 38 Deployment Agent Installation
Step 1: Provide Users Access to the Agent Installation Program The agent installation programs are stored in the Agents folder on your Deployment Share. Copy this file to a location that your users can have access. For security purposes, we do not recommend granting any users direct rights to your Deployment Share, especially if you are storing software or computer images on this share. Tip If you are managing 32- and 64-bit computers, you can install the 32-bit agent on both hardware types. After connecting, the 32-bit computers automatically update to the 64- bit version. Step 2: Create the Input File for a Silent Install To configure new computers using a silent install, you can specify an input file containing configuration settings. Windows computers installing AClient use aclient.inp file. Linux and UNIX computers installing ADLAgent use adlagent.conf. Details on the options are contained within each file and are also described in the Deployment Solution Reference Guide. When modifying adlagent.conf, ensure you use a text editor that properly handles UNIX- format line endings. Configure each file and place a copy with the agent installation program. Optionally, for Windows computers, you can use the Force Deployment Agent Settings on New Computers feature to reduce the amount of configuration you need to perform in the input file. When this is enabled, the agent receives global settings you have specified when it connects for the first time. To force agent settings on new computers: 1. In the Deployment Console, click Tools > Options. 2. Click the Agent Settings tab and select the Force new agents to take the default settings check box. 3. Click Change Default Settings to define default settings. Step 3: Run the Installation Program On each computer, you need to run a command similar to the following: \ \ myshar e\ ACl i ent . exe acl i ent . i np - i nst al l or . / adl agent To run this, you could: Have users copy and paste it into the Windows Run dialog, or send the link in an e- mail message. Place it in a startup script. Execute it remotely using Telnet or SSH. Deployment Solution 39 Deployment Agent Installation
Agent Auto Update The Deployment Agent has the ability to update itself to a newer version automatically, and is set to update computers in batches to prevent network overload. This greatly reduces the effort required when upgrading. See the release notes on the Altiris Knowledgebase for specific information on Agent upgrades. Troubleshooting See the following article on the Altiris KnowledgeBase: Additional articles can be found by searching the Altiris KnowledgeBase. 18248 Remote Agent Installer Fails for AClient Deployment Solution 40
Part II Booting Computers to Automation Deployment Solution has the ability to perform work on computers before the normal operating system loads. To do this, a managed computer is booted into an environment where it can communicate with your Deployment Server to perform tasks. This preboot environment is called automation. In order to perform image capture and deployment, scripted installs, or execute certain scripts, you must implement a way to boot computers into this environment. This section provides the information you need to configure a boot method, including PXE, and select an operating environment for automation tasks. Deployment Solution 41
What is Automation? Deployment Solution uses two modes to manage computers: Several of the tasks you perform to manage your network can be completed in the production environment. However, other tasks, primarily imaging, must be performed before the operating system boots. In Deployment Solution, this pre-boot environment is called the automation environment, or booting into automation mode. The following table contains a list of Deployment Solution tasks and the environment in which they execute: In order to manage computers in automation, you must select a method to boot computers to automation and decide which operating to use in the automation environment. Deployment Solution provides support for a broad range of boot methods and automation operating systems; this section helps you decide which works best for your environment. In order to set up automation, you must make the following decisions: Which Automation Boot Method Should I Use? (page 42) Which Automation Operating System Should I Use? (page 45) Automation Automation is to the pre-boot environment loaded by Deployment Server to perform tasks which need to take place outside the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Production The normal operating system of the computer. Production tasks include software installation and personality capture. Production Tasks Automation Tasks Distribute Software Create Disk Image Capture Personality Distribute Disk Image Distribute Personality Scripted OS Install Get Inventory Run script SVS Copy File to Modify Configuration Power Control Run script Deployment Solution 42
Chapter 6 Automation Boot Methods Which Automation Boot Method Should I Use? Deployment Solution supports a broad range of methods to boot computers into the automation pre-boot environment: PXE, automation partitions, or boot media (CD/DVD, USB device, or floppy). This section provides an overview of the available boot methods to help you select the method that works best for your environment, and contains the following: PXE (page 42) Automation Partitions (page 43) Boot Media (DVD/CD, USB Device, Floppy) (page 43) PXE Pre-boot Execution Environment (PXE) is an industry standard developed to boot computers using a network card. PXE can boot computers regardless of the disk configuration or operating system installed, and doesnt require any files or configuration settings on a client. After PXE boot is turned on in the BIOS, a computer can communicate with your DS PXE server to receive automation jobs. PXE provides a number of advantages, especially when you are using the initial deployment features of DS, which enables you to remotely deploy an image to a computer which has no software installed. Example: the receiving department of your company could have PXE enabled on their subnet. When a new computer arrives, a technician could quickly unpack and plug the computer into the network, and possibly enable PXE boot if it was not enabled by the manufacturer. When this unknown computer contacts the Deployment Server, it is assigned an initial deployment job, which could image the computer with the corporate standard image, install additional packages, and power off the computer. The computer is now ready for delivery with minimal effort. PXE also provides an advantage if you need to use multiple automation operating systems in your environment. Since the image containing the automation operating system is downloaded when a task is executed, different operating system environments can easily be assigned to different tasks. At the same time however, this can be a disadvantage if you are using an operating system with a large footprint, such as WinPE, since the entire image must be downloaded each time you run an automation task. If you often run automation jobs, especially on several computers simultaneously, embedding the automation operating system on the disk is faster and significantly reduces network traffic. It is also possible to use PXE for initial deployment and install an automation partition as part of the deployment. In this case, you could use the initial deployment features of PXE for arriving computers and install an automation partition in case you need access to automation at a later time. Deployment Solution 43 Automation Boot Methods
This configuration does not require PXE in your general network environment, but still provides access to the automation environment without physical access. When using the DOS automation environment, PXE provides an additional advantage: multicast boot. This enables your PXE server to simultaneously boot up to 100 computers in a single session to perform automation work. Although multicast imaging is supported in WinPE and Linux, multicast PXE booting is not provided in WinPE and is not supported in Linux. That means that after each computer has booted to automation, an imaging task can be multicast, but you cannot use multicast to boot these computers. Automation Partitions An automation partition is a sector of your hard disk drive partitioned and managed by DS. This partition contains the automation operating system and the files needed to contact your Deployment Server, and must be present on each managed computer. The biggest advantage to an embedded partition is that it does not require PXE, yet it still enables you to boot into automation remotely. The biggest disadvantages to embedded partitions are that they consume space on the drive, they require an existing partition on the drive, and they must be manually installed from a disk on Linux and Unix operating systems. Another drawback, depending on your configuration, might be the fact that only one automation operating system can be installed to a managed computer that is using an automation partition. If you have tools that are supported only in DOS, this might limit you to DOS for all automation tasks on a particular managed computer. Automation partitions have an additional advantage in some configurations. Optionally, you can create a different type of automation partition, called a hidden partition, to store an image (or other files) locally. This provides advantages in environments where computers need to be re-imaged often or in environments where there is limited bandwidth or network connectivity. Since the image is stored locally, the time needed to create and restore images is greatly reduced and network traffic is significantly reduced as well. Boot Media (DVD/CD, USB Device, Floppy) Generally, the biggest drawback to boot media is that it forces you to physically access the managed computer. However, if you are managing smaller numbers of computers or do not plan to access the automation environment often, it might be a good choice. Also, if you have employees with the ability and access to boot their own computers using disks you provide, this could also be a good solution. Boot media has some configuration limitations though. Deployment Solution is designed to manage computers remotely, even in the automation mode, and several tasks and jobs require access to both the production operating system and the automation environment. Example: An imaging operation first captures configuration details from the production operating system before booting to automation to capture the image. After imaging, this configuration is restored. Because of this, it is often difficult to schedule a job and coordinate booting the managed computer to the right environment at the right time. If you assign a job which Deployment Solution 44 Automation Boot Methods
requires booting into automation mode, the boot disk must be present at the right time to boot automation. If a complex job requires access to the production environment during this time, the BIOS will most likely continue to boot to automation until the boot media is removed. If this job, or a subsequent job, requires automation access again, the boot media must be re-inserted. To avoid these issues, some customers load the automation operating system, the RapiDeploy imaging executable, and the image on bootable physical media. They boot a computer, execute the necessary commands, and provide the required image files. In this circumstance, the remote management capabilities of Deployment Server are not being used, so the process is more manual, but it does not require network access. This works especially well when managing thin clients or other computers where all necessary files can fit on a single disk or USB device. Deployment Solution 45
Chapter 7 Automation Operating Systems Which Automation Operating System Should I Use? After you have selected a method to boot computers into automation, you need to decide which operating system you want to use. In the past, MS DOS was the only supported option. Deployment Solution now supports WinPE, Linux, MS DOS, and FreeDOS. This section provides an overview of the available automation operating systems so you can find an environment (or environments) that suit your needs. An important thing to note is that the automation environment you use is not constrained by the production operating system on the computer. All of the DS automation tools support these operating systems, so you can perform DS automation tasks in any operating system (Linux computers can be imaged from DOS, Windows computers can be imaged from Linux, and so on). You might even use two automation operating systems for different tasks within the same job. Example: you might use a vendor-supplied tool to perform a BIOS update in DOS, boot to WinPE or Linux to perform an imaging task. When you set up your test environment, you might want to run automation jobs in multiple operating systems to see if one performs better in your environment. The following sections contain an overview of the automation operating systems: DOS (page 45) WinPE (page 46) Linux (page 46) Although you can use these environments to perform a wide-variety of management using scripts and other tools, support for these environments is limited to the task performed by Deployment Solution. DOS DOS is still used often today as a pre-boot environment, though new technologies have emerged that might better suit your environment, such as WinPE. The largest roadblocks most companies face when using DOS are access to drivers that support modern hardware, and security concerns. DOS still performs well for several tasks though, and can be a good choice if you have the proper driver support. DOS typically requires only around 1 MB of space. DOS provides an additional advantage in a PXE environment. When performing an automation task on multiple computers, the PXE server can use multicast to boot automation, which enables large numbers of managed computers to boot DOS simultaneously. Deployment Solution 46 Automation Operating Systems
WinPE WinPE (Windows Pre-boot Environment) is the next generation boot environment for Windows computers. WinPE provides several advantages over DOS, including better driver support (WinPE uses the same drivers used by the other modern versions of Windows), increased speed, and generally more functionality. The biggest drawbacks are its size, which causes increased boot time, especially when booting over the network using PXE. Linux Linux provides an alternate pre-boot environment to DOS or WinPE. Many vendors provide gigabit and wireless drivers for Linux that are not available in DOS. Deployment Solution 47
Chapter 8 Installing and Configuring Automation This section explains: Configuring Automation Operating Systems (page 47) Configuring Automation Boot Methods (page 50) Deploying Automation to Managed Computers (page 51) Configuring Automation Operating Systems The following sections guide you through installing and configuring the automation operating systems supported by Deployment Solution. Obtaining and Installing WinPE, Linux, or DOS Automation operating systems are installed using the Boot Disk Creator, which is available in the Deployment Console by clicking Tools > Boot Disk Creator. The following files are required to install the listed automation operating system: To install 1. In Deployment Console, click Tools > Boot Disk Creator. 2. In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems. WindowsPE WinPE is available on the Deployment Solution for Client or Servers download page at http://www.altiris.com/ Download.aspx. Linux The Linux 32 and 64-bit and FreeDOS preboot environments are available on the Deployment Solution for Clients or Servers download page at http:// www.altiris.com/Download.aspx. Click the Linux and FreeDOS Automation Environment link and save the file. Browse to the downloaded file when prompted during the installation, or when adding preboot operating systems using the Boot Disk Creator. MS DOS A Windows 98 installation CD (Windows 98 SE is preferred), and the proper licensing to use this on the intended computers. Files are copied from the win98 folder from this installation CD. FreeDOS The FreeDOS preboot environment is contained in the same file as the Linux preboot, see the Linux instructions for details. For additional information on FreeDOS visit www.freedos.org. Deployment Solution 48 Installing and Configuring Automation
3. Click Install and complete the wizard, providing the files listed in the previous table when prompted. For complete details on this process see the Boot Disk Creator help. Adding Additional Files Occasionally, you might need to make additional files available within an automation environment, such as utilities or mass storage drivers. These files can be added to every automation configuration of a specific type, or to select configurations only. This is determined by the location you add the files in Boot Disk Creator: Deployment Solution 49 Installing and Configuring Automation
The following example provides an overview of this process. Adding Mass Storage Drivers for WinPE 1. Select either the WinPE Additional Files folder, or a specific Boot Disk Creator configuration. 2. Right-click and select add > Folder. Using this add folder command, create the following path: i386\system32\diskdrivers 3. Within the diskdrivers folder, create the necessary folders to contain your drivers. The folders you add should contain a txtsetup.oem file, and at least one *.sys file, and possibly additional files. You must also ensure that any sub-folders specified by txtsetup.oem are included, and that the [defaults] section references the proper device driver (some textsetup.oem files might support multiple devices and drivers, and the proper device must be specified in the [defaults] section). The diskdrivers path is for adding mass storage drivers. If you are adding different driver types, you might need to modify this path. Adding Large Files to a Linux Boot Configuration Linux automation is typically loaded into RAM. Due to limitations on the amout of RAM available on most computers, there is a size constraint on the files that can be included. If you need to access larger files locally (such as a disk image), Boot Disk Creator provides a mechanism to mount a folder outside of the ramdisk, letting you access files that are too large to fit on the ramdisk. This is done by creating a folder named . in the root of your boot configuration. 1. Right-click your configuration and select New > Folder. 2. Name this folder . (do not include the quotes, just .). Deployment Solution 50 Installing and Configuring Automation
Files placed in this folder are mounted in Linux automation at / mnt / at r sboot . Example You can place a disk image and the rdeployt executable in this folder, create a boot DVD, and restore the included image without network access, using a command similar to the following: / mnt / at r sboot / r depl oyt - md - f / mnt / at r sboot / [ i magename] . i mg Configuring Automation Boot Methods When pre-boot tasks need to be performed, DS sends a message to the client computer to restart in the automation environment. This includes a shutdown command issued from DS, and a modification to the MBR if using an automation partition. After the managed computer reboots, the automation environment is loaded from PXE, an automation partition, or from boot media. The deployment agent now contacts the Deployment Server. After a connection is established, the Deployment Server sends the client computer its assigned jobs and tasks. After the automation tasks run, a status message is sent to the Deployment Server indicating that all work is complete. The Deployment Server sends a message that the client computer should reboot back to the Production environment (the MBR is restored when using automation partitions). The following sections guide you through the process of setting up PXE, automation partitions, or media to boot your computers into the automation mode: Configuring PXE Configuring Automation Partitions Configuring Boot Media (DVD/CD, USB device, Floppy) Configuring PXE PXE is a server-based technology, and requires additional components on your DS server, and possibly other computers. Setting up and configuring PXE is covered in detail in a separate document, PXE in Deployment Solution. Configuring Automation Partitions DS provides two types of automation partitions: Embedded Partition A small embedded section installed on the production partition of a managed computer which contains the automation operating system. Depending on the operating system, the size varies from 5 to 200 MB (you can specify the size when the partition is created based on recommendations). Hidden Partition A larger partition installed on the hard drive of a managed computer to contain not only the automation operating system, but to provide room to store images and other files. This partition is not normally viewable in the production operating system. Deployment Solution 51 Installing and Configuring Automation
An embedded partition doesnt create an actual disk partition, it reserves space on an existing partition by marking the sectors on the disk as unusable. The target drive must have an existing partition before an embedded partition can be installed. A hidden partition creates an actual disk partition, but this partition is hidden from normal view within the production system, though it is still viewable by FDISK or by an administrator. The partition is listed as a non-DOS partition. When a computer using an automation partition is assigned jobs, the Master Boot Record (MBR) of the computer is modified to boot to this hidden partition. After the work is completed, the MBR is restored to the previous configuration. Hidden partitions are very useful for computers which are imaged often, such as those in a test lab or provided for general use (such as a hotel or a library). After the visiting person is done using this computer, you may want to quickly re-image to ensure that the next visitor finds the computer in good working order. In these circumstances, a hidden partition enables you to quickly restore an image without needing access to a high bandwidth network. Automation partitions can be installed using an installation package deployed from DS (windows only), or installed from a CD, USB device, or floppy. This is different than using boot media to access automation, because the automation partition media is used once per computer to install, later the partition is used to perform tasks. Using boot media to access automation doesnt leave any files on the computer, but the media must be used each time you want to access automation. Configuring Boot Media (DVD/CD, USB device, Floppy) Creating and using boot media is a straightforward process. Boot media boots a managed computer to automation without leaving any files on the computer, and can be installed to DVDs, CDs, USB devices, or floppy disks. Boot media is created directly from the Boot Disk Creator utility. Deploying Automation to Managed Computers Automation partitions and boot media configurations are created using the Boot Disk Creator utility. PXE configurations are created using the PXE configuration utility. This difference is due to the way in which the automation operating system is deployed to the managed computer. Automation partitions and boot media use install packages or boot disks, while PXE uses a configurable menu to provide boot options, with each option on the PXE menu linked to a specific automation configuration. This section contains guidelines to create PXE, automation partitions, or boot media configurations and deploy these configurations to managed computers. Using Automation Partitions or Boot Media 1. Install the automation operating systems you want to use, as explained in Obtaining and Installing WinPE, Linux, or DOS. 2. In Boot Disk Creator, Create a new configuration. The wizard is accessed by clicking File > New configuration. Deployment Solution 52 Installing and Configuring Automation
This configuration contains the automation operating system files, network drivers, IP address of your server, and other settings which control how the managed computer communicates with your Deployment Server. This configuration does not specify how this automation configuration is installed. This is done using the Create Boot Disk wizard, which is launched automatically after you create a configuration. 3. The Create Boot Disk wizard provides three options: 4. After selecting how you want to install automation, complete the wizard. See the Boot Disk Creator help for additional details. You can also uninstall an automation partition using an install package, or configure a CD, USB device, or floppy from Boot Disk Creator. Using PXE 1. Install the automation operating systems you want to use, as explained in Obtaining and Installing WinPE, Linux, or DOS. 2. In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services > PXE Configuration Utility), create a new menu item to correspond to the automation configuration you want to install. Create an automation partition install package Creates an executable, or configures a CD, USB device, or floppy to install the automation environment. This process is executed once per device. After that, the computer uses the files from the automation partition. Select this if you are using automation partitions. For managed linux computers, you need to use a CD, USB device or floppy because no executable is provided for this platform. Create an automation boot disk Configures a CD, USB device, or floppy with the files necessary to boot a computer to automation mode. After booting, the computer executes any automation work previously scheduled, or waits for work to be assigned. Select this if you are using boot media to boot computers to automation. None of these files are installed, so the media must be used each time you need to access automation. Create a network boot disk Configures a CD, USB device, or floppy with the files necessary to boot to a prompt. This is useful if you have management task to perform that doesnt require interaction with DS, as your Deployment Server is not contacted in this scenario. None of these files are installed to the managed computer. Deployment Solution 53 Installing and Configuring Automation
3. Click Create Boot Image to launch the configuration wizard. This wizard is identical to the wizard used when creating configurations for automation Partitions or boot media. When this option is selected from the PXE menu, the necessary files are loaded, the job is performed, the computer boots to the production operating system. None of these files are saved on the managed computer, they are downloaded each time the computer boots to automation. 4. Provide any additional configuration options and click Save. Deployment Solution 54
Chapter 9 Setting Up the Altiris PXE Server What is PXE? Preboot Execution Environment (PXE) is an open industry standard which enables computers to boot remotely using a network card. PXE uses standard network protocols to establish a communication channel between a computer and an Altiris PXE server during the boot process. Using this channel, an Altiris PXE server sends an execution environment to the computer so that work can be performed in a pre-boot state. In Deployment Solution, this pre-boot state is called the automation environment, and DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An overview of the automation boot methods and environments is contained in a separate document, Deployment Solution: Automation Preboot Environments. An advanced, tightly integrated PXE environment is provided with Deployment Solution. Deployment Solution leverages PXE to provide the following advantages: When a managed device needs to boot into automation, Deployment Solution restarts the computer and notifies the Altiris PXE Server. Altiris PXE Server now boots the computer into the automation environment indicated in the Deployment Solution job automatically. PXE can perform an initial deployment of a new system by checking to see if a computer exists in Deployment Solution. All PXE configuration is done using the PXE Configuration Utility from the Deployment Solution console, enabling you to remotely configure all PXE servers in your network. Why Use PXE? PXE is used in Deployment Solution to perform two tasks: Boot managed computers into the automation environment Perform initial deployment of new managed computers How you implement PXE is partially dependent on what you plan to do with it. Many organizations use PXE only on a subnet in a receiving department to deploy corporate images and initial configuration of new computers. After this computer is assigned to a user, PXE is not used in the normal production environment. This limits the extent of the PXE environment, but prevents you from accessing the automation environment to capture images and perform other automation-only tasks. Other companies which often use automation select PXE because it leaves no footprint on the managed computer, and has several other advantages such as image multicasting and tight Deployment Solution integration. Deployment Solution 55 Setting Up the Altiris PXE Server
Regardless of how broadly you implement PXE, Deployment Solution provides tools and services to simplify management of PXE in your environment. This section contains the following topics providing an overview of PXE in Deployment Solution: PXE Services and Architecture How PXE Works PXE Services and Architecture PXE services use a tiered-architecture which enables you to provide global settings and boot options shared across all Altiris PXE Servers, override configuration and expand boot options on a local level. Boot options and PXE settings can be applied to a shared configuration. This shared configuration is inherited by all Altiris PXE Servers in your environment. Each Altiris PXE Server still has its own specific configuration, so you can override settings and add additional boot options as needed. New services have been provided to replicate settings and data automatically, making it unnecessary for you to individually configure each PXE server. The following table contains an overview of the PXE services: The PXE Manager service interacts with Deployment Server, PXE Helper service, and the PXE config utility to perform centralized PXE management: Service Description PXE Manager Provides all boot options and configuration settings for each Altiris PXE Server in your environment. Interfaces with the PXE Config Utility to replicate data and apply PXE configuration. Manages all communication between your Deployment Server and your Altiris PXE Servers. The PXE Manager Service is installed on your Deployment Server regardless whether or not you have also installed an Altiris PXE Server. PXE Config Helper Interfaces with PXE Manager to receive data and configuration. Configures, starts, and stops the additional PXE services on the Altiris PXE Server. Altiris PXE Server Provides the PXE listener and proxy DHCP to respond to PXE requests and send the location of bootstrap files. MTFTP Sends bootstrap files to managed computers using TFTP. Deployment Solution 56 Setting Up the Altiris PXE Server
On each individual Altiris PXE Server, the Altiris PXE Server service and the MTFTP service are installed to perform the work of an Altiris PXE Server. These services are configured, started and stopped by the PXE Config Helper service. Clients connect directly to these services during the PXE boot process: How PXE Works Before a computer can boot over a network, it needs two things: an IP address to communicate, and the location of an Altiris PXE Server to contact for boot instructions. The following sections outline the PXE boot process: Part 1: DHCP Request and PXE Discovery Part 2: PXE Bootstrap Deployment Solution 57 Setting Up the Altiris PXE Server
Part 1: DHCP Request and PXE Discovery Request and Receive an IP Address Initially, the boot agent directs the execution of normal DHCP operations by broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local physical subnet to discover a DHCP server. Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating their server IP. When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet that includes its MAC address and the IP address of the selected DHCP server. The DHCPREQUEST also contains option 60 to identify the client as a PXE client. PXE Option 60 DHCP lets clients to receive options from the DHCP server indicating various services that are available on the network. A number of standard and custom options are available that can convey a vast amount of information to DHCP clients. Option 60 deals specifically with PXE related services. Both PXE clients and servers use option 60 to convey specific information about the PXE services they need or are providing. Contacting the Altiris PXE Server All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a different server, the IP address they offered is reclaimed. The DHCP server providing the accepted offer supplies a DHCPACK packet to the client to acknowledge the clients receipt of its IP. During this process, the Altiris PXE Server monitors the wire for DHCPREQUEST packets with an option 60 (PXE client). When a packet is recognized, the clients MAC address is used to find any pending automation work in Deployment Server. If no automation work is required, the Altiris PXE Server does not respond to the client and it boots normally. If there is work to do, the Altiris PXE Server responds with its address using a DHCPACK with option 60. At this point, the client has received a DHCPACK containing an IP address, and a DHCPACK with option 60 containing an Altiris PXE Server. If the Altiris PXE Server is located on the same server as DHCP, both are contained in the same DHCPACK packet. Part 2: PXE Bootstrap The client is ready to contact the Altiris PXE Server for boot files. After this request, clients are provided with a boot menu containing all boot options that the Altiris PXE Server can provide. Most of the time, the correct boot option has already been selected by the Deployment Server, so this is transfered to the client. After the selection is made, the client requests the necessary boot files using MTFTP. This consists of a .0 and a .1 file. The .0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the BIOS interrupt vectors, interrupt structures and hardware information tables to make the RAM disk function exactly like a typical floppy disk. This file copies the .1 file byte by byte into the newly created RAM disk. Deployment Solution 58 Setting Up the Altiris PXE Server
The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and additional files which ultimately provide the automation environment on the managed computer. The following diagrams contain a basic outline of this process: PXE Planning and Installation This section contains an overview of the PXE deployment process, in the following sections: Enabling PXE on Managed Computers Installing and Configuring DHCP How Many Altiris PXE Servers Do I Need? Installing Altiris PXE Servers Deployment Solution 59 Setting Up the Altiris PXE Server
Enabling PXE on Managed Computers Each computer you plan to manage using PXE must have PXE boot enabled (sometimes called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea to apply the latest BIOS updates, especially if your network card is integrated on the motherboard. Deployment Solution also supports Wake on LAN to power on managed computers remotely. If this is enabled, a Wake on LAN signal is sent to the managed computer if the device is disconnected from Deployment Server when a job is scheduled to start. Installing and Configuring DHCP DHCP is an integral part of the PXE process, and must be installed and configured in order to use PXE. A DHCP server is not provided with Deployment Solution, you must obtain, install, and configure this component separately. After DHCP is set up and your Altiris PXE Servers are installed, you need to configure how your Altiris PXE Servers interact with the DHCP server. This is done using the PXE Configuration Utility. How Many Altiris PXE Servers Do I Need? Number of Client Connections Altiris PXE Servers do not typically require a lot of resources. By using multicast, a single Altiris PXE Server can deploy a DOS boot image to up to 100 computers at a time, and not consume any more resources than it would while deploying a single image. If you are using WinPE or Linux however, multicast boot is not available. Usually a single Altiris PXE Server in a specific location is enough if you either use multicast to deploy images or spread out your image capturing jobs to be in line with the capabilities of your server. Additional Altiris PXE servers can easily be added if necessary. Network Speed Since the majority of the resources on an Altiris PXE Server are used for transferring files over the wire, the faster the network, the more work a single Altiris PXE Server can do. A single Altiris PXE Server on a gigabit network can capture and deploy several times as many images over a period of time than even multiple servers on a slower network. Physical Layout of your Network Your PXE configuration might be set up according to the physical layout of your network. If you have three offices in different locations, it might make sense to install an Altiris PXE Server at each location to reduce traffic and resolve routing issues (see PXE Request Routing). In these configurations, the deployment share can be mirrored to a local server, and images are usually taken from and restored to local file servers. See PXE Redirection (page 62) for an example of this type of configuration. Deployment Solution 60 Setting Up the Altiris PXE Server
PXE Request Routing PXE clients use broadcast packets to find DHCP and PXE services on a network, and multicast packets (MTFTP) to transfer files. These packet types can present challenges when planning a PXE deployment because most default router configurations do not forward broadcast and multicast traffic. Because of this, either your routers need to be configured to forward these broadcast and multicast packets to the correct server (or servers), or you need to install an Altiris PXE Server on each subnet. Routers generally forward broadcast traffic to specific computers. The source subnet experiences the broadcast, but any forwarded broadcast traffic targets specific computers. Enabling a router to support DHCP is common. If both PXE and DHCP services are located on the same computer, and DHCP packet forwarding is enabled, you shouldnt have any problem transferring broadcast packets. If these services are located on different computers, additional configuration might be required. If you are going to forward packets, ensure your router configuration lets DHCP traffic to access the proper ports and IP addresses for both DHCP and Altiris PXE servers. Once the broadcast issues are resolved, the routing of multicast traffic must be considered. Multicasting leverages significant efficiencies in transferring files but also introduces challenges similar to broadcast packet forwarding. Like the broadcasting solution, routers can be configured to support multicast traffic between PXE Clients and Altiris PXE Servers. Please consult the documentation provided by your router vendor for additional information on packet forwarding. Installing Altiris PXE Servers After you have determined the PXE needs of your network, you must to determine where to install these Altiris PXE Servers. An Altiris PXE Server can be installed on your Deployment Server, on your DHCP server, on another server in your network (such as a file server), or as a standalone server. You can also use a combination of these (example: an Altiris PXE Server on your Deployment Server and your DHCP server). The actual installation process is straightforward. You can install an Altiris PXE Server at the same time as you install Deployment Solution, or you can install one later by running the installation program and selecting the add additional components option. After these servers are installed an running, they are configured using the PXE Configuration Utility. See the following section. Configuring PXE Settings All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is used to create and modify two things: Global and local configuration settings. These settings include timeout values, replication and logging options, and so on. Deployment Solution 61 Setting Up the Altiris PXE Server
Boot options. Each boot option corresponds to a specific configuration which includes an operating system, network and other drivers, utilities, mapped drives, and so on. This section contains a brief overview of selected PXE configuration and boot options. For complete details, see the help for the PXE Configuration Utility. PXE Settings Shared vs. Local Deployment Solution provides a PXE settings hierarchy enabling you to provide shared and local PXE configuration values. All Altiris PXE Servers inherit the shared values unless they are overridden on the local server. Session Timeout The PXE configuration utility connects the PXE Manager service on Deployment Server. To ensure your changes are not overwritten by another instance of the PXE Configuration Utility, only one instance of PXE config can connect to PXE manager at any given time. If you attempt to launch PXE Configuration when another instance is running, you receive an error. To prevent you from being completely locked out for extended periods (example: an instance is inadvertently left open on another computer), a timeout has been added which terminates a connection after 30 minutes of inactivity after someone else attempts to connect. This timeout only applies if someone else is attempting to launch PXE Configuration. If no other connections are attempted, the timeout is never enabled and your session remains active. DHCP Server Options For most circumstances, you want option 1. If you have DHCP installed on your Deployment Server but it is not active, Deployment Server might still attempt to communicate with that instance. This is changed by selecting option 3. If you are using a 3rd party DHCP server which automatically sends the client 60 message, select option 2. Boot Options Boot options are the boot configurations provided to a client by an Altiris PXE Server. Each boot option has a corresponding automation operating system, network drivers, and other settings. Shared vs. Local Deployment Solution provides a PXE boot option hierarchy enabling you to provide shared and local PXE boot options. Shared boot configurations are available on all Altiris PXE Servers, while local boot options are available on a specific Altiris PXE server. Deployment Solution 62 Setting Up the Altiris PXE Server
PXE Redirection Lets you redirect a global PXE menu option to a local PXE menu option. Redirection settings are not available globally, they are always specific to an individual Altiris PXE Server. This is due to the role redirection plays in your PXE environment. Consider the following example: You manage computers in three locations: Two offices in Ontario, and one office in Alberta. To limit transfer between each site, each office has a local Altiris PXE Server, and a file server with a mirror of the deployment share. This enables clients at each location to contact the local Altiris PXE Server to boot and use the local deployment mirror to access the network tools and to store images. You need to create a job to capture an image of each managed computer on Friday evening, once a month. To create this job, you add an imaging task, select a PXE boot option, and set the schedule. Hold on. If you select the same PXE boot option for each office, you are going to have problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress, and stores captured images on alb1\images. The two Ontario offices use the ont1 and ont2 servers respectively. You could go ahead and create three global configurations and three different jobs, but that is confusing and could potentially cause problems if the wrong selection is made. If you took this route, on each Altiris PXE Server, two of the three global configurations could potentially cause problems (they are mapped to drives in remote offices). To avoid problems, select a single global configuration for a job and update it based on the location of the Altiris PXE Server. This is exactly what redirection does. You create a global configuration (example: named Imaging Environment). On each Altiris PXE Server, you create a local configuration for each office with the correct server mappings. The Imaging Environment global option is redirected to the local option, and the process is simplified. Now the imaging job can be applied to all computers at once, simplifying the process and reducing the chance of errors. Deployment Solution 63
Part III Using Deployment Solution This section provides feature identification and basic procedures for deploying and managing computers using Altiris Deployment Solution software. Deployment Solution 64
Chapter 10 Deployment Basics Deployment Solution provides a graphical, object-based interface to manage computers. After you have installed the Deployment Agent and the computer has connected, the computer can be managed using the Deployment Console. Computers Each computer and computer group in your environment is represented in the computers pane: Computers can be dragged into a group, or automatically assigned to a group when the agent is installed. Computers can belong to only one group. When a new computer connects, it is placed in the New Computers group. Jobs Jobs contain a sequence of tasks to perform work on managed computers. Example: a job might be install and activate Winzip 10. This job might have a condition specifying that it should only execute on Windows XP computers with 500 MHZ or greater processors. Deployment Solution 65 Deployment Basics
Each job that can be assigned to a computer or computer group is represented in the jobs pane: Computers are assigned jobs by dragging and dropping computers onto a job. Jobs can also be scheduled by right-clicking and selecting the Job Scheduling Wizard. Creating Jobs and Tasks Jobs are created by adding one or more tasks to a job. Tasks include create disk image, distribute software, manage SVS layer, and run script. These tasks run sequentially and can trigger other events, such as a stop job or execute other job depending on the return code of the task. Context Menus (Right-click) In the Deployment Console, you can right-click almost any object for a context-specific list of management options. Example: if you right click a computer or group, you are given the option of viewing computer details or job history, remote controlling or opening a chat session, renaming, power control, and several other options. Find a Computer in the Database This search filter lets you type a string and query specified database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. This search filter queries the property values appearing in the Computer Properties (page 119). Deployment Solution 66 Deployment Basics
1. In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string will be compared with specified database fields. 2. In the In Field box, select the field you want to search in the Deployment Database. Example: to find a computer by searching for its IP address, type the address in the Search For field and select IP Address from the In Field drop-down list. The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and lets wildcard searches using the *. Using Lab Builder Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a classroom or lab environment.
Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The computers that match the search will be highlighted in the Computers pane. Name BIOS name of the computer. Computer Name Deployment Solution name of the computer. MAC Address Example: 0080C6E983E8. IP Address Example: 192.168.1.1. ID Example: The computer ID. 5000001. Serial Number Serial number installed in BIOS. A primary lookup key. Asset Tag Asset number in BIOS. A primary lookup key. UUID A primary lookup key. Registered User Name entered when the operating system was installed. Product Key Product Key for the operating system. Logged On User Name of the user currently using the computer. Physical Bay Name The actual bay number. Example: 7x.
Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment. Deployment Solution 67 Deployment Basics
You can set up jobs to: Create Disk Image Deploy Lab Restore Lab Update Configuration Upload Registries Each job contains a default list of tasks. Lab Builder places these five new jobs under a folder (which you name) located under the Lab folder. All tasks in the jobs are assigned default paths and file names that let them use the same images and configuration information, registry data, and so on. We recommend that you do not change the file names and paths. If you change the default settings (Example: changing the image name), you must change it in all jobs where the image is used. To use Lab Builder 1. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder. 2. Enter the name of the lab setup. Note The lab name must be unique because the program creates a default image file name based on the name, and the image file name must be unique. The default image name is synchronized in all lab jobs, so if you change the name later you must change it in all jobs that use the image. 3. Enter a lab description to help you differentiate the lab from others. This field is optional. Click OK. 4. Identify an image in the Create Disk Image job. 5. Set computer names and addresses in the Update Configuration job. The following information describes the default jobs. To run one of these jobs, drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you to set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server. Deployment Solution 68 Deployment Basics
Computer Import File Use the following format to import new computers from a text file. You can easily create a computer import file by entering data in the provided Microsoft Excel spreadsheet (I mpor t Comput er s55. xl s) located in the Samples folder of the Deployment Share. A semicolon as the first character denotes comment lines. Quotes around fields are optional. Leaving the job name blank does not assign the computer to any job. Leaving the start time blank makes an entry in the job for the computer, but does not schedule it for a specific time. Only the Name field is required. Quotes around fields are optional. You can populate your computer database using the format provided below. The Import Computers text file can be imported into Deployment Solution using the File > New Computer > Import or File > Import/Export > Import Computers. Tips for creating a new computers import file When using Boolean references, do not use quote marks. These fields are marked with a B: 1=On/True and 0=Off/False. For some fields, this input format supports multiple IP Addresses, delimited by a ; (semicolon) within the field. These fields are marked with a (;). Example: the gateway field could read, 30.11.11.2, for a single IP address or, 30.11.11.2;30.11.11.3;30.11.11.4, to support three IP addresses. All fields (up to and including site) must be present in the file, but all data except for Name is optional. To use optional fields for multiple network adapters, the preceding fields are required. Example: to use Nic3 fields, all fields for Nic2 are required. For Deployment Server to read the import text correctly, ensure there is a final hard return at the end of the file. Format for the New Computers text file Outlined below is the field order for the database input. Fields marked (ignored) are not used by version 5.5 and later, but are included to support previous versions. ;Name,MAC Address 1,Serial Number,Asset Tag,Computer Name,Domain(B),Domain/ Workgroup Name,Domain Controller Name(ignored),DHCP(B),IP Address(;),Netmask(;),Gateway(;),Preferred DNS(;),Alternate DNS,Alternate 2 DNS,Preferred WINS,Alternate WINS,Hostname,Domain Suffix,Use Preferred Tree(B),Preferred Server,Preferred Tree,Netware User,NDS Context,Run Scripts(B),User,Organization,Key,Password Never Expires(B)(ignored),Cannot Change Password(B)(ignored),Must Change Password(B)(ignored),Username(ignored),Full Name(ignored),Groups(ignored),Password(ignored),Contact,Department,Email,Mailstop ,Phone,Site,Computer Group,Job,Job Start Time,NIC2 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC3 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC4 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC5 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Deployment Solution 69 Deployment Basics
Suffix,NIC6 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC7 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC8 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix Example Import File DB Computer 1,00a0c95c2640,6X18FHGZP21P,6X18FHGZP21P,Computer1,1,Altiris,,1,,,,,,,,,computer 1h,altiris.com1,1,server1,tree1,user1,context1,1,John Doe,"Altiris, Inc.",12345-OEM- 1234567-12345,,,,,,,,John Doe,Engineering,jdoe@altiris.com,111,(801) 805- 1111,Lindon,Test Group,Test Job,12/31/2001 17:30,00a0c95c2641,0,172.25.10.180,255.255.0.0,172.32.0.4,172.32.0.1;172.32.0.7, 172.32.0.4,altiris.com2,00a0c95c2642,1,,,,,,altiris.com3,00a0c95c2643,0,1.1.1.1;2.2.2 .2,255.255.255.255;255.255.255.0,1.1.1.2;2.2.2.1,3.3.3.3;4.4.4.4,5.5.5.5;6.6.6.6,alti ris.com4,00a0c95c2644,1,,,,,,altiris.com5,00a0c95c2645,0,1.1.1.1,2.2.2.2,3.3.3.3,4.4. 4.4,5.5.5.5,altiris.com6,00a0c95c2646,1,,,,,,altiris.com7,00a0c95c2647,0,5.5.5.5,4.4.4 .4,3.3.3.3,2.2.2.2,1.1.1.1,altiris.com8 Deployment Solution 70
Managing from the Deployment Console Deployment Solution provides both Windows and Web user interface consoles to deploy and manage computer devices across local or wide area networks. It also provides a Thin Client view of the Deployment Console. As an IT administrator, you can manage all computer devices from one of these Deployment Consoles: The Deployment Console is a Windows-based console with complete deployment and management features, including remote control, security, PXE Server configuration, image editing, and other deployment utilities and features. See Deployment Console Basics on page 71. The Deployment Web Console provides basic deployment and management functionality from a Web browser, including the ability to remotely access and manage computer devices, build and schedule jobs, and view multiple Deployment connections. The Thin Client View of the Deployment Console provides a simplified experience when dealing exclusively with Thin Clients. The functionality of the Thin Client Console is identical to that of the current Deployment Console. However, you can toggle from Full View to Thin Client View. Deployment from the Altiris Console combines management and reporting features across multiple Deployment Server systems and lets you integrate additional Web applications in the client and server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, Patch Management, and Application Metering solutions. Features of the Deployment Console. The Windows console for Deployment Solution provides standard Computers, Jobs, and Details panes to drag and drop icons, view properties, and identify the state and status of Deployment objects. In addition, the Deployment Console also includes a Shortcuts and Resources view and provides the tools, utilities, and features required for complete computer resource management. See Deployment Console Basics on page 71. Set Program Options. From the Tools > Options dialog, you can set preferences for each Deployment Server system. See General Options on page 83. Set Security. From the Tools > Security dialog, you can set security rights and permissions for all Deployment Consoles. See Security in Deployment Solution on page 87. Connecting to other Deployment Server systems. Connect to other Deployment Server connections from your current Deployment Console and manage computers outside of your current network segment or site. See Connecting to Another Deployment Server on page 93. Customize the Tools menu. You can add commands to the Tools menu to open commonly-used deployment programs and utilities. See Extending the Tools Menu on page 80.
To launch the Deployment Console, click the icon on the desktop, or click Start > Programs > Altiris > Deployment Solution > Console. Deployment Solution 71
Deployment Console Basics The Deployment Console is your main portal to Deployment Solution. It is a feature-rich Win 32 program with real-time access to computer resources, deployment jobs, and package files, each represented by distinct icons to identify the status and settings. From the Deployment Console, you can build simple or complex deployment jobs, assign them to a computer group, and verify deployment execution. Because the Deployment Console can reside on its own computer, you can have multiple consoles running from different locations. The Deployment Console needs to be running only while creating assignments or viewing information about the managed computers. You can turn on the console, run management tasks, and turn off the console. Scheduling information is saved in the Deployment Database and tasks are executed at their scheduled time. If an assignment to a managed computer is made from two different consoles at approximately the same time, the computer is assigned those tasks in the order they are received. See Console options on page 83 to set refresh intervals for the Deployment Console. Features of the Deployment Console The Deployment Console is divided into several panes to organize computers, deployment jobs, and software packages and scripts. It gives you a graphical view of your network and provides features to build jobs, drag and drop icons to schedule operations, store and access jobs and packages, and report the status and state of your computer resources. The Deployment Server includes three main panes, toolbars, wizards, shortcuts, and utility programs. Computers pane Use this area to view and select managed computers for the Deployment Server system. You can select and right-click a computer in the Computers pane to run remote operations using Deployment Solution or to view the computer properties. You can also create computer groups to organize collections of similar computers. See Remote Operations Using Deployment Solution on page 122 and Computer Properties on page 119. When you select a computer or group, a list of the computers in the group appears in the Details pane and provides the basic information about each computer. The Filter detail bar appears in the Details pane that helps to view computers according to set criteria. When a computer is selected, you can view the computer status in the Details pane, including a list of jobs that are running or are scheduled to run on the computer and the status of each job. To get more details about all tasks that are run on computers, click Status Detail. Status Detail displays a more detailed breakdown of the tasks that the job has executed and a status message indicating the status of the tasks. Create computer groups by clicking Computer Groups on the toolbar, or right-clicking in the Computers pane and selecting Groups. Click View > Show Computers to display only computer group icons and not individual computers. Deployment Solution 72
You can also import new computers from a text file or add security rights and privileges for a specified computer or group of computers. See Managing Computers on page 95 for complete information about setting up, importing, and managing computers from the Computers pane. Jobs pane Use this area to create and build jobs using specific deployment tasks. You can select and right-click a job in the Jobs pane when building new jobs or running the New Job Wizard. You can also import new jobs from a text file or add security rights and privileges for a specified job or collection of jobs. See Building New Jobs on page 148 and New Job Wizard on page 144. Set up folders to organize and access jobs according to your specifications. To create a new folder, right-click in the Jobs section and select the New Folder option. You can also create folders by selecting File > New > Folder. When you select a job, the Details pane displays a list of computers in the folder and gives a basic information about each job, such as its state and status. It also shows the computers or computer groups to which the job is assigned. The Conditions detail bar also appears, letting you assign jobs to computers. See Setting Conditions for Task Sets on page 149. In System Jobs, folders are created to store jobs that are created when running operations from the console. Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when you drag an .MSI, .RIP, or other package files from the Resources view to a specific computer or group. See Shortcuts and Resources View on page 73. Image Jobs. Jobs are placed in this folder when you create a Quick Disk Image. See Quick Disk Image on page 125. Restoration Jobs. Jobs are placed in this folder when you restore a computer from its Deployment history. See Restoring a Computer from its Deployment History on page 124. From the Jobs pane, you can drag job icons to computer icons to run jobs, such as creating images, deploying computers, changing configurations, or installing software. After you create a job, you can change it by adding, modifying, or deleting tasks. You can run jobs immediately, schedule them to run at a particular time, or save them for a later time. See Building and Scheduling Jobs on page 143 for complete information about setting up, importing, and managing computers from the Jobs pane. Details pane The Details pane extends the user interface features when working in the Computers, Jobs, or Shortcuts panes. Click View > Jobs View to show or hide the Jobs pane. Deployment Solution 73
When you select a computer in the Computers pane, the Details pane changes to a Filters section (if you click a group icon) and displays the status of all jobs assigned to the selected computer. When you select a job icon in the Jobs pane, the Details pane displays the information about the job to set up conditions, order tasks, and to add, modify, or remove tasks. When you select a computer or computer group in the Computers pane, the Details pane displays the information about a computer, such as its IP address, MAC address, and status. When you select a batch file, you can click Modify to update the file. When you select a hard disk image file (.IMG), the Details pane displays a description of the image file and information about the included partitions. When you click on the package files, the Details pane displays the title, description, version, creation date, and platform of an .RIP file or Personality Package. Shortcuts and Resources View The Shortcut and Resources pane provides easy access to the computers and job objects identified in the console and the software packages stored in the Deployment Share. In the Shortcuts view, you can drag computers, computer groups, jobs, and job folders to organize and access commonly-used console objects. In the Resources view, you can identify and assign package files. The Shortcuts view provides quick links to view and access computers, jobs and packages. It can act as a palette of Deployment Solution icons that you can drag to other working panes in the console, or as a storage to save commonly-used jobs and computer icons. The Resources view lets you see a filtered view of the package files .MSI files, .RIPs, image files, Personality Packages, and other resource packages stored in folders in the Deployment Share. From the Resources view, you can drag packages directly to the computers in the Computers pane to deliver the software. This automatically creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the Jobs pane. The Resources view lets you identify packages assigned to each job and assign those packages to create new jobs. Using Resources Directly If you do not want to create a shortcut to a resource, but still want to use a resource to assign a job to a computer, you can move the resource to a designated computer. To do so: 1. Enable the Shortcuts view. 2. Click Resources at the bottom of the Shortcuts window.
Click View > Shortcuts View to open the Shortcuts and Resources pane. You can drag the jobs and computer icons to this pane. Click Resources in the Shortcuts and Resources view, or click View > Resources or CTRL+R to open a filtered list of packages on the Deployment Share. Deployment Solution 74
3. Browse to the selected resource and drag it to the appropriate computer. You can create a new script file from the Resources view and use it directly to schedule it on a computer. See Creating New Script Files on page 188. See Console options on page 83 for options to set refresh intervals for the Resources view. Thin Client View of the Deployment Console The Thin Client view of the Deployment Console provides a simplified experience when dealing exclusively with Thin Clients. The functionality of the Thin Client view is identical to that of the current Deployment Console. However, you can switch from Full view to Thin Client view. The Thin Client Console has the following panes: Computers Resources Software Packages Inventory The Computers, Resources, and Software Packages panes are on the left side of the Thin Client view, while the Inventory pane is on the right side of the Thin Client view. Installing the Thin Client View During installation, you can install the Deployment Solution Thin Client view. By default, the traditional Deployment Console is installed. If you select Thin Client view, a Thin Client Jobs system folder is created. All the jobs created from the Deployment Solution Thin Client view are stored in this folder. During the installation process, the following folders are created in this hierarchy for the Thin Client resources: Configuration Packages Images Software Packages Deployment Solution for Thin Clients uses the same installation program as Deployment Solution. No licensing is required even if you select Thin Client Install. To install Thin Client To install Thin Client, choose one of the following options: On the Deployment Server Install Configuration dialog, select the Thin Client Install option. The Deployment Console Thin Client View appears. On the Deployment Server Installation dialog, select the Simple Install option. The Deployment Console appears. Click View > Show Thin Client View. The Deployment Console Thin Client View appears. Deployment Solution 75
Switching Between Two Views When you switch between the traditional view and the Thin Client view, you can maintain the last state in which you viewed the console. This ensures that you open the console in the same view that you last closed it in. To switch between the traditional and the Thin Client view 1. Click View. 2. Select Show Thin Client View. Note By default, the Thin Client view is visible if you select Thin Client Install. When you switch to the Thin Client view, all the menus and items that are not necessary for the Thin Client view are unavailable. These are visible when you switch to the traditional view. Computers Pane This pane is the same as that in the traditional view. However, only thin clients are displayed. You can right-click this pane to view a new menu. When you right-click a thin client, you can view the following options: Capture Configuration Capture Images Deploy Configuration Deploy Image Install Automation Partition Get Inventory Power Control Properties Remote Control Delete Manage Inventory View If you select a Capture option, a text field appears, prompting you for the name of the captured resource. By default, the name is the same as the serial number on the Thin Client, which you can change. If you select a deploy option, a list of the available resources appears for the selected type, such as Configurations, Images, or Software Packages. You can select a resource from this list. To create a job You can create a job in one of the following ways: Select any of the first six options from the Computers pane. All these jobs are scheduled at the current time. Deployment Solution 76
Note The Schedule Computers for Job dialog does not have the Job Schedule tab. Also, all the automation jobs have the default option selected for boot image. Drag resources to the Computers pane or computers to the Resources pane to schedule jobs at the current time. Note Ensure that you have the required permissions to drag and drop resources. All thin client job details are saved in the Thin Client Jobs system folder. You cannot delete or rename this new system folder from the console. All the above options, except Properties, are disabled when the client is not active. Note All the jobs on the thin clients are automatically created and scheduled by the console, and this happens only when the clients are active. When creating the jobs, the console refers to the operating system type (platform) of the client. Resources pane This pane is a treeview listing all the resources that you can drag and drop to the thin clients and vice versa. The following types of resources appear in this pane: Configuration Packages. Example: Captured Registry Settings. Images Software Packages. Example: HP Tools. Note All these resources reside in the eXpress share in the ThinClient directory. When you click any of the submenus corresponding to the subdirectories within the ThinClient directory, the tree expands and displays all the resources included in the directory. If the folder is empty, an appropriate message appears. You can rename or delete the resources. Software Packages The Software Packages pane displays the software packages that can be created for the available computers. You can drag and drop this resource to the thin clients and vice versa. When you right-click the Software Packages pane, you can view the following options: New folder. Select this option to create a new folder. Import. Select this option to import a job. See To import a job on page 77. Rename. Select this option to rename a folder. Note You cannot rename the Software Packages pane. You can only rename a folder. Delete. Select this option to delete folders. Deployment Solution 77
Find Software Packages. Select this option to find software packages. To import a job 1. Open the Thin Client view. 2. Right-click the Software Packages pane and select Import. The Import Job dialog appears. 3. In the Job file to import field, browse and specify the file that you want to import. Note By default, the Import to Job Folder, Overwrite existing Jobs and Folders with the same names, and Delete existing Jobs in folder options are disabled. To preserve the source operating system file paths of Scripted Install, select the Preserve Scripted Install OS source paths option. Click OK. To delete the Software Packages option from the Deployment Console 1. Open the Deployment Console. 2. In the Jobs pane, select System Jobs > Thin Client Jobs > Software Packages. 3. Right-click Software Packages and select Delete. A confirmation dialog opens. 4. Click Yes to confirm the deletion. The Software Packages option is deleted from the Deployment Console view. Note The Software Packages option is automatically added in the Jobs pane in System Jobs > Thin Client Jobs when you switch from the Deployment Console view to the Thin Client view. Inventory Pane This pane displays a table that lists all the thin clients identified by the console. The following columns appear in the Inventory pane: Name Computer Status Action Status Product Name Operating System Image Version Flash Size Memory Size BIOS version Deployment Solution 78
You can select which columns to view. The following columns are available, but do not appear: Automation Partition CPU Domain name IP address MAC address To view Inventory columns 1. Right-click the Inventory pane. The Manage Inventory Columns dialog appears. 2. You can add columns to either the Selected columns list or the Available columns list by clicking the required arrows. 3. Click OK. Toolbars and Utilities The toolbars and menus on the Deployment Console provide major features and utility tools to deploy and manage computers from the console. From the Main toolbar, you can create new jobs and computer accounts and run basic deployment tasks. On the Tools toolbar, you can launch Deployment Solution administration tools and package editing tools. It also includes icons to quickly run commonly used remote operations. See Remote Operations Using Deployment Solution on page 122. Deployment Solution Utility Tools The Deployment Console lets you open utility programs from the Tools menu or from the Tools toolbar. You can launch Deployment Solution administration tools (Boot Disk Creator, PXE Configuration, Wise SetupCapture and Remote Agent Installer) and package editing tools (Wise MSI Editor, PC Transplant Editor, and Image Explorer) from the toolbar. Administration tools Boot Disk Creator. Use this tool to create boot disk configurations, and automation and network boot media to image client computers. The Boot Disk Creator can maintain several different boot disk configurations for different types of network adapter cards. See Altiris Boot Disk Creator help. PXE Configuration. After installing the PXE Server, you can create and modify configurations, which make up the boot menu options that appear on client computers. This is another another option to boot computers to automation. See the Altiris PXE Configuration help. Deployment Solution 79
Remote Agent Installer. Remotely install the Deployment Agent on client computers from the console. This utility lets you push the agent installation to client computers from the Deployment Console. Package Editing Tools PC Transplant Editor. Use this tool to edit a Personality Package to add or remove data. See the Altiris PC Transplant Help located in the Deployment Share. Image Explorer. After a disk image is saved to the Deployment Share, this tool lets you view and manage data in the image file. You can edit and split an image, create an index, and more. See the Altiris Image Explorer help file located in the Deployment Share. Wise MSI Editor. Edit .MSI packages generated from the Wise Setup Capture tool or other .MSI files used to distribute software and other files. SVS Admin Utility. Create, import, and manage virtual software layers. See Software Virtualization Solution on page 79. Software Virtualization Solution Altiris Software Virtualization Solution (SVS) is a revolutionary approach to software management. SVS places applications and data into managed units called virtual software packages. You can use SVS to activate, deactivate, or reset applications to avoid conflicts between applications without altering the base Windows installation. The SVS Admin Utility is a part of SVS. It creates, imports, and manages virtual software layers, which are part of the packages. For information on installing and using the SVS Admin Utility, see the Software Virtualization Solution Reference Guide. For information on the integration of the SVS Admin Utility with Deployment Solution, see Using SVS Admin Utility with Deployment Solution on page 79. Using SVS Admin Utility with Deployment Solution On a Deployment Solution computer, you can capture application and data files. The installed application, data files, and settings are captured into the virtual software layers. The Deployment Solution computer should have a clean installation of the Windows operating system. The computer should not have any background processes or programs running that can be captured into the layers. Your base computer should not be running an antivirus program or any other computer management program. If possible, the computer should not have an active Internet connection. Deployment Solution 80
You can create layers on a virtual computer. (See Managing the SVS Layer on page 175.) This lets you disconnect a computer from the network and reset the computer after each capture. This ensures that you have a clean operating system. You can also distribute .RIPs, .MSI files, scripts, personality settings, and other package files to computers or groups. See Distributing Software on page 172. Extending the Tools Menu You can add commands to the Tools menu on the Deployment Console to quickly access additional management applications. This lets you easily access applications commonly used with Deployment Solution. Commands are added by modifying or adding new .INI files. You can insert commands to the root ATools.ini file for the main menu or add new .INI files to create submenus. Place both types of .INI files in the directory where the Deployment Console executable (eXpress.exe) is located. The default location is Program Files\Altiris\ eXpress\Deployment Server. You can add up to eight menu items to the main menu, and eight menu items for each submenu. These .INI fields are included for each application added to the Tools > Altiris Tools menu: [ Appl i cat i on name or submenu decl ar at i on] MenuText =<t he appl i cat i on name di spl ayed i n t he menu> Descr i pt i on=<t he name di spl ayed when you mouse over t he menu i t em> Wor kDi r =<di r ect or y set as def aul t when execut abl e i s r un> Execut abl e=<pat h t o t he execut abl e f i l es> The ATools.ini file extends the main Tools menu on the console. This sample file contains one submenu, Web Tools, and two additional menu items, Notepad and Netmeeting. The .INI files are located in the Deployment Share. [ Submenus] Web Tool s=wt ool s. i ni [ Not epad] MenuText =Not epad Edi t or Descr i pt i on=Si mpl e Edi t or Wor kDi r =. Execut abl e=C: \ WI NNT\ not epad. exe [ Net Meet i ng] MenuText =Net Meet i ng Descr i pt i on=Net Meet i ng Wor kDi r =. Execut abl e=C: \ Pr ogr amFi l es\ Net Meet i ng\ conf . exe Deployment Solution 81
Another Tools .INI file is wtools.ini. It is a submenu file referenced by the main ATools.ini file. On the main menu, this is titled Web Tools (see Tools.ini) and contains two applications, Internet Explorer and Adobe Acrobat. [ Expl or er ] MenuText =Expl or er Descr i pt i on=Wi ndows Expl or er Wor kDi r =. Execut abl e=C: \ Pr ogr amFi l es\ I nt er net Expl or er \ expl or er . exe [ Acr obat ] MenuText =Acr obat Reader Descr i pt i on=Acr obat Reader Wor kDi r =. Execut abl e=C: \ Pr ogr amFi l es\ Adobe\ Acr obat \ acr obat . exe Computer Filters and Job Conditions Use this dialog while creating a computer group filter to filter only the specified computers in a computer group, or while setting conditions for task sets when running a job only on the specified computers in a group. See Creating a Computer Group Filter on page 82 and Setting Conditions for Task Sets on page 149. Creating Conditions to Assign Jobs You can set conditions on a scheduled job to run only on the computer devices that match a defined criteria. As a result, you can create a single job with tasks defined for computers with varying properties, including the type of the operating system, network adapters, processors, free disk space, and other computer properties. For each job, you can now create task sets that are applicable only to the computers matching those conditions. Creating Custom Tokens You can create custom tokens to set conditions based on the database fields not provided in the available preset conditions in the Conditions dialog. Example: Select User Defined Token from the drop-down list in the Fields box. Select contains in the Operation field, and enter Milo in the Value field. In the Token field, enter the following custom token: %#! comput er @l i c_os_user %. This filters out only the jobs with the registered license user named Milo. The job runs only on the computers that meet the specified criteria. Click a job in the Jobs pane. The Condition feature appears in the Details pane. Click Setup to add new conditions or edit existing conditions. When you are setting conditions to schedule a job, select from a list of predefined database fields or create custom tokens that key on other fields in the database. Deployment Solution 82
Creating a Computer Group Filter The Computer Filters dialog displays a list of all computers in a group according to the specified criteria. Example: You can create a filter to view all the computers in a particular group that have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter, you can view all the computers that meet the specified criteria in the Details pane of the Deployment Console. To create or modify a computer filter 1. Click the All Computers group or any other computer group. 2. On the Filter bar in the Details pane, click Setup > New to create a new filter. Or Click Setup > Modify. 3. Type a name for the filter and click Add. The Filter Definition page appears. 4. Define the conditions you want to filter. Click the Field box to see a list of computer values stored in the Deployment Database. Select a computer value and set the appropriate operation from the Filter Name Description Active Computers Displays all the active computers. Inactive Computers Displays all the inactive computers. Computers With Failed Jobs Displays all the computers where jobs have failed to execute. Windows 2000/ 2003/2008 Displays only the computers with Windows 2000, 2003, or 2008 operating systems. Windows XP/ Vista Displays only the computers with Windows XP or Vista operating systems. Windows CE (PDAs) Displays only the computers with Windows CE operating systems. Linux Displays only the computers with Linux operating systems. Windows XP Embedded Displays only the computers with Windows XP Embedded operating systems. Windows CE .NET Displays only the computers with Windows CE .NET operating systems. Pocket PC (PDAs) Displays only the Pocket PC computers.
Click a computer group in the Computers pane. The Filter feature appears in the Details pane for the selected computer group. Click Setup to add new filters, or to modify and delete existing computer filters. Deployment Solution 83
Operations list. In the Value box, enter an appropriate value for the selected database field. Example: You can choose Computer Name as the Field, Contains as the Operation, and Sales as the Value. 5. Repeat to include other conditions. Click OK. General Options Use the Program Options feature to set the general options for Deployment Solution. Click Tools > Options to view the Program Options dialog. Console options Global options Task Password options Domain Accounts options RapiDeploy options Agent Settings options Custom Data Sources options Console options Set basic console features for miscellaneous refresh actions and warning messages. Scan resource files for changes every ____ seconds. Specify how frequently (in seconds) the Deployment Console updates its view of package files in the Resources view. See Shortcuts and Resources View on page 73. Warn user when no tasks are assigned to the 'default' condition. When a job is assigned to computers and the default condition has no tasks assigned, a message appears. The job has no secondary default tasks assigned if a computer in the group does not meet the primary conditions. See Setting Conditions for Task Sets on page 149. Refresh displayed data every ____ seconds. Refresh the display of data accessed from the Deployment Database. This lets you refresh console data at defined intervals instead of updating every time the Deployment Console receives a command from the server, which can be excessive traffic in large enterprises. Global options Set global options for the Deployment Server system. Delete history entries older than _____ days. Specify the number of days entries are kept in the history before they are deleted. Enter any number between 1 and 10,000. If you dont select this option, log entries remain in the history. Remove inactive computers after ____ days. Specify the number of days you want to keep inactive computers in the Deployment Database before they are deleted. The default value is 30 days, but any number between 1 and 10,000 is valid. Synchronize display names with computer names. Automatically update the displayed name of the managed computer names in the console when the client computer name changes. If this option is not selected, changes to the computer names Deployment Solution 84
are not reflected in the console. Synchronization is off by default. The names do not have to be synchronized for the Deployment Server to manage the computer. Reschedule failed image deployment jobs to immediately retry. Immediately retry a failed image deployment job. The program continues to retry until the job succeeds or until the job is cancelled. Client/server file transfer port: _____. Specifies a static TCP port for file transfers to the clients. The default value is 0 and causes the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamically assigned port. Automatically replace expired trial licenses with available regular licenses. Lets Deployment Solution automatically assign a permanent license to the computer after the trial license expires. Note Be careful when using this option. Ensure that you do not give a permanent license to computers you do not want to manage after their trial license expires. Display Imaging status on console. Displays the status of the imaging job on the Deployment Console. Remote control ports. Specifies ports for using the Remote Control feature. You have the option to enter a primary port address and a secondary port address (Optional). Remove task passwords when exporting or copying jobs. Specifies that you must remove the task password when exporting or copying jobs. Display only computers and jobs the user has permission to operate on. Displays only the computers and jobs that the user can operate. If this option is not selected, all computers and jobs are displayed. If this option is selected when security is enabled and the logged-on user has administrator rights, all computers and jobs are displayed. However, if this option is selected when security is enabled and the logged-on user does not have administrator rights, the code to compose the computer tree and job tree requires a few additional steps. A computer is displayed if the logged-on user has any permission on the computers group or if the computers group inherits any permissions from a parent folder. This option applies to jobs and job folders. Primary lookup key(s). Specifies the lookup key type used to associate a new computer with a managed computer. The options are Serial Number, Asset Tag, UUID, or MAC Address. Sysprep Settings. This lets you enter global values for Sysprep. See Sysprep Settings on page 84. Sysprep Settings View and configure the Sysprep settings for the Deployment Server. OS Product Key dialog In the OS Product Key dialog, select the suitable operating system from the Operating System drop-down list. After you select the operating system, a list of all product keys for the selected operating system appears. Select an operating system from the Operating System drop-down list, and click Add to type the Product Key. You can type up to 29 characters for the Product Key. The new product key is added to the list of available keys of the selected operating system. Deployment Solution 85
To modify a product key, select the product key to be modified, and click Edit. To remove a product key, select the product key to be deleted, and click Remove. Note If the product key is being used by another task, you cannot delete the product key. You are prompted with a message stating that the product key is being used by another task. Task Password options According to the network and security properties, the passwords for administrators and users change after a certain number of days. In such a scenario, the password becomes invalid and all jobs and tasks using the user name whose password changes must be modified to use the new password. The Task Password option provides administrators with a simple option to manage all password changes from a centralized location. This feature lets you set or change user passwords from a central location, so you can modify the password for the Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks when creating or modifying jobs. However, this tab is enabled only to administrators and select users who have been granted the appropriate privileges. The Status field displays the results of password updates. Example: User As user name and password is used in ten tasks. If you want to update the password for these ten tasks, you can do so through the Task Password option. After the password is updated, the Status field displays the message: Password for 10 tasks updated. Domain Accounts options This sign-on feature retrieves the name of the administrator (or user with administration rights) and the password for each domain, avoiding the need to log on for each managed computer when completing imaging and configuration jobs. Click Add to enter the Domain name. The Add Domain Account page appears. Enter the name of the selected domain and provide the administrator credentials. Click OK. The administrator name and domain are listed in the Domain Accounts list box. Note To enter the administrator user name for a Windows XP domain, you must add both the domain name and the user name. Example: Instead of entering only the user name j doe, you must enter domai nName\ j doe. RapiDeploy options This feature optimizes the multicasting ability of the RapiDeploy application in the Deployment Server, letting you deploy images to a group of computers simultaneously, download an image from a file server, or access a local hard drive, and manage the imaging of several client computers concurrently. Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter driver, you can enter a range of IP addresses when using the multicasting feature for faster computer deployment and management. The Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and operating system layers. Deployment Solution 86
However, because some network adapter cards do not handle multiple multicast addresses, you can also identify a range of ports to identify these computers. On the first pass, the Deployment Server accesses the selected computers using the list of IP numbers. On the second pass, the Deployment Server accesses the selected computers using the port numbers or higher level operating system IDs. Note Multicasting images are not supported when using the UNDI driver on PXE, and are disabled on the client. Click Reset to set the default values. Agent Settings options These are the default agent settings for new computers. Click Change Default Settings to change Windows Agents Settings for Windows and DOS. The Change Default Settings option is enabled only if you select the Force new agents to take these default settings or the Force new Automation agents to take these default settings option. Set Deployment Agent settings for new computer accounts or set Deployment Agent settings for DOS for new computers. See Deployment Agent Settings on page 110 and Deployment Agent Settings for DOS on page 116. These default settings are applied only for new client computers that have never connected to the Deployment Server, and have no information stored in the Deployment Database. These settings are not for the existing managed computers, nor are these settings applied when setting properties using the Remote Agent Installer. When the Deployment Agent connects, the Deployment Server verifies if the computer is a new or an existing computer. If the client computer is new and if the Force new agents to take these default settings option is selected, the Deployment Agent on the client computer receives the default settings established in the Options > Agent Settings dialog. If the computer is recognized as an existing managed computer, it uses the existing agent settings. The same process occurs for automation agents if the Force new Automation agents to take these default settings option is selected. Force new agents to take these default settings. Select this option to force the default settings when adding a new computer. Force new Automation agents to take these default settings. Select this option to force the default settings when adding a new automation agent connects. Custom Data Sources options This option lets you set up credentials to authenticate to external Deployment Databases and other Microsoft SQL Server databases to extract data using custom tokens. Click Add to enter an administrator alias and other login information for the Microsoft SQL Server (or MSDE) hosting the desired Deployment Database. The information required to create a custom data source entry is listed below: Alias. The alias name you want to use when referencing the external SQL database. Server. The name of the external SQL database server or IP address. Database. The name of the external database from which you want to extract data. Use Integrated Authentication. This option authenticates to the external database using the domain account you are currently logged on as. Deployment Solution 87
User name and Password. When the integrated authentication is not being used, you must provide a user name and password to authenticate to the external database. Allowed Stored Procedures. Click this tab to modify the existing list. See Allowed Stored Procedure List on page 87. Allowed Stored Procedure List Click Allowed Stored Procedures to identify the stored procedures from the selected custom data source. You can now select from the list of available stored procedures in the data source. This lets you call stored procedures outside of the Deployment Database (eXpress database) using custom tokens within scripts or answer files. Virtual Centers options You can keep a list of all VMware Virtual Center Web services. The hosts and virtual computers from each Virtual Center that have corresponding computers in the Deployment Database appear in the computer tree. These virtual computers appear under the Virtual computers node in the Computers pane. Click Add. On the Virtual Center page, enter the Display name, Server hostname, and Username. By default, the port number is displayed. You can also set up a password for the selected user. Security in Deployment Solution Deployment Solution provides a security system based on associating job and computer objects with user and group permissions, letting IT personnel be assigned to different security groups to manage operations on specific computer groups or job folders. Each security group can perform only a defined scope of deployment operations on each computer group or job folder. Additionally, each user can be assigned rights to access general console features. Note Security rights and permissions set in one console are enforced in all Deployment Consoles. See Best Practices for Deployment Solution Security on page 87, Enabling Security on page 88, Setting Permissions on page 92, Groups on page 90, and Rights on page 91. Best Practices for Deployment Solution Security Deployment Solution is based on defining groups of users and groups of computers and jobs, and associating one with another. Altiris recommends that you first create user groups based on administration duties or access to levels of deployment operations.
To set general security rights, click Tools > Security and add a user name and password. You can create users and groups and set scope-based rights. To set feature-based permissions for specific computers or jobs, select the object in the console, right-click and select Permissions. Deployment Solution 88
Example: You will most probably set up a group with full Administrator rights. This group will have access to run all operations on all computers using all types of jobs. No permissions need to be set on each computer group or job folders for the Administrator group because this has full rights to all features and resources. However, you can also set up a Technician group that has only basic access and permissions limiting deployment operations. This prohibits members of the group from re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You can explicitly Allow or Deny the group from running these operations for each computer group in the Computers pane or each job folder in the Jobs pane. After creating the Technician group, you can limit their rights to set General Options and set permissions on each computer groups and job folder for the group. See General Options on page 83. You can select the computer group, right-click it and select Permissions. Select the group name in the left pane, and click Allow or Deny for a list of deployment operations. Example: You can select the Deny check boxes for Restore, Schedule Create Disk Image, and Schedule Distribute Disk Image. Additional groups can be created with different rights and permissions depending on the needs and responsibilities in the IT team. If users are assigned to multiple groups, the Evaluate Permissions and Evaluate Rights features are sorted and display effective permissions and rights. Enabling Security You can enable security by first creating a group with Administrator rights, adding a user to the Administrator group, and selecting Enable Security. Note When the Administrator Right is selected, you do not need to select any other rights because the Administrator Right implies that all other rights are selected. 1. Click Tools > Security. The Security dialog appears. 2. Click the Manage User Groups tab and click Add. The Add User Group dialog appears. 3. Select the authentication type. You can add a DS group or a group from the Active Directory. To add groups from Active Directory, see Adding groups from the Active Directory on page 90. 4. Click DS Group. Note The Browse option is disabled for Local Group. 5. Type a name and description in the Add User Group dialog. Click OK. The group name appears in the window. 6. Select the new group name and click Rights. 7. Select Administrator in the Rights dialog. This assigns complete rights and permissions to the group. Click OK, and click Close. 8. On the main Security dialog, click the Manage Users tab, and click Add. The Add User Account dialog appears. Deployment Solution 89
9. Select the authentication type. You can add a DS user or a user from the Active Directory. To add users from the Active Directory, see Adding users from the Active Directory on page 89. 10. Select the DS User option in the Add User Account dialog. Note The Browse option is disabled for DS User. 11. Type the user name, full name, and password. Retype the password, and enter a description for the user. Click OK. 12. Select the user name in the main Security dialog. Click Rights. 13. Click the name of the new Administrator group in the Groups window. This assigns the new user to the new group with Administrator rights. Click OK. Note You can assign the user Administrator rights directly, but we recommend you to assign users to groups. See Best Practices for Deployment Solution Security on page 87. 14. Now that you have a user with administrator rights, select the Enable Security box. Security is now enabled. You can now create users and groups and assign permissions to computer groups and job folders. Adding users from the Active Directory You can add users from the Active Directory. 1. In the main Security dialog, click the Manage Users tab, and click Add. 2. Select the AD User option in the Add User Account dialog. 3. If you know the user name, type it in the User name field, or click Browse to select the user from the Active Directory. The password field is deactivated because the user is being added from the Active Directory. Note You can add only one user at a time. To import users, see Importing users from the Active Directory on page 89. 4. Enter a description for the user in the Description box. 5. Click OK. Importing users from the Active Directory You can also import users from the Active Directory. To open a standard Windows Active Directory dialog, from the main Security dialog, click the Manage Users tab, and click AD Import. Add users from Active Directory, not groups. The users are added to the Deployment Database. However, you still need to assign the users to security groups with appropriate rights and permissions. Deployment Solution 90
Note When logging on with the imported AD account, Deployment Solution accessed the Windows Active Directory server to validate the user password. Evaluate Rights Click Evaluate Rights to identify the combined rights of the selected user and its user group(s). This feature identifies effective rights for each user by resolving any possible conflicts between multiple group settings. Groups Assign the user to previously created groups. If you are enabling security, you can assign the user to a group with Administration rights. To add groups, from the Security dialog, click the Manage User Groups tab, and click Add. Select the authentication type, and type the required details. You can view the members of any group by clicking the group in the Manage User Groups dialog and clicking View Members. See also Best Practices for Deployment Solution Security on page 87 and Enabling Security on page 88. Adding groups from the Active Directory You can add users from the Active Directory. 1. In the main Security dialog, click Manage User Groups tab, and click Add. 2. Select AD Group in the Add User Group dialog. 3. If you know the group name, enter it in the Name field, or click Browse to select the group from the Active Directory. A list of groups, along with their descriptions, appears in a new dialog. Select a group from the list and click OK. 4. The Name, Domain, and Description are displayed. However, you can modify the description. Click OK. The newly added group appears in the main Security dialog. Importing groups from the Active Directory You can also import users from the Active Directory. In the main Security dialog, click the Manage User Groups tab, and click AD Import to open a standard Windows Active Directory dialog. Add groups from Active Directory. You can choose a domain from the Domain List, and select a group from the displayed list. The group is added to the Deployment Database. However, you still need to assign the users to security groups with appropriate rights and permissions. DS Authentication If the user is already in the Deployment Database and tries to access the Deployment Console, the Deployment Server checks the authentication with the logged on user, and upon matching does not prompt for user credentials. Similarly, if a group is already added in the Deployment Database and if a logged-on user, who is a part of the AD group, tries to access the Deployment Console, the Deployment Server does not prompt for credentials. Deployment Solution 91
Rights This dialog lets you set general rights for a user or group. To verify, add, or change the rights assigned to each console user, use the following steps: 1. On the Security page, select a user and click Rights. 2. On the Set rights for window, click the Rights tab. 3. Select the check box for each right you want to grant. 4. After selecting all applicable rights, click OK to save your changes. A brief explanation of each Deployment Server right that can be assigned is given below: Administrator. Lets the user access all features available on the Deployment Console. You must have Administrator rights to enable security. See Enabling Security on page 88. Options Console. Lets you set the view and the Console options. See Console options on page 83. Options Global. Lets you set the view and the Global options. See Global options on page 83. Options Domain Accounts. Lets you set the view and the Domains Accounts options. See Domain Accounts options on page 85. Options RapiDeploy. Lets you set the view and the RapiDeploy options. See RapiDeploy options on page 85. Options Agent Settings. Lets you set the view and the Agent Settings options. See Agent Settings options on page 86. Options Custom Data Sources. Lets you create Custom Data Sources options. See Custom Data Sources options on page 86. You can view, create, and set database aliases. Manage Rejected Computers. Lets you view rejected computers in Deployment Solution and change their status. See Rejected Computers in Deployment Solution on page 94. Refresh Clients. Lets you refresh Deployment Solution clients. See Refresh Deployment Solution on page 94. You can use the View > Refresh clients <CTRL +F5> feature to disconnect and reconnect client computers. Allow Scheduling on All Computers Group. Lets you schedule jobs on All Computers. If you have administrator rights, by default, you have the rights to schedule job on all computers, irrespective of the check box state. You can grant this right to a specific user or a group. Import/Export. Lets you import and export jobs and import computers as well. See Importing and Exporting Jobs on page 189 and Importing New Computers from a Text File on page 100. Options Task Password. Lets you centrally update passwords for users and groups so they can access the Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks. You must have administrative rights to access this option. See Task Password options on page 85. Use PXE Configuration Utility. Lets you use the PXE Configuration Utility. Deployment Solution 92
Options Virtual Centers. Lets you view and add options for Virtual Centers. See Virtual Centers options on page 87. Setting Permissions Set permissions for jobs, job folders, computers, and computer groups. See Best Practices for Deployment Solution Security on page 87 for additional design tips. 1. Right-click on a computer group or job folder (or individual computers and jobs) and select Permissions. The Object Security dialog appears. 2. Click the Groups tab and select a group name. Or click the User tab and select a user name. 3. From the list in the right pane, select if you want to Accept or Deny permission to run the operations on the selected computer or job objects. These permissions include access to remote operations using Deployment Solution and features for scheduling Deployment tasks. See Remote Operations Using Deployment Solution on page 122 and Deployment Tasks on page 152. 4. Select the Allow or Deny check box to explicitly set security permissions for these Deployment Solution features for the selected objects. Note Administrators have access to all objects with unrestricted rights and permissions. You cannot explicitly deny permissions to computer or job objects for users with administrator rights. 5. To assign permissions to multiple groups, click Set permissions on all child objects to assign the values without closing the dialog. Note You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers pane without selecting a job or computer object. Permission Rules Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with Administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree, and uses the first permission it finds. If a console user does not have permissions to run all tasks the job contains, the user cannot run the job. Deployment Solution 93
Evaluate Permissions Click Evaluate Permissions to identify the combined permissions of groups and containers with conflicting permissions. This feature identifies effective permissions for each object by resolving any possible conflicts. If a job includes multiple tasks and one of the tasks does not have sufficiently assigned permissions, the whole job fails due to lack of access permissions. Note Permissions to schedule jobs also lets a user delete jobs in the Details pane after a job runs. Example: If a job contains errors and does not run, no other jobs can be scheduled. The user must delete the job before scheduling a new job. Connecting to Another Deployment Server From the Deployment Console, you can connect to other Deployment Servers on your LAN and manage computers outside of the network segment you are currently logged on to. To open a connection, you must connect to the Deployment Database of the preferred Deployment Server connection using the ODBC Data Source Administrator. Note Although you are accessing another connection (another Deployment Database), Windows remembers the last place you browsed to, which would be the Deployment Share of the previous Deployment Server connection. You need to browse to the new connections Deployment Share to access its shared folder that contains its RIPs, images, executables, and other resources. Connecting to a new Deployment Database 1. Click New. The Define Connection Information dialog appears. 2. Enter a name for the connection to be opened. 3. Establish an ODBC data source. a. Click ODBC Administrator. b. Click the System DSN tab, and click Add. c. Select the SQL Server driver source and click Finish. d. In the Create a New Data Source to SQL Server dialog, enter a name and description for the data source. e. If an entry for your server already exists, select it from the menu. Otherwise, enter the name of the server hosting your remote SQL server in this field. Click Next. f. Click Next in the Create a New Data Source to SQL Server dialog to accept the default settings for authentication. Click File > Connect to or press CTRL+O to open the Connect to Deployment Server dialog. Enter the required information to connect to the external Deployment Server connections using an ODBC driver. Deployment Solution 94
g. Select the Change the default database to option and select eXpress from the drop-down list. Click Next. h. Click Finish. The specifications for the new ODBC data source appear. i. Click Test Data Source to verify that the source is reachable. j. Click OK. You return to the main ODBC Data Source Administrator dialog with your new data source listed in the System DSN tab. Click OK. 4. From the ODBC Data source name drop-down list in the Define Connection Information dialog, select the new Data Source name you just created. 5. In the Installation Directory path field, enter or browse the full UNC path (or path using any locally mapped drive) to the directory of the required Deployment Server, such as: \\server\express or H: 6. Click OK. Rejected Computers in Deployment Solution When an unwanted managed client computers attaches to your Deployment Solution system, you can right-click the computer in the Computers pane and select Advanced > Reject Connection. You can view these rejected computers by clicking View > Rejected Computers. The rejected computers are prohibited from being active in the Deployment Database. They are identified and rejected by their MAC address. You can remove computers from the Rejected Computers list by selecting it and clicking Accept Computer(s). This lets the computer to attach again and be managed by the Deployment Solution system. Refresh Deployment Solution You can refresh the Deployment Console by clicking View > Refresh Console (or pressing <F5>) to update data from the Deployment Database. You can also click View > Reset Client Connections (or press Ctrl+<F5>) to disconnect and reconnect all managed computers in a Deployment Server system. When you refresh the managed client computers, you are asked if you want to disconnect all computers. Click Yes. This tells the Deployment Agent to shut down and restart. It also creates additional network traffic when all computers connect and disconnect. By refreshing the managed client computers, you ensure that you are viewing the current status and state of all computers resources in your system. Deployment Solution 95
Managing Computers From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage all computer resources across your organization, including desktop computers, notebook computers, handheld computers, network and Web servers, and network switches. You can quickly modify any computers configuration settings or view its complete management history. Or you can take on big projects, such as completely re-image the hard drive, restore software, and migrate personality settings for a whole department. You now have management of all your computer resources available from a Windows or Web console from any location. All computer resources can be accessed and managed as single computers or organized into computer groups with similar hardware configurations or deployment requirements, letting you run deployment jobs or execute operations on multiple computers simultaneously. You can use search features to locate a specific computer in the Deployment Database, or set filters to sort computers by type, configuration, operating system, or other criteria. Manage with Computer icons. Major computer types are identified by a computer icon in the console, with a list of scheduled jobs and operations associated with each computer. In the Deployment Console, you can assign and schedule deployment jobs to computers or groups by dragging the computer icon to a job in the Jobs pane, or vice versa. See Viewing Computer Details on page 96. Add new computers. Deployment Solution lets you add new computer accounts and set configuration properties for new computers before they are recognized by the Deployment Server system. Preset computer accounts automatically associate with new computers when they start up, or can be associated with pre-configured computers. See Adding New Computers on page 97. Deploy to groups of computers. Organize computers by department, network container, hardware configuration, software requirements, or any other structure to
Computer icons appear in the Computers pane of the Deployment Console, where they can be organized into groups. To assign and schedule a job on a computer in the Deployment Server Console, drag a computer icon or group icon to a job icon.
Click New Computer on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer. When the new computer starts up, you can assign it a preset account.
Click New Group on the console to add a new group in the Computers pane of the Deployment Console. You can also click File > New > Computer Group or right-click in the Computers pane and select New Group. Deployment Solution 96
meet your needs. You can deploy and provision computers on a mass scale. To filter computers in a computer group to schedule jobs only to the appropriate computer types, see Computer Filters and Job Conditions on page 81. Configure Computer Agents. See the property pages for modifying Deployment Agent settings. See Deployment Agents on page 109. View and configure computer properties. You can modify computer settings for each computer from the console. See Computer Configuration Properties on page 101. Or you can view the Computer Properties page for detailed access to a computers hardware, software, and network property settings. See Computer Properties on page 119. Run remote operations from the console. Perform operations quickly in real time from a Deployment Console. Restore a computer to a previous state, configure property settings, send a file, remote control, chat, set security, run deployment jobs, or select from additional management commands. See Remote Operations Using Deployment Solution on page 122. Build and schedule jobs. Build deployment jobs with one or more management tasks to run on selected computers. Create jobs, add tasks, and assign the job to computer groups. Jobs can be organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling Jobs on page 143. Manage Servers. Deployment Solution also manages network or Web servers to administrate high-density server farms or server network resources across your organization. See the Deployment Solution Reference Guide. Viewing Computer Details In Deployment Solution, a computer resource is identified in the console with a distinctive icon to display the computer type Windows desktop or notebook, handheld, server, or Linux operating system and its current status. These computer icons change to convey the state of the computer, such as the log on status, server waiting status, or user with a timed license status. You can also view the status of the jobs assigned to the selected computer in the Details pane of a Deployment Console. See Viewing Job Details on page 143. The following is a sample list of computer icons displayed in each Deployment Console, identifying the computer type and state. A computer connected to the Deployment Server with a user logged on. A computer connected to the Deployment Server, but the user is not logged on. A computer with a time-limited user license and a user logged on. A computer not currently connected to the Deployment Server, but known to the Deployment Database. Deployment Solution 97
See also Deployment Agents on page 109. Adding New Computers Computers can be added to the Deployment Database using the following methods: A pre-configured computer with values defined in advance using the New Computer feature. As soon as the computer connects, the Deployment Server recognizes the new computer and this icon appears. See Adding New Computers on page 97.
A managed computer waiting for user interaction before running deployment tasks. This icon appears if the Workstations check box is selected in Initial Deployment. See Sample Jobs in Deployment Solution on page 193. A computer identified as a master computer used to broadcast images to other client computers.
A connected handheld computer. A managed server connected to the Deployment Server with a user logged on. Additional icons identify different states of server deployment. A managed Linux computer connected to the Deployment Server with a user logged on. Additional icons identify different states of Linux computer deployment.
Physical view of Rack/Enclosure/Bay components for high-density server systems. These icons appear as physical representations to allow management of different levels of the server structure. In addition, server icons identify logical server partitions. See Bay on page 121 for properties and rules to deploy Rack/Enclosure/Bay servers.
Select the New Computers or All Computers group to run jobs or operations for these default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar computer types or to list computers of similar departments or locations. Click the New Group icon on the toolbar or select File > New > Computer Group to create a new group. Deployment Solution 98
Install the Deployment Agent. If you install the Deployment Agent to a computer with the operating system already installed, the computer is added automatically to the Deployment Database at startup. New computers with the Deployment Agent installed are added to the All Computers groups (unless otherwise specified in the Deployment Agent configuration). You can move the computer to another group if required. Use Initial Deployment to configure and deploy new computers booting to automation. Starting up a new computer with the Automation Agent lets you image the hard drive, assign IP and network settings, distribute personal settings and software, and install the Deployment Agent for new computers. Using Initial Deployment, you can associate new computers with pre-configured computer accounts. These newly configured computers appear in the New Computers group. See Sample Jobs in Deployment Solution on page 193. Create or import computer accounts from the Deployment Console. You can add new computers using the New Computer feature or import computers using a delimited text file. You can pre-configure computer accounts by adding names and network settings from the console. See Creating a New Computer Account on page 99. About New Computers When a new computer starts up, if Deployment Server recognizes the MAC address provided in a New Computer account or import file, it automatically associates the user account at startup with the New Computer icon. If this value is not provided, the computer appears as a pre-configured computer account, letting you associate it with a new computer.
Pre-configured Computer Account A pre-configured computer account can be associated with a new computer using the Initial Deployment feature. You can create multiple pre-configured computer accounts and associate the account with a new computer when it boots to automation. At startup, the configuration settings and jobs assigned to the pre-configured computer account can be associated with the new computer. Deployment Solution provides features to create a pre-configured computer account to pre-define a computers configuration settings and assign customized jobs to that computer even if you do not know that computer's MAC address. This type of computer is known as a pre-configured computer account. Pre-configured computer accounts offer a lot of power and flexibility, especially when you need to deploy several computers to individual users with specific needs. Pre- configuring a computer account saves your time because you can configure the computer before it arrives on site. You can set up as much configuration information
The New Computer icon appears for a new computer if the MAC Address is provided when creating a new computer account using any import or new computer account feature.
A pre-configured computer account icon appears if specific hardware data (MAC Address) is not known. As soon as the computer starts up and is associated with a pre-configured computer account, Deployment Server recognizes the new computer and this icon appears. Deployment Solution 99
(such as computer name, workgroup name, and IP address) as you have about the computer and apply it to the new computer when it comes online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer using customized images, .MSIs, and .RIPs, based on a user's specific needs. Example: A user might request Windows 2000 with Office 2000 and virus scanning software installed on the new computer. The user also might request that the computer personality (customized user settings, address books, bookmarks, familiar desktop settings) be migrated from the old system. You can build any job, including any of the available tasks, and assign it to a pre-configured computer account. When the new computer finally arrives, you are ready to deploy it because you have done all the work in advance. Boot the client computer to automation, and the new computer can connect to the server and become a managed computer. Now you can perform an Initial Deployment or run a deployment imaging job on the new computer. Creating a New Computer Account You can create computer accounts for individual computers or for computer groups. When creating new accounts for computer groups, you can automatically assign new names and associate them with existing computer groups or the New Computer group. To create a new computer account 1. In the New Computers dialog, click Add. The New Computer Properties page appears. 2. Enter names and configuration settings for each new computer account using the Computer Configuration screens. See Computer Configuration Properties on page 101 for a description of the configuration settings. Note If you do not enter a MAC address, the computer you create or import becomes a virtual computer. 3. (Optional) Click Import to add new computers from a delimited text file. See Importing New Computers from a Text File on page 100. 4. Click OK. A pre-configured computer account icon appears in the Computers pane. When a new computer starts up, you can assign it to this preset account. To create and associate multiple computer accounts You can create computer accounts and automatically assign predefined names. These computer accounts can be associated with computers in a selected computer group.
Click the New Computer icon on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer. Deployment Solution 100
1. Select a computer group, including the New Computers group (empty groups cannot access features). Right-click and select the Configure command. The Computer Configuration Properties dialog appears. 2. Enter names and configuration settings for each new computer account using the Computer Configuration screens. See Computer Configuration Properties on page 101. 3. (Optional) Click the Microsoft Networking category and click Define Range. a. In the Fixed text field, enter a base computer name. Example: Sales. b. In the Range start field, enter a numeral or letter to add to the Fixed Text name. This creates a unique name for a group of computers starting with the specified character. The range of numerals and letters is assigned to the computer name. Example: Enter 3. c. Select Append to add the range of numerals after the computer name. Clear the check box to add names before the computer name. In the above example, the Result field displays computer names beginning with Sales3 and ending with Sales12. 4. Click Associate. You can now associate computers in a group (including the New Computers group) with the multiple computer accounts. 5. Click OK. Importing New Computers from a Text File You can import computer configuration data using delimited text files (.TXT, .CSV, or .IMP files) to establish multiple computer accounts in the Deployment Server database. This file contains all configuration data for a new computer, including all settings in the Computer Properties of a selected computer. See Computer Properties on page 119. 1. Click File > Import/Export > Import Computers. A dialog appears, letting you select import files. These files can have .XML, .TXT, .CSV, or .IMP extensions. 2. Select the import file. Click Open. If a correctly formatted computer import file is selected, a message appears, informing you that the computer import is complete and identifying the number of computers added. Click OK. New computers appear as pre-configured computer accounts in the Computers pane of the console (as single computers or in groups), and any jobs imported from the import file are listed in the Jobs pane. Note Jobs can be added to the import file. They can be created and associated with the new computers. If the computer import file is incorrectly formatted, a warning appears, stating that the computer import file is incorrect. 3. Edit computer settings by selecting a computer from the list and clicking Properties. Deployment Solution 101
4. The Computer Properties page opens. You can edit or add values not set in the import file, such as computer name, TCP/ IP settings, user name, and other configuration settings. 5. Click OK. The imported computers appear in the Computers pane of the Deployment Console. You can also import a computer to be placed in a sub-folder in the Computers pane and create a job to be associated with the imported computer. See the sample import file for additional information. Referencing the Sample Import File When creating an import file, use either the ImportComputers55.txt file or the ImportComputers55.xls file in the Samples folder of the Deployment Share. The ImportComputers55.txt file provides a sample import template you can access to test the Import feature. The ImportComputers55.xls file is a Microsoft Excel spreadsheet that lets you add values to each identified column and save the file as a delimited TXT file to import to the Deployment Database. The sample import file places a computer (DB Computer 1) in a computer group (Test Group) and adds a job (Test Job) associated with the imported computer. Deploying New Computers on a Mass Scale If you need to deploy large numbers of computers (100 to 5,000), consider using a barcode scanning system to collect user information (names, operating system, and application needs) and computer information (MAC address, serial numbers, asset tags). You can save this information to a file, which can be imported into the New Computers List View. Depending on the number of incoming computers, the amount of information you have about those computers, and the needs of individual users, you can use either the pre-configured computer account method (best for smaller numbers of new computers) or the Initial Deployment job (best when deploying generic setups by departments or groups). If you are using an import file, ensure you know the primary lookup key. This information is required by Deployment Server to set up a unique computer. The primary lookup key can be the Serial Number, Asset Tag, UUID, or MAC address. Computer Configuration Properties These computer property settings can be viewed, set, and modified when performing the following computer management operations: Adding New Computers on page 97. Modifying Configuration on page 179. Create or edit property settings in a deployment job. Sample Jobs in Deployment Solution on page 193. Click the configuration group icons to set additional computer property values. After you edit these computer property settings, the computer restarts so that the changes can take effect. Deployment Solution 102
General Configuration Settings General Configuration Settings Set the most important value from this property sheet. It includes the name of the computer in Deployment Solution, the NetBIOS name of the computer, the MAC address and other settings. Microsoft Networking Configuration Settings Set the Windows name of the computer and the Workgroup or Domain settings. TCP/IP Configuration Settings Set the TCP/IP addresses for one or more network adapters. NetWare Client Configuration Settings Set Novell Directory Services client logon options. Operating System Licensing Configuration Settings Set the registered user name and view the hashed installation license key for the installed operating system. User Account Configuration Settings Set the local Windows user account values.
The General category provides access to important property settings that are also listed in other configuration categories. Click other category icons to view and set additional configuration properties. Field Description Name Provides a name that appears in the Deployment Console (not the BIOS name of the computer). Note The Name field is disabled for multiple computer configuration. MAC address The unique identification address of the network adapter. Serial Number The serial number of the computers motherboard. Asset Tag The asset tag of the computer, if available. Computer Name The Windows name of the computer. IP Address Current IP address of the computer. Multiple IP addresses are listed in this box. Registered User The name of the user who registered the operating system software. License key The hash value rendered from the OEM key or 25-digit license key required when installing the operating system. User name The user name for the local Windows user account. Full name The full name for the local Windows user account. Deployment Solution 103
Microsoft Networking Configuration Settings Use Sysprep to generate unique SIDs. This can be done by manually running the utility or selecting this feature while installing the Deployment Agent. Password The password for the local Windows user account. See also Computer Configuration Properties on page 101.
Enter the computer name and workgroup or domain property settings for the managed computer. If you are using Active Directory, you can add computers to a domain and a specified organizational unit (OU). Field Description Computer name This is the NetBIOS name for the computer. The name must be unique in the network and limited to 15 characters. Note This field is disabled for multiple computer configuration. Use Token for computer name Select this check box to specify the computer name using tokens. Selecting this option enables the Select Token option and disables the Define Range option. Note This option is applicable for multiple computers and not for single computers. Select Token: You can select one of the following tokens from the drop-down list. %NAME%- Complete computer name. %NICyMACADDR%- MAC address of the computer with NIC specific number. Selecting this option enables the NIC Number option. You need to specify the NIC number, which ranges from 1-8. %SERIALNUM%- Serial number from SMBIOS. %NODENAME%- First 8 characters of actual computer name. The NIC Number textbox is visible for NIC number input; the default value is 1. Field Description Deployment Solution 104
TCP/IP Configuration Settings Define Range Click to create a sequential range of computer names. The Computer Name Range dialog appears. For new computers, set a range of names for multiple new computers. Fixed text. Enter the text portion of the name that you want to associate with each computer. Example: MARKETING. Range start. Enter a whole number to add to the fixed text. Example: 1. Append. Select this check box to add the range after the fixed text in the computer name. If you clear this box, the number is added as a prefix to the fixed text. Result. View an example of the selected names that is assigned to each computer. Example: MARKETING1...MARKETING6. Note When setting name ranges, do not set names using multiple Modify Configuration tasks and assigning the names by setting conditions for task sets. If you set up two separate name ranges to be assigned by separate conditions, the computer names increment irrespective to the base name. See Modifying Configuration on page 179, Setting Conditions for Task Sets on page 149, and Computer Configuration Properties on page 101. Workgroup Select this option and enter the name of the workgroup to place the managed computer. Note You can select either the Workgroup or the Domain option. Domain Enter either the fully qualified domain name, the DNS domain name, or the WINS domain name. You can enter the fully qualified domain name (Example: mjones.yourcompany.com), and specify the organizational unit (OU) using this format: OU/newOU/users. The complete entry to place the computer in the users OU is the following: mj ones. your company. com/ OU/ newOU/ user s i nt er nal . mySer ver . or g/ New Cor por at e Comput er OU/ Mai l Room/ Expr ess Mai l Ser ver s
Enter TCP/IP settings for one or more network adapters. Click Advanced to setup IP Interfaces, Gateways, DNS, WINS, and Static Routes. For computer groups, click Associate to assign a range of pre-defined IP addresses. Field Description Deployment Solution 105
Field Description Host name The DNS name of a device on a network. The name is used to locate a computer on the network. Network adapter A list of all network adapters installed in the selected computer. The network adapter with the lowest bus, device, and function number is the first listed (NIC0 - zero based). If the bus, device, and function information cannot be determined for a network adapter, it is enumerated in the order it is detected. When configuring multiple network adapters, ensure that one network adapter is not using an Intel Universal NIC driver (commonly called UNDI driver) to connect to Deployment Server. If one network adapter uses the native driver and one uses an UNDI driver, your computer appears twice in the console. Add. Enter new settings for additional network adapters installed on the client computer. You can add virtual network adapter settings to send a job to a computer group containing computers with varying numbers of network adapters. If a computer in the group has only one network adapter, it is configured only with the IP settings listed first. If IP settings are provided for additional network adapters not present in the computer, they are disregarded. If you add a new network adapter, the Remove button appears. You can remove the new network adapter by clicking Remove. See also Computer Configuration Properties on page 101. Description MAC Address. The MAC address is a unique number assigned to the network adapter by the manufacturer. You cannot change this number. The MAC address appears in this box when you view computer configuration settings. This box is disabled when creating a Modify Configuration task. DNS connection suffix. Enter this to add domain suffixes to the root address. Obtain an IP Address automatically. Use the following IP address. Obtain DNS server address automatically. Obtain the following DNS server addresses. Reboot After Configuration. Restarts the computer after configuration. Deployment Solution 106
TCP/IP Advanced Options - IP Interfaces IP Interfaces (Linux and Windows type only). Click Add to set named interfaces for this network adapter. You can add TCP/IP addresses to an existing network adapter card on Linux or Windows operating systems. TCP/IP Advanced Options - Gateway View Gateway addresses. Click Modify to edit an existing IP address. Use the up and down arrows to move an address to the top of the list, which acts as the primary address. Review all selection by clicking the TCP/IP option on the Configuration page. TCP/IP Advanced Options - DNS Click Add to set a new DNS address. DNS server addresses, in order of use: Add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS Suffixes (in order): Add the name of the Domain Suffix and use the up and down arrows to set the DNS suffix search order. TCP/IP Advanced Options - WINS Click Add to set a new WINS address. Add additional WINS settings for this network adapter. Select one of the Enable NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, or Use NetBIOS settings from DHCP server options for this network adapter. See also Computer Configuration Properties on page 101. Field Description IP Address Add or modify an IP address common to all interfaces. Subnet mask Enter the appropriate subnet mask. Field Description Interface Name Establish Linux-specific IP interface settings. Ensure you use the eth syntax when naming new interfaces. Example: eth0:1 or eth0:new interface. Broadcast Address Enter the Broadcast address for the specified IP interface. Interface State The default value of the interface state is Up, which denotes that the named interface is operating. You can shut down the named interface by selecting Down. See also Computer Configuration Properties on page 101. Field Description Gateway Add additional gateways for this network adapter. Deployment Solution 107
Note You cannot edit this information in the Windows 98 operating systems. The Deployment Console disables the edit feature on these types of clients. TCP/IP Advanced Options - Static Routes NetWare Client Configuration Settings Field Description Destination IP address of the destination Deployment Server. Netmask Subnet mask. Gateway Additional gateways required to reach the destination server. Interface IP address for the interface over which the destination can be reached. Metric Cost associated with the route Flags (Linux) Enter the flag associated with a Linux-specific operating system. Possible flags include: U (route is up) H (target is a host) G (use gateway) R (reinstate route for dynamic routing) D (dynamically installed by daemon or redirect) M (modified from routing daemon or redirect) A (installed by addrconf) C (cache entry) ! (reject route)
Set Novell NetWare client values for a new or existing computer. Select whether you want to log in directly to a NetWare server or to a NetWare tree in the Novell Directory Service (NDS). You can specify the preferred tree, server name, and NDS context. Field Description Ignore NetWare settings Select to disregard all Novell NetWare client settings for this computer. Clear to specify the required information. Preferred server Select this option and enter the name of the NetWare server. Example: \\OneServer. This is the primary login server for the NetWare client. Preferred tree Select this option and enter the name of the NDS tree. Deployment Solution 108
Operating System Licensing Configuration Settings User Account Configuration Settings NDS User name Enter the name of the user object for the NetWare client. NDS Context Enter the organizational unit context for the user. Run login scripts Select this option to run the NetWare client login scripts. See also Computer Configuration Properties on page 101. Enter or view the license information for your Windows operating system software (Windows 98, 2000, XP, 2003, and 2008 Servers, and Vista). Field Description Registered user Enter the name of the registered user. Organization Enter the name of the organization. License key Enter the alpha-numeric license key. This is the hash value rendered from the OEM key or 25-digit license key required when installing the operating system. See also Computer Configuration Properties on page 101.
Set up local user accounts for the newly imaged computer or when running a configuration task. Enter a user name, full name, and password; and set standard Windows login options. Field Description User name The user name for this local Windows user account. Full name The full name for this local Windows user account. Password The password for this local Windows user account. Confirm password Confirm the password for the local Windows user account. Field Description Deployment Solution 109
Deployment Agents To remotely manage computers from a Deployment Console, a Deployment Agent is installed on each computer in the Deployment Server system. Deployment Agents are provided for various computer types, including Windows, Linux, DOS, and PPC handheld computers. The following Deployment Agents reside on the client computer and communicate with the Deployment Server. Groups Specify the Windows groups that this user belongs to as a comma-delimited list. Example: Administrators, Marketing, Management. User must change password at next logon Select to force the user to change the password after setting the configuration properties. User cannot change password Prohibit the user from changing the password at any time. Password never expires Select to maintain the user password. See also Computer Configuration Properties on page 101.
To set or modify Deployment Agent settings from the Deployment Server Console, right-click a computer or group, select Change Agent Settings and click Production or Automation. To set or modify agent settings for new computers, click Tools > Options, click Agent Settings. Deployment Agent on Windows The Deployment Agent runs on Windows computers, including desktops, notebooks, and servers. See Deployment Agent Settings on page 110. Deployment Agent on Linux This Deployment Agent runs on Linux workstations and servers. See Deployment Agent Settings on page 110. Automation Agent The Automation Agent is used when you create configurations to boot client computer to automation. This is done through Boot Disk Creator. See Boot Disk Creator Help and Install Automation Partition on page 133. Deployment Agent on ThinClient CE 6.0 This agent runs on ThinClient Windows CE 6.0 operating systems and lets the Deployment Console manage WinCE 6.0 based Thin Clients. Field Description Deployment Solution 110
Install Deployment Agent to add a managed computer When a Deployment Agent is installed on a computer, it searches the network for a Deployment Server to attach to. When the Deployment Agent locates a Deployment Server, the client computer is added as a record to the Deployment Database. Automatically update to newer version of Deployment Agent At times, Altiris may update versions of the Deployment Agent to enhance features. For best performance, we recommend that all managed computers run the latest version of the Deployment Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server, the managed computers automatically update the Deployment Agent. 1. From the computer where Deployment Server is installed, click Start > All Programs > Altiris > Deployment Solution > Configuration. The Altiris Deployment Server Configuration Utility page appears. 2. Click Options. 3. Click Transport. 4. Select the Automatically update clients option and click OK. Deployment Agent Settings You can set the default agent settings when new client computers are added to the system that the Deployment Server will manage. Deployment Agent on CE .NET This agent runs on the CE .NET 4.2 operating system. Notification Server Client The NS client is an Altiris agent that runs on computers supported by the Notification Server. This agent runs on the Deployment Server computer when running Deployment Solution on the Notification Server. Deployment Server Agent This agent runs on the Deployment Server computer when running Deployment Solution on the Notification Server.
When the Deployment Agent for Windows is running on a computer, the user sees a small icon in the system tray. When the icon is blue, the client computer running the Deployment Agent is connected to the Deployment Solution system.
When the Deployment Agent for Windows icon is clear, it shows that the client computer is not connected to the Deployment Solution system. The agent may be configured incorrectly, the Deployment Server is down, or other network problems exist. Deployment Solution 111
You can also modify the properties settings for the Production or Automation Agent through the Automation Agent. When the client agent is first started, the agent establishes a connection to the Deployment Server using the following general steps: 1. The agent service is started and initialized. 2. A TCP socket is created. 3. A connection is made to the Deployment Server. 4. The agent is updated, if required. 5. A basic inventory of the client is sent to the Deployment Server. After the initial connection process is complete, no additional data needs to be sent to or from the Deployment Server for the client agent to remain connected. Note If no Deployment Solution traffic is sent to the Deployment System agent, the TCP/IP protocols send an occasional watchdog packet (approximately every 24 hours) to ensure that the connection is still valid. Deployment Agent Properties Right-clicking the Deployment Agent icon gives you access to the following options: View status. Brings up the Altiris Client Service box to observe the current status of the Deployment Agent. You can also see the computer name, deployment server connected to, IP address, multicast address, and MAC address. You can also watch Deployment Agent communicate with the Deployment Server. Clicking Properties lets you edit the Deployment Agent properties. Passwords protect this option. About. Displays the version and licensing statement for the Deployment Agent. Passwords do not affect this option.
To set or modify agent settings in the Deployment Server Console for Windows or Linux clients, right-click the computer and select Change Agent Settings > Production Agent Settings. To set or modify agent settings for the Deployment Agent, click Tools > Options. Click the Agent Settings tab. Select the Force new agents to take these default settings check box to set the Deployment Agent settings for all new computers. Click the Change Default Settings tab. Click each agent setting tab to set the properties. See Server Connection on page 112, Access on page 113, Security on page 114, Log File on page 114, Proxy on page 115, and Startup/Shutdown on page 115. Click OK.
To view or modify settings from the Windows client, right-click the Deployment Agent icon in the system tray (or double-click the client icon in the system tray and click Properties). Deployment Solution 112
View log file. View the Deployment Agent log file, if you have chosen the option to create a log file. Passwords have no effect on this option. Clear log file. Clear the log file that has been created. Shutdown for imaging. Make an image of a computer without using a job. This makes the required preparatory changes to the computer before an image is made. Failure to do this breaks the reconfiguration phase when deploying the image using a job. Passwords protect this option. Change Name in Console. Change how this computer is listed in the deployment server console. This option does not change the NetBios name of the computer or the name of the computer in the database, but only changes the name of the computer displayed in the Computers window. Passwords protect this option. Remove. Uninstall Deployment Agent from the computer. Passwords protect this option. Exit. Stops all Deployment Agent services from running but does not uninstall Deployment Agent. Deployment Agent loads normally the next time you boot the computer. Passwords protect this option. User Properties. Quickly go to the User Properties page to view or make changes. Passwords protect this option. Admin Properties. Quickly go to the Admin Properties page to view or make changes. Passwords protect this option. Show Network Interfaces. View what network cards are in your computer. Passwords protect this option. The following configuration properties (organized using tabs in the dialog) are included in the Production Agent Settings dialog. Server Connection Connect directly to this Deployment Sever. Select this option so that the client receiving the Deployment Agent connects to the Deployment Server you selected to configure. Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server computer. Port. Enter the port number communicating with the Deployment Server. Enable key-based authentication to Deployment Server. Select this option to specify mandatory authentication for client computers to connect to the Deployment Server. This helps keep rogue computers from connecting to unauthorized Deployment Servers. Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast address if they are on the same segment as the Deployment Server or if multicast is enabled on the network routers. Ensure that the multicast address and port match those set up on the Deployment Server. Try using defaults on both the client and Deployment Server if you have problems while connecting. Server Connection Log File Access Proxy Security Startup/Shutdown Deployment Solution 113
Managed computers should use the Deployment Server IP address if multicasting is disabled on the network routers or if they are not on the same network segment as the Deployment Server. The port number must match the number set on the Deployment Server. Otherwise, the client computers cannot connect. Server Name. Enter the NetBIOS name of the computer running the Deployment Server. Port. Enter the port number distributing the multicast address. Multicast Address. Enter the group multicast address. TTL. Specifies the number of routers the multicast request can pass through. Change this setting if you want to locate a Deployment Server that is more than 32 routers away (default setting) or to restrict the search to a smaller number of routers, making it easier to find the closest Deployment Server. Refresh connection after idle. Select the Refresh Connection after idle check box and set the refresh time in hours or days. The Deployment Server closes the connection after the specified time and immediately tries to re-open the connection. This sends a message to client computers that the network is down. The default checking is of 28800 seconds or 8 hours. We recommend keeping this setting above 28800. Do not set this option too lowreconnecting to the Deployment Server increases bandwidth when connecting. If this option is set too low, your client computers will take longer to connect than to refresh their connections. Abort files transfers if rate is slower than. Select this option to preserve bandwidth when running deployment tasks on slower connections. Access Set these commands to control the way the client handles requests from the server. Allow this computer to be remote controlled. Select to let the administrator remotely control the selected computer. The default setting is to NOT let the computer be remotely controlled. Prompt the user before performing actions. You can select the following options to prompt the user before the corresponding action is performed: Shut down and Restart. Prompts the user before shutting down and restarting the computer. This feature overrides the Power Control option from the Deployment Server to force applications to shut down without a message. Copy file and Run command. Prompts the user before running a program or executing file copy commands. Remote Control. Prompts the user before running the Remote Control commands. Time to wait for user response. If one of the Prompt the user before perform actions is selected and the user is not at the computer to respond, you need to decide whether to continue or abort the operation. Specify the time to wait for the users response, and select one of the following: Continue the operation. Select to continue if there is no response from the user. Abort the operation. Click to not continue if there is no response from the user. Deployment Solution 114
Select when the Deployment Server is denied access to the Deployment Agent. Select the days and set the start and end times when access to the Deployment Agent is denied. Security This page lets you secure data between the Deployment Server and the Deployment Agent, or to set a password so that the user on the client computer can only view and modify the User Properties of the Altiris Client Settings on the managed computer. Encrypt session communication with Deployment Server. Select to allow encryption from this managed client computer to the Deployment Server. This lets encrypted data transmissions between the Deployment Server and the Deployment Agent on the client computer. If selected, the client computer can connect (but is not required to connect) using encryption. To enable encryption protocols, you must open the Altiris Deployment Server Configuration Utility, click Options and select the Transport tab. Select the Allow encrypted sessions check box to let Deployment Server transmit using encryption protocols. Require encrypted session with any server. Select to require encryption between the managed client computer and the Deployment Server. If this option is selected and the option to allow encryption in the Deployment Configuration tool is not selected, the Deployment Server does not communicate with the Altiris Client on the managed client computer. Note Selecting encryption options slows down the communication path between the agent and the Deployment Server. Password protect Admin properties from user. Select to let users on the managed computer access the Admin properties only if they enter the set password. If the check box is selected and the user does not know the password, they will have rights only to view the User Properties, which includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog. Enter the password in the Password field and re-enter the password for confirmation in the Confirm password field. Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer. If you hide the icon, you must run AClient.exe with the -admin switch to view and modify the complete administrative properties from the managed client computer. Log File The Log File page controls how data is logged and saved in a Deployment Server system, letting you save different types and levels of information to the log files. You can save a text file with log errors, informational errors, and debug data using this dialog. If the log exceeds the specified size, the older data is dropped from the files. You can maximize the size of the log file to save all selected data. Save log information to a text file. Select this option to save information to a log file. By default, this option is cleared. Selecting this option enables the File name and Maximum size fields. Deployment Solution 115
File name. Enter the name and path of the log file. The default path is \Program Files\Altiris\AClient\AClient.log file. Maximum size. Enter the maximum number of bytes for each log file. Log errors. Select this option to save only the errors returned when running a job or operation between the Deployment Server and the Deployment Agent. Log informational messages. Select this option to save a list of procedural steps run on the client computer. Log debugging information. Select this option to list comprehensive debugging information in the text file. Note If the log exceeds the specified size, the older data is dropped from the files, so it is recommended to provide maximum file size. Proxy Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake-On-LAN packets from the Deployment Server. Setting the managed computer as a proxy client computer forwards or re-creates the multicast packets. A managed client computer setup as a multicast proxy simply acts as a Deployment Server and advertises the servers name and IP address through multicasting. You can also set the managed computer as a proxy to send Wake-On-LAN packets. Set these options to control how the managed computer acts as a proxy agent, identifying the type of traffic this managed computer forwards from the server. Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake-on-LAN packets. Forward Deployment Server discovery multicast packets. Select if you want to advertise the Deployment Server to client computers on another LAN segment or if the client computer is on the other side of the router. Send multicast advertisement every. Set the time in seconds, minutes, or hours for managed computers to send a multicast advertisement. Startup/Shutdown Delay starting jobs after system startup. Set the time in seconds, minutes, or hours for managed computers to delay jobs until after system startup. Specify the Windows boot drive. Specify the drive that the client computer boots from. The default is the C drive. Force all programs to close when shutting down. Select this option to shut down applications when using Power Control features. The user is still prompted to Abort or Continue the shutdown. Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of managed computers with the time of the Deployment Server. Prompt for a boot disk when performing automation jobs. Select this option to prompt for a boot disk while running any automation jobs. Advanced Deployment Solution 116
Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication. Select this option to disable the direct disk access for Automation communication. Deployment Agent for Linux The Deployment Agent for Linux is an agent software that runs on managed Linux computers. The agent collects and sends data from the managed computer to the Deployment Server system, executes deployment tasks sent from the server, installs packages, and runs management processes as directed from a Deployment Console. See Installing Deployment Agent on Linux on page 351 for additional information. A Linux managed computer is identified in the Deployment Console by unique Linux icons reflecting deployment and process status, letting you deploy and manage computers similar to the Deployment Agent for Windows, with the following exceptions: Deployment Agent Settings for DOS You can configure property settings for the Automation Agent for specified computers or computer groups. You can remotely maintain important agent settings and update settings as required from the console. When a new client computer connects, it receives the default agent settings from Deployment Server for drive mappings, authentication, and LMHost entries. Each client computer still has the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot Disk Creator. Automation Agent Settings include the following property settings: Deployment Task Deployment Agent for Windows Deployment Agent for Linux Create Disk Image Yes Yes Distribute Disk Image Yes Yes Scripted OS Install Yes Yes Distribute Software Yes Yes Capture Personality Yes No Distribute Personality Yes No Change Configuration Yes Yes Run Script Yes Yes Copy File Yes Yes Shutdown/Restart Yes Yes
To set or modify agent settings for a specific computer, right-click the computer icon and select Change Agent Settings > Automation Agent in the Deployment Console. To set or modify agent settings for ALL computers, click Tools > Options, click Agent Settings > Change Default Settings. Deployment Solution 117
Drive Mappings Authentication Network Drive Mappings Set drive mappings used by the Deployment Agent for DOS to access hard disk image files and other packages from a specified network drive. You must map the F Drive to the Deployment Share. You can also map other file server directories when storing large numbers of image files or deployment packages. Click Add to open the Add Drive Mapping page. Select the following options: OS. Select the operating system from the drop-down list. Drive Mapping. Enter the drive letter and volume of a shared folder. Example: F: \\WebDeploy\Image files. Note You must select a shared folder in this field. You can browse and select any type of folder, but the Deployment Agent for DOS maps to and accesses files only from a shared folder. Path. Enter a UNC path. You can also edit or remove a drive mapping from the list. See also Deployment Agents on page 109. Authentication Provide the login credentials that the Deployment Agent for DOS needs to map network drives. The associated credentials for each network drive must have the rights that the Automation agents need to access files. Domain/Workgroup. To map the network drives, enter the name of the users Domain or Workgroup that the Deployment Agent for DOS uses to log on. Username. To map the network drives, enter the user name that the Deployment Agent for DOS logs on as. Password. Enter the password. Confirm Password. Retype the password for confirmation. See also Deployment Agents on page 109. Network These settings let you match the IP address with the computer name, as maintained in the LMHosts file in the Deployment Agent for DOS partition. 1. Click Add. The Add LMHosts Entry dialog appears. 2. Enter the Computer Name. Enter the name of a computer to associate with an IP address. 3. Enter the IP Address. or Deployment Solution 118
Click Lookup IP. This automatically populates the field with the IP address of the entered computer name. 4. Click OK. See also Deployment Agents on page 109. Managing Client Connections The following utilities are provided for managing transmissions between the Deployment Server and the Deployment Agents running on the managed client computers. Reset a Client Connection Resetting the connection that a managed computer has with the Server simply disconnects and reconnects the computer. This is useful for troubleshooting or if you suspect a bad connection. To reset a client connection, right-click a computer and click Advanced > Reset Connection. When the computer disconnects, its icon turns gray. The computer should reconnect and its icon color returns to its original active status color. Reject or Retrieve a Rejected Computer If a computer you do not want to manage connects to your Deployment Server, you can reject it. This removes the unwanted computer from the Computers pane in the console. Further attempts by the computer to connect are denied. Although the computer is not deleted, any history or schedule information associated with the computer is deleted. 1. Right-click the computer you want to reject from connecting to the Deployment Server. 2. Click Advanced > Reject Connection. 3. Click OK. Rejected computers are stored in a Rejected Computers list. Select View > Rejected Computers to view this list. Accept a Previously Rejected Computer If you now want to accept a previously rejected computer, you can retrieve it and reconnect it to the Deployment Server. 1. Click View > Rejected Computers. 2. From the list, select the computer you want to retrieve. 3. Click Accept Computer(s) to remove the computer from the rejected list (this doesnt delete the computer, just removes it from the list of rejected computers). 4. Click Yes to confirm the action, click Close. This client computer can now be managed from within the Computers pane. Connection requests from this client computer are now allowed. See also Deployment Agents on page 109. Deployment Solution 119
Computer Properties View and edit the computer properties for each managed computer. General See also Computer Configuration Properties on page 101. Hardware See also Computer Configuration Properties on page 101. Drives
View and edit computer properties by double-clicking a computer icon in the Computers pane, or right-clicking and selecting Properties, or clicking the icon in the toolbar. General Services Hardware Devices Drives Location Network Configuration TCP/IP Applications
View or change the name of the computer as it appears in the console. You can view the following: logged-on user names, operating system installed, name of the Deployment Server, whether an automation partition is installed, version of the Altiris Windows Client, and other client information.
View processor make and type, processor count, RAM installed on the computer, display configuration, manufacturer, model, product name, MAC address of each network adapter installed, serial number, asset tag, UUID, and whether Wake On LAN and PXE are installed and configured.
View information about each drive on the computer. If you have multiple drives, you can select a drive from the list to view its settings, such as the capacity, serial number, file system, volume label, and number of drives installed. Deployment Solution 120
See also Computer Configuration Properties on page 101. Network Configuration See also Computer Configuration Properties on page 101. TCP/IP See also Computer Configuration Properties on page 101. Applications See also Computer Configuration Properties on page 101. Services See also Computer Configuration Properties on page 101. Devices
View Microsoft Networking, Novell Netware settings, and user information for the selected managed client computer.
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the selected computer. Click Change to open the Configuration page to modify settings (see Configuring Computers on page 125).
View the applications that are installed on the computer, including their description, publisher, version number, product ID, and system components.
View the services installed on the computer along with the description, start type, and path for each service.
View the devices installed on the computer, including display adapters, disk drives, ports, storage volumes, keyboards, and other system devices. Deployment Solution 121
See also Computer Configuration Properties on page 101. Location See also Computer Configuration Properties on page 101. Bay Server Deployment Rules From the Bay property page, you can select rules to govern actions taken when a new blade server is detected in a selected bay. These rules are described below:
View and edit user-specific properties such as contact name, phone number, e-mail address, department, mail stop, and site name. As the administrator, you can enter this information manually or you can let the user populate this screen using the Prompt User for Properties option. See Prompt User for Properties on page 132.
View location information and other properties for Rack / Enclosure / Bay components for high-density and blade servers. Set rules for automatic re-deployment of blade servers based on physical location changes. This property is available only to systems using blade servers. Rule Action Re-Deploy Computer Restore a blade server using deployment tasks and configuration settings saved from the previous server blade in the bay. This lets you replace new blades in the bay and automatically run deployment tasks from its deployment history. (See Restoring a Computer from its Deployment History on page 124.) All deployment tasks in the bay's history are run starting from the last Distributing a Disk Image task or Scripted OS Install task, or from any script (in a Run Script task) with this command: rem deployment start. See Distributing a Disk Image on page 160, Scripted OS Install on page 165, and Run Script on page 181. Run Predefined Job The server processes any specified job. Select a job to run automatically when a new server is detected in the bay. Ignore the Change This option lets you move blades to different bays without automatically running jobs. The server blade placed in the bay is not identified as a new server and no jobs are initiated. If the server existed in a previous bay, the history and parameters for the server are moved or associated with the new bay. If the server blade is a new server (never before identified), the established process for managing new computers is executed. Deployment Solution 122
See also Computer Configuration Properties on page 101. Lights-Out Note This feature is currently only available for selected HP Integrated Lights Out (ILO) and Remote Insight Lights-Out Edition (RILOE) features. See also Computer Configuration Properties on page 101. Remote Operations Using Deployment Solution The Operations menu in the Deployment Console provides a variety of commands to remotely manage all computers in your site or network segment. Some operation commands, such as Restore, automatically create and schedule deployment jobs and place them in the System Jobs folder in the Jobs pane. Other commands, like Chat or Remote Control, open utility programs to access and remotely manage computers. Wait for User Interaction (Default) No job or tasks are performed (the Deployment Agent on the server blade is instructed to wait). The icon on the console changes to reflect that the server is waiting.
View information about the remote management hardware installed on the selected computer (most often a server) used to power up, power down and restart the computer remotely, or to check server status. You can also enter the password for the remote management hardware by clicking Password.
Open the computer operations menu by right-clicking a computer icon in the Computers pane, clicking Operations on the menu bar, or clicking the icons in the toolbar. Restore Reconfigure your computer to a former state. Select from a list of previous deployment tasks and select to restore only the ones you want. See Restoring a Computer from its Deployment History on page 124. History View, print, delete, and save to file a history of deployment tasks. See Viewing a Computers History on page 125. Rule Action Deployment Solution 123
Configure Set network and local configuration properties for each computer, including computer name, IP address, domains, Active Directory context. See Configuring Computers on page 125. Quick Disk Image Select a computer and image its hard disk. This creates and stores the image to distribute now or later. See Quick Disk Image on page 125. Power Control Wake up, restart, shut down, and log off remotely. See Power Control on page 126. Remote Control Open a remote control window directly to a selected client computer. Investigate problems directly from your console. See Remote Control on page 127. Execute Type and run commands remotely. See Execute on page 131. Copy File to Copy selected files, directories, or entire directory structures and send them to the selected computer(s). See Copy File to on page 184. Chat Start an individual chat session with one or more selected client computers. Communicate actions or query for symptoms during administration. See Chat on page 132. ADVANCED > Clear Computer Status Clear computer status as shown in the title bar of the List View. Prompt User for Properties Query the user for personal information. This feature sends a form to the user to fill out. See Prompt User for Properties on page 132. Reset Connection Disconnect and reset the connection between Deployment Server and the Deployment Agent on the selected computer. Install Automation Partition Embed automation partitions onto the selected computers hard disk to enable a managed computer to run automation tasks. Get Inventory Update property settings for a selected computer. These inventory settings can be viewed in Computer Properties on page 119. Select it to ensure that you have the latest inventory of the computer. Set the timeout value in the General tab of the Deployment Server Configuration utility (in the Control Panel). Reject Connection Refuse communication with the selected computer. Install BIS Certificate Install a BIS certificate for the selected computer. Remove BIS Certificate Remove a BIS certificate from the selected computer. Uninstall agent Uninstall the agent from the selected computer. Apply Regular License Apply a permanent license if a client computer is using a time- limited license or requires an updated license. Deployment Solution 124
Restoring a Computer from its Deployment History Occasionally, it is necessary to restore a computer to its original settings based on operations or deployment jobs previously executed on the computer. A computers past deployment history appears in the Restore Computer dialog, where you can restore a computer by selecting the tasks from its history file. You can rerun the deployment tasks to restore the computer. 1. Right-click a computer and click Restore. The Restore Computer dialog appears with a list of previous tasks with check boxes. 2. (Optional) Select the type of tasks to be displayed from the Show only drop-down list. Select the date from the Since list box to filter tasks. 3. Click Next to view a summary of tasks selected to reschedule. 4. Click Next to schedule the job. See Scheduling Jobs on page 151. 5. Click Finish. When you finish this computer operation, a new job appears in the Jobs pane of the Deployment Console under the System Jobs > Restoration Jobs folder. The job name has a generic format of Restore: <computer name>. New Job Wizard Open this to build, assign, and schedule deployment jobs for the selected computer. See New Job Wizard on page 144. New Group Click to create a new computer group in the Computers pane. New Computer Create a new computer account. See Adding New Computers on page 97. Rename Assign the computer or group a new name in the console. Right- click a computer or group to edit in the Computer pane. Delete Delete a computer, a computer group, or any combination of computers and groups from the database. Change Agent Settings Update property settings for the Deployment Agent running on selected computer(s). See Deployment Agents on page 109. Permissions View security settings for the selected computer(s). Job Scheduling Wizard Open this to assign deployment jobs to the selected computer. Properties View computer configuration and network properties. See Computer Properties on page 119.
Restore a computer by right-clicking a computer icon in the Computers pane and selecting Restore, clicking Operations > Restore Computer on the menu bar, or clicking this icon in the toolbar. You can restore a computer using Remote Operations Using Deployment Solution or by creating and scheduling a job using the New Job Wizard. See Remote Operations Using Deployment Solution on page 122 and New Job Wizard on page 144. Deployment Solution 125
Viewing a Computers History You can view the history of deployment tasks for a specific computer. Users who do not have administrative privileges or the permissions to delete a computers history cannot access this option. 1. Right-click a computer and click History. The History of <Computer Name> dialog appears with a list of previous tasks, including when the task was scheduled, its deployment status and other deployment information. 2. (Optional) Click Save As to save the file as a .TXT or .LOG file. 3. (Optional) Click Print to print the History file. 4. Click Delete to delete the History file. Click Yes to the confirmation message. 5. Click Close. See also Remote Operations Using Deployment Solution on page 122. Configuring Computers From the Operations menu, you can enter and modify configuration settings for computers. See Computer Configuration Properties on page 101 for complete information about configuration settings. 1. Right-click a computer and click Configure. The Computer Configuration Properties dialog appears. 2. Set basic configuration values in the General configuration group (default view). 3. Click other configuration group icons in the left pane to set additional values. 4. Click OK. See also Remote Operations Using Deployment Solution on page 122. Quick Disk Image This computer operation creates a disk image of the selected computer. This option is a quick and easy way to create a disk image of a selected managed computer from the Deployment Console. To run a disk image job you must have an automation partition installed on the client computer, or it is PXE-enabled and can boot to automation by connecting to a PXE Server. 1. Right-click a computer and click Quick Disk Image. The Schedule Computers for Job dialog appears. See Scheduling Jobs on page 151. 2. Schedule the job to run immediately or at a later time. You can also click the option to not schedule the job (this option places the job in the working area and does not run until you manually drag it to a selected computer and reschedule it). 3. Click OK. A new job appears in the Jobs pane of the Deployment Console under the System Jobs > Image Jobs folder. The job name has a generic format of Create Image: <computer name>. Deployment Solution 126
See also Remote Operations Using Deployment Solution on page 122. Power Control This computer operation lets you wake up a computer, restart a computer, shut down, or log off as the current user for a selected managed computer. You can also power a computer on if Wake-On-Lan is supported. 1. Right-click a computer and select Power Control. A secondary menu appears with the following options: 2. Select a Power Control option. A Confirm Operation dialog appears. Select the Force application to close without a message option to shut down users without a warning. If you do not select this option, the user is prompted to save work before the power operation continues. 3. Click Yes.
Restore a computer by right-clicking a computer icon in the Computers pane and selecting Power Control, clicking Operations > Power Control on the menu bar, or clicking the icon on the toolbar. Wake-up The Wake-Up feature is hardware-dependent and is available only for inactive computers. Select this command to start a computer that has been turned off. Notes Your operating system and network adapter must be capable of recognizing and processing the Wake-on-LAN packets. Non- embedded network adapters must be properly configured. Example: 3Com NICs have an extra header cable that enables Wake-on-LAN. Check the documentation that comes with your network adapter for more information about Wake-on-LAN. For NICs and operating systems that support Wake-on-LAN Power Management features, go to the Properties dialog of the network adapter driver and select the Power Management tab. Click the Allow this device to bring the computer out of standby option for this device to bring the computer out of standby status. You must enable this feature for some computers in their BIOS. Restart Click to reboot the selected managed computer. Select Force Applications to close without a message box to restart immediately without prompting the user. Shut down Click to shut down the selected managed computer. Select Force Applications to close without a message box to shut down immediately without prompting the user. Log off Click to log off the selected managed computer. Select Force Applications to close without a message box to log off immediately. Deployment Solution 127
See also Remote Operations Using Deployment Solution on page 122. Remote Control Multiple methods are provided to remote control managed computers. The integrated DS remote control utility can be used on Windows XP, 2003 Server, and 2000 computers. Additionally, you can access the built-in Remote Desktop feature built into many Windows operating systems directly from the Deployment Console. You can also manually add access to other remote control utilities by modifying a configuration file. DS Remote Control (page 127) Remote Desktop Connection (page 130) Additional Remote Control Programs (page 131) DS Remote Control Remote Control is a computer management feature built into the Deployment Server Console. It lets you control all types of computers to view problems or make immediate changes as if you were sitting at the managed computers screen and using its keyboard and mouse. Note You cannot disable the flashing eye icon while the computer is being remotely controlled. Before you can remotely control a managed computer: The managed computer must have the Altiris Agent for Windows installed and properly set up. The client must have the appropriate Proxy option selected in Altiris Client Properties. See Proxy on page 115. The client and Deployment Server Console must be able to communicate to each other through TCP/IP. To remotely control a managed computer 1. Right-click a computer and click Remote Control > DS Remote Control. This opens the Remote Control window displaying the managed computers screen.
When a managed computer is being remotely controlled, the Deployment Agent icon in the managed computers system tray flashes these two icons alternately. Remote Control also provides Chat, Refresh, , Send File, and Ctrl+Alt+Delete features to assist in managing computers from the console. See Chat on page 132 and Copy File to on page 184. Deployment Solution 128
Note If you cannot perform a remote-control operation from the selected managed computer, you can change this client setting by using the Remote Control options in the Change Agent Settings command. The default setting is to not allow remote control of the managed computer. See Proxy on page 115. 2. From the Remote Control window, you can execute the following commands: 3. To end a Remote Control session, click Control > Close Window in the Remote Control window. Toolbar Chat Click to open a chat session with the selected managed computer. This starts a chat session between the console computer and the managed computer. The chat session opens a chat window that lets you send messages back and forth between the Deployment Console and the managed computer. If you start a chat session while controlling multiple computers in a single window, the chat session is only between the Deployment Console and the master client. Refresh Click to update the screen view of the managed computer. Ctrl+Alt+Delet e Click to select Restart or Logon options for the managed computer. Note The managed computer must be running Windows 2000, XP, 2003, 2008, and Vista and have the keyboard and mouse driver installed for this feature to be available. Send File See Send Files during Remote Control on page 129. Toggle Control Click to toggle between the view of control access of the managed computer (default) and of access only of the managed computer. Control menu Disable Input from the Client Click to prohibit the user of the managed computer from using the keyboard or mouse during the remote-control session. Close Window Click to close the remote control window of the managed computer. View menu Refresh Click to refresh the view of the screen. Fit to Window If this option is selected, the client display image becomes the same size as the Remote Control window. If this option is not selected, the image retains the size of the client display. Color Depth See Remote Control Properties on page 129. Properties See Remote Control Properties on page 129. Deployment Solution 129
Send Files during Remote Control Click to send files to the managed computer that is remotely controlled. Enter the name of the source file to be copied and the destination path on the managed computer. Select the required compression and encryption options. If you are controlling multiple clients within a single window, this dialog sends a file only to the master client. Source filename. Enter the name of the file to be sent. Destination path. Enter the path where you want the file to reside on the managed computer. Compress Data. Select to compress the file during the copy process to decrease network traffic. Encrypt Data. Select to encrypt data package for security. You can also drag entire folders from the Deployment Console computer to the remote control window, which copies the files to the remote client computer. Remote Control Properties Color Depth. Click to specify the color depth (number of colors) used by the Remote Control window. This setting applies only to the Remote Control window at the console, not to the display of the managed computer. There is no benefit of setting a color depth on the Remote Control window greater than that of the managed computer. The benefit of lower color depths is improvement in speed. Use specific image resolution. Click to specify the width and height of the image that represents the client display. Update Interval. Select to specify how often the image in the Remote Control window is updated (in milliseconds). The more frequently the display is updated, the more bandwidth is required. Only update foreground window. Select to refresh only the selected window in the remote control session. Set Remote Control Permissions Deployment Solution provides multiple features for ensuring privacy and security when a managed computer is remotely controlled. Before a managed computer can be remotely controlled, the Remote Control preferences on the Deployment Agent for Windows must be set to allow remote control access. You can also lock the keyboard and mouse of the managed computer or set a prompt for the user, asking for permission to initiate a remote session. This lets the user accept or reject the request. In certain environments, such as a lab or classroom, using a prompt to ask for permission might not be preferred. To remotely set security options on each managed computer, use Change Agent Settings from the console or open Properties on the Deployment Agent on the client computer (you must access Admin properties). 1. After opening the Deployment Agent property page, select the Remote Control tab. 2. Select Allow this computer to be remote controlled to provide access from the Deployment Server Console. Deployment Solution 130
3. (Optional) To lock the keyboard and mouse during a remote control session, select the Enable keyboard and mouse driver option. This option works only on Windows 2000, XP, 2003, 2008, and Vista. Note After selecting this option (either enabling or disabling the keyboard and mouse) you must restart the managed computer. This can be done using a Power Control operation. See Power Control on page 126. 4. If you want the user to be prompted before a remote control session begins, click the User Prompts tab. a. From the Choose the commands you would like to be prompted before executing options, select the Remote Control commands option. b. Specify the number of seconds you want the prompt to wait. Also, specify what will happen after the prompt time is over. Click either Continue the operation or Abort the operation. 5. Click OK. Start Multiple Sessions You can manage multiple computers using the Remote Control feature. However, the more computers you include in the session, the larger the bandwidth over the network. Open a separate Remote Control window for each managed computer. Right-click each computer and select Remote Control. A new window appears for each selected computer. Open a Remote Control window for a group of managed computers. Right-click a computer group icon and select Remote Control. The Remote Control Options dialog appears with options to Control each client separately in its own window or to Control all clients together. If you select to control clients separately, individual windows appear for each computer. If you select to control clients together, you are asked to select a master computer. The Master Computer is the computer that appears in the Remote Control window, but all operations performed from the Master Computers console also run on the other computers in the group. All computers in the group should be similar in configuration to work properly. Note If you are controlling multiple computers in a single window, you can send a file only between the console and the master client. If you want to send a file to multiple clients at the same time, use the Copy File to feature. See Copy File to on page 184. To end a Remote Control session, click Control > Close Window. Remote Desktop Connection Remote Desktop connection is available for many Windows operating systems including Windows Vista and 2008 Server. Deployment Solution 131
To remotely connect to a computer 1. Open the Deployment Console and right-click the Vista computer you want to remotely connect. 2. Click Remote Desktop. The remote desktop window for the computer appears. The remote desktop connection is established to the Vista computer. To remotely connect to multiple computers using the Remote Desktop option 1. Open the Deployment Console and right-click the computer you want to remotely connect. 2. Click Remote Desktop. The remote desktop window for the computer appears. The remote desktop connection is established to the computer. To remotely connect to multiple computers 1. Open the Deployment Console and right-click the computers you want to remotely connect. 2. Click Remote Control. The Remote Control Options dialog appears. 3. Select Control each client separately in its own window to remote control each computer separately. or Select Control all clients together, in the same window, using the following master to remote control the selected computers together and select the master computer. 4. Click OK. The remote control connection is established for the computers. Additional Remote Control Programs You can manually add access to additional remote control programs to the Remote Control menu in the Deployment Console. To add a program, open the RemoteControlTools.ini located at the root of your Deployment Share and follow the instructions provided in the file. Execute Send a command from the Deployment Console as if you were entering a command from the command-line prompt on the client computer. 1. Type a command you would like executed on the selected remote computer(s), or select from a list of previously-run commands. Example: Type regedit to open the registry on the computer.
Execute a command to a client computer by right-clicking a computer icon in the Computers pane and selecting Execute, clicking Operations > Execute from the menu, or clicking this icon in the toolbar. Deployment Solution 132
2. To run the command as another user on the managed computer, click User and enter the user name and password. User Account Use this dialog to run a script using another local user account. You can log in with another user name and password with rights to run an execute command. Run with default security credentials. This option runs with the current user credentials. This is the default option. Run with the following credentials. Click this option to log on with another user name and password. See also Remote Operations Using Deployment Solution on page 122. Chat You can communicate with managed computers using the Chat text messaging system. From the Deployment Server Console, select an individual computer or a group of computers to open an individual chat session with each logged-in user. 1. Open a chat session. The Chat with <computer name> window appears, identifying the computer you are sending messages to. 2. Type a message in the lower field. 3. Click Send or press Enter. The exchange of text messages appears in the upper field. See also Remote Operations Using Deployment Solution on page 122. Prompt User for Properties This feature lets an administrator prompt a user for computer location and user information. The information supplied in this form appears in the Location properties in the Computer Properties dialog. See Computer Properties on page 119. To prompt a user for location properties 1. In the Computers pane of the Deployment Server Console, right-click a computer and click Advanced > Prompt User for Properties. You can also select a computer and click on the Prompt User for Properties icon in the toolbar or click on Operations > Prompt User for Properties. A dialog appears in the Deployment Server Console with a list of properties. 2. Select the properties to prompt the user. The properties selected in this dialog are active on the property form sent to the user, letting the user enter information for the selected properties.
Open text messaging with a user by right-clicking the computer icon in the Computers pane and selecting Chat, or clicking this icon in the Remote Control dialog. See Remote Control on page 127. Deployment Solution 133
Note All properties are selected by default; you must deselect the properties you dont want to include when the client is prompted. 3. Click OK. The properties form appears for the logged-on user of the computer, asking for location properties. When the user enters information and selects OK, the Location properties in the Computer Properties field are updated for the selected computer. If the user changes the computer name, the name in the Computers pane of the Deployment Console also changes. These settings are stored directly to the Deployment Database. See also Chat on page 132 and Remote Operations Using Deployment Solution on page 122. Install Automation Partition When the Deployment Server sends a deployment job to client computers, tasks within the job can be assigned the default automation pre-boot environment, or one of DOS, Linux, or WinPE. With an embedded (recommended) or hidden automation partition installed on the client computers hard disk, deployment jobs can run automatically. You can have multiple tasks within a deployment job, and each task can be assigned to run in a different automation environment, depending on the task and end result you want. The following are the automation tasks you can add to the deployment jobs. Run script Create disk image Distribute disk image Scripted OS install During the Deployment Server installation, the Pre-boot Operating System page appears for you to select a default pre-boot operating system, which is used by Boot Disk Creator to create the configurations that boot client computers to automation. You can Deployment Solution 134
install additional pre-boot operating system files through Boot Disk Creator. See Boot Disk Creator Help. If you are running PXE Servers, you do not need to install an automation partition on each client computers hard disk. When the Deployment Server sends a deployment job, PXE-enabled client computers search for a PXE Server to receive the boot menu options and the boot menu files that are required to boot to automation. See Automation Pre- boot Environment in the Deployment Server Reference Guide. To install an automation partition 1. Right-click a computer and click Advanced > Install Automation Partition. 2. From the drop-down list, select the pre-boot operating system environment you want to install. 3. Click OK. The Automation Agent you selected installs as an embedded partition on the client computers hard disk. After the installation completes, the client computer reboots automatically. You can now run automation-specific deployment tasks on this computer. Change Agent Settings This feature lets you modify most of the agent settings for a selected computer or computer group. You can set properties for the Production Agent (Deployment Agent), or for an Automation Agent. To change agent settings 1. From the Computers pane, right-click a computer and select Change Agent Settings. 2. Select either Production Agent or Automation Agent. 3. Edit the properties settings. 4. Click OK. Deploying and Managing Servers Deployment Solution provides additional features to remotely install, deploy and manage network and Web servers. From the Deployment Server Console, you can configure new server hardware, install operating systems and applications, and manage servers throughout their life cycle. And because servers are mission-critical, you can set up a system to quickly deploy new servers or automatically re-deploy servers that have failed. Features like rules-based deployment, support for remote management cards, and quick server restoration from a deployment history give you new tools to manage all servers throughout your organization. Deployment Solution 135
Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers. Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides server- specific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options on page 136. Server Management Features Deployment Server provides various features for deploying and managing servers. These features are supported for client and handheld computers as well, but are essential in deploying servers. Server icons. The Deployment Console displays icons that identify servers across the network. Like other computer icons in the console, server icons can be selected to view server properties or assign specific jobs and management tasks Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up operating system install files using a wizard. See Scripted OS Install on page 165. Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings on page 104. Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, 2008, or any Linux operating system), multiple processors, and specific vendor server models. Icon Description
The server is active and a user is logged on.
The server is disconnected from the console.
The server is in a waiting state. Deployment Solution 136
Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server. Server Deployment Options Deployment Server includes features to automatically reconfigure and redeploy new servers. If you are using Initial Deployment to automatically re-image new servers or run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2) run automatically for every server not identified as a managed computer in the database. These contrasting settings are based on polices you define for managing servers in your organization. Example: If you rely on PXE to boot the new server and you want to deploy new servers automatically without halting the process, you must change the default settings in the PXE Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed (or waits a set time before proceeding) to avoid erroneous re- deployment, you must set the options in the Advanced section of Initial Deployment. Halt the Initial Deployment of Servers When a server boots from a PXE server or from Automation (if the option is set), Deployment Server recognizes it as a new computer and attempts to configure the computer with sample jobs. See Sample Jobs in Deployment Solution on page 193. Initial Deployment includes a feature to prohibit servers from being deployed automatically. 1. Click Initial Deployment and select Properties. 2. Click the Advanced tab. 3. Select the Servers check box and click OK. Initial Deployment does not run for any computer identified in the console as a server. Change PXE Options for Initial Deployment If installing a server using a PXE Server, the server attempts to install, but does not run automatically using default settings. It waits until a boot option is selected from the client computer. You can change the default setting in the PXE Configuration Utility to allow Initial Deployment to run automatically and not wait for user intervention. 1. Click on Start > All Programs > Altiris > PXE Services > PXE Configuration Utility. 2. Click the DS tab. 3. Select a pre-boot operating system from the Initial Deploy boot option drop- down list. 4. Click Execute Immediately. Initial Deployment runs automatically for every identified server. 5. Click Save. Deployment Solution 137
6. Click OK. Clear BootWorks Prompt for Remote Install When you run a deployment job on a computer where the Deployment Agent is remotely installed, a message appears stating that no BootWorks partition or PXE stamp is found. The message remains open until the user clicks OK on the message dialog, which delays executing the scheduled job as part of an automated redeployment process. To fix this delay: 1. Select Tools > Options. The Program Options dialog appears. 2. Select the Agent Settings tab. 3. In the Automation Agent Settings section, select the Force new Automation agents to take these settings check box and click Change Default Settings. 4. Click OK. Following these steps, ensures that the BootWorks message does not appear and a job runs smoothly when scheduled. Managing Server Blades Deployment Solution lets you manage high-density server blades with Rack/Enclosure/ Bay (R/E/B) hardware and properties. From the Deployment Console, you can deploy and manage these space-efficient server blades using the physical view to assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage each server blade directly from the logical view. See Bay on page 121 for properties and rules to deploy Rack/Enclosure/Bay servers. Using Deployment Solution, you can employ rip and replace technology that lets you insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, letting you replace any server that is down and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade. Managing New Server Blades Deployment Solution lets you automatically deploy, configure and provision new server blades using a variety of features, including Sample Jobs and Server Deployment Rules. See Sample Jobs in Deployment Solution on page 193 and Server Deployment Rules on page 121. New Server Blades in Newly Identified Bays When new blades are identified in a Bay that has not been used previously (if it has been used previously, the Bay object is identified in the physical view), both the Initial Deployment and Virtual Bays features can be set up to automatically run configuration tasks and deployment jobs. To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid Deployment Pack installations of Deployment Solution. Deployment Solution 138
Initial Deployment setup: Clear the Servers check box in the Advanced dialog. If both new computer features are set up and a new server blade is installed in a Bay not previously identified by the Deployment Server, the Create Virtual Bay feature executes and Initial Deployment does not execute. New Server Blades in Identified Bays If a new HP server blade is installed in an identified Bay (one that already has a server blade installed and is visible from the Deployment Console), both Sample Jobs in Deployment Solution and Server Deployment Rules can be set up. However, when both are set up, the Server Deployment Rules execute and Initial Deployment does not execute. Virtual Bays Hewlett-Packard blade servers now have a Virtual Bay feature that lets you pre-assign deployment jobs to the Rack, the Enclosure, or to a specific blade server in the Bay. Any HP blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. (This feature requires that the Hewlett-Packard Rapid Deployment Pack is installed.) The Virtual Rack/Enclosure/ Bay icons change from virtual icons to managed server icons in the Deployment Console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the pre-configured computer account is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. See Server Deployment Rules on page 121. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays are truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you must re-create the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades on page 137. Hewlett-Packard Server Blades Hewlett-Packard high-density blade servers can be deployed and managed from the Deployment Console. The following HP server blades are supported: HP Proliant BL e-Class HP Proliant BL p-class Proliant BL 10e Proliant BL 20p Proliant BL 10e G2 Proliant BL 20p G2 Proliant BL 40p Deployment Solution 139
HP blade servers let you employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/ rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server appears along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and appear in both the physical and server views within the Computers pane of the Deployment Console. For HP blade servers in the physical view, the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features on page 135 and Server Deployment Options on page 136. Dell Server Blades Dell high-density blade servers can be deployed and managed from the Deployment Console. All Dell Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The following servers are supported: For Dell blade servers in the physical view, the Rack name is always Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example: Dell <enclosureName> <bayName> See also Server Management Features on page 135 and Server Deployment Options on page 136. Fujitsu-Siemens Server Blades Fujitsu-Siemens high-density blade servers can be deployed and managed from the Deployment Console. All Fujitsu-Siemens Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/ Enclosure/Bay view. The following servers are supported: For Fujitsu-Siemens blade servers in the physical view, the Rack name is always Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Dell Rack Servers Dell Server Blades All PowerEdge rack servers PowerEdge 1655MC Fujitsu-Siemens Rack Servers Fujitsu-Siemens Server Blades All Primergy rack servers Primergy BX300 blade servers Deployment Solution 140
Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features on page 135 and Server Deployment Options on page 136. Note If you have Fujitsu-Siemens Server blades managed by the Deployment Server, ensure that the SNMP service is running on the Deployment Server. Also, if the Deployment Server is installed on a Windows 2003 server, ensure that the security is set correctly to receive traps from remote computers. By default, Deployment Servers cannot receive traps from remote computers. IBM Server Blades IBM high-density Blade Centers can be deployed and managed from the Deployment Console. All IBM blade servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. For IBM blade servers in the physical view, the Rack name is always IBM. All subordinate Enclosures are identified with custom names under the IBM rack name and Bays are identified by number. Example: IBM <enclosureName> <baynumber> See also Server Management Features on page 135 and Server Deployment Options on page 136. Find a Computer in the Database This search filter lets you type a string and query specified database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. This search filter queries property values appear in the Computer Properties pages. See Computer Properties on page 119.
1. In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string is compared with specified database fields.
Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The search begins at the top of the computer list and highlights the computer name in the Computers pane when a match is found. Press F3 to find the next computer that matches the search criteria until there are no more results, or the end of the computer list is reached. Deployment Solution 141
2. From the In Field drop-down list, select the field you want to search in the Deployment Database. Example: To find a computer by searching for its IP address, type the address in the Search For field and select the IP Address from the In Field drop-down list. The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and allows wildcard searches using *. See also Computer Filters and Job Conditions on page 81. Using Lab Builder Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a classroom or lab environment. You can set up jobs to: Create Disk Image Name BIOS name of the computer. Computer Name Deployment Solution name of the computer. MAC Address Example: 0080C6E983E8. IP Address Example: 192.168.1.1. ID Example: The computer ID. 5000001. Serial Number Serial number installed in BIOS. A primary lookup key. Asset Tag Asset number in BIOS. A primary lookup key. UUID A primary lookup key. Registered User Name entered when the operating system was installed. Product Key Product Key for the operating system. Logged On User Name of the user currently at the computer. Physical Bay Name The actual bay number. Example: 7x.
Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment. Deployment Solution 142
Deploy Lab Restore Lab Update Configuration Upload Registries Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs under a folder (which you name) located under the Lab folder. All tasks in the jobs have been assigned default paths and file names that let them use the same images and configuration information, registry data, and so on. We recommend that you do not change the file names and paths. If you change the default settings (example: changing the image name), you must change them in all jobs where the image is used. To use Lab Builder 1. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder. 2. Enter the name of the Lab Setup. Note The lab name must be unique because the program creates a default image file name based on the name, and the image file name must be unique. The default image name is synchronized in all lab jobs, so if you change the name later you must change it in all the jobs that use the image. 3. (Optional) Enter a lab description to help you differentiate the lab from others and click OK. 4. Identify an image in the Create Disk Image job. See Creating a Disk Image on page 154. 5. Set computer names and addresses in the Update Configuration job. The following information describes the default jobs. To run one of these jobs, simply drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset the IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server. Deployment Solution 143
Building and Scheduling Jobs A job represents a collection of predefined or custom deployment tasks that are scheduled and executed remotely on selected client computers. You can build jobs with tasks to automatically create and deploy hard disk images, back up and distribute software or personality settings, add printers, configure computer settings, and perform all aspects of IT administration. Jobs can be run immediately for a specific computer, or stored and scheduled for daily or long-term administrative duties on multiple computer groups. The New Job Wizard guides you through common deployment and management jobs. It is an easy way to set up new users or migrate users to new computers, create and distribute images of computers on the network, distribute software packages, restore computers, and more. See New Job Wizard on page 144. Jobs include one or more Deployment tasks. You build jobs by adding tasks to a job and customizing the task for your specific needs. You can add tasks to capture and distribute images, software packages, and personality settings. You can also write and run a script task, or run scripted installs, configure settings, copy files and back up registry settings. You can also modify existing jobs by adding, modifying, copy and pasting, or deleting tasks to suit your requirements. See Deployment Tasks on page 152 and Building New Jobs on page 148. Set conditions on jobs to run only on computers with properties that match the criteria you specify. You can build one job to run on different computer types for different needs, and avoid mistakes by ensuring that the correct job runs on the correct managed computer. See Setting Conditions for Task Sets on page 149. Initial Deployment lets you run predefined jobs and configuration tasks on new computers when they start up. You can automatically deploy new computers by imaging and configuring TCP/IP, SIDs, and other network settings and installing basic software packages. See Sample Jobs in Deployment Solution on page 193. Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs pane. You can run many sample jobs as they are, or you can set environmental variables. See Sample Jobs in Deployment Solution on page 193. Viewing Job Details As jobs are assigned, scheduled and executed, it is helpful to know specific details about their status and assignments. The Deployment Console provides job icons to show the state and status of the job in the Details pane:
Job icons appear in the Jobs pane of the Deployment Console. To assign and schedule a job in the Deployment Console, drag the job icon to selected computer icons. Job status icons also appear in the Details pane of the Deployment Console to indicate various deployment states. See Viewing Job Details on page 143. Deployment Solution 144
Job status icons that update the state of the job in running deployment tasks. These icons are graphical symbols in the Deployment Console used to identify the status of an assigned job. . A description of the job, if available. You can also use Add or Modify in the main window to edit the description. If a job defines error conditions when individual tasks run, the Status field displays any errors incurred and the tasks that completed successfully. Job Schedule details. This is the job's run time, beginning when the job started and ending when it completed successfully. The currently applied conditions appear in a list box with a Setup option to add conditions to different task sets for different computer properties within a job. Conditions specify characteristics that a computer must have before the job runs. See Setting Conditions for Task Sets on page 149. A list of tasks assigned to the job and task descriptions also appears. Change the order of the task execution with the up and down arrows. Tasks are executed in the order they are listed. See Deployment Tasks on page 152. Features to add, modify, and delete tasks for each job. A list of assigned computers and its deployment history. To sort jobs or computer details, just point and click on the category in the Details pane. Example: Click the Status column heading to organize and display the progress status of the job. See also Viewing Computer Details on page 96. New Job Wizard The New Job Wizard provides integrated features to build, assign, and schedule common deployment jobs. It helps you build the most common jobs, and guides you through additional steps to assign and schedule the jobs to selected computers. It lets you
A job is scheduled to run on a computer or computer group.
A job is in progress.
A job has executed successfully.
A job is associated with a computer or group of computers but is not scheduled. Indicates error conditions when individual tasks run. Deployment Solution 145
quickly build image files and deploy new computers, distribute software packages, migrate users, and more. Note When a software package or deployment job is scheduled to run on client computers, the Altiris Client Service Message dialog appears, warning them that a job is about to execute. If a user clicks Abort when the message appears, an event is logged to the client's history so that Deployment Solution administrators know when users abort a scheduled event. 1. Select a job option: Create an image. This wizard guides you through the steps required to create an image of a computers hard disk and schedule the job. See Creating a Disk Image on page 154. Deploy and configure computers. This wizard guides you through the steps required to lay down a new disk image on a selected computer and install software and personality settings. See Distributing a Disk Image on page 160. Deploy software packages. This wizard guides you through steps required to install software packages. You can set conditions, select packages, assign to computers, and schedule the job. See Distributing Software on page 172. Restore a computer. This wizard guides you through the steps required to restore a computer to a known working state by re-imaging the hard drive and reinstalling software packages, personality settings, and defining configuration values. This option reschedules jobs saved in each managed computers history record, which contains all deployment tasks previously processed. See Restoring a Computer from its Deployment History on page 124. Migrate computers. This wizard guides you through the steps required to migrate the hard disk image, applications, and personality settings from a source computer to a destination computer. You can perform one or more migration operations using the provided options. 2. Give the job a unique name. You can type a name up to 64 characters. 3. Follow the steps in each wizard to create a job (some New Job wizards build multiple jobs). After creating a job, the job appears in the Jobs pane of the Deployment Console with the deployment tasks listed in the Tasks list. Note You cannot define return codes when using the New Job Wizard. See Building New Jobs on page 148 to build customized jobs and set up return codes. See also Modifying Tasks in a Deployment Job on page 187.
Create a new job by clicking New Job Wizard on the Deployment Console, clicking File > New > Job Wizard, or right-clicking in the Jobs pane of the Deployment Console and selecting New Job Wizard. The New Job Wizard appears to guide you through basic deployment jobs. Deployment Solution 146
Migrating Computers From the New Job Wizard, you can select Migrate computers to quickly distribute hard disk images, software, and settings from a users current computer to a new computer. You can image a new computers hard disk with a new operating system and install software and personality settings. Or perform different levels of migration to distribute only software or to simply capture and distribute personality settings to the new computer. Migrate one computer to another separate computer Click this option to migrate a user from a source computer (old computer) to another destination computer (new computer). Capture personality settings, distribute a new hard disk image, distribute software and redistribute the saved personality settings from the source computer to the new destination computer. Click the option to migrate only personality settings to one or more computers. Also select Prepare destination computer with a disk image to distribute a disk image to the new computer and select Install software packages prior to applying the personality on the destination computer to install software packages on the new computer. Note This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job (Distribute). Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on page 176) to capture the personality of the source computer and a Modify Configuration task to rename the source computer to avoid naming conflicts (see Modifying Configuration on page 179). The source computer is named computerName (Old). Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page 160) if selected, a Modify Configuration task to update settings to the destination computer, and one or more Install Package tasks to update software (if selected) and migrate personality settings. See Distributing Software on page 172. Migrate the same computer to another operating system Click this option to upgrade the operating system on a computer and reinstall personality settings and software packages on the same computer. It creates jobs and tasks to capture the personality settings, distribute a new disk image, distribute software packages, and migrate the personality settings. Click the option to deploy a disk image and migrate the personality settings to the computer. (Optional) Select Install software packages prior to applying the personality on the destination computer to install software packages on the computer. Note This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job (Distribute). Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on page 176) to capture the personality of the source computer. Deployment Solution 147
Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page 160) and one or more Install Package tasks to update software, if selected (see Distributing Software on page 172). Simply capture the personality of the computers Click this option to capture and save, but not distribute, the personality settings of the selected computer(s). You can select a personality template and save Personality Packages to the Deployment Share, letting you distribute these personality settings later to new computers. Note This option creates a single job with a Capture Personality Settings task (see Capturing Personality Settings on page 176). See also New Job Wizard on page 144. Selecting Computers in the New Job Wizard The New Job Wizard provides steps to select and assign computers to the jobs created in the wizard, rather than requiring you to create a job and assign it to computers when building new jobs. The jobs created in the New Job Wizard appear in the Jobs pane, and can be saved and assigned to other computers at a later time. You can also schedule jobs for the specified computers in the wizard. See Building New Jobs on page 148 and Scheduling Jobs on page 151. Apply Computers to a Job When deploying software in the New Job Wizard, you can select computers to assign the Distribute Software task created in the wizard. (See Distributing Software on page 172.) You can also select an option to simply store the job and use it at another time without scheduling the job. Regardless of the scheduling option selected, the job appears in the Jobs pane to use at another time. New Computers. Open an Adding New Computers dialog to create new user accounts to assign the job. See Adding New Computers on page 97. See also Scheduling Jobs on page 151. Associating Destination Computers Use this dialog to associate source computers with destination computers when migrating personality settings. Depending on the computers selected in the previous Select Computers dialog, you can migrate personality settings captured from the source computers to new destination computers. Right-click a computer in the Source column to replace it with another source computer. Right-click a computer in the Destination column to replace it with another destination computer and assign it to a new source computer. To automatically assign multiple computers, click Automatic to assign source computers with destination computers using an alpha-numeric order. The associated computers share personality settings after running the jobs. See also Migrating Computers on page 146. Deployment Solution 148
Setting up Conditions in the New Job Wizard The New Job Wizard also provides steps to set up conditions, a step usually performed independently for each job during its build phase. Setting conditions lets you run selected tasks only on computers matching defined criteria. See Setting Conditions for Task Sets on page 149. Click Setup conditions for this set of tasks to open the Define Conditions dialog from the New Job Wizard. Install Software Packages The New Job Wizard provides steps to install software packages to the selected computers. You can install any type of software to the managed client computer, including .MSIs, .RIPs, and personality packages. If the selected package is not an .RIP or personality package, a message appears asking if you want to continue. See Distributing Software on page 172 for additional information. Summary of Options After selecting the options in the New Job Wizard, you can view a summary of the job names, assigned computers, conditions, and other selected choices. To change any options, click Back to return to the previous dialog. Click Finish to complete the steps in the wizard. See also New Job Wizard on page 144 and Job Scheduling Wizard on page 149. Building New Jobs A job can be a single task to distribute software or change computer property settings, or a series of tasks sequenced to migrate hard disk images, set post-installation TCP/IP and SID values, and install software packages and personality settings. 1. Create a new job. Enter a unique name and description for the job. You can type a name up to 64 characters. A new job is added to the Jobs pane in the Deployment Console. You can group and organize jobs, and access and apply them to computers or computer groups from an index of prebuilt jobs. 2. (Optional) Set conditions to apply the job to specified computers meeting defined criteria. Order multiple conditions to run jobs on computers that match the first applicable condition. See Setting Conditions for Task Sets on page 149. 3. Click Add to open a list of deployment tasks to add to each job. See Deployment Tasks on page 152. 4. Set task options using the provided wizards.
To create a new job, click this icon on the Deployment Console, or click File > New > Job, or right-click in the Jobs pane of the Deployment Console and select New Job. You can modify jobs by double-clicking the job or right-clicking, and selecting Properties. Add tasks to each job by clicking Add. Deployment Solution 149
After you complete the steps to create a task, it is added to the Task list. Click Add to add another task. Use the up and down arrows to change the order of execution of the tasks in the Task list. Tasks are executed in the order that they appear in the task list. Therefore, ensure you do not run a task that overrides the previous tasks. Example: List Distribute Disk Image above Distribute Software or Distribute Personality, letting the hard disk be imaged before installing applications and settings. 5. (Optional) Set Return Codes. The last action in each task wizard lets you set return codes for each deployment task. See Setting Up Return Codes on page 190. 6. After adding tasks, click OK. 7. To schedule the job, drag it to a computer or computer group. The Schedule Jobs dialog appears. See Scheduling Jobs on page 151. See also Importing and Exporting Jobs on page 189. Job Scheduling Wizard The Job Scheduling Wizard provides features to assign jobs to selected computers and computer groups, and to schedule the jobs to run without using a mouse. This new feature meets Section 508 requirements to improve disability access and enables integration of voice activation software and other user interface features. Select Job(s) Select the jobs or groups of jobs to assign to computers or computer groups. Use the SHIFT and CTRL keys to select multiple jobs or job folders. Click Next. Select Computer(s) or Computer Groups Select the computers or groups of computers to assign the jobs selected in the previous dialog. Use the SHIFT and CTRL keys to select multiple computers or groups. Click Next. New Computers. Click when adding new computers. See Adding New Computers on page 97. Setting Conditions for Task Sets Setting conditions on a job lets you run selected tasks only on computers that match defined criteria. As a result, you can create a single job with tasks defined for computers with varying properties, including operating system types, network adapters, processors, free drive space, and other computer properties. You can create task sets for each job that apply only to the computers matching those conditions. Note The default condition (named default) has no parameters or values associated with it. If this is the only condition that a job contains, the tasks associated with the default condition will always work on all computers to which the job is assigned. A default condition is like having no conditions. In addition, if a task is associated with the default condition, the task always runs when a computer does not meet any other conditions associated with this job. Deployment Solution 150
1. Select a job from the Jobs pane of the Deployment Console. The Job Properties dialog appears. 2. Click Setup next to the Condition field. A menu appears with options to create a new condition, or to modify, delete, or reorder a condition. 3. To reorder conditions, click Order and reorder them using up or down. See Order Condition Sets on page 150. 4. To create a new condition, click New in the menu. The Condition Settings dialog appears. Enter a name up to 64 characters. 5. Click Add to open the Condition dialog. Specify the following conditions and click OK: From the Field drop-down list, select a data field heading. You can define conditions based on common client features such as operating system, software and hardware version, hard drive space, operating system language, RAM, and other characteristics. To set up custom conditions based on custom tokens, select User Defined Tokens from the Field drop-down list. From the Operation drop-down list, select a compare statement. In the Value box, type a string to search for in the selected database field. You can set conditions based on computer properties stored in fields in the Deployment Database. Example: You can set a condition to match a particular asset tag, Altiris agent version, or IP address. You can use wildcard characters and AND/OR operators. To set up custom conditions based on custom tokens, select User Defined Tokens from the Field list. The task set you create appears in the Task list for each condition. When you select a new condition, the tasks for that condition appear. Example: You can set Condition A to distribute the XPImage.img file to Windows XP computers using a Deploy Image task. You can set Condition B to distribute the W2KImage.img file to Windows 2000 computers using another Deploy Image task. When the job is applied to a computer group, the conditions are evaluated for each computer and the appropriate task runs on the appropriate computer. Note When using User Defined Tokens to set conditions for some client property values, you may be required to use the decimal value instead of the hex value. Example: When setting conditions based on the NICS table on the nic_device_id and nic_vendor_id columns, you must use decimal values. See also Deployment Tasks on page 152. Order Condition Sets By specifying and ordering different sets of conditions, you can determine when a task executes based on defined computer properties. Each condition is processed in sequence until the computer matches the condition defined within a set. If the computer does not meet any of the defined conditions, it runs the default condition. Once a match is found, the set of tasks for this condition set is processed. See also Setting Conditions for Task Sets on page 149. Deployment Solution 151
Scheduling Jobs After a job is created and is assigned to multiple computers or computer groups, the Schedule Job dialog appears, letting you schedule the job to one of the following options: Do not schedule, Run this job immediately, Schedule this job. Jobs and job folders selected from the Jobs pane of the Deployment Console are scheduled in the order they are selected, even across multiple Deployment Servers. To schedule a job 1. Drag a job to a computer or computer group. The Schedule Job dialog appears. 2. In the Schedule Job dialog, click the Job Schedule tab. The following options are available: Do not schedule. This option lets you assign jobs to computers but does not run the job until you return to the Schedule Job dialog and set a run time. Run this job immediately. This option lets you run the job immediately. Schedule this job. This option lets you specify the date and time to run the job. Repeat this job every. This option lets you schedule this job to repeat after a specified number of minutes, hours, days, or weeks. Allow this job to be deferred for up to. This option lets you defer the job for a specified number of minutes, hours, days, or weeks when the server is busy executing other jobs, setting a lower priority for particular jobs. By default, all jobs are deferred up to five minutes. Schedule in batches of x computers at y minute intervals. This option lets you schedule computers in batches to maximize efficiency. 3. Click the Computer(s) Selected tab. This is a list of computers on which the job is scheduled to run, with their associated group and IP address. 4. Click the Job(s) Selected tab. The job name and folder located in the Jobs pane appear. Use the up and down arrows to change the order of the scheduled jobs. 5. Click OK. Note The Schedule Job dialog is the same for Rescheduling Jobs, New Job Wizard, and Job Scheduling Wizard. To reschedule a job 1. From either the Computers or Jobs panes in the Deployment Console, select a job or computer that has been previously scheduled. A job icon appears in the Details pane, identifying the computers assigned or the name of the job. 2. Select the job icon, click the scheduled computers in the Details pane, right-click and click Reschedule. If you select a computer icon, click the job icon in the Details pane, right-click and click Reschedule. The Schedule Jobs dialog appears. 3. To immediately start a scheduled job that has not yet run, right-click the job icon and select Start Now. Deployment Solution 152
4. To stop a repeating job, right-click the job in the Details pane and click Discontinue Repeat. At this point you need to schedule a new time to run the job or click the Do not schedule option. To remove computers from a scheduled job You can complete this task by removing a job assigned to a computer or removing a computer assigned to a job. 1. Click a job in the Jobs pane. 2. Click a computer in the Details view and press Delete or right click the job(s) and select Delete. To remove tasks from a job You can remove tasks assigned to a job by double-clicking the job and opening the Job Properties dialog. (Edit features also open in the Details view of the Deployment Console when you select the job from the Jobs pane). 1. Select one of the assigned tasks in the Task list. 2. Click Delete. To remove scheduled jobs from a computer 1. Click the computer. 2. Select the scheduled job in the Details pane, and press Delete or right click the job(s) and select Delete. To remove multiple jobs, hold down the SHIFT or CTRL key while you select the job(s), press Delete or right-click the job(s) and select Delete. The icon for a scheduled job is yellow. To run a job immediately from the Resources view If you have a batch file, image file, .RIP, .MSI, or executable file assigned to a job or stored in the Deployment Share, these files and packages appear in the Resources view (see Shortcuts and Resources View on page 73). You can drag these files and packages from the Resources view to a computer or computer group to automatically create and run a job (or you can drag computers to a file or package in the Resources view). A job is created automatically for each assigned package in the Systems Jobs > Drag-n-Drop folder. See also Building New Jobs on page 148 and Modifying Tasks in a Deployment Job on page 187. Deployment Tasks A task is an action of a job. Jobs are built with tasks. Each task runs according to its order in the task list contained in a job. You can resize the task pane by dragging the bottom pane (horizontal bar) that separates the task list and the scheduled computer list of the Deployment Console. This lets you view a greater number of tasks in a deployment job without using the scroll bar to navigate up and down. The Add menu of the Deployment Console includes the following tasks: Deployment Solution 153
Create Disk Image. Create a disk image from a reference computer and save the image file (.IMG or .EXE files) for later distribution. See Creating a Disk Image on page 154. Distribute Disk Image. Distribute previously created disk images (.IMG or .EXE files) or create a disk image from a reference computer on the network and simultaneously distribute it (.IMG or .EXE) to other managed computers on the network. See Distributing a Disk Image on page 160. Scripted OS Install. Run scripted (unattended) installs using answer files to install computers remotely over the network. See Scripted OS Install on page 165. Distribute Software. Distribute .RIPs, .MSI files, scripts, personality settings, and other package files to computers or groups. See Distributing Software on page 172. Manage SVS Layer. Instantly activate, deactivate or reset layers and completely avoid conflicts between applications, without altering the base Windows application. See Managing the SVS Layer on page 175. Capture Personality. Capture the personality settings of a selected computer on the network using the PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing Personality Settings on page 176. Distribute Personality. Send a Personality Package to computer or groups. This task identifies valid Altiris packages and assign passwords and command-line options to Personality Packages. See Distributing Personality Settings on page 178. Modify Configuration. Modify the IP address, computer and user name, domains and Active Directory organizational units, and other network information and computer properties. See Modifying Configuration on page 179. Back up Registry. Copy the registry files of selected computers and save the registry file settings to a selected directory. See Backing up and Restoring Registry Files on page 180. Restore Registry. Copy the registry file settings to a managed computer. Get Inventory. This lets you gather inventory information from client computers to ensure that the Deployment Database is updated with the latest computer properties. See Get Inventory on page 166. Run Script. Create custom commands using scripts to perform jobs outside the bounds of the preconfigured tasks. Use the Run Script dialog to select or define a script file to run on specified computers or groups. See Run Script on page 167. Copy File to. Copy a file from the Deployment Share or another source computer to a destination computer. See Copy File to on page 170. Power Control. Perform power control options to restart, shutdown, power off, and log off. See Power Control on page 172. Wait. Use the Wait dialog to retain a computer in automation mode after a task is performed. See Wait on page 172. Tasks are listed for each job in the Task list. Each task runs according to its order in the list. You can change the order using the up and down arrow keys. Supported Live Task Types The following is the list of the live tasks supported for the x64, IA64, and SPARC platforms. Deployment Solution 154
Creating a Disk Image This task creates an image of a computers hard disk. You can save the disk image as an .IMG, .EXE, .WIM, .DMG, or .GHO file. Task x64 IA64 SPARC Restore Computer Yes Yes Yes History Yes Yes Yes Configure Yes Yes Yes Quick Disk Image Yes Yes Yes Power Control: Wake Up Yes Yes Yes Power Control: Restart Yes Yes Yes Power Control: Shutdown Yes Yes Yes Power Control: Log off Yes Yes No Remote Control Yes No No Execute Yes Yes Yes Copy File Yes Yes Yes Chat No No No Advanced: Clear Computer Status Yes Yes Yes Advanced: Prompt User for Properties Yes Yes No Advanced: Reset Connection Yes Yes Yes Advanced: Install Automation Partition Yes Advanced: Get Inventory Yes Yes Yes Advanced: Reject Connection Yes Yes Yes Advanced: Uninstall Windows Agent Yes Yes No Advanced: Install BIS Certificate No No Yes Advanced: Remove BIS Certificate No No Yes Advanced: Apply Regular License Yes Yes Yes New Job Wizard Yes Yes Yes New Group Yes Yes Yes New Computer Yes Yes Yes Rename Yes Yes Yes Delete Yes Yes Yes Change Agent Setting Yes Yes Yes Permissions Yes Yes Yes Job Scheduling Wizard Yes Yes Yes Deployment Solution 155
Note To create an image of a computer, you must boot to DOS, Linux, or WinPE. This requires that you set up a PXE Server or install an automation partition. To create a disk image 1. In the Jobs pane in the Deployment Console, select a job. 2. In the Details pane, click Add and select Create Disk Image. 3. In the Create Disk Image dialog, select an imaging tool from the drop-down list. You can select RapiDeploy (Text mode), RapiDeploy (Graphics mode), RapiDeploy (Linux mode), ImageX, Mac Image or Ghost. RDeploy Options RDeployT is the default imaging executable. This facilitates the imaging of thin client computers. The following are the RapiDeploy options for imaging: Graphical Mode (RDeploy). Select this option to run the RDeploy in a GUI mode. Text Mode (RDeployT). Select this option to run the RDeploy in a text mode. Linux (RDeploy). Select this option to run the RDeploy in Linux mode. You can select the ImageX or Mac Image option for imaging. If you select ImageX, the image is created as a .WIM file. If you select Mac Image, the image is created as a .DMG file. For information on creating a Mac Image, see Creating a Mac Image on page 157. You can also select the Ghost option for imaging. If you select Ghost, the image is created as a .GHO file. For information on creating a Ghost Image, see Creating a Ghost Image on page 158. Important Linux (RDeploy) and Ghost options are available only when the ImageTools.ini file is stored in the eXpress folder. 4. Enter additional parameters in the Additional Parameters field. You can add command-line options specifically for the RapiDeploy program to run imaging tasks. See Command-line Switches in the Deployment and Migration Guide. 5. Enter a path and file name to store the disk image file. You can store image files to access later when a managed computer is assigned a job that includes the image file. The default file name extension is .IMG. Saving image files with an .EXE extension converts them into self-extracting executable files (the run-time version of RapiDeploy is added in the file). You can also save ImageX files with a .WIM
Create an image file by using the New Job Wizard or adding the task when building new jobs. You can distribute the disk image file using the Distribute a Disk Image task. This task will run Altiris RDeploy.exe from the console to capture and migrate hard disk images. See New Job Wizard on page 144, Building New Jobs on page 148, and Distributing a Disk Image on page 160. Deployment Solution 156
extension, a Mac image with a .DMG extension, and a Ghost image with a .GHO extension. 6. Select Disable image path validation if you want to store the image file outside of the Deployment Share file structure. If you do not select this option and do not specify a Deployment Share path, a warning message appears, reminding you to configure your automation process to use the path indicated in the Name field. You can still save your image to a location outside of the Deployment Share file structure even when you do not select this option. This option only eliminates the warning message. You can use this option to store images locally on the managed computer's hard drive or to an additional server used to store images. When storing images locally on the managed computer's hard drive, ensure that you enter the path relative to the managed computer (Example: C:\myimage.img). When you store an image locally on a managed computer instead of a file server, you save server disk space and reduce network traffic. Prerequisite: To store images locally on the managed computers hard drive, you must have a hidden automation partition installed on the managed computer's hard disk with the required disk space to hold the images you want to store. Caution When imaging computers where images are stored on the managed computers hidden automation partition, use the option to remove the automation partition only when you want to clear all images from the computer. 7. Select Prepare using Sysprep to use Sysprep to prepare the system for imaging. 8. From the Operating System drop-down list, select the operating system or Add new to open the OS Product Key dialog and select the OS Information. 9. Click Advanced Settings. This opens the Sysprep advanced settings dialog. See Advanced Sysprep Settings for Creating a Disk Image on page 159. 10. (Optional) Select the Do not boot to Production option to create an image of the hard disk while booted to Automation without first booting to Windows to save network settings (TCP/IP settings, SID, computer name, and so on). If you select this option, these network settings are not reapplied to the computer after the imaging task, resulting in network conflicts when the computer starts. 11. From the Automation pre-boot environment (DOS/WinPE/Linux) drop-down list, select the required pre-boot environment to perform the Create Disk Image task in the selected pre-boot environment. By default, the Default Automation (Auto-select) type is selected. Note ImageX requires a WinPE x86 pre-boot environment. 12. (Optional) To select Media Spanning and additional options, click Advanced. See Create Disk Image Advanced on page 159. 13. Click OK (if you are using the New Job Wizard) or click Next. 14. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 15. Click Finish. The task appears in the Task list for the job. The disk image is created when you run this task. Deployment Solution 157
Tip If an imaging job fails on a managed computer, the Deployment Agent Configuration page appears on the client computer. This page displays a prompt to confirm whether the user wants to configure the client computer or restore the original settings. On the client computers screen, select Cancel > Restore Original Settings. See also Deployment Tasks on page 152. Creating a Mac Image You can create a Mac Image using the Create Disk Image task. To create a Mac Image 1. In the Create Disk Image dialog, select Mac Image (*.dmg) from the Imaging Tool drop-down list. 2. Provide the disk number in the Additional Parameters field using the following format: -d[disk#] By default, all partitions of disk 1 are imaged. To image a different disk, provide the disk number in the Additional Parameters field using the same format. 3. Enter the path and file name to store the disk image. Caution The captured disk image must be stored on an AppleTalk Filing Protocol (AFP) share. 4. Select Disable image path validation if you want to store the image file outside of the Deployment Share file structure. If you do not select this option and do not specify a Deployment Share path, a warning message appears, reminding you to configure your automation process to use the path indicated in the Name field. You can still save your image to a location outside of the Deployment Share file structure even when you do not select this option. This option only eliminates the warning message. You can use this option to store images locally on the managed computer's hard drive or to an additional server used to store images. When storing images locally on the managed computer's hard drive, ensure that you enter the path relative to the managed computer (Example: C:\myimage.img). When you store an image locally on a managed computer instead of a file server, you save server disk space and reduce network traffic. Prerequisite: To store images locally on the managed computers hard drive, you must have a hidden automation partition installed on the managed computer's hard disk with the required disk space to hold the images you want to store. Caution When imaging computers where images are stored on the managed computers hidden automation partition, use the option to remove the automation partition only when you want to clear all images from the computer. 5. (Optional) Select the Do not boot to Production option if you do not want the computer to boot to Production before creating the image. Deployment Solution 158
6. From the Automation pre-boot environment (DOS/WinPE/Linux) drop-down list, select the required pre-boot environment to perform the Create Disk Image task in the selected pre-boot environment. By default, the Default Automation (Auto-select) type is selected. Note ImageX requires a WinPE x86 pre-boot environment. 7. Specify the share using the following format: //server/sharepoint/path/filename.dmg If no credentials for this server are provided in the automation configuration, the guest account is used by default. 8. Provide the account credentials as part of the path using the following format: //username:password@server/sharepoint/path/filename.dmg 9. Click Next. The Return Codes dialog appears. 10. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 11. Click Finish. The task appears in the Task list for the job. The Mac image is created when you run this task. Note The Sysprep settings option is disabled if you select Mac Image as the Imaging Tool. The Automation pre-boot Environment for Mac Image is the Default Automation when capturing Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help. Creating a Ghost Image Symantec Ghost Solution Suite is a corporate imaging and deployment solution. It also provides operating system migration, software distribution, computer personality migration, hardware and software inventory, and secure system retirement. You can create a Ghost Image using the Create Disk Image task. Important To use the Ghost Solution for creating a disk image, you have to store the ghost.exe and ImageTools.ini files in the Program Files\Altiris\eXpress\Deployment Server directory. To create a Ghost Image 1. In the Create Disk Image dialog, select Ghost Image (.gho) from the Imaging Tool drop-down list. 2. Add additional parameters in the Additional Parameters field. 3. Enter the path and file name to store the disk image. 4. (Optional) To disable the validation of the image path, select the Disable image path validation check box. This is useful if the image is stored locally, or if you are retrieving the image from a remote server. 5. To use Microsoft Sysprep, select the Prepare using Sysprep check box and specify the operating system and product key. Deployment Solution 159
6. From the Automation pre-boot environment (DOS/WinPE/Linux) drop-down list, select the required pre-boot environment to create the disk in the selected pre- boot environment. By default, the Default Automation (Auto-select) type is selected. 7. Click Next. The Return Codes dialog appears. 8. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 9. Click Finish. The task appears in the Task list for the job. The Ghost image is created when you run this task. Advanced Sysprep Settings for Creating a Disk Image You can use the Sysprep Advanced Settings dialog to specify Sysprep mass storage device support. By default, the Enable mass storage device support using built-in drivers (For Windows XP and 2003 only) option is selected. Disable mass storage device support. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as Bui l dMassSt or ageSect i on = No. Enable mass storage device support using built-in drivers. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as Bui l dMassSt or ageSect i on = Yes. Enable mass storage device support using following: When this option is selected, the Sysprep.inf file contains the section [SysprepMassStorage] and is appended by contents of the file mentioned in the Mass storage section file field. You can also copy the drivers directory mentioned in the Mass storage drivers field. Command-line switches. You can add command-line options. Advanced Sysprep Settings for Creating a Disk Image in Windows Vista You can use the Sysprep advanced settings dialog to specify the settings for any Windows Vista operating system. If you select Windows Vista as the operating system under Sysprep settings on the Create Disk Image dialog and click Advanced Settings, the Sysprep advanced settings dialog for Windows Vista appears. This dialog lets you select Plug-n-Play (PnP) drivers options, as well as Sysprep options, such as command-line options. Create Disk Image Advanced Media Spanning Maximum file size. The maximum file size supported is 2 GB. To save an image larger than 2 GB, the Deployment Server automatically breaks it into separate files regardless of your storage capacity. From the Maximum file size drop-down list, select a media type. Deployment Solution 160
Specify ___ MB. If the preferred type is not on the list, select Other (specify) and enter the required file size in the Specify ___ MB field. Additional Options Compression. Compressing an image is a trade-off between size and speed. Uncompressed images are faster to create, but use more disk space. Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to create a larger compressed image file with a faster imaging time. The default setting is Optimize for Speed. Note Configuration restoration after imaging a compressed drive is not supported for this release. Description. (Optional) Enter an image description to help identify the image and click OK. Distributing a Disk Image Distribute an RDeploy, ImageX, Mac, or Ghost image file to managed computers to lay down a previously created hard disk image. Note If you deploy a Windows image over a Linux computer or a Linux image over a Windows computer, you must change the path of the Deployment Agent for the Windows log file. To distribute a disk image 1. Open the New Job Wizard and select Deploy and configure computers and click Next. The Job conditions page appears. (See Setting up Conditions in the New Job Wizard on page 148.) Click Next. or In the Jobs pane in the Deployment Console, select a job. In the Details pane, click Add and select Distribute Disk Image. 2. In the Disk Image Source page, click Select a disk image file to select a stored image file. This lets you set down a new image file from a previously imaged computer. Enter the name of an existing image file. If you do not want the Deployment Server to validate the selected path, select Disable image path validation. This is useful if the image is stored locally, or if you are retrieving the image from a remote server.
Distribute a hard disk image using the New Job Wizard or adding the Distribute Disk Image task when building new jobs. You can create the disk image file using the Create a Disk Image task. See New Job Wizard on page 144, Building New Jobs on page 148, and Creating a Disk Image on page 154. Deployment Solution 161
3. Click Select a computer on the network to image a source computer on the network. Enter the name and location of the source computer to both create an image and distribute the newly created image file. This option saves an image of a selected computers hard disk in its current state each time the job runs. You can schedule the job to image a specified computer every time it runs, which updates the image each time. Select the Save the disk image as a file while distributing option to save the newly created image file. If you use a reference computer as the image source, you can also choose to save the image as a file for later use. Enter or browse to the location where you want to store the file. 4. Select Prepared using Sysprep to use Sysprep to prepare the system for imaging. 5. From the Operating System drop-down list, select the operating system. Note Click Add New to open the OS Product Key dialog and select the OS Information. 6. From the Product Key drop-down list, select the product key. 7. Click Advanced Settings to open the Sysprep Advanced Settings dialog. See Advanced Sysprep Settings for Distributing a Disk Image on page 163. 8. Enter the required Additional Parameters. 9. Select Automatically perform configuration task after completing this imaging task to restart the computer and push the configuration settings to the imaged computer. Note If you clear this option, a warning appears, confirming that you want to remove the configuration step after the image is deployed. As a result, the imaged computer may not reconnect to the network. 10. (Optional) Select the Boot to production to complete configuration task. 11. From the Automation pre-boot environment (DOS/WinPE/ Linux) drop-down list, select the required pre-boot environment to perform the Distribute Disk Image task. By default, the Default Automation (Auto-select) type is selected. 12. (Optional) Click Advanced to resize partitions and set additional options. See Distribute Disk Image-Resizing on page 163. Click OK. 13. Click Next. 14. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 15. Click Finish. The task appears in the Task list for the job. The disk image is distributed when you run this task. See also Deployment Tasks on page 152. Distributing a Mac Image You can deploy a Mac Image using the Distribute Disk Image task. To deploy a Mac Image 1. Select the Select a disk image file option. Deployment Solution 162
2. In the Name field, provide the path to the Mac (.DMG) image stored on an AppleTalk Filing Protocol (AFP) share by using the following format: //server/sharepoint/path/filename.dmg If no credentials for this server are provided in the automation configuration, the guest account is used by default. 3. Provide the credentials as part of the path using the following format: //username:password@server/sharepoint/path/filename.dmg 4. Select Automatically perform configuration task after completing this imaging task to run the configuration task after the imaging task is complete. 5. Click Next. The Return Codes dialog appears. 6. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 7. Click Finish. The task appears in the Task list for the job. The Mac image is deployed when you run this task. Note The Image is stored locally on the client and the Sysprep settings options are disabled when you select a Mac image. The Select a computer on the network feature is not supported when using Mac Imaging. The Automation pre-boot Environment for Mac Image is Default Automation when deploying Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help. Distributing a Ghost Image You can distribute a Ghost (.GHO) image using the Distribute Disk Image task. To distribute a Ghost image 1. On the Distribute Disk Image dialog, select the Select a disk image file option. 2. Browse and select a .GHO image. If you do not want the Deployment Server to validate a selected path, select Disable image path validation. This is useful if the image is stored locally, or if you are retrieving the image from a remote server. 3. To use Sysprep to distribute the image, select Prepared using Sysprep. 4. From the Operating System drop-down list, select the operating system. Note Click Add New. From the Sysprep Settings dialog, select the operating system information. 5. From the Product Key drop-down list, select the product key. 6. Add any additional parameters in the Additional Parameters field. 7. To restart the computer and push the configuration settings to the imaged computer, select Automatically perform configuration tasks after completing this imaging task. 8. From the Automation pre-boot environment drop-down list, select the required pre-boot environment to perform the Distribute Disk Image task. Deployment Solution 163
By default, the Default Automation (Auto-select) type is selected. 9. Click Next. 10. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 11. Click Finish. The task appears in the Task list for the job. The Ghost image is deployed when you run this task. Advanced Sysprep Settings for Distributing a Disk Image You can generate the Sysprep.inf file for the Distribute Disk Image task, depending on the option selected in the Advanced Sysprep Settings dialog. Use default answer file. When this option is selected, the Deployment Server generates the Sysprep.inf file depending on the data present in the database. Use the following answer file. When this option is selected, the Deployment Server picks up the contents of the file mentioned in the Sysprep answer file field and prepares the Sysprep.inf file from it. Advanced Sysprep Settings for Distributing a Disk Image in Windows Vista You can use the Sysprep advanced settings dialog to specify the settings for any Windows Vista operating system. If you select Windows Vista as the operating system under Sysprep settings on the Distribute Disk Image dialog and click Advanced Settings, the Sysprep advanced settings dialog for Windows Vista appears. This dialog lets you select Sysprep answer file options. Distribute Disk Image-Resizing By default, whenever you deploy an image, you have the option to resize the partition to take advantage of the available disk space. Drive Size gives you information about the size of the image, so you can determine if you need to change partition sizes. Minimum indicates the amount of space the image will use on the target computers. Original indicates the image source disk size. Fixed Size. Select this option and enter the desired partition size. Percentage. Select this option and enter the percentage of free space you want the partition to occupy. Min. View the minimum size of the partition. Max. View the maximum size of the partition. Note FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although they can be resized smaller than the minimum value). HP partitions remain a fixed size. Distribute Disk Image-Additional Options This option lets you specify operations for existing Automation Agents and OEM disk partitions. The options are as follows: leave the partition as it is, remove, or replace the Deployment Solution 164
existing partitions. If the image file does not contain any information for an automation or OEM partition, the default option is to leave the clients existing Automation or OEM partition as it is. RDeploy Options: Graphical Mode[RDeploy]. Click this option to choose RDeploy as the imaging executable. Text Mode[RDeployT]. Click this option to choose RDeployT as the imaging executable. Text Mode or RDeployT is the default choice. Automation Partition: Leave the client's existing Automation partition as it is. If the image file contains no automation partition information, by default, this option is selected. The automation partition remains unchanged when distributing disk images. Delete the client's Automation partition [-nobw]. Select this option to delete the existing Automation partition from client computers. Replace the client's existing BW partition from image file [-forcebw]. Select this option to replace the existing automation partition on the client computer with the automation partition from the image file. OEM Partition: Leave the client's existing OEM partition as it is. If the image file contains no OEM partition information, by default, this option is selected. The OEM partition remains unchanged when distributing disk images. Delete the client's OEM partition [-nooem]. Select this option to delete the existing OEM partition from client computers. Replace the client's existing OEM partition from image file [-forceoem]. Select this option to replace the existing OEM partitions on the client computer with the OEM partition from the image file. Additional Command line switches. You can add command-line options specifically for the RapiDeploy program that runs imaging tasks. Note The checkdisk command-line option should not be used from a Deployment Console. The post-configuration task fails after an image restore. See also Deployment Tasks on page 152. Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives) Deployment Solution supports imaging clients from bootable USB Disk on Key (DOK) devices. To image computers from USB Disk on Key Devices 1. Format the USB DOK using HPs USB Disk Storage Format tool as FAT and make it a DOS startup disk. Deployment Solution 165
2. In Boot Disk Creator, create a new automation boot disk while creating a new configuration. 3. Select Bootable disk-Removable disk to install on the USB Disk on Key. 4. Copy HIMEM.SYS to the device. Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment Server\RDeploy\DOS directory to the device. 5. Copy the <Filename>.img file to the device. 6. Create an Autoexec.bat with the script and command-line option, r depl oyt - md - f c: \ I MAGE. i mg - d2 Note The -d2 switch is the most important part of the script, as it specifies the flash drive. 7. Create a Config.sys with the following: DEVI CE=C: \ HI MEM. SYS swi t ches = / f DOS=HI GH, UMB SHELL=command. com/ p / E: 1024 BUFFERS=20 FI LES=20 STACKS=0, 0 FCBS=1, 0 LASTDRI VE=Z 8. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and images correctly. Scripted OS Install The Scripted OS Install task performs remote, automated, and unattended operating system installations over the network using answer files to input configuration and installation-specific values. Scripted installs let you deploy server and client computers across the network from installation files and perform post-installation configuration tasks. You can run scripted installs for Windows or Linux computers. Note Scripted Install requires either an automation boot disk or a PXE Server. Using embedded automations causes the selected image (DOS, Linux, WinPE) to load and halt. It does not let the scripted install run. When running a Scripted OS Install task, you can identify the type of operating system to install for supported languages, run the scripted install, and update with service pack installations. This task provides easy-to-use features to create an answer file for each scripted installation. Deployment Solution 166
Scripted installs are flexible in performing post-configuring tasks, but much slower and bandwidth-intensive. Complete network and Web server installation and configuration tasks benefit most from scripted installs. Windows. Use complete unattended install features to copy Windows operating system source files quickly to the Deployment Share and easily create an answer file. Configured operating system install sets can be reused to build and run scripted install jobs as needed. See Scripted Install for Windows on page 166. Linux. Run scripted install jobs to remotely install different versions of Linux. You can customize sample scripted install jobs installed with the Deployment Server system and create a kickstart answer file to remotely run a scripted install. See Scripted Install for Linux on page 172. Scripted Install for Windows 1. After selecting Add > Scripted OS Install, select the Windows option and click Next. 2. Select the type of Windows operating system to install and the preferred language. See Select Operating System Version and Language on page 167. Select the required pre-boot environment from the Automation - PXE or BootWorks environments (DOS/WinPE/Linux) Automation pre-boot environment (DOS/WinPE/Linux) drop-down list to perform the Distribute Disk Image task in the selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default, the Default Automation (Auto- select) type is selected. Click Next. 3. From the Select or add new OS source files drop-down list, select the operating system source files already copied to your Deployment Share. See Installation Source Files on page 168. Click Add New from the list to set up the new operating system installation files. See Operating System-Source Files on page 168. Click OK after entering a unique name and the path to the operating system installation source files. The source files will be copied to the Deploy folder in the Deployment Share directory. The first source files added are given a generic name of WinOS001, with additional operating system source folders named as WinOS002, WinOS003 and so on. Service Pack source files are also stored as WinSP00x.img files. This process could take a few minutes. Because the installation source files are copied over to the Deployment Share, when running subsequent scripted installs you do not need to add new source files for this version of Windows. They can be selected from the list of installation source files. See Installation Source Files on page 168. Note When importing Scripted Install jobs, you must edit the job files to point to the installation source files on the new Deployment Server system. This requires you to run the Scripted Install for Windows wizard and modify the path and name of the folder for the Installation Source Files for the exported jobs. This is required for both the main installation and the service pack installation files. See also Scripted Install for Windows on page 166, Installation Source Files on page 168, and Importing and Exporting Jobs on page 189. Deployment Solution 167
4. After the source files are copied, select the newly created operating system source name from the Installation Source Files list. Click Next. 5. In the Partition and Format Disk page, click Select a DOS disk image to distribute a DOS disk image (default), or click Continue without distributing DOS image to partition and format the hard disk of the destination computer using custom scripts or setup utilities. Click Advanced to set partition size, delete hidden partitions or set RapiDeploy command-line parameters. Click Next. See Operating System-Source Files on page 168. Note Before running a scripted install, you must install DOS. However, DOS is not required if you are using your own scripts or utilities to partition and format the client computer. 6. Import an answer file to the Deployment Database. See Import an Answer File on page 169. Click Next. 7. Create the Answer file. See Answer File Setup on page 169. Click Next. 8. Set command-line options for cmdlines.txt files and for the WINNT installation program. See Command-line Switches for Scripted Install on page 170. Click Next. 9. View and modify the Deployment Agent for Windows configuration file from the dialog. See Deployment Agent Settings for Scripted Install on page 171. Click Next. 10. View the summary of the selected options. See Scripted Install Summary on page 171. Click Next. 11. Set up return codes for the Scripted Install task. See Setting Up Return Codes on page 190. Click Finish. The task appears in the Task list for the job. See also Scripted OS Install on page 165. Select Operating System Version and Language Identify the operating system version to run in a scripted install. The selected version and language must correspond to your Windows installation files. We support multiple languages for the following Deployment Solution utilities: Boot Disk Creator Image Explorer PXE Configuration Utility Remote Client Installer Control Panel Applet DS Info PW Util (Password utility) Switch Management Select the operating system version. Select the Windows operating system you want to install from the list. Click Template if you want to install another version or language of a Windows operating system not provided in the list. Select the operating system language. Select the language version of the operating system to install. The language must correspond to the operating system source files. If Deployment Solution 168
you selected the Template option, only the Multilingual language option can be selected (this is a generic language option). Automation (Pre-boot Environment). Select the required pre-boot environment from the Automation (Pre-boot Environment) drop-down list. The option reported by the PXE Manager is the default pre-boot environment option. List of supported multiple languages: German French Spanish Japanese Simplified Chinese See also Scripted Install for Windows on page 166. Installation Source Files If you copied installation files to the Deployment Share for previous scripted installs, the name of this install source configuration appears in the list box for each operating system type and language. To create new source configuration sets for additional operating system installs, select Add new from the drop-down list. Select or add new operating system source files. Select the assigned name for each operating system source configuration in the list, or select Add new from the list to create a new install task. Previous scripted install jobs will create a WinOS00x.img file in the Deploy directory of the Deployment Share. The Operating System-Source Files dialog lets you identify the version of Windows install files and enter the path to the files (on the CD or other medium). Select or add new service pack source files. Run service pack updates immediately after installing the operating system during the scripted install process. Previous scripted install jobs will create a WinSP00x.img file. See also Scripted Install for Windows on page 166. Operating System-Source Files Name the operating system source configuration, specify the path, and automatically copy Windows installation files to the Deployment Share. Enter a unique name for the operating system source files. Enter a name for the operating system source configuration files to assign an alias to associate with the install files for a specific operating system version and language. Enter path to operating system source files. Enter the path to the I386 folder on the CD where the Windows installation programs and support files are stored. Example: Browse to the CD drive and select I386\WINNT.exe. Click Open. The Windows operating system identified previously in the Installation Source Files dialog must match the source files selected here. If the name and language of the operating system does not match the installation files, you receive an error. Click OK and the files will copy from the source CD (or other volume) to the Deployment Server\Deploy directory in the Deployment Share. This process will take a few minutes. Deployment Solution 169
Enter a short description. (Optional) Enter a description of the Windows operating system source configuration. Example: W2K Advanced Server SP3 English. See also Scripted Install for Windows on page 166. Partition and Format Disk Select a DOS disk image to distribute to the client computers before starting the Windows scripted install. A DOS image is provided in the Images directory in the Deployment Share (default path in the Name field). Select a DOS disk image. Click this option to distribute a DOS image from the Deployment Share. The Deployment Server system includes a DR DOS image file that is selected by default. You can create your own MS DOS image from your Windows 98 CD and build a job. Advanced. Select advanced options to set the size of the partitions, or to remove hidden partitions and add command-line options. See Create Disk Image Advanced on page 159 and Distribute Disk Image-Resizing on page 163. Continue without distributing DOS image. Click this option to not install a DOS image from Deployment Server. Skip this step if you are installing DOS using custom procedures for your environment. See also Scripted Install for Windows on page 166. Import an Answer File Reference a previously created answer file for a Windows scripted install. You can also view a summary of the operating system source configuration. Import existing unattend.txt. Select to import a previously created answer file to the Deployment Database. The values for the answer file are imported from the delimited text file and appear in the Answer File Setup dialog. Path of the unattend.txt. Enter a path and select an answer file with any name. The answer file is imported to the database, edited in the console (if required), and distributed as an unattend.txt file to the client computer. See also Scripted Install for Windows on page 166. Answer File Setup Use the tabs in this dialog to enter values to create an answer file for a scripted install. These values are stored in the Deployment Database. An answer file is generated from the database (unattend.txt) and distributed to each managed computer when the job runs. In the Answer File Setup dialog, select a value (a row) in the table. A list appears in the Values column to change values for each entry. You can add new variables to each section by selecting the bottom row named Add new Variable. To add a new section to the answer file, click the right arrow until the Add new Section tab appears (the last tab on the right). The required answer file values are selected automatically in the dialog with a gray check mark (you cannot clear these variables). Optional but selected values have a green check mark. Other optional values are cleared. Select these optional values if you want to add them to the answer file when it is generated. Deployment Solution 170
The various tabs in the Answer File Setup dialog correspond to the general answer file sections. See the Microsoft Windows Unattended Setup Guide for specific values for an unattended setup file. See also Scripted Install for Windows on page 166. Add a New Section Use this dialog to add new variable sections to the answer file. Enter a name for the section. If you add a section, this name appears in the new tab in the Answer File setup dialog. Enter a description. Enter comments to describe the new section. See the Microsoft Windows Unattended Setup Guide for your specific operating system values for an unattended setup file. See also Scripted Install for Windows on page 166. Delete a Section To delete a new section that you added, right-click the section and select Delete selected Section. Add a New Variable Use the New Variable for Section Unattended dialog to add new variables to the answer file. This variable appears as a row in the Answer File Setup dialog. Name of the variable. Select a variable name. Type of the new variable. Select a variable data type. The Default value of the variable and Displayed value of the variable fields are enabled depending on the variable type selected. Default value of the variable. Enter values for a list, text, password, IP address, or variable only types. Displayed value of the variable. Enter an alias for list item types to appear instead of the real variable value. Description. Enter comments to describe the new variable. It appears in the Description column of the Answer File Setup dialog. See also Scripted Install for Windows on page 166. Command-line Switches for Scripted Install Use the Scripted OS install commands dialog to enter Windows commands that are executed from the cmdlines.txt file. You can also add scripted install command-line options. Switches. Add or edit switch commands to this line for the install program for the scripted install. Additional commands in the cmdlines.txt file. Enter additional Windows scripted install commands in this dialog. The commands execute in the order they are listed. The provided command installs the Deployment Agent for Windows during the Install Deployment Solution 171
Component phase of the installation. You can view and edit Deployment Agent settings in the next dialog. See also Scripted Install for Windows on page 166. Deployment Agent Settings for Scripted Install View or edit Deployment Agent for Windows settings in this dialog. You can change agent settings using this text-edit dialog. See Deployment Agent Settings on page 110 for a list of the Deployment Agent properties. See also Scripted Install for Windows on page 166. Scripted Install Summary View a summary of the selected options for the scripted install. Click Back to change any of these settings or click Finish to complete the Scripted Install task. Click Next to set up return codes. See Setting Up Return Codes on page 190. See also Scripted Install for Windows on page 166. Scripted Install for Windows Vista and 2008 Server The Scripted OS install for Windows Vista and Windows 2008 Server provides a wizard to help set up Vista and Windows 2008 Server installation files and run sample jobs. Follow the steps in the wizard to identify the type of scripted install as Vista or Windows 2008 Server. You can gather all the files for Vista or Windows 2008 Server for the job, but the server does not build any answer file. Instead, you are asked for the location of the answer file. Also, a sample answer file is provided. To perform a Scripted Install for Windows Vista and 2008 Server 1. On the Scripted Operating System Installation page of the Scripted OS Install dialog, select the following options: Windows Vista or Windows 2008 Server as the operating system Operating system language Automation pre-boot environment Note Deployment Solution 6.9 supports only WinPE environment. Click Next. 2. From the Select or add new OS source files drop-down list on the Installation Source Files page of the Scripted OS Install dialog, select Vista or Windows 2008 Server. 3. (Optional) You can select the required option from the Select or add new service pack source files drop-down list. Click Next. 4. Select the Select a DOS disk image\Diskpart tool option on the Partition and Format Disk page of the Scripted OS Install dialog to partition and format the disk. Click Next. Deployment Solution 172
Note You can select the Continue without selecting DOS image\Diskpart Tool option to partition and format the hard disk using your own scripts and setup utilities. 5. On the Scripted Operating System Installation page of the Scripted OS Install dialog, browse to select the path of the unattended .XML file. 6. On the Scripted OS Install Commands page of the Scripted OS Install dialog, set the command-line options for the cmdlines.txt files and enter the Additional commands in the cmdlines.txt file. (See Command-line Switches for Scripted Install on page 170.) Click Finish. The job Note If you want to use the sample answer files (Vista_unattend.xml and Longhorn_unattend.xml) provided by default in the Deploy folder of the Deployment Share, you must enter the product key (for the version you want to install) before you schedule the job. (See OS Product Key dialog on page 84.) If you do not select the product key, the job fails. Scripted Install for Linux The Scripted OS install for Linux provides a wizard to help set up Linux installation files and run Sample jobs. Follow steps in the wizard to identify the type of scripted install and locate the answer files. You can also modify and run Sample deployment jobs to remotely run a scripted install on Linux servers and workstations. Directory. Browse to or enter the path and name of the Linux answer file (Kickstart file). Command-line. Enter the command-line options. Automation pre-boot environment (DOS/WinPE/Linux). Select the required pre- boot environment from the drop-down list to perform the Backup and Restore task in the selected pre-boot environment. By default, the Default Automation (Auto-select) type is selected. See also Scripted OS Install on page 165 and Scripted Install for Windows on page 166. Scripted Install Summary View a summary of the selected options for the scripted install. Click Back to change any of these settings or click Finish to complete the Scripted Install task. Distributing Software Send .MSI Packages, .CAB, .EXE, and other package files to selected computers or computer groups, including EBS, and .RPM files for Linux computers. This task identifies valid Altiris packages and assigns passwords and command-line options.
Distribute software packages to managed computers using the New Job Wizard or adding the Distribute Software task when building new jobs. See New Job Wizard on page 130 and Building New Jobs on page 134. Deployment Solution 173
1. Enter the name and location of the package to distribute in the Name field. Note Information about the package appears in the Description field for valid packages. If no description appears, the file is not an .RIP or a Personality Package. 2. For .RIPs, if you set the password option when you created the .RIP, you must enter the password for the package to run. 3. Select Run in quiet mode to install the package without requiring user interaction. 4. Specify the users to associate with the .RIP or the Personality Package. Select Apply to all users to run the package for all users with accounts on the computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: To install an .RIP for a specific user account on a computer, add values to the Additional command-line switches field: - cu: J Doe; TMaya; Domai n\ BLee Note The command-line switches are specific to any package you are distributing that supports command-line options, such as .MSI and Personality Packages. For a complete list of command-line options, see the Wise MSI Product Guide and the Altiris PC Transplant Pro Product Guide. 5. If distributing an install package or other types of packages with associated support files, you can select Copy all directory files to install all peer files in the directory. Select Copy subdirectories to distribute peer files in the directory and all files in associated subdirectories. Note Some clients may have software installed on the client computer that, for protection against harmful software, only lets software programs on a list of "well-known" executables to run. Therefore, whenever the system administrator wanted to install a patch on client computers, he or she would have to update the well-known- executables list on all the client computers, which could be a lot of work. To save the work of updating that list, or of manually renaming distribution packages, the RenameDistPkg feature was added. Now, the system administrator may update the well-known-executable list once with a filename of their choice. The well-known filename may be entered into the Windows registry of the Deployment Server computer (the computer running axengine.exe) as the Value data of a string value named RenameDistPkg under the HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options key. If the RenameDistPkg registry entry is set, Deployment Server renames the installation files that are copied to the client computers. This feature only affects files that are temporarily copied to the client computer as part of a Distribute Software task. The file that is to be executed only during the installation, sometimes referred to as the package, is the file that is renamed, not the files that are actually installed to various locations on the target computer. Deployment Solution 174
If the Copy all directory files option is enabled, only the main (installable) file is renamed. 6. Click Advanced to specify how files are distributed to the managed computer. You can copy through the Deployment Server, or copy directly from the file source and then run, or run directly from the file source. See Distribute Software Advanced on page 174. Click Next. 7. Provide additional command-line options for distributing software. 8. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 9. Click Finish. The task appears in the Task list for the job. The software is distributed when you run this task. Notes When an .RIP or Personality Package is executed through Deployment Server, the quiet mode command-line option is applied. This means the user cannot interact with the user interface on the managed computer. If the Personality Package is configured to run only if a particular user is logged in and only if the user has an account on the managed computer, the package runs the next time that user logs in. If the user does not have an account, the package aborts and sends an error back to the console through the Deployment Agent. If the package is not run through the Deployment Server, a message appears on the managed computer and the user is prompted to abort or continue. See also Modifying Tasks in a Deployment Job on page 187. Distribute Software Advanced Copy files using Deployment Server then execute. Select this option to distribute packages through the Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. This option is run for Simple installs and is the default option. Copy directly from file source then execute. Select this option to copy packages directly from the Deployment Share if this data store is located on another server (a Custom install). It copies the file and runs it, avoiding running through the Deployment Server and reducing processor output. Execute directly from file source. Select this option to run files remotely from the Deployment Share or another selected file server. File source access and credentials. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying. Deployment Solution 175
Managing the SVS Layer The Manage SVS Layer task lets you instantly activate, deactivate, or reset SVS layers. This task helps in avoiding conflicts between applications, without altering the base Windows application. You can reduce the testing time for applications, as you can install different versions of an application on the layers at the same time, and activate or deactivate the layers as required. For more information on SVS Help, refer to Software Virtualization Solution on page 79. Note This task runs only on Windows computers. 1. After creating a job, click Add > Manage SVS Layer. 2. Enter the .VSA file name in the Layer name drop-down list, or browse and select a .VSA file. You can also enter a .VSA file path in the Layer name drop-down list. The Deployment Console checks if the path entered is correct. If it finds that the file path is correct and it is a valid .VSA file, it replaces the path name with the layer name in the .VSA file. Note The console displays a list of the previously selected layers in the Layer name drop-down list. This makes it easier for you to select a layer from the list, instead of browsing or typing the .VSA file name again. 3. Select Import Package to import the selected layer and apply the actions present in the Action drop-down list. The actions are: 4. Click Advanced to copy files using the Deployment Server or copy files directly from the file source. See Import Package Advanced on page 176. 5. Select Manage Layer to manage the selected layer using actions present in the Action drop-down list. The actions are: Manage the SVS Layer using the New Job Wizard or adding the Manage SVS Layer task when building new jobs. See New Job Wizard on page 144 and Building New Jobs on page 148. Action Name Description (none) Only import package. Activate Import package and immediately activate it. Activate on startup Import package and activate it on startup. Activate and Activate on startup Import package, and immediately activate it and activate it whenever the computer starts up. Deployment Solution 176
6. Select User defined action to enter a command line. 7. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. Note SVS clients have an automatic 120-day license. To purchase a permanent license, please visit the Altiris Sales Web site (www.altiris.com/sales.aspx). Import Package Advanced Copy files using Deployment Server. Select this option to copy files using the Deployment Server. Copy directly from file source. Select this option to copy files directly from their source. If you select this option, you must enter the following File source logon details: User name. Enter the user name. Password. Enter the password. Confirm Password. Enter the password again. Click OK. Capturing Personality Settings The Capture Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can create a Personality Package that Action Name Description Activate Activate layer. Activate on startup Activate layer on startup. Activate and Activate on startup Activate layer and activate it whenever the computer starts up. Deactivate Deactivate layer. Deactivate on startup Deactivate layer on startup. Deactivate and Deactivate on startup Deactivate layer and deactivate it on startup. Delete Delete layer. Reset Reset layer. Reset and Activate Reset and activate layer. Reset and Deactivate Reset and deactivate layer. Deployment Solution 177
you can save and distribute when migrating users. This task runs Altiris PC Transplant from the console to capture and distribute settings. 1. After creating a job, click Add > Capture Personality. 2. Enter the name of a personality template file, or browse and select a template. A default personality template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). Enter the name of the folder where you want to store the package. The personality template lets you define the settings, files, and options to be captured during run time. Click Template Builder to open a wizard to build a custom template. 3. In User account and folder login, enter the login credentials for the managed computer from which the personality settings are captured, and the file server where the Personality Package is stored. 4. In Package login, enter a password for the Personality Package. This is a run-time password that is required when the Personality Package runs on the destination computer. 5. Click Advanced to specify additional features. 6. Set the Advanced options and click OK. Click Next. See Capture Personality Advanced Options on page 177. 7. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 8. Click Finish. You have now created a Capture Personality task, which appears in the Task list. You must schedule this task to capture a personality setting and save it as a PCT file in the selected location (most often in the PCT folder on the Deployment Server shared directory on the Deployment Share). See Distributing Personality Settings on page 178. Notes To capture a personality on a Windows 98 computer, ensure that all users have Write access to the Deployment Server share (by default at C: Program Files\Altiris\eXpress\Deployment Server in a Simple install). Also, ensure that the User account and folder login fields are blank. A user must also be logged on at the client computer to capture the client profiles. An error is returned if you attempt to capture personality settings on Windows 9x computers that are not authenticated. Set the conditions on the job for either Windows 98 or Windows 2000, XP, 2003, 2008 and Vista computers to ensure that the appropriate Capture Personality task runs on the appropriate computers. Capture Personality Advanced Options Domain users. Select this option to capture personality settings for all domain users on the computer.
Capture personality settings using the New Job Wizard or adding the Capturing Personality task when building new jobs. See New Job Wizard on page 144 and Building New Jobs on page 148. Also see Distributing Personality Settings on page 178 to migrate settings to another user. Deployment Solution 178
Local Users. Select this option to capture personality settings for all local users on the computer. Custom. Specify users or groups to capture personality settings. Select the Custom check box and enter the Users or Groups you want to capture personality settings. Also, instead of specifying names, you can also select users who have been either created or accessed in the specified number of days. Additional command-line switches. You can add command-line options specifically for the PC Transplant program that migrates personality settings. See the Altiris PC Transplant Reference Guide in the docs folder of the Deployment Share. Distributing Personality Settings The Distribute Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can distribute Personality Packages to migrate personality settings. This task runs Altiris PC Transplant from the console to capture and distribute settings. 1. In the Name field, enter the file name and location of the PCT file. Note The information about the Personality Package appears in the Description field for valid Personality Packages (PCT files). If no description appears, the file is not a valid package. If you use a token, such as %COMPNAME%, in this field, and you proceed with the job, when you apply the job to a Windows XP computer, the user must enter input before the job completes. Altiris recommends you enter a valid Personality Package name and use the Additional command-line switches fields for token values. See the Altiris PC Transplant Reference Guide for a complete list of valid command- line options. 2. In the Password field, type the password set for the PCT file when created. 3. Select Run in quiet mode to install the package without displaying the PC Transplant screens. 4. Specify the users to associate with the Personality Package. Select Apply to all users to run the package for all users with accounts on the specified computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: To install a Personality Package for specific user accounts on a computer, add values to the Additional command-line switches field. Example: - user : J Doe; TMaya; BLee
Distribute personality settings using the New Job Wizard or adding the Distribute Personality task when building new jobs. See New Job Wizard on page 144 and Building New Jobs on page 148. See also Capturing Personality Settings on page 176 to create a Personality Package. Deployment Solution 179
Note The command-line options are specifically for Personality Packages. For a complete list of command-line options, see the Altiris PC Transplant Reference Guide. 5. (Optional) Click Advanced to specify how to copy Personality Packages to the managed computer. You can copy through Deployment Server and then run, or copy directly from the file source and then run, or run directly from the file source. See Distribute Personality Advanced on page 179. Click OK. 6. Click Next. 7. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 8. Click Finish. The task appears in the Task list for the job. The personality is distributed when you run this task. For more information about capturing a computer's personality settings, see the Altiris PC Transplant Help. See also Distributing Software on page 172 and Modifying Tasks in a Deployment Job on page 187. Distribute Personality Advanced Copy files using Deployment Server then execute. Select this option to distribute software packages through the Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple Installs to take advantage of security rights defined by Deployment Server. This is the default option. Copy directly from file source then execute. Select this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file and runs it and avoids running through the Deployment Server and diminishing processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you must identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. Execute directly from file source. Select this option to run files remotely from the Deployment Share or another selected file server. File source access and credentials. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both exist in the same domain). Modifying Configuration You can add a task to configure or modify the configuration of computer property settings using the Modify Configuration dialog. The Deployment Agent updates the property settings and restarts the computer for changes to take effect. 1. After creating a job, double-click the job, and click Add > Modify Configuration. 2. Select the Reboot after Configuration check box to restart client computer after the configuration changes are complete. By default, the check box for Reboot after Configuration is selected. Deployment Solution 180
3. Enter or edit the property settings in the Configuration dialog. Click the category icons in the left pane to set additional values for each property setting group. See Computer Configuration Properties on page 101. 4. Click Next. 5. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 6. Click Finish. The task appears in the Task list for the job. The configuration is modified when you run this task. See also Modifying Tasks in a Deployment Job on page 187. Backing up and Restoring Registry Files Note This feature has been deprecated and removed from the product in a later release. Copy registry files of selected computers using the Back Up Registry task and save the registry file settings to a selected directory. You can also create a Restore Registry task to copy the registry settings to a managed computer. 1. Enter the directory path to back up or restore registry files. 2. The Computers with registry files in this directory field displays the names of the computers whose registry files will be captured in this directory. 3. Select the required pre-boot environment from the Automation pre-boot environment (DOS/WinPE/Linux) drop-down list to perform the Backup and Restore task in the selected pre-boot environment. The Default Automation (Auto- select) type is selected. 4. Click Advanced if Windows was installed on client computers in a directory other than the default. Enter the correct path to the root of the Windows directory. Select Include registry information for all users to back up registry keys for all user accounts. Note If you clear this check box, only the Administrator and Guest user accounts are backed up or restored. 5. Click Next. 6. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 7. Click Finish. The task appears in the Task list for the job. See also Modifying Tasks in a Deployment Job on page 187.
Copy registry settings by adding the Back Up Registry task when building new jobs. Restore registry settings by adding the Restore Registry task. See Building New Jobs on page 134. Deployment Solution 181
Get Inventory Use this task to gather inventory from an individual computer or a group of client computers. This ensures that the Deployment Database is updated with the latest computer properties information. You can view the history of the Get Inventory task in the Computers History pane. See Viewing a Computers History on page 125. Click Add and select Get Inventory from the list. The Get Inventory task appears in the list. Run Script Select an existing script or write a new script file to run on selected managed client computers. 1. If you have a script file defined, select Run the script from file and browse to select the file. To read or edit the script file, click Modify. Note To run scripts that call an executable, use the start command. Example: Enter start C:\windows\notepad.exe to open the Notepad application on the client computer. 2. To create a new script, click Run this script. Enter the script in the provided field, or click Import and select a script file to import. After you import the script, you can modify it in the provided field. 3. Specify the operating system to run the script. You can choose Windows, DOS, Linux, or Mac OS X. Click Next. 4. Set Script Information. See Script Information on page 182. Click Next. 5. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 6. Click Finish. The task appears in the Task list for the job. The script runs when you run this task. Notes When a computer is in an automation mode using a DOS configuration, it does not detect DOS partitions. To run a script using the DOS Automation Agent, use FIRM (File-system Independent Resource Manager) commands. FIRM can only copy and delete files; it cannot run a code on a drive. The Deployment Server assumes a return code of zero (0) as a successful script execution. Some programs return a code of one (1) to denote a successful script execution. If a program returns a one (1), you see an error message at the Deployment Console even though the script ran correctly. To modify the return codes, you can edit the script file to return a code that the console interprets correctly.
Run script files on client computers by adding the New Script task when building new jobs. See Script Information on page 182 to identify how the script appears, script security, and an option for server-side execution of the script. See also Building New Jobs on page 148. Deployment Solution 182
See also Modifying Tasks in a Deployment Job on page 187. Script Information Script Run Location Select one of the following options to run the script: On the client computer. This option runs the script on the managed computer to which you assign the job. Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of the managed computer. In most cases you can create a server-side script task that runs in context with other tasks. Example: You can add a task to image a computer and add a task to execute a server-side script to post the imaging return codes to a log file stored on the Deployment Server computer. Use the -id option for running scripts on Deployment Server when using the WLogEvent and LogEvent utilities. See Using LogEvent and WLogEvent in Scripts on page 183. Note You cannot use this feature to run scripts that require user intervention. The script runs on the Deployment Server of the managed computer, but is not visible. Example: If you run a DOS command locally on the Deployment Server, the Command Prompt window does not open on the Deployment Server computer when the script runs. When running the script on the Deployment Server, it runs specifically for the assigned managed computer. Example: If you create a job with a script to run locally on the Deployment Server and assign the job to 500 computers, the script runs on the Deployment Server 500 times. Client Run Environment Select the environment for your client computer. You can run the script either in production mode or in automation mode. Production - Client-installed OS (Windows/Linux/Mac OS X) Security Context. You can specify one of the following security options for running the scripts: Default (local system account). Use the network security account established to administrate all managed computers. Specific user. If you have selected to run the task on the local Deployment Server, you are required to enter an administrator user name and password for that Deployment Server account. (In most cases Deployment Server does not have the Deployment Agent installed, prohibiting it from using a network security account.) Script Window. From the drop-down list, select how you want the script window to appear: minimized, normal, maximized, or hidden. Note This option is available only for Windows environment. Script Options - (Windows/Linux/Mac OS X) Deployment Solution 183
Additional command-line switches. Enter commands to execute when the script runs in Windows, Linux, or Mac OS X. Automation pre-boot environment (DOS/WinPE/Linux/Mac OS X). Select this option to run the script in an automation environment. Select a pre-boot automation environment from the drop-down list. If you select Linux as the operating system type, the Locally on the Deployment Server option is disabled and only the Additional command-line switches under the Production Client installed OS (Windows/Linux/Mac OS X) is enabled. If you select DOS as the operating system type, the Locally on the Deployment Server and the Production - Client-installed OS (Windows/Linux/Mac OS X) options are disabled. Example Script The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful completion. The following is an example of the file that is modified to return a code of 0 (which is the success code recognized by the Altiris Console and utilities). You can make similar changes to your script files as needed. CONVERT /FS:NTFS if ERRORLEVEL 1 goto success goto failure :success set ERRORLEVEL = 0 goto end :failure echo Failed set ERRORLEVEL = 1 goto end :end Using LogEvent and WLogEvent in Scripts The logging features, LogEvent and WLogEvent, accommodate detailed logging to help debug complex scripts. These utilities include the following features: Logging is stored in the database instead of a log file. A DOS-based tool can be called from any script file to log status and error codes. The console displays and works with the new status messages. LogEvent posts status sends messages to the Deployment Console, letting you view the status of the script. It is a light-weight reporting tool that can log both status strings and status codes to the history file and the console. LogEvent Use the LogEvent utility for DOS and Linux scripts. WLogEvent Use the WLogEvent utility for Windows scripts. The LogEvent and WLogEvent utilities are command-line driven only there is no user interface. Use both utilities with the following switches. Deployment Solution 184
LOGEVENT -c:code -id:%ID% -l:level -ss:message code is any number for a return code level. id is used for server-side scripting only. For server-side scripts you must add the - i d: %I D%switch. See the Locally on the Deployment Server option in Script Information to select a server-side script. See Script Information on page 182. level is the severity level. The following levels are used: 1 = Information message 2 =Warning message 3 = Critical failure message. Only this level can be used to set up a return code. See Setting Up Return Codes on page 190. The response does not execute for a return code unless a level 3 is specified when using the LogEvent and WLogEvent command in a script. message is the status string. If spaces exist in the message, the string must be contained in quotes. Specifying a severity level of 3 causes the script job to fail. Example Scripts REM Boot wor k unl oad Set I mageName=F: \ I mages\ XPI nt el . i mg r depl oy - mu - f %I mageName%- p1 logevent -l:1 -ss:Created %ImageName. REM Execut e WLogEvent . exe f r omCMD scr i pt REM Thi s scr i pt r equi r es WLogevent . exe t o r esi de on t he cl i ent REM i n t he t emp di r ect or y . \ WLogevent . exe - c: 0 - l : 1 - ss: Runni ng Di r on %NAME%" di r . \ WLogevent . exe - c: 0 - l : 1 - ss: Fi ni shed wi t h t he DI R command on %NAME%" Copy File to Copy all types of files to managed computers. You can send selected files or directories to a computer or computer group.
Send files to client computers by adding the Copy File to task when building new jobs. Use the Copy File to operation (see Remote Operations Using Deployment Solution on page 122) to copy files quickly from Computers pane in the console. See Building New Jobs on page 148. Deployment Solution 185
1. Select either the Copy File or Copy Directory option. When you select the Copy Directory option, select Copy Subdirectories to copy all subdirectories. 2. Enter the directory path and name of the file or directory. The Source path defaults to the Deployment Share, but you can enter or browse to a file or directory. To copy files or directories through the Deployment Server from the Deployment Share, you can enter a relative path in this field. To copy files or directories directly from the Deployment Share to the managed computer, you must enter the full UNC path name. See Copy File to Advanced on page 185. Note When entering the source path for copying files through the Deployment Server, you can only access the shared directories through an established user account. Specifically, you can only use UNC paths when you have sufficient authentication rights established. 3. Select the Allow to run in automation check box to run this task in automation mode. Note This option is only applicable for Linux and WinPE automation. 4. Type the destination path. The Destination path field automatically enters a sample path, but you can enter the directory path you require. If the destination path does not exist on the destination computer, it is created. 5. Click Advanced to specify additional features to copy files through the Deployment Server or directly from a file server. See Copy File to Advanced on page 185. Click Next. 6. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 7. Click Finish. The task appears in the Task list for the job. The file is sent to the specified location when you run this task. See also Modifying Tasks in a Deployment Job on page 187. Using Location Variables Location variables are being added to the Deployment Server for the Copy Files feature, letting you enter a token variable instead of requiring a complete location path when copying files to a managed computer (a client computer running the Deployment Agent). The current variables include: Temp. Enter Temp in the Destination path to set the Temp directory (identified in the system path) for the managed computer. Example: Instead of entering C:\windows\temp\setup.exe in the Destination path, enter temp:setup.exe. Copy File to Advanced Select options to copy files directly from the Deployment Share. This option is for files stored on another network server in a distributed Deployment Server installation. Copy files using Deployment Server. This option distributes software packages through the Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by the Deployment Server. You can Deployment Solution 186
use a relative path name entered in the Source Path field in the Copy Files dialog. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file directly to avoid running through the Deployment Server and diminishes processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. File Source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both exist in the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying. Power Control Start the computer using Wake on LAN or run standard power control options to restart the computer, shut down, or log off the current user. 1. Create a job. 2. Click Add > Power Control. 3. Select an option: Restart, Shut down (if available), Log off, or Wake up (send Wake-On-LAN). 4. Select Force application to close without a message, if required. Click Next. 5. (Optional) Set Return Codes. See Setting Up Return Codes on page 190. 6. Click Finish. The task appears in the Task list for the job. Wait Use the Wait task to boot a computer in the automation mode and wait for user interaction. 1. Create a job. 2. Click Add > Wait. The Wait dialog appears. 3. Select the appropriate pre-boot environment from the drop-down list. Click Next. 4. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
Wake up, shut down, or log off client computers by adding the Power Control task when building new jobs. See Building New Jobs on page 148. Deployment Solution 187
5. Click Finish. The task appears in the Task list for the job. Modifying Tasks in a Deployment Job You can build jobs by adding or modifying deployment tasks. You can modify the tasks in a job that is already scheduled on any computer. The job will run the modified tasks according to the previously set schedule. To add a task to a job immediately If the task (image, batch file, executable, and so on) is saved in the product directory, it appears on your Resources list in the Shortcuts pane. Simply drag it to an existing job to add it. To add a task to a job 1. In the Jobs pane, double-click the job you want to modify. 2. Click Add and select another task from the menu. 3. Follow the basic instructions on each dialog provided for each task. Select the type of task you want to add and follow the directions. 4. After finishing task configuration, a new task appears in the Jobs list. 5. Change the order of the tasks using the up and down arrows. The tasks run in the order listed. To copy and paste a task Use the steps below to copy and paste tasks within the same job, or from one job to another. You can use CTRL+C and CTRL+V to copy and paste tasks. 1. In the Jobs pane, click the job that contains the task you want to copy. 2. In the Details pane, right-click the task, and select Copy. (To copy multiple tasks, press the CTRL key and select the desired tasks. The tasks that are highlighted are copied when you select Copy.) 3. In the Jobs pane, click the destination Job where you want to paste the task. 4. Right-click in the Details pane and select Paste. The tasks appear at the bottom of the task list, and use the condition settings of the current job. 5. Change the order of the task using the up and down arrows. The tasks run in the order listed. To modify a task in a job 1. In the Jobs pane, double-click the job you want to modify. 2. Select the desired task from the list. 3. Click Modify and follow the directions to make the required changes. Click OK. To remove a task from a job 1. In the Jobs pane, double-click the job you want to modify. 2. Select the task you want to remove from the task list. Click Delete. 3. Click OK. Deployment Solution 188
To copy and paste tasks Use the steps below to copy and paste tasks within the same job or from one job to another. You can also use CTRL+C and CTRL+V to copy and paste tasks. 1. In the Jobs pane, click the job that contains the task you want to copy. 2. In the Details pane, right-click the task and select Copy. (To copy multiple tasks, press the CTRL key and select the desired tasks. The tasks that are highlighted are copied when you select Copy.) 3. In the Jobs pane, click the destination Job where you want to paste the task. 4. Right-click in the Details pane and select Paste. The tasks appear at the bottom of the task list and use the current condition settings of the destination job. 5. Change the order of the tasks using the up and down arrows. The tasks execute in the order listed. To add a new task to an existing task list 1. Select a job from the Jobs pane. 2. Click on one of the tasks within the job and add a new task. The new task is inserted above the task you highlighted, and all other jobs shift down by one position. 3. Use the up and down arrows to change the order of the tasks within the job. Modifying Multiple Modify Configuration Tasks If you have scheduled multiple Modifying Configuration tasks to a computer group, you can double-click Modify Configuration in the task list of the Details pane to modify each computers configuration settings independently. In the Jobs pane, click the job with a Modify Configuration task. Double-click the Modify Configuration task. A message appears. Click YES to modify configuration settings individually for each scheduled computer. Click NO to modify the Modify Configuration task when the job is scheduled again (the current job sends modified configuration files already created). If you click YES, a Modify Job Wizard appears with a list of each managed computer scheduled to change configuration settings. Select one or more computers and click Next. 1. In the Computer Configuration Properties property page, modify the settings. Click Next. See Computer Configuration Properties on page 101. 2. Set Return Codes. See Setting Up Return Codes on page 190. 3. Click Finish. Creating New Script Files You can create script files and directly schedule the script file to run scripts on any computer or computer groups. To create new script files 1. Go to View > Shortcuts View. Deployment Solution 189
2. Click Resources in the Shortcuts view to move the focus to the Resources view. 3. Go to File > New > Script File. Note The Script File option is activated only if the focus is on the Resources view. A script file is created by default at the root of the resources. The default file name is Batch.bat. 4. Right-click the Batch.bat file, and select Modify. Note You can rename the batch file by right-clicking the file and selecting Rename. 5. Type the script in the open file, and save it. 6. Drag the Batch.bat file to a computer or computer group where you want to schedule the job. 7. Specify the scheduling options, and click OK. See Scheduling Jobs on page 151. Copy and Paste Jobs and Job Folders Jobs or job folders (including their subfolders) can be copied to any other job folder in the left pane of the Jobs pane of the Deployment Console. A Job folder can only be copied to a root level folder, which has a limit of 30 subfolders, and cannot be copied to a child level folder. If you copy a job or folder with the same name as the destination job or folder, the copied job or folder is automatically named Copy of <job or folder name>. This feature can only be performed by administrators or users who have permissions to create jobs or job folders. To copy jobs and job folders 1. In the Jobs pane, right-click a job or job folder you want to copy, and click Copy. 2. In the Jobs pane, right-click the destination job folder and click Paste. Importing and Exporting Jobs Jobs can be exported to back up the Deployment Server data or to share jobs between Deployment Server installations. To import jobs 1. Right-click in the Job pane, and select Import or Click File > Import/Export > Import Jobs. 2. Browse to or enter the path and name of an existing import file (a .BIN file). 3. Select Import to Job Folder to import the jobs to an existing folder in the Jobs pane. If you have a folder already selected, it appears in the edit field. Deployment Solution 190
4. Select Overwrite existing Jobs and Folders with the same name to replace identical jobs and folders. 5. Select Delete existing Jobs in folder to overwrite and replace all jobs in the selected Jobs folder. Click OK to import the job(s). To export jobs 1. Right-click the job or Jobs folder you want to export and select Export. or Click File > Import/Export > Export Jobs. 2. Select the destination folder and enter a file name. 3. Click Export subfolders to export all folders subordinate to the selected job folder. 4. Click OK. Setting Up Return Codes When you create a task in a job, you can define a response to specific return codes generated from that task after it runs. You can determine the response if the task runs successfully or if the task fails. You can also set up custom return codes generated from scripts or batch files that are unique to your environment or deployment system. Note Return code handling cannot be set up for jobs created in the New Job Wizard. When creating a task, the Return Codes page appears so you can set a response if the task was successful or to determine a default response if the task failed. Because Deployment Server returns a 0 (zero) if the task runs successfully, any other return code value denotes some type of failure in running the task. As a result, in the Success field you can select an action if the return code is 0 (zero), or select an action in the Default field if the return code is not a 0 (zero). Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as successful, it runs the action specified in the Success field. If it is not successful, it determines if the return code has been assigned a custom code value. If the return code is defined as a custom code, the selected action for that custom code runs. If no custom code is assigned to the return code, the action set in the default runs. Note If you are using LogEvent and WlogEvent in Scripts, you can generate return codes only when the level 3 message is specified. Specifying a severity level 3 causes the script job to fail and lets you respond using this return code feature. Return Code Actions For both successful tasks (in the Success field) and failed tasks (in the Default field), you can specify the following actions: Stop. This action stops the job after the task runs. Subsequent tasks do not run. Continue. This action lets the subsequent tasks in the job continue after the task runs. Select a job. This action lets you select existing jobs to run after the task completes. Deployment Solution 191
These actions also apply to custom return codes designed specifically for your system. Custom Return Codes In the Other return codes field, you can view custom return codes set specifically for your system. You can add return codes by clicking Add below the Other return codes field, or by clicking Master Return Code. Type a custom code in the Code field, select a response action from the Response list, select the result from the Result list to specify the interpretation of this return code as Success or Failure, and provide a message in the Status field. These custom codes can respond to any return codes set up in scripts or batch files in the Run Scripts task, or these custom codes can respond to system return codes thrown from the Deployment Server or external codes generated when distributing applications, personality settings, or disk images. Any task can have custom codes that respond to different return code values. Master Return Code List. This is a list of all the return codes existing in the Deployment Database. You can add, modify, and delete the codes and their values so that setting codes for other tasks is easier. Add. This lets you add a new custom return code for the task. You can also add the return code to the Master Return Codes list. Modify. This lets you modify the return codes listed in the Other return codes field. The changes you make do not update the Master Return Codes list. Delete. This lets you delete return codes listed in the Other return codes field, but not from the Master Return Codes list. To set up Master Return Codes The Master Return Code List dialog lets you: Add, modify, and remove return codes in the master list. Select return codes for the current job from the drop-down list. To add Master Return Codes 1. Select a job from the Jobs pane. 2. Click Add in the right pane to add a task. Select the task. The task dialog appears. Note You can add Master Return Codes for all tasks except Get Inventory. 3. Click Next until the Return Codes page appears. 4. Click Master Return Codes. The Master Return Code List dialog appears. 5. Click Add. The Add Return Code dialog appears. 6. Enter the return code in the Code field and click OK. The code is added to the master list. To modify Master Return Codes 1. Click Modify. The Modify Return Code dialog appears. 2. Enter data in the Response, Result, and Status fields and click OK. The code is modified. Deployment Solution 192
To delete Master Return Codes 1. Select the code you want to delete and click Delete. A warning message appears to confirm the deletion. 2. Click Yes. The selected return code is deleted from the Master list. Note The OK and Cancel options in the Master Return Code List dialog apply to the return codes selected. If no return codes are selected, or none exist in the list, OK is disabled. Click OK on the Master Return Code List dialog to add the selected return codes to the current job. To set up return codes To set up return codes, you need to determine how to respond to the Deployment Server success return code (zero) in the Success field, how to respond to a failure return code (a non-zero) in the Default field, and how to respond to a custom or externally generated return code defined in the Other return codes field. The following example describes how to set up a simple process to deal with custom and system return codes, and how to interpret the status of user-defined return codes: 1. In the Success drop-down list on the Return Codes page, keep the default value Continue. This lets the job continue running additional tasks in the job after successfully completing this task. 2. Click Add to add custom return codes. The Add Return Code dialog appears. 3. In the Code field, enter a value of 10 (ten). 4. Click the Response drop-down arrow and select Continue from the list. 5. Click the Result drop-down arrow and select Success from the list. Even if the return code was not zero, which is success by default, the task is considered a success as per the users choice. 6. Enter a description for the return code in the Status field. This is the message that appears when the task within a selected job runs. 7. Select the Add to Master return code list check box to add the custom code to the master return code list. The code is listed in both the Other return codes and Master Return Codes lists. This is useful if you want to use the return code again. Click OK. 8. If the code you added already exists, a message dialog displays the return code and asks if you want to replace it. Click Yes to replace the return code, and click No to return to the Add Return Code dialog. 9. Select the Select a job option from the Default drop-down list to select a job to run when a default condition is reached. The Select a Job dialog appears, letting you select an existing job that runs if the task returns a failed system return code (non-zero) or a return code not defined as a custom return code. Note The status of the tasks executed in a job also appears in the history of a computer. Deployment Solution 193
Sample Jobs in Deployment Solution Sample jobs are installed with each Deployment Server system, letting you quickly modify or add parameters, or to run the sample jobs as they are. During installation, jobs are automatically imported from the samples.bin file to the Deployment Server system where they can be viewed in the Samples folder in the Jobs area of the Deployment Console. Click each job and identify its features in the Description field of the Details pane. Jobs in each folder marked with an asterisk (*) require input parameters or other minor modifications added before running on your system. These modifications let you add parameters to the job, such as user name and password or other required data for the job to be functional. Jobs requiring input parameters or customizing do not function properly if you do not edit the job with the information specific to your environment. All files without an asterisk (*) can be used to perform the identified functions without modification. However, if the job conditions are not met or are not consistent with the computer type, you may get an error. Example: If the Repair Office XP job runs on a computer without MSOffice XP, you get an error when running the job. Note When upgrading versions of Deployment Solution, we recommend that you copy and rename modified sample jobs to avoid overwriting by new sample jobs. Initial Deployment Initial Deployment is a default job designed to help in the process of setting up computers that do not exist in the Deployment Database. Initial Deployment lets you define how computers are initially set up after being identified by the Deployment Server. You can define various computer configuration sets and deployment jobs for the user during startup, letting the user select the computer settings and hard disk images, software, and personality settings for their specific needs and environment. New computers appear in the New Computers group in the Computers pane of the Deployment Console. Notes Initial Deployment is ideal for small-scale deployments, from 1 to 10 computers. We do not recommend this feature for large deployments -- from 10 to 100 computers - - or mass deployments -- from 100 to 5000 computers. We also do not recommend this feature where you use virtual computers, customized jobs, and the computer import feature. Although Initial Deployment is commonly used on computers that support PXE, you can also configure a boot disk to run Initial Deployment. In this case, the image you deploy must include automation pre-boot environment so that post imaging tasks
To access Initial Deployment, double-click Initial Deployment from the Jobs pane or right-click Initial Deployment and click Properties. The Properties of Initial Deployment dialog appears. Deployment Solution 194
can run successfully. Installing an Automation Partition on the client computers hard disk ensures that future imaging deployment jobs run successfully. Note To completely deploy and configure a computer using Initial Deployment, you must define at least one Configuration and one Job. Initial Deployment consists of a dialog with the following tabs with separate features to deploy new computers: Configurations Jobs Advanced Configurations Click the Configurations tab on the Initial Deployment dialog to configure different sets of computer properties. Each configuration set is presented to the user as a menu. The user can select the configuration set designed for their environment. Compare the Configurations tab with the Jobs tab. See Jobs on page 195. Note If you do not create any configuration sets, the deployment process automatically sets TCP/IP information to use DHCP and names the computer to match the computers asset tag, serial number or MAC address -- in that order, depending on what is available. 1. Double-click Initial Deployment in the Jobs pane drop-down list. The Properties of Initial Deployment dialog appears. 2. Click the Configurations tab. 3. Click Add. A configuration set appears in the Configurations menu field. The Configuration page of the New Job Wizard appears. 4. Enter values to set computer and network properties for new computers. See Modifying Configuration on page 179 for a list of property categories. 5. Click Add again to configure another set of property settings. You can add multiple configuration sets for the user to select from a menu after connecting to Deployment Server. You can modify, rename, or delete a selected configuration set. 6. After setting the properties, click Apply. 7. From the Default Menu choice drop-down list, select a configuration set as the default. 8. Click the Timeout after ___ seconds and proceed check box and specify the time after which you want to run the default job. 9. Click OK, or click the Jobs tab to define a task. Advanced Configuration Click Advanced on the Configurations tab to open the Advanced Configuration dialog. This dialog lets you set advanced configuration settings for client computers and provides different options for processing jobs for client computers. Deployment Solution 195
Select Process this job as each client becomes active. This job is processed only when clients become active. Select Process this job in batch mode. This job is processed for a batch of clients for the Minimum clients specified and after the specified Timeout in minutes. Select Hold all clients until this time. You can specify the Start time for this job, which runs for all clients at the specified time. Click OK. Jobs Click the Jobs tab on the Initial Deployment dialog to add existing jobs or create new jobs to run on the new computer. The jobs you add or build using this dialog are listed in a menu and presented to the user during startup. The user can select the deployment jobs to image the computer and install applications and personality settings. Compare the Jobs tab with the Configurations tab. (See Configurations on page 194.) The conditions on the jobs are limited to the data that can be accessed at the DOS level (Example: Serial number, manufacturing number, NIC information, manufacturing name). 1. Click Initial Deployment in the Jobs pane drop-down list. The Properties of Initial Deployment dialog appears. 2. Click the Jobs tab. 3. Click New to build a new job. The Select a job dialog appears. See Building New Jobs on page 148. Select a folder in which you want to create the job. Click OK. The Job Properties dialog appears. 4. Click Add Existing to add an existing job. 5. From the Default menu choice drop-down list, select a job as the default. 6. Click the Timeout after ___ seconds and proceed check box and specify the time after which you want to run the default job. The default setting is 60 seconds. 7. Click OK, or click the Advanced tab to stop servers or workstations from running configuration task sets and jobs automatically. See also Sample Jobs in Deployment Solution on page 193. Advanced Click the Advanced tab to set options to stop Initial Deployment from automatically running the default configuration task sets and jobs. This avoids accidental re-imaging or overwriting of data and applications for either workstations, such as desktop, laptop, handheld computers, or servers, such as Web and network servers identified by Deployment Server. When a computer not yet identified by the Deployment Database is first detected, it is placed in the New Computers group and an Initial Deployment configuration set and job is run. However, in many cases you do not want Web or network servers to be automatically re-imaged without confirmation from IT personnel. Select Servers to stop servers from automatically running Initial Deployment configuration jobs. Servers are identified as the managed computers running multiple processors or identified as a specific server model from specific manufacturers. Example: Both an HP Proliant computer and a Dell computer with Deployment Solution 196
multiple processors are identified as servers. Identifying a computer as a server by the operating system cannot be accomplished for new computers until the server operating system has been installed. Select Workstations/Clients to force desktop, laptop, and handheld computers to stop before automatically running Initial Deployment. Deployment Solution 197
Part IV Best Practices This section provides details on many of the management tasks available in Altiris Deployment Solution software. Deployment Solution 198
Chapter 11 Securing Deployment Solution To effectively manage computers, Altiris Deployment Solution software requires access beyond the files and database owned by the application. Example: Deployment Solution requires rights to install software on managed computers and rights to join computers to a domain during configuration. The broad range of tasks performed by Deployment Solution enables simplified management but also introduces a greater need for strong security policies. This guide walks you through the phases of security planning, including setting access rights, database security, and securing communications. This guide is divided into the following parts: Part 1: Deployment Server Accounts To run the Deployment services, perform domain tasks, and provide automation access to the Deployment Share, we recommend creating separate accounts with minimal privileges to perform each of these tasks. This minimizes security risks while still allowing Deployment Solution to manage computers. We recommend creating the following accounts: Deployment Server Accounts Contains instructions to set up the accounts you use to run Deployment Server services, join domains, and connect to the Deployment Share in automation. Administrator Accounts and Role and Scope- based security These security policies control administrator access to computers, jobs, and settings within the Deployment Console. Database Security Provides the information you need to secure and control database access. Securing Communication Explains how to secure communication between your Deployment Server and Agent. Appendix A: Agent Installation Rights Explains the privileges needed to rollout the Deployment Agent. Appendix B: Managing Task Passwords Explains how to manage the passwords associated with specific tasks. Appendix C: Managing Key-based Authentication Contains information on backing up authentication keys and enabling server redirection when using key-based authentication. Account Description Service The main account used to run the Deployment services, manage the database, and mange the Deployment Share. Deployment Solution 199 Securing Deployment Solution
These accounts should not be part of any group, and should not posses interactive login privileges. The following sections outline each Deployment Server account: Service Account (page 199) Domain Join Accounts (page 200) Deployment Share Read/Write Account (page 200) Service Account This account executes the Deployment Server software and manages the Deployment Database. This is the account provided when you install Deployment Solution: If your Deployment Database, Server, and Share are on the same computer, create a local account or optionally use the local system account. If your Deployment Database or Share is on a different computer than your Deployment Server, create a domain-level account, or create local accounts with the same credentials on each computer hosting a Deployment Solution component. This account requires the following rights: Domain Join Used to join computers to a domain during configuration. Deployment Share Read/Write Provides access to the Deployment Share in the automation environment. Rights Description Services This account executes the following services: Altiris Deployment Server Console Manager Altiris Deployment Server Data Manager Altiris Deployment Server DB Management Altiris eXpress Server Altiris PXE Manager If this account is provided during installation, these services are already configured with the proper credentials. If not, this can be changed using the Services applet. Account Description Deployment Solution 200 Securing Deployment Solution
Domain Join Accounts These accounts provide the privileges required to join computers to a domain during configuration. You need a separate account for each domain in which you manage computers. Grant the rights recommended in the following table: After these accounts are created in Active Directory, complete the following procedure to add them using the Deployment Console. To add domain join accounts 1. In the Deployment Console, click Tools > Options > Domain Accounts. 2. Provide the accounts you created: Deployment Share Read/Write Account This account provides read/write access to the Deployment Share. This account is used to access files in the automation environment, and optionally in some tasks if it is more File System This account requires full control of your Deployment Share, and does not require administrative privileges on the computer hosting your Deployment Share. Database This account requires the db_owner role on your Deployment Database. See Part 3: Database Security (page 203) for more information. Rights Description Domain Grant privileges to add computer to domain. Rights Description Deployment Solution 201 Securing Deployment Solution
efficient to access the Deployment Share directly rather than accessing it through the Deployment Server. Grant the rights recommended in the following table: This account is provided when creating boot configuration using Boot Disk Creator: Part 2: Deployment Administrator Accounts Deployment administrators are the people who perform day-to-day work in Deployment Solution. These accounts are tied to people, have interactive login, and usually have additional rights across your network. You should select a group of administrators to grant full administrator rights and determine how to grant rights and privileges to other administrators as necessary. We recommend creating groups in Active Directory to manage these rights, adding and removing accounts from these groups as necessary. Note Each Deployment administrator needs to be granted public access to your Deployment Database. See Rights Required for Deployment Administrators (page 205). Role and Scope Based Security Role and Scope-based security controls who has access to what in the Deployment Console. Rights Description File System Grant read/write privileges to your Deployment Share. Deployment Solution 202 Securing Deployment Solution
One major advantage of the Deployment Solution security model is that administrators do not need to be granted explicit rights on any managed computers. All access is filtered through the integrated role-and-scope based security in the Deployment Console. Example: if you grant an administrator rights to install software on a managed computer in the Deployment Console, it does not allow him to log in to that computer and install software. All actions must go through the Deployment Console. Implementing a strong policy to manage the access granted to your Deployment administrators protects managed computers from unauthorized access. Deployment Console Security By default, the Deployment Console can be used on your Deployment Server by any user who possesses rights to log in and run applications. This works well in situations where you already have policies in place to control server access, and you have a group of administrators who will have full access to deployment functionality. If you want to provide more granular access to configuration options, jobs, and computers, you can enable security. To enable security You must add at least one user or group to enable security. 1. In the Deployment Console, click Tools > Security. 2. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly. 3. Security is automatically enabled after a user or group is added. Additional users or groups can be added using this same method. Manage By Exception The Deployment Solution role and scope-based security model uses the concept of managing by exception. To manage permissions, you make an assignment at a container level that applies to most of the members of the container and you manually add exceptions where needed. We recommend planning administrator, computer, and job groups so that all permission assignments can be made at the group level. Rights and Permissions The Deployment Console separates privileges into two categories: Rights Provide access to console settings, database connections, domain accounts, and other options. Typically, you restrict most rights to one or more main administrators. Permissions Controls access to jobs and managed computers. These permissions are usually distributed across all administrators who perform work in Deployment Solution. Deployment Solution 203 Securing Deployment Solution
Grant Rights to Administrators 1. In the Deployment Console, click Tools > Security. 2. Select a user or Group and click Rights. 3. Enable the rights you want granted. Grant Permissions to Administrators 1. Right click a Computer, Computer Group, or Job and select Permissions. 2. Select a user or group and enable or disable the permissions you want granted. Permission Rules Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find and uses the same. If a console user does not have permissions to run all tasks the job contains, the user is not allowed to run the job. Part 3: Database Security Securing your Deployment Database is tied directly to securing the account you use to connect to the database. Deployment Server requires only one account to have non-public access to the database (the Service Account (page 199)). This account should be secured by a central Deployment or domain administrator. If you follow this process outlined in this document to create accounts and separate privileges, you can greatly reduce the risk of your database being compromised. Example Your domain or central Deployment administrator creates a new domain-level account with no interactive login, file system ownership of a single folder (Deployment Share), and ownership of the Deployment Database. The password is provided to run the Deployment Solution services and is stored securely. No additional Deployment administrators need this password, and an intruder would need to compromise a higher level administrator account in order to access these credentials. Deployment Solution 204 Securing Deployment Solution
Required Database Rights This section contains a list of the database rights that need to be granted to use Deployment Solution, and covers: Rights Required to Install (page 204) Rights Required for the Services Account (page 205) Rights Required for Deployment Administrators (page 205) Rights Required to Install To create the Deployment Database during the Deployment Solution installation, you need to grant the System Administrators database role to the administrator installing Deployment Solution. These rights can be revoked after the installation completes. 1. Open Enterprise Manager and connect to your SQL Server. 2. Browse to Security > Logins: 3. Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. 4. Click the Server Roles tab, and enable System Administrators: 5. Click OK and verify that the role was added. Deployment Solution 205 Securing Deployment Solution
Rights Required for the Services Account The account used to run your Deployment Services needs to have database owner rights: 1. Open Enterprise Manager and connect to your SQL Server. 2. Browse to Security > Logins: 3. Double-click the account you are using to run the Deployment services. If the login is not listed, add it. 4. Click the Database Access tab, select the eXpress database, and enable the db_owner role: 5. Click OK and verify that the change was successful. Rights Required for Deployment Administrators Each Administrator with console access must be granted public rights to your Deployment Database. The best way to do this is by assigning public access to the Active Directory groups containing your Deployment administrators. Deployment Solution 206 Securing Deployment Solution
This prevents you from manually granting this access to individual administrators as they are added or removed from Deployment management responsibilities. 1. Open Enterprise Manager and connect to your SQL Server. 2. Browse to Security > Logins. 3. Add each user or group that will manage computers using Deployment Solution. 4. For each user or group, on the Database Access tab, grant the public role for the eXpress database: Part 4: Securing Communication This section contains guidelines to secure Deployment Solution communication between the Deployment Server and Deployment Agent, and discusses the following: Deployment Agent Authentication (page 206) Additional Agent Security (page 208) Keyboard Locks in Automation (page 208) Deployment Agent Authentication We recommend providing a Deployment Server hostname rather than using multicast, and implementing key-based authentication if additional security is needed. Key-based authentication prevents agents from connection to un-trusted Deployment Servers if hostname resolution is somehow compromised. Key Authentication Key authentication is enabled on the Server Connection agent configuration page. After you enable this option, you are prompted to provide the server.key file containing the server public key for your trusted Deployment Server. This key is located on your Deployment Share. After enabling this option the Agent connects only to the trusted Deployment Server. Deployment Solution 207 Securing Deployment Solution
To enable server connection security 1. In the Deployment Console, right-click a computer or group and select Change Agent Settings > Production Agent. 2. Select Connect directly to this Deployment Server and provide the hostname. 3. Select to Enable key based authentication to Deployment Server and provide the path to your server.key file on your Deployment Share: Deployment Solution 208 Securing Deployment Solution
Additional Agent Security The Security tab on the Agent Settings screen provides additional security options, including the ability to encrypt communication and password protecting admin settings on the managed computer: Keyboard Locks in Automation Lock the keyboard whenever possible in automation. This prevents the session from being broken manually on the managed computer. If you set up your account according to the instructions in this document, this risk is greatly reduced as the account you are using has only read/write access to the Deployment Share. However, if you are using an account with broad network privileges this could potentially introduce a large security risk. Deployment Solution 209 Securing Deployment Solution
To lock the keyboard, enable the lock option when creating boot configurations in Boot Disk Creator: Appendix A: Remote Agent Installer Rights To initially install the agent on managed computers using the Remote Agent Installer, you need an account with Local User rights. You only need access to this account when performing the one-time agent installation, so either use your domain administrator, a domain account with local user rights, or any other account with local rights. After the agent is deployed, you no longer need access to this account. To determine whether you have sufficient rights, browse to: \ \ host name\ admi n$ Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights. Appendix B: Managing Task Passwords When a task executes, it remembers information about the administrator who executed it as part of the history. Next time the job executes, these credentials are used. If the password for the account used to execute the job changes, you need to update the jobs for a specific account: 1. In the Deployment Console, click Tools > Options. 2. Select the Task Password Tab. 3. Provide the username and old and new passwords for the administrator who executed the task. Deployment Solution 210 Securing Deployment Solution
4. Click Update. Appendix C: Managing Key-Based Agent Authentication Key authentication is configured and ready to be enabled after installation. This appendix contains information on backing up your authentication keys and enabling redirection to another Deployment Server. Backing up the Server Private Key During installation, a private key is generated on the Deployment Server and stored in the registry at the following location: HKLM\ Sof t war e\ Al t i r i s\ Al t i r i s eXpr ess\ Opt i ons\ Secur i t y\ Ser ver Secur i t y This security key should be backed up to a secure location in case this Deployment Server needs to be re-installed. If you re-install without this key, each agent using key authentication needs to be updated to use the newly generated server.key file. The public key is located on your Deployment Share and should be backed up as well. Enabling Key-based Authentication with Redirection If your Deployment Server is set up to redirect Agents to another Deployment Server, you need to import the server.key from each additional Deployment Server to the server which clients initially connect. 1. In the Deployment Configuration tool, select Options > Authentication. 2. Copy the public key file from each additional Deployment Server and use the Add Key to add each server to the list. Deployment Solution 211
Chapter 12 Migrating Application Data and User Settings To perform migration, Deployment Solution uses an integrated technology called Altiris PC Transplant. A complete guide to PC transplant can be viewed by launching the PC Transplant Editor (Deployment Console > Tools > PC Transplant Editor). Deployment Solution 212
Chapter 13 Capturing and Deploying Disk Images What is a Disk Image? A disk image is a file containing the complete contents and structure of a hard drive, or one or more of the partitions on the hard drive. This file can be used to restore the structure and contents of the imaged hard drive. Imaging in Deployment Solution Deployment Solution provides several tools to simplify the imaging process, including tools to perform hardware independent imaging using sysprep. Tokens Database tokens are used throughout the imaging process. When you schedule an imaging job using the sample imaging job (Jobs > Samples > Imaging > Create Disk Image), the image is stored as %COMPNAME%.img, and the image description contains the name of the operating system. File Systems RapiDeploy, the imaging engine used by Deployment Solution, understands the Windows file system and captures just the data. So, an image of an 80 GB hard drive only requires as much space as the data on the disk. How Imaging Works 1. Computer boots to automation. 2. The rapideploy executable creates the disk image and transfers it to a remote location or reads the disk image and restores the target partition or hard drive. File Systems Hard disks are imaged differently depending on the file system that is used. The source disk or partition is not changed. FAT, NTFS, EXT2, and EXT3. Imaging is file-based. RapiDeploy copies real data file by file, resulting in a clean, defragmented image that can be resized and restored to a disk of a different size. Other File Formats. For other file systems, the disk is read sector by sector regardless of which sectors are in use. The image mirrors the contents of the disk. These formats are not resizable. Partitions When you create an image, you can image a partition, a group of partitions, or an entire hard disk. Any partition on a hard disk can be imaged. Deployment Solution 213 Capturing and Deploying Disk Images
When a computer receives an image, you can select which partitions to download. The default setting is to restore all partitions, which would overwrite any existing partitions. To keep an existing partition, you can specify which partitions to download and which to ignore. You can also use command-line switches to keep existing partitions. Partition slots on the target computer will be, by default, the same as the image source PC. A partition occupying slot 3 in the image file will be by default in slot 3 on the target computer. By default, the following partition types will not be overwritten: Automation partitions OEM system partitions The default behavior can be overridden. Partition Size When you are restoring an image to a computer, the destination hard disk may be a different size than the disk imaged. If there are multiple partitions, the partition size percentage of the Client PCs will, by default, be the same as the image source. Example: If you image a 100 GB hard disk where 40% (40 GB) of the disk is a Windows XP partition and 60% (60 GB) is a data partition, a Client PC with a 200 Gigabyte disk will use the same percentages. The size of the Windows XP partition will be 80 GB and the data partition will be 120 GB. RapiDeploy also offers a partition resize feature that allows you to manually resize the partitions to a size you specify. Spanning Media The maximum size for a single image file is 2 GB. Images which exceed this amount are automatically split into multiple files. Example: If you named your image file basepc.img, and the image is split into four files, the following files are created: basepc.img basepc.002 basepc.003 basepc.004 You can set the split image file size to be between 1-2040 MB. Multicasting How Multicasting Works The Master PC manages the multicast session. The multicast transmission is synchronized by the Master PC, so it will only go as fast as the slowest computer in the Deployment Solution 214 Capturing and Deploying Disk Images
group. If a single computer fails, it will drop out of the session and the session will continue. The Master PC can multicast images to Client PCs in the following three ways: While the Master PC downloads an image from a file server and manages the simultaneous imaging of the Client PCs While the Master PC creates an image on a file server and manages the simultaneous imaging of the Client PCs While using its own hard disk as the source and sending the contents to Client PCs HTTP Imaging When capturing or deploying an image, you have the option of providing a URL as the path to an image file. This is non-typical interaction, and requires some configuration on your Web server. Your Web server needs the following: Unlimited keep alives enabled. Upload access if you want to upload images In Apache 2, enable unlimited MaxKeepAliveRequests in your httpd.conf file. You also need to obtain and install mod_put module to enable image uploading. In IIS, consult your documentation for information on enabling keep alives and uploads. Basic authentication is supported, Windows digest authentication is not supported. You might also need to specify a file type of application/octet-stream for your images to prevent errors. Capturing Images See Creating a Disk Image on page 154. Deploying Images Distributing a Disk Image on page 160. Post-Imaging Configuration Because images contain a generic operating system, you will probably want to set up unique configurations such as operating system license, networking, TCP/IP, and user account settings on each computer that receives an image. This section briefly describes the options that are available in the Post-Imaging Configuration wizard page. Important To use this feature, you must ensure that the Deployment Agent is installed on the computer you will create the image from. After a computer has received an image, the Deployment Agent applies the configurations you set, and reboots the computer so the changes take effect. Deployment Solution 215 Capturing and Deploying Disk Images
Managing Images You can view and make changes to RapiDeploy image files (*.img) using the Altiris ImageExplorer. For more information, see Altiris ImageExplorer on page 311. Deployment Solution 216
ImageX Imaging Deployment Solution provides native support for imaging computers using ImageX. Obtaining and Installing ImageX Before using ImageX, you must download and install the Microsoft Windows Automated Installation (WAIK) toolkit. This is available as part of the Business Desktop Deployment (BDD) Workbench. After installation, copy the following directory: C: \ Pr ogr amFi l es\ Wi ndows AI K\ Tool s to the WAIK directory on your Deployment Share. After copying, the WAIK directory will contain a Tools subdirectory. WinPE must be used in automation for for all ImageX jobs. Capturing and Distributing ImageX Images As ImageX is a 3rd party tool, limited support is provided in the imaging wizard. To access the full functionality of ImageX, customize the ImageX Imaging sample jobs for your environment. When using the Create Disk Image task, the following restrictions apply: Only the C drive is imaged. The default capture mode is fast. When using the Distribute Disk Image task, the following restrictions apply: The target disk is formatted before the image is deployed. If there is a problem with the deployed image, the computer might be left in an unusable state. See the release notes for additional information. Deployment Solution 217
Chapter 14 Mac Imaging Deployment Solution supports native imaging of Mac PowerPC and Intel-based computers. Using an OS X Server to provide the boot image, Deployment Solution can capture and deploy images to most Mac computers. Requirements: A Mac computer to provide the source for the automation image. Instructions for creating this image are contained in Creating an Automation Image (page 217). OS X Server. Instructions for enabling NetBoot to provide the boot image are contained in Configuring the NetBoot Service (page 219). Use of OS X is subject to the Apple license agreements, see your operating system documentation for information. Process Overview The following provides a basic overview of the Mac imaging configuration process: 1. Create an automation image. This image is a standard OS X operating system with the Deployment Agent installed and configured for automation. 2. Enable NetBoot. This is an OS X Server feature that enables network booting similar to PXE Server. 3. Add your automation image as the default NetBoot image. When an imaging job is assigned to a Mac computer, the Mac agent in the production operating system shuts the computer down and instructs it to restart and contact your NetBoot server. When the NetBoot server is contacted, the automation image is loaded, and then the Deployment Agent inside this image starts and contacts your Deployment Server. The computer then receives any automation jobs assigned. Creating an Automation Image The automation operating system is a basic OS X image with the Deployment Agent installed. To create an automation image, complete the following procedures: Step 1: Configure a Source Computer (page 217) Step 3: Image the Source Computer (page 219) Step 1: Configure a Source Computer In this step, a basic OS X system is prepared to provide the source for your automation boot image. If your source computer is running OS X 10.5, you must update to 10.5.2 or later. Deployment Solution 218 Mac Imaging
1. Perform a fresh installation of OS X on the source computer. Optionally, you can create an additional volume on an existing computer to store this operating system. 2. Start the operating system you installed in the previous step, and then log in using the Administrator account you created during installation. 3. Change any settings that might require user interaction. For example: Enable automatic login (System Preferences > Accounts). Disable the Sleep option (System Preferences > Energy Saver). Disable software updates (System Preferences > Software Update). 4. In network options select Using DHCP. 5. Verify Apple Remote Desktop 2.2 is installed by browsing to / Syst em/ Li br ar y/ Cor eSer vi ces/ Remot eManagement . If this folder is not present, download and install from apple.com/support/downloads/appleremotedesktop22client.html. 6. Install the Altiris Agent. For instructions see Installing The Mac Deployment Agent (page 259). 7. After the installation completes, open / et c/ al t i r i s/ depl oyment / agent - i nst al l . conf in a text editor and change the following: expor t OS_TOOLBOX=dar wi n To: expor t OS_TOOLBOX=automation To edit this file, you can run sudo vi /etc/altiris/deployment/agent- install.conf and select shift+i to insert the text. When finished, type :wq to exit and save changes. 8. Re-install the Deployment Agent. Continue to Step 2: Provide Credentials to Access Images (page 218). Step 2: Provide Credentials to Access Images Complete the following procedure to store the credentials required to access the OS X Servers hosting images. Credentials can also be provided directly in imaging tasks in the Deployment Console. 1. From the source computer you are configuring, connect to the Deployment Share by selecting Finder and then selecting Go > Connect to Server. Provide the server and share name, for example, smb: / / ser ver _i p/ expr ess, replacing server_ip with the IP address of the Deployment Server. When prompted, provide credentials in the format domain\user. 2. Browse to the TechSup/ Maci nt osh folder. 3. Extract and run the program contained in AddCredentialstoKeyChain, providing the username, password, and hostname for each server hosting images. This computer is ready to be imaged. In Step 3: Image the Source Computer (page 219), we use the imaging utility, hdiutil, to capture and store an image of this computer. Deployment Solution 219 Mac Imaging
Step 3: Image the Source Computer 1. From the source computer, connect to the OS X Server selected to host the NetBoot service and mount a NetBoot share. Connect by selecting Finder and then selecting Go > Connect to Server, providing a path similar to the following: af p: / / ser ver _i p/ Net Boot SP0 Replacing server_ip with the IP address of your server. If using a different share, replace NetBootSP0 with the share you are using. 2. From the terminal on the source computer, run the following command to capture and store the disk image: hdi ut i l cr eat e - sr cf ol der / / Vol umes/ Net Boot SP0/ Syst emRO. dmg 3. Convert the existing read-only image to read-write using the following command: hdi ut i l conver t / Vol umes/ Net Boot SP0/ Syst emRO. dmg - f or mat UDRW- o / Vol umes/ Net Boot SP0/ Syst em. dmg When this operation completes, you can delete SystemRO.dmg. 4. Add an additional 1 GB padding to the image using the following command: hdi ut i l r esi ze - si ze newsize / Vol umes/ Net Boot SP0/ Syst em. dmg Replacing newsize with the current size of your image plus 1 GB. If necessary, you can determine the current image size using a command similar to: l s - al h / Vol umes/ Net Boot SP0/ Syst em. dmg You are now ready to configure the NetBoot service. Configuring the NetBoot Service NetBoot is a service which runs on OS X Server to provide Mac computers with an automation operating system. To configure the NetBoot service complete the following procedures: Step 1: Configure the NetBoot Image (page 219) Step 2: Start the NetBoot Service (page 220) Step 1: Configure the NetBoot Image Complete the procedure for the version of OS X Server you are using to host the NetBoot service: 10.5 (page 219) 10.4 or Previous (page 220) 10.5 1. On the OS X Server hosting the NetBoot service, double-click / Li br ar y/ Net Boot / Net Boot SP0/ Syst em. dmg to mount the image you captured in the previous step. 2. Run the System Image Utility (Applications > Server > System Image Utility). 3. In the left pane, select the image you mounted in step 1. 4. In the right pane, select NetBoot Image then click Continue. Deployment Solution 220 Mac Imaging
5. Provide Automation as the image name, then click Create. 6. When the creation completes, provide Automation as the folder name and save it to the / Li br ar y/ Net Boot / NeBoot SP0 folder. If that location is unavailable, save the folder to a different location and then copy it to the correct location after the operation completes. 7. Your NetBoot server should now have a folder at / Li br ar y/ Net Boot / Net Boot SP0/ Aut omat i on. nbi containing the following: You are now ready to start the NetBoot service. 10.4 or Previous 1. On your NetBoot server, double-click / Vol umes/ Net Boot SP0/ Syst em. dmg to mount the captured image as a volume. 2. Run the System Image utility (Applications > Server > Network (OS 10.3) or System (OS 10.4) Image Utility). 3. In the upper pane, select New Boot. 4. Provide Automation as the image name. 5. Provide an image ID. Example: 1300 6. Leave the default NFS option selected. 7. On the Contents tab, select disk image, then browse to the image file volume you mounted in step 1. 8. Click Create. 9. Provide Automation as the folder name and save it to the / Li br ar y/ Net Boot / Net Boot SP0 folder. If that location is unavailable, save the folder to a different location and then copy it to the correct location after the operation completes. Your NetBoot server should now have a folder at / Li br ar y/ Net Boot / Net Boot SP0/ Aut omat i on. nbi containing the following: System.dmg booter mach.macosx (10.3 only) mach.macosx.mkext NBImageInfo.plist You are now ready to start the NetBoot service. Step 2: Start the NetBoot Service 1. On the OS X Server hosting the NetBoot service, open the Server Admin utility. 2. Expand the services on the localhost. 3. Select the NetBoot service. Deployment Solution 221 Mac Imaging
4. On the General tab, select the volume containing your images. 5. On the Images tab, select the Automation image and: Enable the image. Enable the diskless option. Select it as default. The NetBoot service also requires the AFP and DHCP services to be started. This is done automatically on 10.5. On 10.4, you might need to manually start the AFP service and the DHCP service. On 10.4, after starting the DHCP service, it is not necessary to click enable. Running the service but not enabling any adapters prevents your NetBoot server from responding to DHCP requests on your network, but allows your NetBoot server to provide IP address when booting clients. NetBoot is now configured. Deployment Solution 222
Symantec Ghost Imaging Important Deployment Solution does not include the Ghost executable or a license to use Symantec Ghost. You must provide a copy of the ghost.exe and/or ghost32.exe imaging executable to enable this support. Customers currently using Ghost imaging solutions have the option of copying the Ghost executable to the Deployment Server to enable Ghost imaging from the Create Disk Image and Distribute Disk Image tasks. To add support for Symantec Ghost 1. On the Deployment Share, create a folder called ghost. Copy ghost.exe (for DOS support) and/or ghost32.exe (for WinPE support) to this folder. Symantec Ghost is now available for selection in the Create Disk Image and Distribute Disk Image tasks. A configuration file called ImageTools.ini, located in the root of your Deployment Share, contains settings you can change to customize the behavior of Ghost. For example, the default command-line in DOS is: Cr eat eI mageCommandLi ne=- cl one, MODE=cr eat e, SRC=1, DST=%I MAGE_FI LENAME%- sur e This setting and others can be customized by modifying ImageTools.ini. Deployment Solution 223
Chapter 15 Software Packaging Deployment Solution includes the robust Wise Packager for Altiris Deployment Solution. This article presents an overview of the Wise Packager, including a walk-through of the software capture and distribution process. Information for users migrating from RapidInstall to the Wise tools is provided as well. Why Use Software Packaging? Installing and managing software is a major part of successful computer management. Often, a software package you require does not provide options for remote or automated installation, and might require additional configuration after installation. These situations can require you to manually install and configure software, or include a large number of programs in your standard images which can require frequent updates. The Wise Packager repackages and customizes your existing installations to create consistent, flexible software installation packages. These packages use the Windows Installer format (MSI), which provides many benefits over traditional installations. This format is explained in Appendix B: Windows Installer Format Explained (page 225). Other reasons you might want to repackage include: Supporting corporate standards by customizing the way applications are installed. Creating silent installations or limit the options available to end users. Creating transforms for the repackaged installations. Changing the source paths in the installation to UNC paths. Building complex launch conditions using Windows Installer runtime properties that test aspects of the destination computer. These software packages can be as simple as a single file copy or a registry change, all the way up to a pre-configured, silent installation of a complete application. Overview of the Software Packaging Process The software packaging process uses the tools that compromise the Wise Packager: Wise SetupCapture, and Wise MSI Editor. Wise SetupCapture records changes made to a computer by an installation program, bundles these changes into a Windows Installer package (.MSI). Wise MSI Editor lets you customize and create MSI installation programs. To repackage software, you use Wise SetupCapture to create a snapshot of the files and settings on a computer execute an existing installation. SetupCapture records the changes made by the installation and compares these changes to the initial snapshot. Any changes detected are added to an installation package. You can use Wise MSI Editor to customize the installation. Deployment Solution 224 Software Packaging
The following sections provide additional details on this process: Setting up a Reference Computer To host the capture process, we recommend setting up a computer with just the basic operating system and no additional software. This helps prevent situations where the necessary changes are not captured due to pre-existing software or other conflicts. The capture process is not resource intensive, so any recent desktop computer should work fine as the reference computer. Accessing Wise SetupCapture After the operating system is installed, you need to provide the reference computer access to Wise Setup Capture. This tool does not need to be installed; in fact, it can be executed directly from the Deployment Share. The easiest way is to first install AClient and use the Create Wise Packager Shortcuts sample job to add shortcuts to execute the software from the Deployment Share. (Shortcuts are placed at Start > All Programs > Altiris > Deployment Solution.) You could also copy the Wise Packager folder from your Deployment Share to the reference computer, or create the shortcut manually (use the sample job as a starting point). After you have a way to execute Wise Setup Capture on the reference computer, continue to the next section, Capturing a Software Package (page 224). Capturing a Software Package What Can I Capture? Depending on the complexity of the installation, certain programs are better candidates for repackaging than others. Installations that perform simple file copies and registry changes, such as WinZip, Adobe Reader, and others, are simple to repackage. As the complexity of the installation increases, additional customization is often required. Client/server applications, and applications that make API calls (such as antivirus software) can be very difficult to repackage. Fortunately, many of these applications already provide their own tools for automated and remote installations. Installations already using the MSI format should not be repackaged because remote installation and other advanced features are already supported. Making modifications to Step Description Setting up a Reference Computer (page 224) This computer hosts the capture process. Capturing a Software Package (page 224) Using Wise Setup Capture to capture changes to the reference computer. Customizing a Software Package (page 225) Adding and removing files, registry settings, and other installation options. Distributing a Software Package (page 225) Getting your package to the right managed computers. Deployment Solution 225 Software Packaging
vendor-supplied MSIs is not recommended since it could introduce incompatibilities with future updates. Hardware drivers, operating systems and updates should not be captured, due to their complexity and Windows File Protection. The Capture Process Before you begin, review the guidelines in Appendix C: SetupCapture Guidelines (page 228). Copy the installation programs you want to repackage to the reference computer or to an accessible share and launch Wise SetupCapture. (If you added shortcuts, Start > All Programs > Altiris > Deployment Solution > Wise SetupCapture. Ensure you run it on the reference computer, not the server.) After providing a name, select options for this capture. The default options should work fine, though if you want to capture file and registry deletions you need to select these options. Complete details on these options are in the Wise Packager\Help\WisePackager.chm help file on your Deployment Share. The remaining on-screen prompts guide you through performing an initial scan, capturing changes, and completing the process. After this process completes, review the captured changes and add stand-alone files and registry settings in the next section, Customizing a Software Package (page 225). Customizing a Software Package Open the Wise MSI Editor and open the MSI you captured. (If you added shortcuts, Start > All Programs > Altiris > Deployment Solution > Wise MSI Editor.) Complete details on using Wise MSI Editor are in the Wise Packager\Help\WisePackager.chm help file on your Deployment Share. At a minimum, you should review and update the properties on the Installation Expert pages. Distributing a Software Package After you have created a software package, use the powerful automation tools provided by Deployment Solution or Software Delivery Solution to distribute this package to managed computers. Appendix A: Migrating From RapidInstall We recommend migrating from RapidInstall to the Wise Packager to leverage the benefits of the MSI format, including self-healing, automatic uninstall and rollback. To convert existing RIP packages to MSI format, use the RiptoMSI.exe migration utility. This utility is in the RInstall folder on your Deployment Share. Appendix B: Windows Installer Format Explained To create a streamlined process for installing and managing applications, Microsoft developed the Windows Installer service. It consists of the following: Deployment Solution 226 Software Packaging
A set of guidelines. An Application Programming Interface (API). A runtime service that makes application installation and management part of Windows services. Windows Installer is not a installation authoring tool, but rather an installation engine and rule set. The Windows Installer engine resides on the destination computer as part of the operating system. Instead of an installation executable (such as setup.exe), the Windows Installer executable (msiexec.exe) reads the installation database (.MSI) which contains instructions and installation files. The .MSI uses highly structured, uniform data tables. There is 100% accountability of where each file installs and a thorough log of which files belong to which applications, so individual files are restored to repair damaged applications. Each table contains different installation information such as Class, Components, Features, Files, Execution Sequence, and Registry. Logic built into the Windows Installer engine prompts for a reboot, checks disk space, and follows file-version-replacement rules. When opening an .MSI, msiexec.exe reads the database and builds a transaction list that it follows to complete the installation. If the installation fails, Windows Installer performs a rollback, which returns the computer to its previous state. Advantages of Windows Installer Before Windows Installer, every software application had its own setup executable file (usually setup.exe or install.exe). Although many software manufacturers used common installation tools like Wise Installation System, others used highly proprietary installation technologies. This made the users experience inconsistent from one installation to the next, and the operating system had to contend with redundant code in different applications. Applications could not be administered after installation, except to rerun the setup program. Windows Installer implements a single built-in execution engine and replaces the installation executable with a database file (.MSI). The database stores the applications program files and setup instructions and can readily access this information if the application requires maintenance. Using Windows Installer results in a solid, robust installation that reduces the total cost of ownership and enables compliance with the Microsoft rules for software installation. Because Windows Installer is part of the operating system, it provides benefits that are unavailable in traditional installation technology. Deployment Solution 227 Software Packaging
Windows Installer Benefits Description Self-healing With self-healing (also called automatic repair and self- repair), the application repairs missing components. When an application starts, Windows Installer checks a list of key files and registry entries. If it detects any problems, Windows Installer repairs the application using a cached database that contains key paths to application components. Publishing Applications appear in the Add/Remove Programs applet and can be installed to the destination computer by the user. Rollback When the installation fails, the installation reverts to the previously installed state. This prevents having an incomplete or broken application. Advertisement Also called install-on-demand, advertised features do not install but appear installed to the user. When the user selects an advertised feature, the installation occurs. Componentization Components group resources together so they move as a unit, which gives you more control during installation. Standardization Applies rules to installed application files that look at a files version and its shared .DLLs to prevent conflicts between applications. Version Rules Decides whether to install a file to a directory by looking at a files date, language, version, and the modified date on a non-versioned file. Reference Counting Tracks which applications have installed every file and registry key on the computer on the component level, so the Windows Installer service always knows exactly what is needed for an application to run, and what is no longer used during uninstall. Customization Transforms customize an .MSI to a particular user groups needs. Elevated Privileges Runs an installation using administrative rights. This invokes the systems security rights, restricts data and commands, and enforces rules when running the installation. Msiexec.exe and the Windows Installer service approve the elevated privileges request. Assignment Assigns advertised or installed applications to a users profile so when the user logs in, these applications appear on the destination computer. Open Architecture Lets you choose from a variety of authoring software and allows you to customize previously created installations. Total Cost of Ownership Windows Installer makes installations easier to install, maintain, and support. Deployment Solution 228 Software Packaging
Appendix C: SetupCapture Guidelines Run SetupCapture on a clean reference computer. Do not run SetupCapture from the Deployment Solution Console; run it on a client computer. During a capture, SetupCapture attempts to convert computer- and user-specific data in the registry to generic data that will work on any computer. It does this by searching for standard paths (example: C:\Winnt) and replacing them with Windows Installer properties (example: [WindowsFolder]). Part of this process includes searching for the computer name and currently logged- on user name. To make the search for computer and user names as accurate as possible, ensure the computer name and user name on the capture computer are set to unique names 4 or more characters in length. Avoid having the user name or computer name set to any common file or folder names. An example of a unique user name is: repackage-1-user. Before you run SetupCapture, exit all other applications, including background services or applications. (Example: Norton AntiVirus.) During SetupCapture, changes to an .INI file are recorded as changes to an .INI file only if the .INI file follows standard .INI file format. Otherwise, the changes are recorded as a file change. Do not capture an .MSI-based installation. Instead, open the .MSI directly in Wise MSI Editor. To customize it for specific workgroups, create a transform. SetupCapture does not monitor any internal logic within the installation and it does not replicate the user interface of the original installation. SetupCapture creates a separate feature for each .EXE that's installed that has a shortcut. Isolating .EXE components into features results in more efficient repairs, because if there is a problem with a component, only the problem component and the .EXE are reinstalled instead of the entire feature containing the problem component. To capture an uninstall, you must mark Include files deleted during capture and Include registry keys deleted during capture in SetupCapture Configuration General Settings. In Wise MSI Editor, deleted items are located in the RemoveFile and RemoveRegistry tables in Setup Editor > Tables tab. Dynamic Source List Provides sources for the MSI to repair from and enable advertising. Multiple possible locations for the MSI package are listed, ensuring access even between different networks. Group Policy and Security Sets privileges to control the user and application rights, and provides a more secure environment. User Policy Defines a users privileges. System Policy Lets you set policies on a per-computer basis, which lets you run an entire installation in elevated privileges and define only those rights users have while an installation runs. Windows Installer Benefits Description Deployment Solution 229 Software Packaging
Registry keys that define an environment variable are converted to an environment variable in the repackaged installation. Deployment Solution 230
Chapter 16 Deploying Scripts Altiris Deployment Solution provides a number of pre-defined tasks you can combine to create complex management jobs. When you need to perform a management task that isnt covered effectively by the predefined tasks, DS provides an environment to pre-process, deliver, and execute VBScripts, batch files, and shell scrips. These scripts have access to the full processing capability of the operating system command processor, as well as several additional features provided by Deployment Server: Access to your eXpress share and any other network resources available in the production or automation environment. Intelligent access to values stored in your DS database. DS retrieves values based on the computer currently running the script, so a single script can provide unique values for 1000s of computers. Firm, logevent, and other Altiris tools. The following diagram illustrates how scripts are processed by DS. Each step of this process is discussed in greater detail in this section: When creating a script, you target it for the automation or production environment, and specify the operating system for the script. When a scripting task runs, the server pre- processes the script for database tokens, delivers and executes the script, returns any error messages generated by the script. Deployment Solution 231 Deploying Scripts
Using the flexibility of tokens and the processing power of the command processor of your OS, you can develop and deploy scripts ranging from a simple file search to a full system customization. This chapter discusses how to effectively create and deploy scripts in your DS environment. Writing a Script Scripts can be deployed to the DOS, WinPE, and Linux automation environment, or to the Windows or Linux production environment. Unlike other tasks, the scripts you write vary greatly depending on the target environment and OS. The core of each script you write uses the functionality provided by the command processor of your OS. There are utilities and commands for each environment to perform a broad range of management tasks. One of the biggest advantages to deploying scripts using DS is that a script is processed independently for each computer. Database values specific to each computer can be retrieved using the same token in your script, saving you from polling the computer and executing a database query before you can perform a task. The same %COMPNAME% token can provide a unique value for each computer that runs this script. When a script is processed, DS first parses each script for two things: tokens, and predefined server scripting commands. Tokens are replaced, additional action might be taken based on the commands found before the script is delivered to the target. The predefined server scripting commands are keywords defined for replacing tokens in other files, running vbscripts, performing scripted installs, unloading BootWorks, and a special deployment command for Blade servers. These additional keywords are discussed in the Server Scripting Commands section. Server Scripting Commands DS provides several predefined commands you can use when deploying scripts. These commands are processed before a script is deployed to a client. Each of these scripting commands must be marked by the correct comment flag to prevent them from being processed by the OS: The following table contains the comment flags for each scripting environment: Comment Flags Flag Location Used REM Batch files. REM [ ser ver command] # Linux shell scripts. # [ ser ver command] Visual Basic scripts. [ ser ver command] Deployment Solution 232 Deploying Scripts
The following table contains the predefined server scripting commands: Retrieving Database Values Using Tokens Any tokens contained in a script are replaced automatically. A server command is also provided to replace tokens in other files, called ReplaceTokens. Example: to deploy a custom sysprep.inf file to several computers, the ReplaceTokens command could be contained in a script to replace tokens in sysprep.inf, this file could be copied with the correct database values to the production drive of the computer. A script to perform this task might look similar to the following: REM Repl aceTokens . \ t emp\ syspr ep. i nf . \ t emp\ %COMPNAME%. t xt Fi r mCopy f : \ t emp\ %COMPNAME%. t xt PROD: \ syspr ep. i nf When replacing tokens, the server creates a temporary file in the \tmp folder, named machinename with the same extension as the original script. This file contains a copy of the script with all token replacements made by the server, and is a valuable tool for troubleshooting. Server Scripting Commands Command Description Boot Wor ks Unl oad Unloads BootWorks to provide additional memory for complex scripts. BootWorks is unloaded automatically when you specify ScriptedInstall. Boot Wor ks Unl oad Repl aceTokens Tokens are replaced automatically in your scripts. This command replaces tokens in additional files, such as those used when configuring a computer. Source represents the source file containing the tokens you want replace, and destination represents the output file after tokens are replaced. Repl aceTokens [ sour ce] [ dest i nat i on] Scr i pt edI nst al l Indicates that this script is launching a scripted install. 394k of free memory is required for the Windows scripted install to run. BootWorks is automatically unloaded for scripted installs. Scr i pt edI nst al l Depl oyment St ar t When using blade servers, this option places a note in the history to mark a starting point. If a redeployment is later executed on this computer, the computer is restored from the deployment start mark in the history. Depl oyment St ar t vbscr i pt Indicates that this script contains vbscript. If this appears anywhere in your script, the entire script is executed as a vbscript (you cannot execute batch commands and vbs commands in the same script). The comment flag is always used with the vbscript server command when writing Visual Basic scripts to ensure that it is ignored by the VB processor. vbscr i pt Deployment Solution 233 Deploying Scripts
After replacing tokens in the script itself, the server processes the next command in this script: ReplaceTokens. Since the token replacement process already replaced the compname token, the ReplaceTokens command works as expected and creates a unique system.inf file for each computer, containing values unique to that computer. The script is delivered to the client, and the Firm utility finds the correct file on the eXpress share to copy to the production drive. A similar process can be used to deploy configuration files to Linux computers, as a large number of Linux configuration files are text-based. If you perform Linux configuration often, you might want to set up an additional database containing common configuration values you can retrieve using tokens. Running Scripts on the Server Scripts can optionally execute on the server on behalf of the client. This is very important to understand, because token replacement and other commands are based on the client assigned the job, not the server. Example: consider the script we reviewed in the previous section: REM Repl aceTokens . \ t emp\ syspr ep. i nf . \ t emp\ %COMPNAME%. t xt Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf If we marked this script to execute on the server, the initial token replacement still contains the name of the computer targeted by the scripting task. However, the command in the second line fails because the server looks for the paths specified by Firm on the server, not the client. This is valuable when you want to retrieve tokens specific to a number of computers, but the script can execute successfully on the server. This can relieve network traffic and prevent interruptions on managed computers. However, when a script runs server-side, the script is executed separately for each computer assigned to the task. A task assigned to 500 computers causes any server- side scripts in the task to execute 500 times on the server. If you have processor intensive commands, you might want to avoid server-side execution to prevent disruptions on your server, or perform the task during off-hours. Also, when running scripts server-side, avoid commands that require interaction. The DS service does not have interaction with the desktop, so there is no way to provide even simple feedback in scripts that run server-side. Reporting Errors One of the biggest challenges when running scripts is implementing effective error reporting and feedback. In DS, every task has the ability to handle error codes returned from a job, and take action based on this code. By default, a scripting task returns a 0 for success, and a 1 if the script fails to execute. This might be sufficient for a simple script, but scripts can often execute successfully yet still fail to perform the intended tasks. Additionally, if you create a batch file with three commands, the status reported on completion is the status of the final command in the script. The first two commands might return errors, but if the final command is successful you receive a status of success. Deployment Solution 234 Deploying Scripts
To provide additional feedback when running scripts, Altiris provides an error logging utility, called logevent, for DOS, Windows, and Linux. This utility lets you send error, warning, and informational messages back to your server from within scripts, and job execution can be stopped based on the messages you return. When executing scripts, it is important to note that DS cannot stop script execution directly; DS delivers the script and returns the execution status, but the operating sytem handles the actual execution. DS does not automatically stop script processing when an error is encountered, you must provide that logic in your script. Usage: LOGEVENT [ - c: #] [ - l : #] [ - ss: Msg] [ - n: Pr og] DOS/CMD Error Handling In the DOS automation environment, the logevent utility is called LOGEVENT, and is available on your eXpress share. Since this is the default directory in the automation environment, LOGEVENT can be executed directly in your scripts. In the Windows production environment, the logevent utility is called WLogevent.exe. In order to use WLogevent.exe, you must make the executable available to the Windows client, either by providing it with an image, a software deployment, or by simply copying the file directly before your script executes. On DOS, events are queued until the script completes and they are returned to the server. The Windows and Linux utilities return messages as soon as they are encountered. The following script uses GOTO commands to control how a script is processed based on the outcome of executed commands, and uses logevent to return the script status: @ECHO OFF REM Cal l r equest NewHar dwar e. exe. Thi s f ai l s and r et ur ns an er r or . r equest NewHar dwar e. exe I F ERRORLEVEL 2 GOTO TWO I F ERRORLEVEL 1 GOTO ONE GOTO END : TWO Logevent Parameter Description [-c:#] A ReturnCode between -32768 and +32767. Default = 0 [-l:#] Additional indicator of type of message.Where # = 0-3; 0 = Unknown, 1 = Information, 2 = Warning, [-ss:Msg] Any string enclosed in double quotes. Default = "No Message" [-n:Prog] Name of the program that was executed. Default = "User Defined" Deployment Solution 235 Deploying Scripts
LOGEVENT - c: 2 - l : 3 - ss: Bad command or f i l e not f ound. GOTO END : ONE LOGEVENT - c: 1 - l : 1 - ss: Er r or 1. : END Visual Basic Error Handling By including the ' vbscript server command in a script deployed to a Windows or DOS environment, DS executes the script using Visual Basic. Visual Basic has a powerful, integrated method to handle errors. In these scripts, use WLogevent.exe to report script status to the server after you have used the built-in mechanisms to retrieve errors. The following script contains an example of error handling in Visual Basic script: On Er r or Resume Next Set WSHShel l = Wscr i pt . Cr eat eObj ect ( " Wscr i pt . shel l ") ' l ook on t he l ocal comput er st r Comput er = " . " Set obj WMI Ser vi ce = Get Obj ect ( " wi nmgmt s: \ \ " & st r Comput er & " \ r oot \ ci mv2" ) Er r Num= Er r . Number I f Er r Num= 0 Then Set col Net Car ds = obj WMI Ser vi ce. ExecQuer y _ ( " Sel ect * Fr omWi n32_Net wor kAdapt er Conf i gur at i on Wher e I PEnabl ed = Tr ue" ) ' cycl e t hr ough al l of t he ni cs For Each obj Net Car d i n col Net Car ds ' i f i t i s t he ni c we ar e l ooki ng f or change t he dns For Each obj Addr ess i n obj Net Car d. I PAddr ess I f obj Addr ess = " %NI C1I PADDR%" Then ' Set up t he ar r ay of DNS ent r i es f or t he NI C ar r DNSSer ver s = Ar r ay( " 172. 17. 0. 202" , " 172. 17. 0. 201" ) obj Net Car d. Set DNSSer ver Sear chOr der ( ar r DNSSer ver s) WSHShel l . Run " . \ WLogevent . exe - c: 0 - l : 1 - ss: " " Changi ng DNS f or NI C1" " " , 1, t r ue Deployment Solution 236 Deploying Scripts
End I f Next Next El se WSHShel l . Run " . \ WLogevent . exe - c: " & Er r Num& " - l : 3 - ss: " "Er r or : " & _ Er r . Descr i pt i on & " " "" , 1, t r ue Er r . Cl ear End I f Linux Shell Error Handling The logevent command is provided in the Linux agent, so any Linux computer with the agent installed has local access to logevent. Similar to Visual Basic script, Linux provides a powerful method to track error values. When running scripts on Linux, use logevent to report the status to the server after you have used the built-in mechanisms to retrieve errors. The following script contains an example of error handling on Linux: #! / bi n/ sh expor t PATH=$PATH: / opt / al t i r i s/ depl oyment / adl agent / bi n gr ep f oo f oo. t xt ERRVAL = $? i f [ $ERRVAL - ne 0 ] ; t hen l ogevent - c: $ERRVAL - l : 3 - ss: er r or execut i ng gr ep" f i ; Deployment Solution 237
Chapter 17 Creating an Image Distribution Framework Why Use an Image Distribution Framework? In distributed networks, your ability to effectively manage computers is often limited by the speed of your network link to remote locations. In Deployment Solution, computer imaging can often require file transfers in excess of several gigabytes, even when multicasting. This can cause centralized management to become a major bottleneck, limiting your ability to manage computers at these remote locations. The following diagram outlines a typical network topology that can benefit by implementing an image distribution framework. It consists of a distributed network with several remote locations and subnets connected using routers over permanent, reliable- but-slow WAN links: Typically, managed computers at remote locations would be required to access image files often over several gigabytes over this LAN link. Implementing an image distribution framework enables you to replicate your images to a local image store for use during imaging tasks. Deployment Solution 238 Creating an Image Distribution Framework
PXE Redirection PXE solves this problem by enabling you to redirect a shared PXE configuration to a configuration on a local PXE server. This lets you assign a job across multiple locations, and have computers at each location boot using a local PXE server with configuration specific to this location. Within this configuration, you can map local file shares containing disk images. Important: If PXE is available, we recommend using up PXE redirection instead of following the process outlined in this document. What if I Am Not Using PXE? If you are not using PXE, Deployment Solution provides a set of tools to let computers automatically retrieve the correct image file locally. Using these tools is described in this document. Tools The tools referenced in this document, such as getsrv.bat and server.lst, are available on your Deployment share in the TechSup\DOS\getsrv folder. Creating a Distribution Framework The following provides a basic outline of an image distribution framework: Each subnet has a file server to host a local image store. All managed computers, regardless of location, connect to the local image store to retrieve images. This eliminates downloading an image over the WAN link before an imaging operation. The location of each managed computer is determined automatically based on IP address using a custom utility. Using this method, the same distribute image task can be used to image one or more computers regardless of location. Complete the following tasks to implement an image distribution framework: Step One: Set Up Local Image Stores (page 238) Step Two: Replicate Images (page 239) Step Three: Configure the Server Lookup Utility (page 239) Step Four: Create a Boot Disk Creator Configuration (page 240) Step Five: Distribute an Image (page 241) Step One: Set Up Local Image Stores A local image store should be set up on a file share at each remote location. Each share hosting an image store should have the same name and folder structure. In other words, the path to your images must be identical with the exception of the server name. To control access to these shares, we recommend creating a domain-level account with read/write access to each share, or alternately, a local account with the same username Deployment Solution 239 Creating an Image Distribution Framework
and password on each server. This account should not possess group membership, interactive login privileges, or any additional rights. This account is specified when creating the boot configuration in Boot Disk Creator, and the username and password must be the same for each share. Step Two: Replicate Images Before an image can be used, it must be replicated to the image store file share at each location. There are a number of file replication solutions available, and most companies already have a process in place for replicating data between remote sites. Before attempting an imaging job, ensure the necessary image files have been replicated to the local image store. Step Three: Configure the Server Lookup Utility To simplify the process of accessing images at remote locations, a tool called getsrv.exe was developed to retrieve the IP address of each managed computer and compare it to a lookup file to find the local image store. Create a Configuration Open getsrv.bat in a text editor. This batch file calls getsrv.exe to populate the server name variable. Getsrv.bat should look similar to the following: copy F: \ ser ver . l st c: \ t ool s\ ser ver . l st C: \ t ool s\ get sr v. exe / s c: \ t ool s\ ser ver . l st / v SERVERNAME > c: \ t ool s\ sr venv. bat cal l C: \ t ool s\ sr venv. bat This example copies the server lookup file, server.lst, from the Deployment Share to the automation drive. Getsrv.exe is called with these parameters set correctly. To use this example in your environment, place your server lookup file in a tools folder on your deployment share and name it server.lst. If you are using PXE, change the drive references from C: to A:, since PXE uses a virtual boot floppy represented by A:. This modified file is added to your boot configuration in a later section. Create a Server Lookup File Each server in the lookup file consists of two entries: the IP address/subnet entry and the corresponding server name. The IP address and subnet are separated by a slash ( / ), and the corresponding server name is separated by a comma (,). For example: 172. 16. 0. 0/ 255. 255. 0. 0, SERVER1 192. 168. 1. 0/ 255. 255. 255. 0, SERVER 2 192. 168. 2. 0/ 255. 255. 255. 0, SERVER 3 Create entries in this file for each IP segment to which you might deploy images. Deployment Solution 240 Creating an Image Distribution Framework
GetSRV.EXE Parameter Descriptions The following table contains descriptions of the getsrv.exe parameters: Step Four: Create a Boot Disk Creator Configuration After you have configured getsrv.bat, you need to create and modify a boot configuration. This configuration is used to boot managed computers to the automation environment for imaging. 1. In Boot Disk Creator, create a new boot configuration using your selected automation boot method and environment. 2. Create a drive mapping for your image share, using the %SERVERNAME% variable rather than an actual servername. (The name of this environment variable is specified using the /v flag of getsrv.exe. We recommend using SERVERNAME). This drive mapping should look similar to the following: \ \ %SERVERNAME%\ [ shar e] Replace [share] with the share name of your local image stores. 3. Managed computers must be able to resolve the name of the central Deployment Server. If using DOS automation, NetBIOS is used to resolve names, so we recommend adding your Deployment Server to the lmhosts file. We also recommend adding the name and IP address of each server hosting an image store. 4. After the wizard completes, within the configuration, create a folder named Tools and copy the following files: getsrv.exe getsrv.bat Parameter Description /s [filename] File containing the list of servers hosting local image stores. This file is typically placed in the deployment share. See Create a Server Lookup File (page 239). /v [variablename] Environment variable containing the selected server. This token is used when creating the boot configuration, and is set to SERVERNAME in these examples. Deployment Solution 241 Creating an Image Distribution Framework
Modify Mapdrv.bat to call Getsrv.bat Mapdrv.bat is called to map drives in the automation environment. This file is modified to call the getsrv.bat file you modified in a previous step. After this executes, the server name variable is available to map the drive to your local image store. 1. Launch Boot Disk Creator. 2. Expand the configuration you created in the previous section. 3. Modify mapdrv.bat to add the following line after the first line of the file: cal l c: \ t ool s\ get sr v. bat The completed file should look similar to the following: net use F: \ \ [ your _ds_ser ver name] \ eXpr ess / yes cal l \ t ool s\ get sr v. bat net use [ dr i ve] : \ \ %SERVERNAME%\ [ shar e] / yes Deploy the Boot Configuration This configuration is now ready to be deployed using PXE, installed to an automation partition, or copied to boot media. Computers must boot this configuration when performing imaging tasks. Step Five: Distribute an Image You are now ready to test your configuration by deploying an image. Use the standard deploy image task in the Deployment Console, keeping in mind the following: Images must be replicated before the task executes. The path to the image file specified in the Deploy Image task should be based on the image store drive you mapped when creating your boot configuration. Example: if you selected G and mapped \\%SERVERNAME%\ds_images, and your images are located in the root folder of that share, the path is G:\imagename.img. The server lookup file must be accessible. Deployment Solution 242
Chapter 18 Deploying and Managing Servers Deployment Solution provides additional features to remotely install, deploy and manage network and web servers. From the Deployment Server Console, you can configure new server hardware, install operating systems and applications, and manage servers throughout their life cycle. And because servers are mission-critical, you can set up a system to quickly deploy new servers or automatically re-deploy servers that have failed. Features like rules-based deployment, support for remote management cards, and quick server restoration from a deployment history give you new tools to manage all servers throughout your organization. Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers. See Server Management Features on page 242. Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides server- specific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options on page 243. Server Management Features Deployment Server provides various features for deploying and managing servers. These features are supported for client and handheld computers as well, but are essential in deploying servers.
Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, or any Linux OS), multiple processors, and specific vendor server models. Deployment Solution 243 Deploying and Managing Servers
Server icons. The Deployment consoles display icons to identify servers across the network. Like other computer icons in the console, server icons can be selected to view server properties or assign specific jobs and management tasks Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up the operating system install files using a wizard. See Scripted OS Install on page 165. Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings on page 104. Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server. Server Deployment Options Deployment Server includes features to automatically reconfigure and redeploy new servers. If you are using Initial Deployment to automatically re-image new servers or run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2) run automatically for every server not identified as a managed computer in the database. These contrasting settings are based on polices you define for managing servers in your organization. Example: if you rely on PXE to boot the new server and you want to deploy new servers automatically without halting the process, you must change the default settings in the PXE Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed (or waits a set time before proceeding) to avoid erroneous re- deployment, you need to set the options in the Advanced section of Initial Deployment. Halt the Initial Deployment of Servers When a server boots from the PXE server or from BootDisk (if the option is set), Deployment Server recognizes it as a new computer and will attempt to configure the Icon Description
Indicates a server is active and a user is logged on.
Indicates a server is disconnected from the console.
Indicates a server is in a waiting state. Deployment Solution 244 Deploying and Managing Servers
computer with Sample Jobs in Deployment Solution. Initial Deployment includes a feature to prohibit servers from being deployed automatically. 1. Click Initial Deployment and select Properties. 2. Click the Advanced tab. 3. Click the Servers check box and click OK. Initial Deployment will not run for any computer identified in the console as a server. Change PXE Options for Initial Deployment If installing a server using a PXE Server, the server will attempt to install but will not run automatically using default settings. It will wait until a boot option is selected from the client computer. You can change the default setting in the PXE Configuration Utility to allow Initial Deployment to run automatically and not sit at the prompt. 1. Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility. 2. Click Altiris BootWorks (Initial Deployment). Click Edit. 3. Select Execute Immediately. Initial Deployment will run automatically for every identified server. 4. Click OK. Clear BootWorks Prompt for Remote Install When you run a deployment job on a computer where the Deployment Agent has been remotely installed, a message will appear stating that no BootWorks partition or PXE stamp is found. The message will stay open until the user clicks OK on the message dialog, which delays executing the scheduled job as part of an automated redeployment process. To fix this delay: 1. Select Tools > Options.The Altiris Program Options dialog appears. 2. Select the Agent Settings tab. 3. Select Change Default Settings. 4. Select the BootWorks tab. 5. In the lower section, select Never prompt me from the list. 6. Click OK. Following these steps will assure that the BootWorks message will not come up and things will move forward when a job is scheduled. Managing Server Blades Deployment Solution allows you to manage high-density server blades with Rack/ Enclosure/Bay (R/E/B) hardware and properties. From the Deployment Console you can deploy and manage these space-efficient server blades using the physical view to assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage each server blade directly from the logical view. See Bay on page 121 for properties and rules to deploy Rack/Enclosure/Bay servers. Deployment Solution 245 Deploying and Managing Servers
Using Deployment Solution, you can employ rip and replace technology that allows you to insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, allowing you to replace any downed server and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade. Managing New Server Blades Deployment Solution allows you to automatically deploy, configure and provision new server blades using a variety of features, including Sample Jobs in Deployment Solution, Virtual Bays, and Server Deployment Rules. New Server Blades in Newly Identified Bays When new blades are identified in a Bay that has not been used previously (if it has been used previously, the Bay object will be identified in the physical view), both the Sample Jobs in Deployment Solution and Virtual Bays features can be set up to automatically run configuration tasks and deployment jobs. To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid Deployment Pack installations of Deployment Solution. Initial Deployment set up: Clear the Servers check box in the Advanced dialog. If both new computer features are set up and a new server blade is installed in a Bay not previously identified by the Deployment Server, the Create Virtual Bay feature will execute and Initial Deployment will not execute. New Server Blades in Identified Bays If a new HP server blade is installed in an identified Bay (one that has already had a server blade installed and is visible from the Deployment Console), both Sample Jobs in Deployment Solution and Server Deployment Rules can be set up. However, when both are set up, the Server Deployment Rules execute and Initial Deployment does not execute. Hewlett-Packard Server Blades Hewlett-Packard high-density blade servers can be deployed and managed from the Deployment console. The following HP server blades are supported: HP blade servers allow you to employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/ servers/rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server is displayed along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and displayed in both the physical and server views within the Computers pane of the Deployment console. HP Proliant BL e-Class HP Proliant BL p-class Proliant BL 10e Proliant BL 20p Proliant BL 10e G2 Proliant BL 20p G2 Proliant BL 40p Deployment Solution 246 Deploying and Managing Servers
For HP blade servers in the physical view the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features on page 242 and Server Deployment Options on page 243. Virtual Bays Blade servers now have a Virtual Bay feature that allows you to pre-assign deployment jobs to the rack, the enclosure, or to a specific server blade in the bay. Any blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. The Virtual Rack/Enclosure/Bay icons will change from virtual icons to managed server icons in the Deployment console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the virtual computer is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays will be truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you will need to recreate the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades on page 245. Dell Server Blades Dell high-density blade servers can be deployed and managed from the Deployment console. All Dell Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The following servers are supported: For Dell blade servers in the physical view, the Rack name will always be Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example: Dell Rack Servers Dell Server Blades All PowerEdge rack servers PowerEdge 1655MC Deployment Solution 247 Deploying and Managing Servers
Dell <enclosureName> <bayName> See also Server Management Features on page 242 and Server Deployment Options on page 243. Fujitsu-Siemens Server Blades Fujitsu-Siemens high-density blade servers can be deployed and managed from the Deployment console. All Fujitsu-Siemens Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/ Enclosure/Bay view. The following servers are supported: For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features on page 242 and Server Deployment Options on page 243. IBM Server Blades IBM high-density Blade Centers can be deployed and managed from the Deployment console. All IBM blade servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. For IBM blade servers in the physical view, the Rack name will always be IBM. All subordinate Enclosures are identified with custom names under the IBM rack name and Bays are identified by number. Example: IBM <enclosureName> <baynumber> See also Server Management Features on page 242 and Server Deployment Options on page 243. Fujitsu-Siemens Rack Servers Fujitsu-Siemens Server Blades All Primergy rack servers Primergy BX300 blade servers Deployment Solution 248
Part V Operating System and Platform Reference This section contains operating system and platform-specific information you need to consider when managing computers. Deployment Solution 249
Chapter 19 64-bit Platforms Deployment Solution has been designed to make managing different platforms as seemless as possible. This section walks you through the enhancements added to support 64-bit, and includes tips to more effectively manage these computers. 64-bit Job Conditions and Filters Functionality has been added to let you set conditions and filters based on the computer architecture. These conditions and filters let you set up your jobs to make decisions based on the architecture so you dont have to re-organize your tree around architecture. Example: when distributing software, you can have 32- and 64-bit comptuters in the same group and use conditions to ensure each receives a different version. 64-bit PXE Boot Images & Configurations Deployment Server 6.8 uses the same process to create automation boot configurations as Deployment Server 6.5. There are two differences for 64-bit: When you create a PXE boot configuration (example: an item on the PXE boot screen), you select the architectures you want to include when you create the configuration. When a managed computer boots this configuration, PXE automatically detects the architecture and sends the correct boot image. If you attempt to boot an x64 computer without an x64 boot image, it will use the x86 version. An Itanium will attempt to boot only an Itanium boot image. When you create an automation partition or boot disk from a Boot Disk Creator configuration, you are asked which architecture you want to use. Boot Disk Creator automatically gathers the correct files for that architecture. Adding Files to a Boot Disk Creator Configuration for 64-bit For the most part, Boot Disk Creator configurations are independent of architecture. However, if you manually add executables to a configuration which supports multiple processor types, you need to ensure you provide a version of the file for each architecture you have included. Example: if you have x86 and x64 versions of the Linux preboot environment selected for a configuration, and you add an executable, Boot Disk Creator checks the file header to see which architectures the executable supports. If not all architectures you have installed are supported by the file you added, this screen appears prompting you to add additional files or ignore the warning. Deployment Solution 250
Linux and Unix Systems Altiris Deployment Solution has several tools to effectively manage Linux and Unix computers, including: A native Linux and Unix agent, called ADLAgent, in the Linux production and automation environments. Fedora Linux automation environment Support for deploying KickStart scripted installs Native imaging support for ext 2 and 3 filesystems Native imaging support for LVM This section contains considerations you must be aware of when managing Linux and Unix systems, and contains the following topics: ADLAgent ADLAgent is the client software which provides connectivity to Deployment Server from Linux, Unix, and Solaris. Installing and Configuring ADLAgent For basic instructions on installing ADLAgent, see Installing Deployment Agent on Linux on page 351. Installing ADLAgent on your Linux and Unix computers involves copying the necessary binaries to the client and running the installation script. You can configure the agent using the configuration script, modifying the configuration file directly, or by modifying the configuration directly in the Deployment Console. If you need to install ADLAgent on multiple computers, you can copy the installation files to an NFS or other share on your network, use standard remote access tools to run the installer. This might involve using ssh to log in remotely, or adding a line to a standard script. You might also modify the ADLAgent configuration file once and copy it to each computer. Distributing Software The software distribution task now supports a number of Linux and Unix file types. When using this task with these formats, the file is copied to the system, extracted, The configure script is executed (./configure) and the make install command is executed. A large number of software packages can be installed using this process. If you have software which requires configuration beyond this, or if you are using a package management system, use a file copy task along with a shell script to install the software. Imaging Linux and Unix Filesystems RapiDeploy provides native imaging support for EXT2 and EXT3 file systems. Other file systems can be imaged, but you need to use the -raw switch. Deployment Solution 251 Linux and Unix Systems
Linux Bootloaders There are a few considerations you must use to preserve the functionality of Linux bootloaders. First, if your bootloader is located on a reiserfs partition, you must use the -raw switch when imaging this partition to preserve the structure. Second, if you are using an automation partition, your MBR is modified to boot this partition. If you install a new version of a bootloader, your MBR is modified and you might not be able to access your automation partition. If this occurs, you can reinstall the automation partition. To prevent this, do not update any software which modifies your MBR without uninstalling the automation partition first. The automation partition can be reinstalled after the software update. Deployment Solution 252
Chapter 20 Managing Thin Clients Thin clients are a low cost, low maintenance solution for organizations that want to perform tasks or access programs such as: Web browsing, Java-based applications and terminal emulation, or line of business (LOB) applications. Example: users can range from receptionists and data entry workers to users accessing systems from kiosk locations commonly found in call centers or health care environments. Thin clients provide users a reliable server-based environment without the complexity or maintenance of a PC. Thin clients connect to any current or legacy network and can be managed from a centralized location. Thin clients do not contain any moving parts and data is stored in RAM, which increases their manageability, security, and reliability. Thin client operating systems The Deployment Agent is the Production Agent and can be installed to thin clients running Windows XP Embedded from the Deployment Console. However, if you have thin clients running either CE. NET, or the proprietary version of Linux from HP or Neoware, you cannot remote install (push) the Deployment Agent from the Deployment Console. Rather, you must install the Deployment Agent on the thin clients (pull) directly. See Thin Client Operating Systems (page 253). Production versus Automation Agent Deployment Solution requires that a Production Agent be installed to each thin client you want to manage from the Deployment Console. Thin client computers come pre-installed with the Deployment Agent so when they are added to a Deployment Server system, communications between the server and client are established right away. The client computers MAC and IP addresses are added to the Deployment database, which lets you begin managing the device. See Installing Deployment Solution Agents (page 345), Deployment Agents (page 109). The Automation Agent boots thin clients to automation mode so they can run deployment jobs, such as run script, create and distribute disk images, and more. Altiris recommends using a PXE Server to boot thin clients to automation, instead of installing an embedded automation partition. See Automation Agent Settings (page 379). Supported Deployment Solution Functionality Deployment Solution supports full functionality for thin client running XPe and Linux. However the there is limited functionality for thin clients running CE .NET. The following is a list of the supported functions for thin clients running CE .NET. Modify Computer Configuration (the computer name and TCP/IP Setting only) Distribute software (.CAB and .EXE files) Execute and run scripts (DOS and WIN batch files) *no VBS support Copy files and directories Create disk images Deployment Solution 253 Managing Thin Clients
Distribute disk images Remote Control clients (24 bit color depth only. No chat or send file features) Power Control (restart/shutdown/wake up jobs) Set computer properties Create conditions to run jobs and filter computers Modify client properties via Windows and Linux agent settings Supported Thin Client Manufacturers Currently, Altiris supports Fujitsu-Siemens, HP, and Neoware thin clients. Thin Client Operating Systems Thin clients come pre-installed with an operating system and the Altiris Deployment Agent. This lets you easily add new devices to the network and establish communications with the Deployment Server. See Windows XP Embedded (XPe) (page 253), Windows CE .NET (page 256), and Linux (page 256). Windows XP Embedded (XPe) Microsoft Windows XP Embedded (XPe) is a powerful, rapid, and reliable operating system that runs on PC architecture hardware with x86 processors. Windows XP Embedded is a componentized technology based on the Windows XP Professional operating system, with full Win32 Application Program Interface (API) capabilities. Manufacturer Model Fujitsu-Siemens Futro B, S, and C series thin clients running the Windows XP Embedded operating system. Currently, Deployment Solution does not support Futro thin clients running Linux. Futro S series thin clients come pre-installed with the Deployment Agent and a license for Deployment Solution. However, the Futro B series requires that you install the Deployment Agent before obtaining a Deployment Solution license from Altiris. See Managing Licenses (page 353)or the Altiris Getting Started Guide for more information. HP HP t5000 thin client series, which includes the t5300, t5500, and t5700 clients. Thin clients come pre-installed with Windows XP Embedded, Windows CE .NET, or Linux, depending on the model of the device. All HP thin clients come pre-installed with the Deployment Agent. Neoware CapioOne G150 and Eon E100 series thin client models. The thin clients come pre-installed with Windows XP Embedded, CE. Net 4.2 or 5.0, or NeoLinux. All Neoware thin clients come pre-installed with the Deployment Agent, but if your device is missing the agent, contact Neoware for a Snap-In. Deployment Solution 254 Managing Thin Clients
Because application developers can choose from over 10,000 individual feature components, the image footprint is smaller and can boot basic images as small as 8MB. The Deployment Agent used for computers running 2003\XP\2000 is the same agent that is installed on thin clients running the Windows XP Embedded operating system. There are no limitations when installing the Deployment Agent to thin clients from the Deployment Console. However, you must turn off The Enhanced Write Filter on the thin client before installing the Deployment Agent, so that the agent will be saved to the clients memory. See also: Installing Deployment Solution Agents (page 345)and Deployment Agents (page 109). The Enhanced Write Filter The Enhanced Write Filter (EWF) is a unique feature of the Windows XP Embedded operating system that protects data from being written to the Hard Disk (RAM) storage area on a thin client. With EWF enabled, any data writes will be redirected to an alternate storage area called an overlay. The data stored in the overlay gives users the appearance that files, programs, or any other data installed to the thin client, will be permanently saved. However, all data written to the overlay storage area will be deleted when the thin client reboots. The Enhanced Write Filter is an IT managing feature that helps control the data stored on a thin clients hard drive. Some of the tasks Deployment Solution tasks that are impacted by the Enhanced Write Filter are certain deployment jobs, and installing the Deployment Agent for Windows. Other tasks such as, creating and distributing images, and modifying the configuration (computer name or IP address) already have scripts to handle EWF. These jobs disable EWF first, run other scripts or tasks, and re-enable EWF as the last step of the deployment job. This ensures that data written to thin clients during the deployment job will not be lost when clients reboots. Example: from the Deployment Console in the Jobs pane, located in Samples > Windows XP Embedded, is a job called Create Disk Image. The script reads as follow: Notice that the first line item disables the Enhanced Write Filter, and the second line item checks to verify that EWF is disabled. The Create Image task creates a copy of the thin clients image and stores it in the Images folder on the Deployment Share. When the image task completes, the Enhanced Write Filter is re-enabled, and the thin client reboots. Because this script handles EWF automatically, thin clients can be managed from the Deployment Console without concern that data tasks will not be saved to managed thin clients. When creating your own Deployment jobs, use the Samples in the Job pane of the Deployment Console to help you create your own scripts to handle EWF automatically. If Deployment Solution 255 Managing Thin Clients
EWF is not disabled and enabled properly, after you run a Deployment job, the next time a thin client reboots, data will be lost. See also: Building and Scheduling Jobs (page 143), Deployment Agents (page 109). Using the EWFMGR Utility HP and Fujitsu-Siemens thin clients can enable or disable the Enhanced Write Filter, using a Windows XP Embedded utility named ewfmgr.exe, which is stored in the C:\Windows\System32 folder. Although there are many switches that can be used with this utility; however, you typically will only use the following three or four. Note Neoware thin clients use a different method of enabling and disabling the Enhanced Write Filter. See the Sample Jobs folder in the Jobs pane in the Deployment Console for examples, or contact Neoware. The following are a few examples of how to use the ewfmgr.exe program. Switch Description -all Performs a specified command (such as disable or enable) on all protected volumes. The default command is to display protected volume information. -disable Disables the overlay on the specified protected volume. -enable Enables the write filter so that data written to the protected media is cached in the overlays. The current overlay level becomes 1 as soon as EWF is started, and a new overlay is created at level 1. -commitanddisable Commits all current level data in the overlay to the protected volume and disables the overlay. Deployment Solution 256 Managing Thin Clients
Although the enhanced Write Filter manager can be run from a thin client, it is more efficient to include it as part of your Deployment Job. Windows CE .NET Microsoft Windows CE .NET is designed for a broad range of intelligent hardware devices that require a small-sized operating system, and usually run disconnected from other computers. Window CE .NET can run on multiple processors, supports Win32 Application Program Interface (API), and runs in Realtime right out of the box. Application developers can choose from a wide range of modules and components, creating small image footprints booting the basic image from 350KB. Deployment Solution lets you mange thin clients running Windows CE .NET from a centralized location, but the Deployment Agent for Windows CE .NET must be installed on each device. Many of the thin clients supported by Deployment Solution come pre- installed with the Deployment Agent and can be managed after they are connected to the network. However, due to limitations of the Deployment Console, you cannot push the Deployment Agent for CE .NET to thin clients running the Windows CE .NET operating system. Rather, you must run the Deployment Agent installation from the thin client directly. Linux HP and Fujitsu-Siemens distribute their own proprietary versions of Linux for thin clients supported by Altiris. Contact the manufacturer for more information. Licensing Thin Clients HP and Fujitsu-Siemens thin clients do not require a license, but Neoware thin clients must purchase a standard license. See Managing Licenses (page 353). Example Description ewfmgr -all This displays the current Enhanced Write Filter settings. ewfmgr c: -disable This disables the Enhanced Write Filter on the C: volume. ewfmgr c: -enable This enables the Enhanced Write Filter on the C: volume. Deployment Solution 257
Windows Vista Deployment Solution 6.8 introduced a new Deployment Agent, called DAgent, to support windows Vista. DAgent is used to: Install software Execute scripts Gather inventory and system configuration Integrate Windows Remote Desktop into the Deployment Console Install the Deployment Agent on Vista The DAgent installation program is contained in the Agents\AClient folder on the Deployment Share. To install, launch the installation MSI on the computer using an admininstrator account, and complete the prompts. To install the client-side, graphical, DAgent Configuration Utility (this utility is similar to the client-side configuration GUI installed with AClient), select the Dagent Config option. The graphical configuration utility is not installed by default. Silent Installation To perform a silent installation, use a command similar to the following: DAgent . msi / qn TCPaddr = 172. 19. 17. 180 t cppor t =402 To remotely install combine the above instructions for a silent installation with a login script or group policy object. To view additional options, run the DAgent.msi using the / ? switch from the command-line. UnInstallation Use the Add/Remove Programs Control Panel applet, or perform a silent removal using a command similar to the following: msi exec. exe / x C: \ DAgent \ DAgent . msi / qui et Start and Stop the DAgent Services The DAgent Configuration Utility provides a Service Control tab to let you quickly start, stop, and restart the DAgent services. Vista Software Distribution Due to increased security in Vista, software must meet the following criteria before it can be distributed using Deployment Solution: The software you are distributing must be Vista compliant. The installation is set to run as completely silent. Deployment Solution 258 Windows Vista
No user input is required by the installation prcess. If the package requires additional files, the "copy all directory files" and/or "copy all subdirectories" options are selected to provide these files. If you are attempting an installation from a remote location or UNC path, only one setup executable is required to complete the installation. In the Distribute Software Task, you have left the advanced option on the default selection, "Copy files using Deployment Server then Execute," or you have provided appropriate domain credentials to perform a remote installation. See the release notes for additional information. Vista Run Script Tasks Due to increased restrictions placed on services in Vista, scripts executed by Deployment Solution cannot display anything to the user. Scripts requiring user interaction, including pause statements, will not execute correctly. Vista Imaging RDeploy fully supports imaging Vista computers similar to other Windows operating systems. Additionally, support is provided for the WIM format using ImageX. See ImageX Imaging (page 216). Deployment Solution 259
Mac Deployment Agent Installing The Mac Deployment Agent 1. Connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. 2. Browse to the Agent s/ ADLAgent folder. 3. Extract and run the program contained in altiris-adlagent-x-darwin.zip. 4. Complete the prompts, providing the IP address of your Deployment Server and the IP address of your NetBoot Server. When the installation completes the computer appears in the Deployment Console. Removing the Mac Deployment Agent An uninstall script is contained in the / opt / al t i r i s/ depl oyment / adl agent / bi n folder. Before executing this script you must make it executable using chmod. 1. Start Terminal and enter: cd / opt / al t i r i s/ depl oyment adl agent / bi n 2. Enter: sudo chmod +x uni nst al l . app 3. Enter: sudo . / uni nst al l . app Deployment Solution 260
Part VI Reference: Deployment Solution Help Files This section contains the help files that are launched from the Deployment Console, Web Console, and other Deployment Solution utilities. Translated versions of these help files are available in the product. Deployment Solution 261
Deployment Server Configuration Utility The Altiris Deployment Server Configuration Utility provides general configuration preferences for the Deployment Server. You can use the Deployment Server Configuration Utility to: Set up an account for the Deployment Server. See Service Logon Account on page 262. Stop, start, and restart the Deployment Server. View server activity and statistics. Map drives to file servers in your Deployment Server system (if you have images stored in more than one place). See Drive Mappings Option on page 263. Set the communications protocol (multicast or TCP) and set the imaging multicast threshold. See Transport Option on page 265. Filter connections from the Deployment Server by IP addresses or network adapter interface. See Connections Option on page 267. Set debug and log file options. See Debug Option on page 268. From the main view of the Altiris Deployment Server Configuration Utility, you can view the Deployment Server activity and statistics, start and stop the Deployment Server, access Deployment Server configuration options, and more. The following are the fields and tabs on the Altiris Deployment Server Configuration Utility page: Log in to the Deployment Server you want to manage. Open the Deployment Server Configuration Utility by clicking Start > All Programs > Altiris > Deployment Server > Configuration. The Altiris Deployment Server Configuration dialog appears. Item Description Server activity and statistics Lists the number of Deployment Server sessions (client computers) and Deployment Server Consoles currently running on the network. Start Starts the Deployment Server on the local computer. Stop Stops the Deployment Server on the local computer. Restart Restarts the Deployment Server on the local computer. Altiris Deployment Server Configuration Utility 262
Service Logon Account You can use the Service Logon Account dialog to set up the user account for the Deployment Server. To specify or change the Deployment Server service account 1. From the Control Panel of the Deployment Server computer, open the Altiris Deployment Server Configuration Utility. 2. Click Account. 3. Choose whether you want to use the LocalSystem account or a user-defined account. If you choose a user-defined account, you must enter the user name and password. Account Opens the Service Logon Account dialog, which lets you specify the logon account used by the Deployment Server service. The LocalSystem account requires a simple installation that runs Deployment Server services on the local computer, prohibiting access to network shares or components. If you select the Use the LocalSystem account option, you can click the Allow service to interact with desktop check box to place an icon in your system tray. This icon lets you quickly shut down the Deployment Server services or to view server statistics (just as you can do from the Manage > Services and Applications > Services > Altiris eXpress Server service). The default setting is to provide a user name and password during installation. You can select the Use the following account and password option to install the service on different computers and to access components across the network. Options Opens the Altiris Deployment Server Options dialog, which lets you specify Deployment Server options, such as General, Drive Mappings, Connections, and so on. Item Description Use the LocalSystem account Specifies that the Deployment Server service should use the LocalSystem account. See Account on page 262. You can use this option if your Deployment Server directory is located on the same computer as the Deployment Server and if you don't need to access any other file servers. Use the following account and password Specifies that a user-defined account should be used by the Deployment Server service. If you select this this option, you must supply the appropriate user name and password. The account must have Administrator rights on the Deployment Server computer. You must use this option if your Deployment Server directory is located on a server other than the Deployment Server. Altiris Deployment Server Configuration Utility 263
4. Click OK. 5. In the Service Logon Account dialog, select an account option. General Options Update Inventory on active computers. Inventory provides software and hardware information about a client computer. You can update inventory on active computers at specified intervals. The Deployment Agent or any other agent sends the inventory when it connects to the server for the first time. It also updates the inventory according to a specified schedule. Click Schedule to schedule an updated inventory. Update active client connections. Due to network glitches, the console may show the inactive client computers as active. The Deployment Server sends a CACK (Client Acknowledgement) request to the client computers. Specify the time (in seconds) for which the Deployment Server will wait for a response from the client computer. If the Deployment Server does not receive a response from the client within that specified time, it terminates the connection. Click Schedule to schedule the update of the active client connections. Reset inactive client connections. Due to network glitches, the console may show the active client computers as inactive. If this option is selected, inactive client connections are reset according to a specified schedule. Click Schedule to schedule the resetting of the inactive client connections. Encrypt communication between IIS and Data Manager. Select this option to encrypt all communication between IIS and the Data Manager. Send Wake-On-LAN to inactive computers when scheduling. Select this option to send a Wake-On-LAN request to the client computer. You can retry sending this request using the Retry every _______ minutes option. Drive Mappings Option The Drive Mappings tab is used to add, modify, and remove drive mappings used by the Deployment Server. Any drive mappings used to reference files need to be duplicated here. Example: If you create a job that distributes software packages from a drive on another file server using a mapped G drive, you need to create a G drive mapping on the Deployment Server using this dialog. Item Description Letter and UNC Path Displays the drive mappings with the mapped drive letters and the corresponding UNC paths. Add Opens the Map Drive dialog, which lets you create a drive mapping. Drive Letter. From the drop-down list, select the drive letter to which the drive is mapped. UNC path. Enter or browse to the UNC path to which the mapped drive points. Modify Opens the Map Drive dialog, which lets you edit the drive letter or UNC path of the selected drive mapping. Altiris Deployment Server Configuration Utility 264
To create a drive mapping 1. Open the Altiris Deployment Server Configuration Utility from the Control Panel of the Deployment Server computer. 2. Click Options and click the Drive Mappings tab. 3. Click Add. 4. Specify the Drive Letter and UNC Path. 5. Click OK. 6. Click Yes to restart the service. To edit a drive mapping 1. Open the Altiris Deployment Server Configuration Utility from the Control Panel of the Deployment Server computer. 2. Click Options and click the Drive Mappings tab. 3. Select the drive mapping you want to edit and click Edit. 4. Modify the Drive Letter and UNC Path as required. 5. Click OK. 6. Click Yes to restart the service. To remove a drive mapping 1. Open the Altiris Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. 2. Click Options and click the Drive Mappings tab. 3. Select the drive mapping you want to remove and click Remove. 4. Click Yes to confirm the deletion. Click OK. 5. Click Yes to restart the service. Remove Removes the selected drive mapping. Data store path Specifies the path to stored packages and files and other Deployment Solution functions (such as license verification). The default path is C:\Program files\Altiris\express\Deployment Server. Note Do not use this setting to change the path to the Client Access Point. Modifying this setting does not automatically let you use a shared directory other than the express share. To change the Client Access Point shared directory, run a Custom install to establish another location for the Client Access Point. Altiris Deployment Server Configuration Utility 265
Transport Option The Transport tab lets you specify settings for the Deployment Server transport protocols. To specify the Deployment Server transport 1. Open the Altiris Deployment Server Configuration Utility from the Control Panel of the Deployment Server computer. 2. Click Options, and click the Transport tab. 3. Do one of the following, depending on the transport you want to use: If you want to use multicast, do not select the Disable multicast support check box. If you want to use TCP, select Disable multicast support and supply the Multicast Address, Multicast Port, Multicast TTL, and TCP Port. 4. Click OK. Item Description Disable multicast support (clients must connect using TCP) Disables multicast support, which means that client computers must connect to the Deployment Server using TCP. Multicast Address This is used only if multicast is not disabled. Multicast Port This port is used only if multicast is not disabled. Multicast TTL Specifies the number of "hops" or hubs that the client computer can go through to multicast. This is used only if multicast is enabled. TCP Port This port is used whether multicast is enabled or disabled. Use Default Click to use the default communication protocol options. Automatically update clients Automatically updates the Altiris Client for Windows on managed computers if there is a difference (older or newer) between the client computer available in the Deployment Server directory and the managed client computer. Note If any agent is upgraded to Deployment Solution 6.9, this agent does not downgrade automatically if it connects to a Deployment Server of an earlier version. To downgrade any agent, install the older version of the agent manually. Allow encrypted sessions Allows encrypted sessions between the Deployment Agent and the Deployment Server. If the Deployment Agent data encryption is turned on, you must also turn on the Deployment Server option to pass encrypted data between the client computer and the server. Altiris Deployment Server Configuration Utility 266
Disk Imaging Option The Disk Imaging tab lets you specify the number of client computers for image multicasting and the maximum bandwidth to use during disk image multicasting. Note When multicasting a disk image using the PXE Server, the boot disk on the PXE Server cannot be configured with an Intel Universal NIC driver (also known as an UNDI driver). The multicasting feature is disabled for multicasting because of continued data corruption problems inherent with the Intel Universal NIC driver. This unreliability results in random files being corrupted in the image file, a problem that may appear immediately or go undetected until you access the files later. As a result, if the computers being imaged are booting to PXE boot files configured with an Intel universal driver, multicasting is disabled and all computers are imaged using direct connections. To set when multicasting is used 1. Open the Altiris Deployment Server Configuration Utility from the Control Panel of the Deployment Server computer. 2. Click Options and click the Disk Imaging tab. 3. Select one of the following, depending on when you want to use multicasting: If you do not want to use multicasting, select the Use disk image multicast threshold of n clients check box and set n to 0. If you want to use multicasting whenever there is more than one client computer, do NOT select the Use disk image multicast threshold of n clients check box. If you want to use multicasting only when there are more than a specific number of client computers, select the Use disk image multicast threshold of n clients check box and set n to the number of client computers. Item Description Use disk image multicast threshold of n clients Specifies the number of client computers that must be involved in a job before image multicasting is used. If the number of client computers is less than or equal to the number specified, multicasting is not used. Set this value to 0 to disable multicasting. If this option is not selected, multicasting is used whenever there are two or more client computers. When multicasting is not used, all client computers become master computers and read from the image server independently. You can use this option if your client computers can read an image file from the server faster than trying to coordinate master computers and client computers. Limit each disk image multicast to n Mbps Limits the bandwidth used in a multicasting session to a user-defined number of Mbps. This option prevents the multicasting operation from using all available bandwidth on a network, so other network traffic can take place at a reasonable rate. Altiris Deployment Server Configuration Utility 267
4. Click OK. To set the maximum bandwidth used during multicasting 1. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. 2. Click Options and click the Disk Imaging tab. 3. Select the Limit each disk image multicast to n Mbps check box and set n to the maximum bandwidth you want a multicasting operation to use. 4. Click OK. Authentication Option The Authentication tab lets you authenticate to an existing SQL Server database, to the NetWare Server as a file access point, and to the Deployment Server. To access and authenticate to a specified Microsoft SQL Server database 1. In the Database Authentication section, select the Use SQL Server account authentication check box. 2. Enter the user name for the specified database. 3. Enter the password. To access and authenticate to a Novell NetWare Server 1. In the NetWare Server Authentication section, enter the user name for the selected server. 2. Enter the password. To access and authenticate to the Deployment Server 1. In the DS Authentication section, click Add Key to add a security key for the server you want to connect to. 2. Click Delete Key to delete the security key for a Deployment Server. 3. Click Export Key to export and save the security key for your Deployment Server to a file. Connections Option The Connections tab lets you allow or reject connections from the Deployment Agents based on the IP subnet, IP address, and local interfaces. Define Subnets Select the Allow/reject agents based on their IP subnet check box and click Define Subnets. The TCP/IP Subnet Filters dialog appears. You can add, modify, or remove a Network Address and the corresponding Subnet Mask. You can also specify whether to allow or reject only these subnets to connect. Altiris Deployment Server Configuration Utility 268
Define IP Addresses Select the Allow/reject agents based on their IP address check box and click Define IP Addresses. The TCP/IP Connection Filters dialog appears. You can add, modify or remove a Start IP address and the corresponding End IP address. You can also specify whether to allow or reject only these IPs to connect. Define Interfaces Select the Allow/reject agents based on local interfaces check box and click Define Interfaces. The TCP/IP Interface Filters dialog appears. You can specify whether to allow or reject only these interfaces to connect. The default option is to reject only the selected interfaces. A list of network adapter cards is displayed. Select from the list of network adapter cards to allow or reject when connecting to the Deployment Server. Debug Option The Debug tab lets you set debug options for the Deployment Server and communication between managed computers. Engine Debug Logging. Select this check box to set the name and location of the logging report and the logging level for Deployment Server. The Engine Debug Log is a single report that captures debug information for Altiris support personnel. Log File Name: Set the path and name for the log text file. The default name is axengine.log in the Deployment Server shared directory. Max File Size: Set the size of the text file by entering the maximum file size allowed in KB. Logging Level: Specify the logging level. This number can be from 1 to 9, where 9 is the deepest logging level and 1 is the most cursory logging level. You can contact Altiris support for information on the required logging level. Log Agent Communication with Engine. Select this check box to set the directory path and name to log error messages between managed computers and the Deployment Server. Log Directory. Set the path of the folder to collect the client error messages. Each managed computer has its own log file in this directory named <the computer ID of the managed computer>.log. Max File Size. Set the size of each log file by entering the maximum file size allowed in KB. Deployment Solution 269
Introduction to Altiris Boot Disk Creator Altiris Boot Disk Creator (BDC) creates and configures the boot images used to start computers in the pre-boot automation environment. These images leverage WinPE, Linux, and DOS operating systems and include native Deployment Agents to run assigned tasks. The Deployment Solution automation tasks include the following: Run Script Create Disk Image Distribute Disk Image Scripted OS Install Backup Registry Restore Registry Before creating configurations, you must first install the pre-boot operating system files for the types of pre-boot configurations that you want to create. See Install Pre-boot Operating System Files on page 284. After you have installed the pre-boot operating systems see Create Boot Disk on page 279. Boot Configuration Creation Process The New Configuration Wizard is the main process of Boot Disk Creator. This is how you select the type of pre-boot environment configuration that you want to create, along with other settings, such as the type of network adapter, network server information, TCP/IP information, and so on. After the wizard completes, the Create Boot Disk Wizard automatically appears. This is the production process of Boot Disk Creator that lets you select the boot disk creation method to implement the configuration you created. You can create floppy boot disks to use for DOS configurations since Linux and WinPE system files are too large to fit on a floppy. Network and automation boot disks can create ISO images, which you can save to bootable CDs using your own third-party CD-burning software; or you can select a flash drive from the Bootable drive drop-down list. You can also create a Windows Installation package to run in a Windows production environment, which installs an embedded (recommended) or hidden automation partition on the client computers hard drive. See Automation Partitions, Network and Automation Boot Disks on page 279. If you create an Automation boot disk, the Automation Agent is added to the configuration so that when you boot client computers, they try to connect to the Deployment Server. If you select Network boot disk, client computers boot to the network server you specified in the New Configuration Wizard, displaying only a users prompt. See New Configuration Wizard on page 271. You can also access Boot Disk Creator from the PXE Configuration Utility, so that you can create boot menu options using the New Configuration Wizard. You can also create boot configurations directly from Boot Disk Creator and import the boot images into the PXE Configuration Utility. The PXE Configuration Import feature lets you import images Deployment Solution 270
created by Boot Disk Creator or any other third-party imaging software, but you cannot edit the boot images after importing them. See PXE Configuration Utility Help. To help you manage the configurations you create, Boot Disk Creator uses colors to inform you about the type of pre-boot configuration you are editing. The colors on the display change when you select a configuration from Configurations in the left pane of the utility. The colors indicate the following: Black: No configuration is selected or there are no configurations to select. Blue: DOS configuration. Green: Linux configuration. Red: WinPE configuration. See Edit Configuration on page 277. The Boot Disk Creator Utility is easy to use because each process guides you through the settings and options that you can select to create pre-boot environment configurations to help manage automation tasks used by the Deployment Server.
Toolbar Description The icons on the Boot Disk Creator toolbar help you navigate easily between the tasks that you want to perform. The options are: To start the Boot Disk Creator tool, open the Deployment Console and click this icon on the toolbar, or click Tools > Boot Disk Creator. Icons Description New Configuration Wizard: Creates new configurations that are used when booting client computers to automation or a network prompt. See New Configuration Wizard on page 271. Create an Automation Install Package: Creates an installation program that installs an embedded automation partition. See Create Automation Partition Install Package on page 280. Remove Automation Partition: Creates an installation program that can be assigned to a computer to remove an automation partition. See Remove Automation Partition on page 283. Create Automation Boot Disk: Creates automation boot disks to manually boot client computers to automation. See Create Automation Boot Disk on page 281. Create Network Boot Disk: Creates network boot disks to manually boot client computers to a specified network server. See Create Network Boot Disk on page 282. Deployment Solution 271
New Configuration Wizard You can create multiple configurations to support varying types of computer environments. Before you begin, you must install the pre-boot operating system files that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating System Files on page 284. Configuration Name This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or WinPE. The description field is optional, but helps you know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add. Field Definitions Name: The configuration name you enter appears in Configurations in the left pane after the wizard completes. Description: Enter a description for the configuration. (Example: Enter the type of computer, operating system, network adapter, and any other characteristics that help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the left pane, the description that you enter for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and WinPE operating systems. You can use these operating systems to create pre-boot environments. Select the pre-boot operating system and click Install Pre-boot Operating System Files to install the pre-boot operating system files. See Install Pre-boot Operating System Files on page 284. File Server Type (DOS) The Deployment Share stores image files, packages, and data files. By default, the Deployment Share is installed to the Deployment Server, but you can install it on another server, depending on whether you select Simple or Custom Deployment Solution installation. Field Definitions Microsoft Windows: Select this option to store images on a Microsoft server by using TCP/IP network communications (recommended). However, if you use IPX to communicate with a Microsoft server, select the IPX check box at the bottom of the page. Create multi-network adapter configuration: Select this option to add multiple network adapter drivers to a single PXE boot file configuration. This feature lets you build configuration files to boot multiple computers that contain different types of network adapter cards. See Multi-Network Adapter Configurations on page 272. To start the New Configuration Wizard, click this icon on the toolbar of the Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration. Deployment Solution 272
Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM client computers by using IPX network communications. Novell NetWare (Client32): Select this option to store images on a NetWare server with 32-bit client computers. Use IPX to communicate with Netware: Select this check box if IPX is the network protocol for the Novel NetWare (Client32) server. Multi-Network Adapter Configurations If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported drivers appears. You can select Multi-NIC drivers to be included in the configuration by pressing Shift+Click or Ctrl+Click. After a client computer boots using a multi-network adapter configuration, Boot Disk Creator applies the driver that matches the first network adapter card that it detects. Example: If you are going to use the multi-network adapter configuration for several different client computers, this option can save you time and effort in booting different computers. However, if a client computer has 2 NIC cards and you use the multi- network adapter configuration to boot the computer, the first NIC card is detected and can potentially be the wrong network adapter to use to connect to the Deployment Server. Advanced Features The network adapters you select must support DOS, Linux, or WinPE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk button lets you install network adapter drivers from a disk, CD, or network folder. The Internet button lets you connect to an Altiris-supported Web site to download and install network adapter drivers. The Advanced button lets you further define network adapters and their drivers. See Have Disk on page 273, Internet on page 273, and Advanced on page 273. Multiple Network Adapters Load Order This option is only for DOS and WinPE configurations. This lets you specify the order in which the physical network adapters are detected when the client computer boots. Example: If most client computers have a Broadcom Ethernet adapter, but some computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and Down to move the Broadcom Ethernet adapter to the top of the list. See Network Adapters on page 272. Network Adapters The drivers listed in the Network Adapters window vary depending on the type of configuration you create. You can install pre-boot operating system files for DOS, Linux, or WinPE. See Install Pre-boot Operating System Files on page 284. After installing the pre-boot operating system files for WinPE, the Windows NIC drivers that are available to create a WinPE configuration appear and are automatically added to the new configuration. If you select Auto-detect all network adapters, WinPE determines the network adapter driver to use. Deployment Solution 273
Note This option is available only for WinPE, and is selected by default. Select a driver from the network adapter drivers list. You must create a new configuration for each type of network adapter that is installed on the client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations on page 272. If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations), click Advanced. See Advanced on page 273. If the network adapter you want does not appear in the list, click Have Disk, Internet, or Advanced (if they are available for the type of configuration you are creating) to add additional drivers. See Have Disk on page 273, Internet on page 273, and Advanced on page 273. Field Definition Auto-detect all network adapters: Select this for WinPE to auto-detect the type of adapter in a client computer when the boot image runs. Have Disk You can add network adapter drivers by using any disk media or by navigating to a folder. You can download network adapters from the manufacturers Web site and save to a folder or a disk to install later. New network adapters come with a floppy disk or CD to install the appropriate drivers. Internet Altiris supports many manufacturer network adapters as well as a Web site for you to download the latest NIC drivers. From the Network Adapters page, click Internet to launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want and unzip the files to a folder on the hard drive. Click Add Driver and the driver you download is added to the Network Adapters list. Advanced This option lets you add or change settings for network adapter cards so that they work correctly when using DOS configurations. Note This option is available only when you create a DOS configuration. Click Advanced on the Network Adapters page. Refer to the following properties and values: Microsoft clients EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. Deployment Solution 274
IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file. Novell VLM clients Emm386 memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (config.sys): Add parameters to the NIC section of the net.cfg file. Novell Client 32 Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file. TCP/IP Protocol Settings This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default protocol when client computers boot to automation on a Windows network. If you use the IPX protocol, Deployment Server uses its own IP stack to work on IPX networks. Field Definitions Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an IP address from a DHCP server. Use a static IP address: Select this option if you want to assign a specific IP address to a client computer that is using this configuration. Enter an IP address, Subnet mask, and Default gateway. You can also enter a Primary WINS server address and a Secondary WINS server address if you need to resolve IP addresses and naming conventions. You must create a configuration for each client computer so that the IP address is not the same for all computers. Altiris Deployment Server Communication This option lets you set communication properties for the Deployment Server. The Deployment Server IP address and Port fields are critical because they define the way client computers establish communications with the Deployment Server. Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk configuration is set to 502. These settings prevent client computers from communicating with the Deployment Server because the port numbers do not match. To establish communications between client computers and the Deployment Server, change the Port field in the Boot Disk configuration to 402. Note The settings on this page are used only if you create an automation boot image where the Automation Agent needs to know how to find the Deployment Server. If you want to create a network boot disk, you can ignore this page by clicking Next because none of the properties are used to create a network boot image. Deployment Solution 275
To set the TCP port on the Deployment Server 1. From the Deployment Server, click Start > Control Panel > Altiris Deployment Server > Options > Transport tab. You can also click Start > All Programs > Altiris > Deployment Solution > Configuration > Options > Transport tab. This opens the Altiris Deployment Server transport settings page. 2. Enter the TCP Port number. 3. Click OK. The following options are available on the Altiris Deployment Server Communication page: Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet is broadcast across the network to find where the Deployment Server is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server. Port: This option defines which port client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet is broadcast to the server you specify. If you leave this field blank, the client computer connects to the first server that responds to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation, call the manufacturer, or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required. Port: This option defines the port that the client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Automation Agent Location Remote: Select this option to run the most recent automation agent located on the remote server share. Local: Select this option to run the automation agent that currently exists in the local pre-boot environment. Lock Keyboard: Select this option for additional security. This prevents someone on the remote computer from ending the automation session and possibly accessing your network. Deployment Solution 276
Network Connection This option lets you define the way the client computers connect to the Deployment Share or a file server that stores image files. Windows Workgroup: Enter the workgroup for the Deployment Share or file server. NetWare Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different from the default value of 802.2. User name: Enter the authorized user name that you set up while creating the Deployment Share directory. If you did not assign a user name and password while creating the Deployment Share or file server, leave this and the password fields blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name to confirm that you entered the password correctly in the Password field. Network Drive Mappings and Mount Points This option lets you set up drive mappings (for DOS and WinPE) or mount points (for Linux) so that when client computers boot to automation or a network prompt, they connect to the appropriate server. You can create multiple drive mappings or mount points. However, if you are creating a DOS configuration, the first mapped drive you specify must connect to the Deployment Share. Field Definitions Manually create drive mappings: Select this option if you want to include the drive mappings in the autoexec.bat file when client computers boot to automation. Drive: By default, the mapped drive that appears is F: \\<Deployment Share server>\eXpress. Select a different drive letter from the drop-down list if F: is already in use. Path: Enter the path for the Deployment Share. The path you enter maps to the drive letter you selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are unsure of the directory path or if the image files are stored on a file server. Example: Windows users: \\server\share NetWare users: server\volume:directory Linux users: //server/mount point Create an entry in the LMHOSTS file for the Deployment server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where the image files are stored. Deployment Solution 277
Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings. WinPE Boot Option Settings Select the boot model and optional components to include with this configuration. Typically, you can use the default boot model unless you are experiencing driver detection problems. If you plan on executing VB scripts, running HTML applications, or connecting to an SQL Server database using ActiveX, select the necessary components. Optional Components This wizard page is available only when you select WinPE. By default, the optional components to be included with this configuration are selected. Enable WinPE Firewall: By default, this check box is not selected. Selecting this option enables the WinPE Firewall, which interferes with multicast imaging. Configuration Summary This page lets you review all the options you selected throughout the New Configuration Wizard. If you want to modify a setting, click Back to re-select the option. When you click Finish, the Create Boot Disk wizard appears for the next process to begin. See Automation Partitions, Network and Automation Boot Disks on page 279 and Edit Configuration on page 277. If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configuration on page 277. Edit Configuration This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that are already created. When you select a file or folder from the left pane, the corresponding configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Black: You have not selected or created any configurations. Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux pre- boot environment. Red: The configuration you selected or created is based on the WinPE pre-boot environment. To change configuration settings, right-click a configuration folder and select Edit Configuration, and click Back until you find the page for the options you want to change. You can also make text edits to files (selected from the left pane) in the right pane. Deployment Solution 278
You can edit all other files within a configuration as needed. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat See New Configuration Wizard on page 271 and Install Pre-boot Operating System Files on page 284. Additional Files Boot Disk Creator lets you add additional files to folders that apply either to a specific configuration or to all configurations of the same type of pre-boot operating system. However, any files you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder has the same name as a file in a specific configuration folder, it is overwritten. Example: If a file named 5684_Drivers resides in the DOS additional files folder, and a file with the same name, 5684_Drivers, exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected. Add files to all configuration When you install a pre-boot operating system, a new folder is added to the bottom of the left pane on the main page of Boot Disk Creator. If you install pre-boot operating system files and the <OS> additional files folders do not appear, press F5 to refresh Boot Disk Creator. The following folders appear: DOS additional files Linux additional files WinPE additional files Boot Disk Creator copies the files from the <OS> additional files folders to all corresponding operating system configurations and adds these files to the boot images. These folders are considered global, since they can affect configurations of the same type. Example: You can use the Windows Copy and Paste command to add tracert.exe to the WinPE additional files folder. Each WinPE configuration you create adds the files in the WinPE additional files folder to the boot image. Add files to a specific configuration If you want to add files to a specific configuration only and do not want to use the global feature of the <OS> additional files folders, do the following: 1. Right-click a configuration in the left pane and select New > Folder. A new subfolder is created in the left pane. 2. Enter a name for the folder so that you know these are added files. 3. To add files to the <OS> additional files folder, do one of the following methods: Deployment Solution 279
Copy files from a network folder and paste them into the configuration folder. Right-click a configuration and select Add File. A browser dialog appears to navigate to the file you want to add. Right-click a configuration and select File > Text file. A new empty text file is added to the left pane. Enter a name for the file and write text as needed in the left pane. Create PXE Boot Image Files (PXE) This option is used for Boot Disk Creator configurations created from within the PXE Configuration Utility. PXE Servers download boot image files to client computers; therefore, after you select all the properties for a New Configuration, Boot Disk Creator must know the type of image file to create. Field Definitions Automation PXE image: The automation agent for the type of pre-boot operating system configuration you create is added to the settings you select throughout the New Configuration Wizard. Network PXE image: The configuration you create does not contain an automation agent. When client computers boot with this image file, they are mapped to a network server and are at a users prompt. Creating PXE image: This is a progress page to display the automation boot disk creation process. The process does the following: Copying files to production area, Inserting files into the file system, Creating PXE files, and so on. PXE Boot Image Creation Complete This page informs you that the PXE boot image file creation is complete. When you click Finish, the New Shared Menu Option page appears, displaying the location of the PXE boot image files on the PXE Server. Automation Partitions, Network and Automation Boot Disks After you create a New Configuration, the Create Boot Disk dialog appears. This process lets you select and create the method of booting a client computer to the automation environment. If you install an automation partition on a client computers hard disk, deployment jobs can run automatically. However, you can create bootable media to manually boot client computers to automation, and run deployment jobs as needed. See Create Boot Disk on page 279 and New Configuration Wizard on page 271. Create Boot Disk This dialog lets you create 3 different types of bootable media: an automation partition install package, automation boot disks, or network boot disks. Each type of bootable media guides you through a wizard to gather specific information required for the type of media you want to create. The number of steps that appear at the top of the Create Boot Disk dialog vary depending on: Deployment Solution 280
Where you open the Create Boot Disk dialog from The type of media you selected to create The pre-boot environment you specified in the configuration you created However, based on your selections, Boot Disk Creator shows the appropriate dialog pages when creating bootable media. Example: If you right-click a configuration in the left pane and select Install automation partition, the number of dialog pages differ from the number when you select Create an automation partition install package from this page. Both options give the same result even though the dialog steps are different. Close this dialog and return to the editor: Select this option to close the Create Boot Disk dialog without creating an automation boot disk, installer package, or network boot disk. You can select any of these options from the Boot Disk Creator toolbar or from the File menu. Create an automation partition install package: Select this option to create an automation install package that installs an embedded automation partition to any client computer on the network. See Create Automation Partition Install Package on page 280. Create an automation boot disk: Select this option to create automation boot disks so you can manually boot a client computer to automation. See Create Automation Boot Disk on page 281. Create a network boot disk: Select this option to create network boot disks so you can manually boot a client computer to a network server. See Create Network Boot Disk on page 282. Create Automation Partition Install Package This feature lets you create an automation installation setup package that installs an embedded automation partition on a client computer when it runs. The installer package runs in a production environment even though the New Configuration is based on the different pre-boot operating system. Example: You can create a DOS configuration, but select to install the automation partition using an installation setup package that runs in a Windows production environment. Field Definitions DOS bootable disk: Select this option to install the automation partition using a DOS bootable disk. Linux bootable disk: Select this option to install the automation partition using a Linux bootable disk. Windows setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows CE .NET production environment. Installer processor type: Select x64 to specify a 64-bit processor or x86 to specify a 32-bit processor. Client computer processing type: Select x64 or x86 from the drop-down list. Deployment Solution 281
Create an embedded ___ automation partition (recommended): Select this option to install an embedded DOS, Linux, or WinPE partition to a client computers hard disk. Create a hidden ___ automation partition (for partitions greater than 50 MB): Select this option to install a hidden DOS, Linux, or WinPE automation partition. Partition size in MB: The default partition size value changes depending on the type of operating system you selected. Example: If you are creating an automation partition for a WinPE configuration, the partition size is 150-200 MB. However, the range of the partition size for a DOS configuration is only 5-50 MB, and 34-44 MB for Linux. Installer package file path: By default, installation packages are stored in the Deployment Share bwpkgs folder. The name of the configuration you selected before starting the Create Boot Disk process is the name of the setup package, unless you define it otherwise. Click Browse to navigate to the folder where you want to store the setup package. Run silent install: Select this option to install the automation partition without user input. Install the Altiris Deployment Agent for Windows (Aclient): Select this option to install the Deployment Agent on client computers in the production environment after the automation partition is installed. Advanced: If you selected to install the Deployment Agent (above), click this button to set limited properties for the Deployment Agent. See Deployment Solution Help for more information. Creating automation partition installer: This is a progress page to display the automation installation package process. The process does the following: Copying files to production area, Creating the FRM files, Preparing install environment, Inserting into the installer package, and so on. The setup package is located at: After the automation partition installation package is created, the Boot Disk Creation Complete page appears and confirms the location of the installer package. Create Automation Boot Disk This feature lets you create automation boot disks to manually boot a client computer to the automation environment, so that deployment jobs can run. Automation boot disks give you greater flexibility because you can physically go to any client computer on the network and boot to automation, so long as the client computer can connect to the Deployment Server. Field Definitions Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO CD Image File Path: Enter the path or browse to the folder where ISO images are stored. You must use third-party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to automation or manually install an automation partition. Click the drop-down arrow to select bootable media from the list. All the listed drives display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to rescan the physical drives that are attached to the server. A list of available drives is updated in the drop-down list. Deployment Solution 282
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop- down list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as fixed instead of removable. Select this option to view all drives attached to the server. Format disk (recommended): By default, this option is selected. Client computer processor type: Select the processor type from the drop-down list. Creating automation boot disk: This is a progress page to display the automation boot disk creation process. The process does the following: Copying files to production area, Inserting files into the file system, Creating the ISO CD image file, and so on. The CD image is located at: After the CD image is created, the Boot Disk Creation Complete page appears and confirms the location of the CD image. Create Network Boot Disk This feature lets you create a network boot disk that you can use at any client computer on the network. The properties, which you defined when creating the New Configuration, map a drive to a specified server when a client computer uses a network boot disk. You have access to the network servers system to execute and manipulate files manually. Field Definitions Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO CD image file path: Enter the path to the folder that stores ISO images. You must use third-party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to a network server. Select bootable media from the drop- down list. All the listed drives display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to rescan the physical drives that are attached to the server. The list of available drives is updated in the drop-down list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop- down list, but cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as fixed instead of removable. Select this option to view all drives attached to the server. Format disk (recommended): By default, this option is selected. Client computer processor type: Select the processor type from the drop-down list. Creating network boot disk: This is a progress page to display the network boot disk creation process. The process does the following: Copying files to production area, Inserting files into the file system, Creating the ISO CD image file, and so on. The CD image is located at: After the CD image is created, the Boot Disk Creation Complete page appears and confirms the location of the CD image. Deployment Solution 283
Remove Automation Partition This feature lets you remove an automation partition from a client computers hard disk. You can create bootable CDs, flash drives, and floppy disks to use manually at the client computers, or you can create a Windows uninstall package that can be distributed to a client computer through a deployment job. You can also create a network boot disk, connect to a specific server where the Windows uninstall package is stored, and run the executable from the client computer. Field Definitions DOS bootable disk: Select this option to remove an automation partition using a bootable DOS disk. Linux bootable disk: Select this option to remove an automation partition using a bootable Linux disk. Windows setup package: Select this option to remove an automation partition using a self-extracting setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to remove an automation partition using a self-extracting setup package that runs in a Windows CE .NET production environment. Uninstaller processor type: From this drop-down list, select the processor type. Bootable ISO CD Image: Select this option to create an ISO CD boot image that removes the automation partition. ISO CD image file path: Enter the path to the folder where ISO images are stored. You must use third-party software to burn the ISO image to a CD. Uninstaller package file path: Enter the path or browse to the folder where the uninstaller package file is stored. Run silent uninstall: Select this option to run the installer without user input. Bootable disk: Select this option to create a boot disk that removes an automation partition from a client computer. Select the bootable media from the drop-down list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to rescan the physical drives that are attached to the server. The list of available drives is updated in the drop-down list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop- down list, but cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as fixed instead of removable. Select this option to view all drives attached to the server. Format disk (recommended): By default, this option is selected. Creating automation uninstaller: This is a progress page to display the automation uninstaller creation process. The process does the following: Preparing uninstall environment, Creating the ISO CD image file, and so on. The CD image is located at: After the CD image is created, the Boot Disk Creation Complete page appears and confirms the location of the CD image. Deployment Solution 284
Missing Files for Processor Types For the most part, Boot Disk Creator configurations are independent of architecture. However, if you manually add executables to a configuration that supports multiple processor types, you must provide a version of the file for each architecture you include. Example: If you have selected x86 and x64 versions of the Linux pre-boot environment for a configuration, and you add an executable, Boot Disk Creator checks the file header to see which architectures the executable supports. If all the architectures you have installed are not supported by the file you add, this screen appears, prompting you to add additional files or ignore the warning. Install Pre-boot Operating System Files In Boot Disk Creator, you must install the pre-boot operating system files for at least one pre-boot environment before you can create new configurations. Boot Disk Creator uses these files when creating configurations and boot images. You can install all supported pre-boot operating system files at the same time, or you can select to install only the pre-boot environments that you want to use. You can install FreeDOS and MS- DOS, but you must select the DOS version that you want to run since you cannot run both versions at the same time. Example: You can install the DOS and WinPE pre-boot operating system files to start creating configurations to support your infrastructure, which currently does not require Linux boot images. After working with Deployment Server and Boot Disk Creator, if you decide you want to create Linux configurations and Linux boot images; you can open the Install Pre-boot Operating System Files dialog at any time to install the Linux system files, or of the other pre-boot operating system files. When you install the pre-boot operating system files for DOS, Linux, or WinPE, a check mark next to the operating system name indicates that the files are successfully installed. The operating system version number appears (except for MS-DOS), and the status changes to Installed. See DOS on page 285, Linux on page 285, or WinPE on page 286. If you acquire a newer version of DOS, Linux or WinPE, browse and specify the location of the pre-boot files and click Next to install the new files. However, any existing operating system files are deleted before the newer files are installed. Example: If you installed WinPE, and Altiris supports a newer version that becomes available, browse and specify the location of the pre-boot files and click Next to install the new files. All existing WinPE files are deleted from the hard disk before the new files are installed. If you experience any problems with the new version of WinPE, you must install the older version to restore Boot Disk Creator functionality for WinPE. To install pre-boot operating system files On the Install Pre-boot Operating System Files dialog, select the pre-boot operating system that you want to install and click Next. Boot Disk Creator searches for the files. If Boot Disk Creator cannot locate the files, it displays a list of required and optional files for the selected operating system. Deployment Solution 285
DOS You can install FreeDos, MS-DOS, or both. See FreeDOS on page 285 and MS-DOS on page 285. However, you can only run one version of DOS at a time. See Set Default Pre- boot Operating System on page 286. FreeDOS Deployment Solution provides FreeDOS in a file named BDCgpl.frm. This file is currently provided on the Deployment Solution download page. See the release notes for specific instructions on obtaining and installing the Linux preboot operating system. MS-DOS Use an original Microsoft Windows 98 installation CD and copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly. Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator only installs DOS files from the A drive. If you select B- Floppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. Folder: Select to copy the required files to a folder that can be accessed from within Boot Disk Creator. Boot Disk Creator requires the following MS-DOS files. Note The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP. Linux Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. This file is currently provided on the Deployment Solution download page. See the release notes for specific instructions on obtaining and installing the Linux preboot operating system. Required Optional HIMEM.SYS EDIT.COM EMM386.EXE MEM.EXE SMARTDRV.EXE ATTRIB.EXE SYS.COM MODE.COM XCOPY32.MOD FORMAT.COM FDISK.EXE Deployment Solution 286
WinPE Altiris supports WinPE as a pre-boot environment for Boot Disk Creator. See the release notes for the current list of supported WinPE versions and for specific installation instructions. Set Default Pre-boot Operating System While creating an automation partition, from the Tools menu on the Boot Disk Creator interface, you must select the pre-boot operating system that you want to set as the default, such as FreeDOS or MS-DOS. Deployment Solution 287
PXE Configuration Utility Altiris PXE Configuration Utility integrates with Altiris Deployment Solution and lets you manage all PXE Servers across the network. PXE Configuration has been completely rewritten to give you more capability in working with Deployment Server, which provides administrators greater flexibility when performing the following tasks: Creating boot menu options Installing BIS Certificates Creating boot disks and network PXE images Assigning pre-boot environments to tasks within deployment jobs Setting properties to customize specific PXE Server Setting the boot menu option order for client computers PXE Server has also been added to Role Based Security to ensure that only the authorized users can make changes to boot menu options. If you select Deployment Solution Simple Install and Install PXE Server, both are installed on the same server. If you select Custom Install and Install PXE Server, you can choose to install Deployment Solution and PXE Server on separate servers. By default, PXE Manager always installs on the Deployment Server. See the Deployment Solution Product Guide. PXE Manager PXE Manager is a service that synchronizes Deployment Server and all PXE Servers that are installed and configured across the network. It keeps track of all PXE Server boot menu options and checks if they are Shared or Local. PXE Manager also gathers data from all PXE Servers and stores the information in the PXE Manager.ini file. Whether you are in Use Shared properties or select a server to Customize PXE Server (Shared Configuration), the changes you make to the properties settings are saved to the PXE Manager.ini file when you click Save. Then, when you close the PXE Configuration Utility, PXE Manager creates and distributes the appropriate PXE.ini file for each PXE Server on the network. See PXE Manager on page 308. Shared or Local boot menu options When you start the PXE Configuration Utility, you can select which properties you want to set. The Use Shared properties option lets you create Shared boot menu options that can be used by all PXE Servers on the network. When you select a specific PXE Server from the File menu, you can select the Customize PXE Server: Shared Configuration option that lets you change any of the shared properties for that specific server. By default, PXE Configuration Utility always starts in the Use Shared properties mode. See Boot Menu Tab on page 289. The boot menu options you create appear as a menu list on client computers when you perform a PXE boot operation. You can also change the order of the boot menu options and select the default menu option. Previous users of PXE Server will notice that Initial Deployment and ManagedPC are no longer boot menu options. You can still perform an Initial Deployment, but now you can select DOS, Linux, or Microsoft Windows Preinstallation Environment (WinPE) as the pre-boot automation environment. By Deployment Solution 288
default, the pre-boot operating system selected during installation is set for Initial Deployment. See DS Tab on page 305. Boot Disk Creator and PXE Configuration Boot Disk Creator is now integrated with the PXE Configuration Utility so that you can keep track of the boot menu options you create, edit, and delete. When you select a boot menu option to edit or delete using the Boot Disk Creator method, the Summary page displays the MenuOption<number>, so you always know the boot menu option you are working with. See Boot Menu Tab on page 289 and Edit Shared Menu Option on page 292. PXE Server provides three different methods for creating boot menu options: New Configuration Wizard from Boot Disk Creator Importing Direct from floppy User supplied, which is for more advanced users. A boot image is stored on the PXE Server for each boot menu option that you create. A boot image consists of a file or set of files. When client computers perform a PXE boot, a menu list appears for you to select a boot menu option. The PXE Server downloads the boot image for the boot menu option you select. See New Shared Menu Option on page 291. Automation Tasks Only Shared boot menu options can be assigned to a task in a deployment job. The tasks that can run in automation are: Run script Create Disk Image Distribute Disk Image Scripted OS Install Backup Registry Restore Registry. When a client computer performs a PXE boot, the Deployment Agent verifies if there is work to complete. If so, the client computer boots to automation and performs the deployment jobs that are assigned. Otherwise, by default, the Local Boot menu option is selected. Example: If a deployment job contains the Create Disk Image task, and the Automation - PXE or Bootworks environment (DOS/WinPE/Linux) field is assigned to DOS - Broadcom, when the client computer executes the task, it uses DOS - Broadband as the automation environment. Additional tasks within the same job can be assigned a different boot menu option, yet each task runs in the automation environment you want. See the Deployment Solution Product Guide. See also: Boot Menu Tab on page 289, PXE Server Tab on page 304, DS Tab on page 305, MAC Filter Tab on page 306, Multicast Tab on page 307, Data Logs Tab on page 309, and Remote PXE Installation on page 310. To open PXE Configuration Option 1: Deployment Solution 289
From the Deployment Console, click the PXE Configuration icon on the toolbar. You can also select Tools > PXE Configuration. Option 2: 1. Select Start > All Programs > Altiris > PXE Services > PXE Configuration Utility. 2. Click each tab to change the category in the PXE Server properties. Boot Menu Tab This tab lets you create, edit, and delete the boot menu options, change the boot menu order, define the prompt for users, append the server name to the prompt, and set the users time-out response. The PXE boot menu options can be local or shared, depending on whether you select Use Shared properties or Customize PXE Server: Shared Configuration. When you manage all PXE Servers (Shared) across the network, Boot Menu Options for PXE Server: Shared Configuration appears at the top of the page, above the list of configurations. When you select a specific server (Local) from the File menu, Boot Menu Option for PXE Server: Name of Server appears. This helps you identify the mode you are working in. By default, PXE Configuration Utility opens to the last saved action, which could be either Shared Configuration or Custom PXE Server mode. The boot menu options listed are for all PXE Servers, so the Scope is always Shared. The operating system field indicates the type of pre-boot operating system files used to create the boot menu option. If you select a PXE Server from the File menu, a window displays the boot menu option for the selected PXE Server. The Scope field displays Shared, and any new boot menu option you create displays Local. The operating system field is the same as in the Shared mode. If an existing Deployment Solution job uses a boot menu item, Yes appears in the In use by DS field. The following colors are used to denote the automation operating system that is used by each configuration: Blue: DOS configuration Green: Linux configuration Red: WinPE configuration Note When an item is in use by the Deployment Server, you cannot delete the item from the PXE Configuration Utility. To delete an item, you must disable the boot menu item from the Deployment Solution job, and restart the PXE Configuration Utility. You can delete the boot menu item when Yes does not appear in the In use by DS field. To identify the boot menu items used in the jobs 1. Click a task in the job. Example: Click Create Disk Image. The Create Disk Image dialog opens. 2. From the drop-down list, select the automation pre-boot environment such as DOS, WinPE, or Linux. If a PXE boot menu item is used by the job, it appears in the drop-down list. Deployment Solution 290
You can perform these steps to check if the other boot menu items are used by the other jobs. View Section When you are in the Shared Configuration mode, only the configurations you create for all PXE Servers appear in the view section. When you are in Customize PXE Server <server name> mode, both Shared and Local configurations appear. You cannot create two configurations with the same name in the view section, regardless of the mode. Example: If you are in Customize PXE Server <server name> mode, you can view both Shared and Local configurations. You can create a Local configuration named DOS Clients because there are no other configurations with the same name. Now, change to Shared Configuration mode and create a configuration named DOS Clients because the Local configuration of the same name does not appear in the view section. When you change back to Customize PXE Server <server name> mode, both DOS Clients configurations appear in the view section. When client computers perform a PXE boot, both configurations appear and users will not know which boot menu option to select. Boot Menu Options for PXE Server: <Shared Configuration> Name: This is the name of the PXE item that appears on client computers after a PXE boot operation is performed. Scope: Shared indicates that the configuration is available on multiple PXE Servers in an environment where they are all serviced by a single Deployment Server. Local indicates that the configuration was created for a specific PXE Server. OS: The operating system that the configuration uses to boot on client computers. Up and Down: Click these buttons to change the order of the boot options. The top boot option is the default option that runs automatically if no other option is selected from the PXE Server menu. New: Click this option to open a dialog to add a new boot menu option. See New Shared Menu Option on page 291. Edit: Click this option to modify the properties of the boot menu options. See Edit Shared Menu Option on page 292. Delete: Click this option to delete the selected boot menu option from the list. You cannot delete boot menu options if they are assigned to a task within a deployment job. In the Deployment Console, open the appropriate deployment job, and delete the task or change the Automation - PXE or Bootworks environment (DOS/WinPE/Linux) field before you delete the boot menu option. Boot Menu Properties Use Shared properties: You can select this option to change the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting the properties for the Shared Configuration. Customize PXE Server: Shared Configuration: This option is available when you select a specific server from the File menu. You can also customize the properties for the PXE Server you selected. Prompt: This is the user prompt for the PXE boot menu list when it appears on client computers. You can only change the text message, but not the <F8> command as it is still required to perform a PXE boot option. Deployment Solution 291
Append server name: Select this option to have the PXE Server name listed following the prompt on client computers when the boot menu list appears. This helps users know which PXE Server is servicing their client computer. Timeout: This is the length of time the prompt appears before the boot process starts. If you do not press the <F8> key within the timeout period, the default boot option runs. Save: Click this option to save all the changes you made to the PXE Manager.ini file. When you close the PXE Configuration Utility, PXE Manager creates and sends PXE.ini files to each PXE Server on the network. You can view the status of these updates on the Status tab. New Shared Menu Option The PXE Configuration Utility lets you create up to 23 boot menu options that can be selected from client computers. When a PXE-enabled client computer sends a request to a PXE Server, the PXE Server downloads a boot menu list for you to select a boot option. This dialog also integrates with Boot Disk Creator as it lets you create new automation configurations from within the PXE Configuration Utility. However, all the configurations you create from this dialog are meant for the PXE Servers and the client computers that use PXE as their primary boot option. Menu Item Properties Name: This is the name of the PXE configuration that appears as a boot item when the PXE menu downloads to client computers after a PXE boot operation is performed. Allow as default PXE boot option: Select this option to move the configuration you are creating to the top of the boot menu, so that it becomes the default boot option on client computers. If you do not select this option, the Up button is active, so you can move the configuration up the menu list. However, the Up button becomes inactive if you try to move the configuration to the default boot position. Pre-boot Image Properties Operating System and Processor Options: Select the operating system and processor type for the configuration you are creating and select the method you want to use to create the configuration. If an operating system has an asterisk next to it, the pre-boot operating system files must be installed before Boot Disk Creator starts the New Configuration Wizard. See Install Pre-boot Operating System Files on page 8. Add pre-boot: Click this button if you want to add pre-boot operating system files. Image Creation Method Boot Disk Creator: This option lets you start the New Configuration Wizard from Boot Disk Creator. Any configurations you create or edit using this method are only for PXE boot menu items. See New Configuration Wizard on page 295. Direct from floppy: Select this option if you want the PXE Server to read a configuration file from a floppy disk. See Import Boot Menu Options on page 292. User supplied: This option is for advanced users. If you select this option, you must select Other in the Operating System section. The Final Location on PXE Server field shows the path where the new configuration is stored. The folder MenuOption<Number> is created as a subfolder of MasterImages, but configuration Deployment Solution 292
files are stored there only after advanced users manually add the configuration files. See Import Boot Menu Options on page 292. Create Boot Image: You must enter a descriptive name for the PXE configuration in the Name field before this option is enabled. The New Configuration Wizard from Boot Disk Creator starts unless you have not installed the pre-boot operating system files for the type of configuration you want to create. If you need to install the pre-boot operating system files, the Install Pre-boot Operating System Files dialog appears before the New Configuration Wizard starts. See Install Pre-boot Operating System Files on page 293 and New Configuration Wizard on page 295. Import Boot Image: This option lets you import boot menu options that were created using third-party imaging software or previous versions of Altiris PXE Server. See Import Boot Menu Options on page 292. Manual Boot Image: See Import Boot Menu Options on page 292. Final Location on PXE Server: This field helps you to identify the PXE item you are configuring. PXE configurations are stored in the default directory, which is C:\Program Files\Altiris\eXpress\Deployment Server\PXE\Images\MenuOption<number>. The MenuOption number increments each time you create a new configuration. Edit Shared Menu Option In the Shared Configuration mode, only the Shared configuration appears in the view section on the Boot Menu tab. The Edit option is enabled when you select any of the Shared boot menu options. However, if you are in Customize PXE Server: <server name> mode, the Edit option is enabled when you select any Local boot menu options. To edit Shared or Local boot menu options 1. Select a boot menu option from the view section on the Boot Menu page, and click Edit. 2. If you selected Boot Disk Creator as the Image Creation Method, click Edit Boot Image. The Edit Configuration page in the New Configuration Wizard only displays the MenuOption<number> you selected from the Boot Menu page. 3. To make changes, right-click the MenuOption<number> and select Edit Configuration, or click Edit on the Edit Configuration page until you find the options you want to change. See also: Edit Configurations on page 302 and Boot Menu Tab on page 289. Import Boot Menu Options This option lets you import boot menu options that were created using third-party imaging software or previous versions of PXE Server. Option 1: 1. From the New Shared Menu Option dialog, select Direct from floppy and click Import Boot Image. The PXE Config Floppy Import Wizard appears. Note You must enter a name in the Name field to enable the Import Boot Image button. Deployment Solution 293
2. Insert a floppy disk. The path and name of the new MenuOption<number> appears. 3. Click Next. A progress bar displays the PXE boot file image being read as it is imported. 4. Click Finish. Option 2: 1. From the New Shared Menu Option dialog, select User Supplied. Click Manual Boot Image. The PXE Boot Files dialog appears. 2. Copy the PXE files you want in the MenuOption<number> folder. Click Browse to select the folder containing the boot files that you want to copy. 3. Click OK. Regenerate Boot Images This lets you regenerate all the PXE configurations that are using the selected operating system. If you make updates to the core automation operating system, such as installing a new version of Linux, this lets you apply those updates without re-creating the affected configurations. Install Pre-boot Operating System Files In Boot Disk Creator, you must install the pre-boot operating system files for at least one pre-boot environment before you create new configurations. Boot Disk Creator uses these files when creating configurations and boot images. You can install all supported pre-boot operating system files at the same time, or you can install only those pre-boot environments that you want to use. You can install FreeDOS and MS-DOS, but you must select which DOS version you want to run since you cannot run both versions at the same time. Example: You can install the DOS and WinPE pre-boot operating system files to start creating configurations to support your infrastructure, which currently does not need Linux boot images. After working with Deployment Server and Boot Disk Creator, you decide you want to create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating System Files dialog at any time to install the Linux system files or the other pre-boot operating system files. When you install the pre-boot operating system files for DOS, Linux, or WinPE, a checkmark next to the operating system name indicates that the files are successfully installed. See DOS on page 294, Linux on page 295, and WinPE on page 295. The operating system version number appears (except for MS-DOS) and the status changes to Installed. If you acquire a newer version of DOS, Linux, or WinPE, browse and specify the location of the pre-boot files and click Next to install the new files. However, all existing operating system files are deleted before the newer files are installed. Example: If you have installed WinPE, and Altiris supports a newer version that is available, browse and specify the location of the pre-boot files and click Next to install the new files. All existing WinPE files are deleted from the hard disk before the new files are installed. If you experience any problems with the new version of WinPE, you must install the older version to restore Boot Disk Creator functionality for WinPE. Deployment Solution 294
To install pre-boot operating system files Select the pre-boot operating system that you want to install and click Next. DOS You can install FreeDOS and MS-DOS or both. See FreeDOS on page 294 and MS-DOS on page 294. However, you can only run one version of DOS at a time. See Set Default Pre-boot Operating System on page 295. FreeDOS Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of FreeDOS become available, an updated .FRM file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the Regenerate Boot Images option on the Boot Menu tab to apply the new version to your existing configurations. Note: FreeDOS may not support newer motherboard chip-sets. MS-DOS Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or to a CD. Use Microsoft Windows 98 installation CD: Select this option to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot Disk Creator only installs DOS files from the A drive. If you select B- Floppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. When you install a new version, use the Regenerate Boot Images option on the Boot Menu tab to apply the new version to your existing configurations. Folder: Select this option to copy the required files to a folder that can be accessed from the Boot Disk Creator. Boot Disk Creator requires the following MS-DOS files. Required Optional HIMEM.SYS EDIT.COM EMM386.EXE MEM.EXE SMARTDRV.EXE ATTRIB.EXE SYS.COM MODE.COM XCOPY32.MOD FORMAT.COM FDISK.EXE Deployment Solution 295
Note The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP. Linux Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of Linux become available, an updated .FRM file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the Regenerate Boot Images option on the Boot Menu tab to apply the new version to your existing configurations. WinPE Altiris supports WinPE as a pre-boot environment for Boot Disk Creator. When you install WinPE, you must use one of the following: Altiris WinPE installer Microsoft WAIK DVD Import installed WAIK When you install a new version, use the Regenerate Boot Images option on the Boot Menu tab to apply the new version to your existing configurations. Set Default Pre-boot Operating System While creating an automation partition, from the Tools menu on the Boot Disk Creator interface, you must select the pre-boot operating system that you want to set as the default, such as FreeDOS or MS-DOS. New Configuration Wizard You can create as many configurations as needed to support different types of computer environments. Before you begin, you must install the pre-boot operating system files that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating System Files on page 293. Configuration Name This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or WinPE. You must enter a name for the configuration to enable the Pre-boot Operating System for this Configuration fields. The description field is optional but To start the New Configuration Wizard, click this icon on the toolbar of the Boot Disk Creator tool and click Ctrl+N or click File > New Configuration. Deployment Solution 296
helps you to know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add. Field Definitions Name: The configuration name you enter appears in the Configurations pane after the wizard is completed. Description: Enter a description for the configuration. (Example: Enter the type of computer, operating system, network adapter, and any other characteristics that can help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the left pane, the description you entered for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and WinPE operating systems to create pre-boot environments. Select the pre-boot operating system and click the install pre-boot operating system files. See Install Pre-boot Operating System Files on page 293. File Server Type (DOS) The Deployment Share stores image files, packages, and data files. By default, the Deployment Share is installed on the Deployment Server, but you can install it on another server, depending on whether you selected the Simple or Custom Deployment Solution installation. Field Definitions Microsoft Windows: Select this option to store images on a Microsoft server using TCP/IP network communications (recommended). However, if you use IPX to communicate with a Microsoft server, select the IPX check box at the bottom of the page. Create multi-network adapter configuration: Select this option to add multiple network adapter drivers to a single PXE boot file configuration. This feature lets you build configuration files to boot multiple computers that contain different types of network adapter cards. See Multi-Network Adapter Configurations on page 296. Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using IPX network communications. Novell NetWare (Client32): Select this option to store images on a NetWare server with 32-bit clients. Use IPX to communicate with Netware: Select this check box if IPX is the network protocol for the Novel NetWare (Client32) server. Multi-Network Adapter Configurations If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported drivers appears. You can select Multi-NIC drivers to be included in the configuration by pressing Shift-Click or Ctrl-Click. After a client computer boots using a multi-network adapter configuration, Boot Disk Creator applies the driver that matches the first network adapter card that it detects. Example: If you are using the multi-network adapter configuration for several different client computers, this option can save you time and effort in booting different computers. However, if a client computer has 2 NIC cards and you use the multi- Deployment Solution 297
network adapter configuration to boot the computer, the first NIC card is detected and can potentially be the wrong network adapter required to connect to the Deployment Server. Advanced Features The network adapters you select must support DOS, Linux, or WinPE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk button lets you install network adapter drivers from a disk, CD, or network folder. See Have Disk on page 298. The Internet button lets you connect to an Altiris supported Web site to download and install network adapter drivers. See Internet on page 298. The Advanced button lets you further define network adapters and their drivers. See Advanced on page 298. Multiple Network Adapters Load Order This option is for DOS and WinPE configurations only. This lets you specify the order in which the physical network adapters are detected when the client computer boots. Example: If most client computers have a Broadcom Ethernet adapter, but some computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and Down to move the Broadcom Ethernet adapter to the top of the list. See Network Adapter on page 297. Network Adapter The drivers listed in the Network Adapters window vary depending on the type of configuration you create. You can install pre-boot operating system files for DOS, Linux, or Windows Preinstallation Environment (WinPE). See Install Pre-boot Operating System Files on page 293. Example: After installing the pre-boot operating system files for WinPE, the Windows NIC drivers that are available to create a WinPE configuration appear, and are automatically added to the new configuration. If you select Auto-detect network adapter, WinPE determines which network adapter driver to use. Select a driver from the network adapters driver list. You must create a new configuration for each type of network adapter that is installed on client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations on page 296. If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced on page 298. If the network adapter you want does not appear in the list, click Have Disk, Internet, or Advanced to add additional drivers. See Have Disk on page 298, Internet on page 298, and Advanced on page 298. Field Definitions Auto-detect network adapter: Select this option to let WinPE auto-detect the type of adapter that is in the client computers when the boot image runs. Deployment Solution 298
Have Disk You can add network adapter drivers by using any disk media or navigating to a folder. You can download the Network adapters from the manufacturers Web site and save it to a folder or a disk to install later. New network adapters come with a floppy disk or CD to install the appropriate drivers. Internet Altiris supports many manufacturer network adapters and supports a Web site for you to download the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and use the ftp://support.altiris.com/support/NIC_drivers/ link. Download the driver you want and unzip the files to a folder on the hard drive. Click Add Driver to add the driver to the Network Adapters list. Advanced These options lets you add or change settings for the network adapter cards so they work correctly when using DOS configurations. This option is not available when you create a Linux or WinPE configuration. In the Network Adapter page, click Advanced. Refer to the following properties and values: Microsoft clients EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file. Novell VLM clients Emm386 memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (config.sys): Add parameters to the NIC section of the net.cfg file. Novell Client 32 Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file. TCP/IP Protocol Settings This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default protocol when client computers boot to automation on a Windows network. If you are using the IPX protocol, Deployment Server uses its own IP stack to work on IPX networks. Deployment Solution 299
Field Definitions Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an IP address from a DHCP server. Use a static IP address: Select this option if you want to assign a specific IP address to a client computer that is using this configuration. Enter an IP address, Subnet mask, and Default gateway. You can also enter a Primary WINS server address and a Secondary WINS server address if you want to resolve IP addresses and naming conventions. You must create a configuration for each client computer, so that the IP address is not the same for all computers. Altiris Deployment Server Communication This option lets you set communication properties for the Deployment Server. The Deployment Server IP address, and Port fields are critical because they define how client computers establish communications with the Deployment Server. Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk configuration is set to 502. These settings prevent client computers from communicating with the Deployment Server because the port numbers do not match. To establish communications between client computers and the Deployment Server, change the Port field in the Boot Disk configuration to 402. Note The settings on this page are used only if you create an automation boot image where the Automation Agent needs to know how to find the Deployment Server. If you intend to create a network boot disk, you can ignore this page by clicking Next, as none of the properties are used to create a network boot image]. To set the TCP port on the Deployment Server 1. From the Deployment Server, click Start > Control Panel > Altiris Deployment Server > Options > Transport tab. You can also click Start > All Programs > Altiris > Deployment Solution > Configuration > Options > Transport tab. This opens the Altiris Deployment Server transport settings page. 2. Enter the TCP port number. 3. Click OK. The following options are available on the Altiris Deployment Server Communication page: Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet is broadcast across the network to find where the Deployment Server location is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server. Port: This option defines the port that the client computers will use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Deployment Solution 300
Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet is broadcast to the server you specify. If you leave this field blank, the client computer connects to the first server that responds to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation, call the manufacturer, or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required. Port: This option defines the port that the client computers will use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Automation Agent Location Remote: Select this option to run the most recent automation agent located on the remote server share. Local: Select this option to run the automation agent that currently exists in the local pre-boot environment. Lock Keyboard: Select this option for additional security. This prevents someone on the remote computer from ending the automation session and possibly accessing your network. Network Connection This option lets you define the way the client computers connect to the Deployment Share or a file server that stores image files. Windows Workgroup: Enter the workgroup for the Deployment Share or file server. NetWare Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different from the default value of 802.2. User name: Enter the authorized user name that was set up while creating the Deployment Share directory. If you did not assign a User name and Password when the Deployment Share or file server was created, leave these fields blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name to confirm that you entered the correct password in the Password field. Network Drive Mappings and Mount Points This option lets you set up drive mappings (for DOS and WinPE) or mount points (for Linux) so that when client computers boot to automation or a network prompt, they connect to the appropriate server. You can create multiple drive mappings or mount Deployment Solution 301
points. However, if you are creating a DOS configuration, the first mapped drive you specify must connect to the Deployment Share. Field Definitions Manually create drive mappings: Select this option if you want to include the drive mappings in the autoexec.bat file when client computers boot to automation. Drive: By default, the mapped drive that appears is F: \\<Deployment Share server>\eXpress. Select a different drive letter from the drop-down list if F: is already in use. Path: Enter the path for the Deployment Share. The path you enter maps to the drive letter you selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are unsure of the directory path or if the image files are stored on a file server. Example: Windows users: \\server\share NetWare users: server\volume:directory Linux users: //server/mount point Create an entry in the LMHOSTS file for the Deployment Server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where the image files are stored. Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings. Optional Components This page lets you add additional components to the boot image, such as WSH (Windows Scripting Host), WMI (Windows Management Instrumentation), and so on. You can select the optional components that you want to include in the WinPE boot image. This wizard page is available only when you select WinPE. By default, the optional components to be included with this configuration are selected. Enable WinPE Firewall: By default, this check box is not selected. Selecting this option enables the WinPE Firewall, which interferes with multicast imaging. Configuration Summary This page lets you review all the options you selected throughout the New Configuration Wizard. If you want to modify a setting, click Back to re-select the option. When you click Finish, the Create Boot Disk Wizard appears for the next process to begin. If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configurations on page 302. Deployment Solution 302
Edit Configurations This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that are already created. As you select files and folders from the left pane, the configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Black: You have not selected or created any configurations. Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux pre-boot environment. Red: The configuration you selected or created is based on the WinPE pre-boot environment. To change the configuration settings, right-click a configuration folder and select Edit Configuration and click Edit until you find the page for the options you want to change. You can also make text edits to files (selected from the left pane) in the right pane. You can edit all other configuration files as needed. If the PXE Configuration Utility is launched and exited without any changes, no updates are made to the PXE Server. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat The edited configuration settings are saved to the PXE Manager database. The PXE Server is updated in the background. Click the PXE Status Screen tab to view the updated status of the PXE Server. See also: New Configuration Wizard on page 295 and Install Pre-boot Operating System Files on page 293. Additional Files Boot Disk Creator lets you add additional files to folders that either apply to a specific configuration or to all configurations that are of the same type of pre-boot operating system. However, any files that you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder has the same name as a file in a specific configuration folder, it is overwritten. Example: If a file named 5684_Drivers resides in the DOS additional files folder, and the same file, 5684_Drivers, exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected. Deployment Solution 303
Add files to all configuration When you install a pre-boot operating system, a new folder is added to the bottom of the left pane on the main page of the Boot Disk Creator. If you install pre-boot operating system files and the <OS> additional files folders do not appear, press F5 to refresh the Boot Disk Creator page. The folders that appear are as follows: DOS additional files Linux additional files WinPE additional files Boot Disk Creator copies the files from the <OS> additional files folders to all the corresponding operating system configurations and adds these files to the boot images. These folders are considered global because they can affect configurations of the same type. Example: Using the Windows Copy and Paste command, you can add tracert.exe to the WinPE additional files folder. Each WinPE configuration you create adds the files in the WinPE additional files folder to the boot image. Add files to a specific configuration If you want to add files to a specific configuration only and do not want to use the global feature of the <OS> additional files folders, do the following: 1. Right-click a configuration in the left pane and select New > Folder. A new subfolder is created in the left pane. 2. Enter a name for the folder so that you know they are the added files. 3. To add files to the <OS> additional files folder, do one of the following methods: Copy the files from a network folder and paste them into the configuration folder. Right-click a configuration and select Add File. A browser dialog appears to navigate to the file you want to add. Right-click a configuration and select File > Text file. A new empty text file is added to the left pane. Enter a name for the file and write text as needed in the left pane. Create PXE Boot Image Files (PXE) This option is used for Boot Disk Creator configurations created from within the PXE Configuration Utility. Because the PXE Servers download the boot image files to client computers, after you select all the properties for a New Configuration, Boot Disk Creator must know the type of image file to create. Field Definitions Automation PXE image: The automation agent for the type of pre-boot operating system configuration that you created is added to the settings you selected throughout the New Configuration Wizard. Network PXE image: The configuration you created does not contain an automation agent. When client computers boot with this image file, they are mapped to a network server and are at a users prompt. (This option is not available in Shared Configuration mode.) Deployment Solution 304
PXE Boot Image Creation Complete This page lets you know when the PXE boot image file is completed. When you click Finish, the New Shared Menu Option page appears, displaying the location of the PXE boot image files on the PXE Server. PXE Server Tab This lets you set response times for the PXE Servers and specifies how the DHCP Server will be discovered. By default, PXE Servers inherit the shared properties from the Shared Configurations mode. Client computers use the information defined on this page to locate the PXE Server that provides their services. PXE Server properties PXE Server IP address: By default, the IP address for both Shared Configuration and Customize PXE Server modes are displayed. If, for some reason, you need to change the IP address on a PXE Server, enter the same IP address in this field. Enter the IP address for the specific PXE Server you selected from the File menu. When client computers perform a PXE boot, the IP address helps them communicate with the PXE Server. Use Shared properties: This is selected when you set the properties for a Shared Configuration. You cannot change this selection on the other pages if you set the properties for the Shared Configuration. Customize PXE Server: Shared Configuration: This option is available when you select a specific server from the File menu. You can also customize the properties for the PXE Server you selected. Response Time: This lets you set the PXE Server response time when the client computers request a PXE boot. Example: If you have three PXE Servers, you can set the first PXE Server to Short delayed response (1/2 second), the second to Immediate response, and the third to a Delayed response of your choice. This helps control which PXE Servers will respond to the client computers when they perform a PXE boot. In this example, the second PXE Server would respond to client computers before the first server. PXE Server image update: This lets you control options for how updated PXE boot images are distributed to the PXE servers. Limit bandwidth throttles the amount of network bandwidth consumed by the transfer, but might result in your images taking longer to update. DHCP Server discovery: Auto detect Microsoft DHCP Server and configure for PXE: Select this option for a PXE Server to auto-detect the ports used for DHCP when Deployment Server and the PXE Server are installed to the same server. Third party DHCP Server installed on PXE server (Do NOT use DHCP port): Select this option if you are not using a version of Microsoft DHCP Server. Deployment Solution 305
Note: If Microsoft DHCP Server is installed on the PXE server, but is not active and functioning, the PXE Server sets option 60. This can cause conflict with client computers. Select the No DHCP Server installed on PXE Server (Use DHCP port) instead. No DHCP Server installed on PXE Server (Use DHCP port): Select this option if DHCP is installed to a different server than the one where PXE Server is installed. The PXE Server uses only one port for DHCP. DS Tab This tab lets you set properties so that all PXE Servers can communicate with the Deployment Server. PXE Servers and the Deployment Server work together to perform tasks, such as creating and distributing an image, scripted OS installs, and more. The PXE Server must access the Deployment Server and the Deployment Database to retrieve the information required to carry out these tasks on client computers. The Deployment Server IP address, Engine Port, and Data Manager Port are critical fields because they define how the PXE Server establishes communication with the Deployment Server. Example: The TCP port on the Deployment Server is set to 402 and the Engine port on the PXE Server is set to 502. This would result in the PXE Server not communicating with the Deployment Server because the port numbers do not match. To establish communication between the two servers, change the Engine port field on the PXE Server to 402. To set the TCP port on the Deployment Server 1. From the Deployment Server, click Start > Control Panel > Altiris Deployment Server > Options > Transport tab. You can also click Start > All Programs > Altiris > Deployment Solution > Configuration > Options > Transport tab. This opens the Altiris Deployment Server transport settings page. 2. Enter the TCP port number. 3. Click OK. Deployment Server properties Deployment Server IP address: This is the IP address of the Deployment Server that controls the PXE Servers. This value is automatically entered when Deployment Solution is installed. However, because the Deployment Server IP address can change, you have an option to edit this field. Engine port: This option defines which port the PXE Servers use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Data Manager port: This is the port that PXE Manager uses to communicate with the Deployment Server. Default boot option: This is the default boot menu item that Deployment Server uses to execute jobs. Deployment Solution 306
Disable Initial Deployment: By default, this option is enabled. Clear the check box if you do not want to use Initial Deployment. Initial Deploy boot option: The boot menu item that was set as the default pre-boot operating system at install time is selected. If no boot menu items were created, the first boot menu item (shared) is selected. Go to the Boot Menu tab and create a Shared Configuration if there are no items in the list. See Boot Menu Tab on page 289. When the boot menu appears on client computers, the default boot option you select for Initial Deployment moves to the top of the boot menu, even if the boot option is not at the top of the list on the Boot Menu Options for PXE Server: Shared Configuration page. Execute immediately: Select this option for Initial Deployment to run on new client computers without any user interaction after a PXE boot. From the Deployment Console, in the Initial Deployment Advanced Properties page, there is a default time-out value of 5 minutes. If you select this option, PXE responds immediately, but Initial Deployment still waits for 5 minutes before running. Wait indefinitely: Select this option so that a user must press <F8> to start the Initial deployment job. Use default timeout: Select this option to use the time-out value set in the Initial Deployment Advanced Properties page from the Deployment Console. Timeout: Select this option to enter a time-out value. The boot menu appears on new client computers for the length of time you set before booting to Initial Deployment. MAC Filter Tab This feature lets you control the service load of the PXE Servers by creating a list of MAC addresses you want to be serviced by either a specific PXE Server or by all PXE Servers associated to a Deployment Server. You can also select to not service the list of client computers. Example: If you had three PXE Servers that Deployment Server integrated with and you were setting properties for a Shared Configuration, you could create a list of MAC addresses, select Service listed addresses so that all three PXE Servers would respond to the listed client computers. You could also create a list of MAC addresses for a specific PXE Server configuration and select Do NOT service addresses so that the PXE Server you selected would not download a boot menu to any of the client computers listed. This lets you select the PXE Servers that provide services for specific client computers across the network. MAC addresses filter properties mode Use Shared properties: Select this option when you set the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server: Shared Configuration: This option is available when you select a specific server from the File menu. You can also customize the properties for the PXE Server you selected. Use MAC Address Filtering: Select this option to use MAC filtering. If you do not select this check box, the entries in the MAC Address Patterns section are ignored. Service listed addresses: Select this option if you want the PXE Server to service the list of MAC addresses in the MAC Address Patterns section. Deployment Solution 307
Do NOT service addresses: Select this option if you do not want the PXE Server to service the list of MAC addresses in the MAC Address Patterns section. MAC Address Patterns MAC addresses are listed in this section. You can add, edit, or delete the addresses. You can also import or export MAC address text files. New: When you click this button, the Define MAC Addresses dialog appears, where you can enter MAC addresses. See Define MAC Addresses on page 307. Edit: When you click this button, the Define MAC Addresses dialog appears, where you can modify addresses previously added to the MAC address list. See Define MAC Addresses on page 307. Delete: Select a MAC address from the list and click this button. Import: This option lets you import comma-separated text file MAC address list. You can create the import text file manually, or you can import a file that has previously been exported from any PXE Server on your network. When the Windows navigation dialog appears, go to the folder or disk drive where the text file is located and click OK. Export: This option lets you export the MAC address list to a comma-separated text file. You can use the export feature to save a large MAC address list and import the file to another PXE Server or to the same PXE Server in case you need to uninstall and install PXE Server. You can export all or a part of the list by selecting the MAC addresses. When the Windows navigation dialog appears, go to the folder or disk drive where you want to save the text file and click OK. Define MAC Addresses You can add or edit MAC addresses to the MAC address patterns section of the MAC Filter tab. This determines whether PXE Servers will include or exclude the client computers that are listed. See MAC Filter Tab on page 306. Single address: Select this option and enter a single MAC address. This address appears in the MAC Address Pattern section. Address range: Select this option to enter a range of MAC addresses. Enter a MAC address to start the range in the From box and a MAC address to end the range in the To box. Multicast Tab This option lets you set properties for the way PXE Servers download the boot image to client computers. PXE Servers communicate with client computers using the Multicast Trivial File Transport Protocol (MTFTP) and support larger transport packets, which reduces the time taken to download files. The PXE Manager multicast properties section lets you set a Beginning Multicast Address, the Number of Multicast Addresses Available, and the Maximum Addresses Available to Single PXE Server. A multicast address is automatically assigned to the files a PXE Server uses to download the boot menu options to client computers. A PXE boot menu option consists of two files. The MenuOption<number>.0 file is the boot menu, and the MenuOption<number>.1 file is the additional file needed to execute the menu item you select. Deployment Solution 308
Example: The PXE.ini file consists of information gathered by PXE Manager and includes a section called MTFTP\Files. This section lists the MenuOption files and their assigned multicast addresses. [ MTFTPD\ FI LES] BSt r ap\ x86pc\ BSt r ap. 0=224. 1. 1. 0 MenuOpt i on128\ x86pc\ MenuOpt i on128. 0=224. 1. 1. 1 MenuOpt i on128\ x86pc\ MenuOpt i on128. 0. cr - 1005309736=224. 1. 1. 2 MenuOpt i on128\ x86pc\ MenuOpt i on128. 1=224. 1. 1. 3 MenuOpt i on129\ x86pc\ MenuOpt i on129. 0=224. 1. 1. 4 MenuOpt i on129\ x86pc\ MenuOpt i on129. 0. cr - 1005309736=224. 1. 1. 5 MenuOpt i on129\ x86pc\ MenuOpt i on129. 1=224. 1. 1. 6 Notice that the multicast address increments by 1 for each file that is created when a new PXE configuration is added and the boot image is created. These are the files that a PXE Server downloads when you select a boot menu option from the menu list on a client computer. PXE Manager PXE Manager creates a PXE Manager.ini file, which gathers data from all the PXE Servers on the network. The PXE Manager.ini file creates and sends a PXE.ini file that is specific to each PXE Server. Both PXE Manager.ini and PXE.ini files are used by the PXE Manager service to synchronize the boot images across all PXE Servers and Deployment Servers on the network. Important Do not edit the PXE Manager.ini or PXE.ini files. Once these files are edited, you can no longer access the boot images stored on all PXE Servers, and the PXE Manager service does not function properly. See PXE Manager in the Automation & Imaging section of the Deployment Solution Product Guide. TFTP/MTFTP properties Use Shared properties: Select this option when you want to set the properties for a Shared Configuration. Once you set the properties, you cannot change this selection on the other pages. Customize PXE Server: Shared Configuration: This option is available when you select a specific server from the File menu. You can also customize the properties for the PXE Server you selected. Enable MTFTP: Clear this option if you do not want to use MTFTP to download the boot menu from the PXE Server to client computers. If a PXE Server is going to service client computers on the same subnet, you can select this option to communicate. If you disable MTFTP, TFTP is used to communicate. PXE-enabled client computers listen for broadcast messages sent by the PXE Server through MTFTP. If a PXE Server is going to service client computers across subnets and this option is enabled, the PXE Server tries to communicate with clients using MTFTP. If the router is not configured to pass a multicast packet, an error message appears on client computers, stating that MTFTP is unavailable. The PXE Server tries to connect to client computers using TFTP. Deployment Solution 309
Enable larger packets for TFTP/MTFTP: Select this option to increase the packet size transport. Packet Size: Enter the transport packet size if your infrastructure does not have the capability of handling the default packet size of 768. Do not allow IP fragmentation: Clear this option to use IP fragmentation. This is helpful if you have a narrow bandwidth on the network and want to enable larger packets for TFTP/MTFTP when downloading files from the PXE Server to client computers. IP fragmentation lets larger packets break up into smaller packets during transport. However, you must use a third-party application to reassemble the smaller packets into the original packet size. PXE Manager multicast properties Beginning Multicast Address: Enter a multicast address between the range of 224.1.1.0 -- 225.255.255.255. Number of Multicast Addresses Available: Enter the number of addresses available for the PXE Server. Limit: 128,000. Maximum Addresses Available to Single PXE Server: Enter the maximum addresses available to a single PXE Server. Data Logs Tab This option lets you enable data logs to help you troubleshoot incidents on the PXE Servers. You can enable log files to help isolate issues with the network traffic, communication protocol, the PXE Server, and more. You can specify a filename for each of the logs, and you can enter a directory path where you want to store the log files. Each log file lets you select a log level, such as errors, warnings, information, debug, or all. This is a valuable tool that should be used only for troubleshooting as it could impact the network in a production environment due to the amount of data that is written to the logs. Data Log properties Use Shared properties: Select this option when you set the properties for a Shared Configuration. Once you set the properties, you cannot change this selection on the other pages. Customize PXE Server: Shared Configuration: This option is available when you select a specific server from the File menu. You can also customize the properties for the PXE Server you selected. Log File Location: This is the folder where all log files are stored. If no directory path is entered, log files are stored in the default Deployment Share folder of C:\Program Files\Altiris\express\Deployment Server\PXE. Log Files: The following log files are specific to PXE Servers and, if enabled, log the information to the filename you specify and store it in the PXE folder on each PXE Server across the network. PXE Server Log PXE MTFTP Log Packet Parser Log DS Traffic Log Deployment Solution 310
Config Service Log PXE Manager Log Config Utility Log The PXE Manager Log writes data to the filename you specify and stores it in the PXE folder on the Deployment Server. Level: Select the type of data you want to write in the log files. Each level in the list includes more details to the log files of the previous level. Filename: Enter a name for the log file you enabled if you do not want to use the default name. Status Tab You can view the status of the PXE servers in your environment and track whether the updates have been applied to the PXE server. Remote PXE Installation You can install a PXE Server to any remote location on your network using this feature. However, all remote installations must be pushed from the Deployment Server. Example: Your business home office is in Washington and you have two smaller offices in Los Angeles and Australia. You can use the Remote PXE Installation Wizard to install a PXE Server to both locations from the Deployment Server in Washington. Note: DHCP services are required on the network to make the PXE Server function correctly. To install a remote PXE Server 1. Browse to the location where axInstall.exe is installed. The default location is C:\DSSetup. 2. Run axInstall.exe. 3. Select Component Install, and click Install. 4. On the Software License Agreement page, click Yes to accept the licensing agreement. 5. Enter or browse to the Deployment Share folder and click Next. 6. Select Install an additional PXE Server and click Next. 7. Select Yes, I want to install PXE Server on a remote computer. 8. Enter the Remote computer name or browse the network to select a remote PXE Server. 9. Enter the PXE Server IP address. 10. Enter the PXE Server install path and click Next. 11. On the Gathering Information page, enter a User name and Password with administrative rights on the remote computer. Click Next. 12. On the Installation Information page, click Install. Deployment Solution 311
Altiris ImageExplorer Altiris ImageExplorer provides features that let you view and edit image files. Image files are created using the RapiDeploy utility, a tool used most commonly in Deployment Solution to create and distribute hard disk image files. These are .IMG or .EXE files containing a replication of the source computers hard disk. Using ImageExplorer, you can modify an image fileadd or delete data files, folders and applicationsbefore distributing and restoring its contents to a client computer. You can view properties and perform operations, such as extracting and saving files to another destination volume, or excluding files from being restored when distributing the image file to a client computer. You can also print the contents of a folder or edit a file using its associated application. See also: Using ImageExplorer on page 315. ImageExplorer Features Add new files and folders Command-line mode Convert images Create image indexes Extract files and folders Exclude (or include) volumes, folders, and files from being restored Find files in an image Open a file with its associated program and edit Make self-extracting images Print image tree structure of files, folders, and volumes Replace files Revert to original image file contents Split images View, add, or change the image description View properties of files, folders, and volumes in an image ImageExplorer User Interface Click the ImageExplorer icon on the toolbar or select Tools > ImageExplorer. This opens the ImgExpl.exe program located in the Deployment Share. You can open and edit image files in the native .IMG file type or image files with packaged rdeploy.exe runtime versions in an .EXE file type. Deployment Solution 312
ImageExplorer provides the following features to view, manage, and modify the volume, folder, and file elements of an image file.
Feature Description Button Access Add Files Adds a new file to the image file. See Add New Files on page 317. Add Files is available when you right-click a volume, folder, or a file in the left pane. When you right-click a file and select Add Files, the new file is added to the same folder. Option 1: Ctrl+A Option 2: Select Edit > Add Files Option 3: Right- click an item and select Add Files Add Folder Adds a new folder to the image file. Click any item to add a folder to the container object. Add Folder is available when you right-click a volume, folder, or a file in the left pane. Option 1: Ctrl+D Option 2: Select Edit > Add Folder Option 3: Right- click an item and select Add Folder Convert Image Converts image files from file format 4 to the format most currently used by RapiDeploy. See Convert an Image on page 317. Option 1: Ctrl+T Option 2: Select File > Convert Image Copy Copies a file or folder from one location and lets you paste it to a destination image file. Note Copying large amounts of data and large numbers of files between image files can take several minutes. Option 1: Ctrl+C Option 2: Select Edit > Copy Option 3: Right- click an item and select Copy Create Image Index Creates an image index to make the process of restoring images easier. See Create an Image Index on page 318. Option 1: Ctrl+I Option 2: Select File > Create Image Index Exclude Marks volumes, folders, and files not to be included when deploying the image file to client computers. Note You can also exclude a file by clicking the check box next to the file in the Details pane. The icon replaces the check box. Option 1: Delete key Option 2: Select Edit > Exclude Option 3: Right- click a file and select Exclude Files Deployment Solution 313
Extract Extracts a complete volume, folder (with its sub-folders), or file from the image file. You can select a destination volume or directory to save the folders or files. See Extract a Folder on page 319. Note Extracting large amounts of data and large numbers of files can take several minutes. Option 1: Ctrl+E Option 2: Select Edit > Extract Option 3: Right- click an item and select Extract Files Find Search for files or folders within an image file using specific names or wildcard characters. You can use ? as a variable for a single character or * (asterisk) for multiple characters. See Find Files and Folders on page 319. Option 1: Ctrl+F Option 2: Select Edit > Find Option 3: Right- click a container object and select Find Include Lets you include volumes, folders, and files, previously marked Excluded, in the image file when deploying the image file to a client computer. Note You can also include a previously excluded file by clicking the next to the file in the Details pane. A check box reappears. Option 1: Insert key Option 2: Select Edit > Include Option 3: Right- click an excluded item and select Include Files Make Self- Extracting Creates a self-extracting file from an existing image file. See Make Self- Extracting Images on page 320. Option 1: Ctrl+M Option 2: Select File > Make Self-Extracting Open File (available for files) Opens a file using its associated application, if the application exists on the computer where ImageExplorer is running. Option 1: Double- click the file Option 2: Select Edit > Open Option 3: Right- click the file and select Open Feature Description Button Access Deployment Solution 314
Open File with Lets you open a file with a selected program. If the file is already associated with a program, you can simply double-click to open. Use Open file with to change the program or select the default Quick Open feature. Note Image files created with IBMaster 4.5 do not open. However, you can use the Convert Image feature to convert image files to the current RapiDeploy file format. See Convert an Image on page 317. Option 1: Ctrl+W Option 2: Double- click the file (if not associated) Option 3: Select Edit > Open with Option 4: Right- click the file and select Open with Open Image File In Deployment Solution 6.9 or later, you cannot open image files created using IBMaster. You need an ImageExplorer version prior to Deployment Solution 6.9 to open these image files. You need an ImageExplorer version from Deployment Solution 5.5 or earlier to edit these image files. Option 1: Ctrl+O Option 2: Select File > Open Paste Places a copied file or folder from one location to another. Option 1: Ctrl+V Option 2: Select Edit > Paste Option 3: Right- click an item and select Paste Print Folders: Prints the folder structure. Includes sub-folders and files with their modification date, time, and size. Files: Prints the actual file. You must have the associated application program installed to print the file (Example: Microsoft Word to print .DOC files). See Print Folder Contents on page 322 and Print a File on page 323. Option 1: Ctrl+P Option 2: Select File > Print Option 3: Right- click an item and select Print Feature Description Button Access Deployment Solution 315
Using ImageExplorer With ImageExplorer running, from the program menu bar, select File > Open to open the image file you want to view or modify. Note In Deployment Solution 5.6 or later, you cannot use ImageExplorer to modify image files created using IBMaster. You need an ImageExplorer version from Deployment Solution 5.5 or earlier. See also: View Properties on page 315, Add New Files on page 317, and Extract a Folder on page 319. View Properties After opening an image file with ImageExplorer, you can view basic information about the image file and its elements by selecting the file or volume (partition) name and clicking Properties. You can open the Properties page for an image file, volume, or file by right-clicking and selecting Properties, clicking File > Properties, or pressing Properties Provides general information about the folder or file, such as size, modification dates, and attributes. Properties appear differently for images, volumes, folders, or files. See View Properties on page 315. Option 1: Alt+Enter Option 2: Select File > Properties Option 3: Right- click an item and select Properties Replace Files (available for files) Provides a way to update a file in the image with a file from another source. Both files must have the same name. Option 1: Ctrl+L Option 2: Select Edit > Replace Option 3: Right- click a file and select Replace Files Revert (available for files) An undo feature for the Replace File option. This reverts a previously changed file to its original file. Option 1: Ctrl+R Option 2: Select Edit > Revert Option 3: Right- click an item and select Revert Files Split Image Splits an image file of one size to into segments of another size. See Convert an Image on page 317. Option 1: Ctrl+S Option 2: Select File > Split Image Feature Description Button Access Deployment Solution 316
Alt+Enter. Depending on the type of image element, a properties page opens with the appropriate tabs. General Properties for an Image File This page displays the data for image files. After selecting Properties for a selected image, click the General tab to view the image items and additional property data, such as size, location, and attributes. The Image properties page includes the name of the image file and its associated image data. Example: The Size field displays the amount of space that the image occupies on the hard drive of the source computer. The Size on disk field displays the actual size of the compressed image file before it is deployed. From this page, you can modify the password of the image file. General Properties for a Volume This page displays data for a volume. After selecting Properties for a selected folder in an image file, click the General tab to view its property data, such as size, location, and attributes. General Properties for a Folder This page displays data for a folder. After selecting Properties for a selected file in an image, click the General tab to view its included files and additional property data, such as size, location, and attributes. General Properties for Files This page displays data for files. After selecting Properties for a selected folder in an image file, click the General tab to view its included files and additional property data, such as size, location, and attributes. Description Properties for an Image This page displays the constituent volumes within the image file. It provides a count of the volumes in the image and lists the name of each volume in the Volumes pane. If the image file has Read-write access, you can modify the image description. Open a File To open a file in an image, double-click the file in the Details pane of the ImageExplorer or right-click and select Open. The file opens with its associated program. If no associated program is located, an Open with dialog appears, from which you can select and associate a program for the file. Note You can also associate a file with a program by right-clicking the file and selecting the Open with command. The Quick open feature lets you select a default program to open files without associated programs (Microsoft Notepad is the default program). You can change the Deployment Solution 317
default program for the Quick Open feature by clicking View > Settings and editing the Open with program box. See also: Print a File on page 323 and Settings on page 324. Open Split Image Files If an image is too large or you are trying to meet size restrictions to store an image (such as dividing image files to 600 MB segments to fit on multiple CDs), you can use the features in RapiDeploy to split the image file into multiple files. When editing, ImageExplorer keeps track of these split image files and prompts you to locate any additional linked image files that are not stored in the same directory. Find Missing Split Image Files If multiple files from a split image are kept in different folders or on separate CDs, this dialog appears to help you locate the missing split image files. Enter a path in the field or browse to the missing files. ImageExplorer keeps track of all files in a split image and prompts you for any missing split image files that are not located in the same folder. Add New Files 1. Open ImageExplorer. 2. Select File > Open. Select an image file. 3. Click OK. 4. Right-click the preferred volume or folder in the image and select Add Files. The Select the files to add dialog appears. Option 1: Locate a file and click Open. The new file appears in the Details pane. Option 2: Drag a file from Windows Explorer to the selected folder or volume in an image file displayed in ImageExplorer, or copy and paste the file. If you have selected the corresponding Settings option, a message appears that confirms your decision to copy a file to the image file. See Paste & Drop operations in Settings on page 324. Note You can access and edit text files by double-clicking the file in the Details pane of the ImageExplorer dialog. Convert an Image The internal file format for images has changed from file format 4 in Deployment Server 5.5 and earlier, to file format 6 in Deployment Server 5.6 or later. File format 6 has remained the same since its release, but minor changes have been made to improve the overall format structure. This feature lets you select any previously created image file and convert it to the current file format that RapiDeploy uses today. If the file format changes in future Deployment Solution 318
releases of Deployment Server, when you convert an image file, it will always be to the most current file format. When converting image files, be aware of the following: If an old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code is removed and the image is restored to an .IMG file. You do not receive a message warning that the embedded self-extracting code was removed. If an old image has a password, the newly created image file does not have a password. However, the user receives a message indicating that the password has been removed. File conversions may vary in length of time because ImageExplorer reads each segment in the image before converting it to the new image file. If you have large files with many segments, this process takes longer. Field Definitions Image File to Convert: Select the image file you want to convert. Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: By default, the number of segments in the image file is displayed. New Output Image File: Select a folder and filename for the image file you want to convert, based on the new segment size. New segment size (MB): From the drop-down list, select a size for image segments. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is converted. Estimated segment count: The estimated number of segments in the file you selected to convert. To convert an image file 1. Click File, and select Convert Image File. 2. In the Image File to Convert field, click Browse to navigate to a folder, and select an image file to convert. 3. In the New Output Image File field, click Browse to navigate to a folder. Enter a new filename for the converted image. 4. From the New segment size drop-down list, select a segment size. 5. Click OK. Create an Image Index This feature lets you create an index file for image files. When you copy the images to CDs, the index file and the first segment of the image provide the file information to RapiDeploy when restoring the image file. Example: If you have an image with multiple segments, such as .IMG, .002, .003, and .004, ImageExplorer creates a table of contents at the end of segment .004, which identifies the file information for each segment of the image. Deployment Solution 319
This feature creates a new index file named .IMX. As you copy the segments to CDs, you can select .IMX and .IMG to be on the same CD. You can copy the other segments, .002, .003, and .004, to additional CDs as needed. When you use the CDs to restore an image, the first CD that contains the .IMG and .IMX files provides RapiDeploy the information needed to restore the image. This makes restoring images easier because you need not insert the first CD, the last CD, and the first CD again. You can also index images while creating them by selecting the Make an image index (.imx) file option in RapiDeploy. See the RapiDeploy Reference Guide. Field Definitions Image File to Index: Select the image file you want to index. Output Folder for Index (optional): If you do not select a folder for the index output, the .IMX file is created in the same folder as the image you selected to index. To create an index image 1. Click File, and select Create Image Index. 2. In the Image File to Index field, browse to a folder and select an image file. 3. (Optional) In the Output Folder for Index (optional) field, browse to a folder for the index file output. 4. Click OK. Extract a Folder Use this feature to save a folder or file from an image to an external destination folder. To extract a folder 1. Open ImageExplorer. 2. Select File > Open Image. Select an image file and click Open. 3. Select a folder in the image, right-click, and select Extract Folder. The Extract Folder dialog appears. 4. Select a folder on your local disk or on the network to place the extracted folder. 5. Click OK. Note Extracting large amounts of data and large numbers of files can take several minutes. Find Files and Folders This feature lets you search for files or folders in an image file. To search for a file or folder, select the image file, volume name, or folder name from the left pane to set a search domain. Field Definitions Find what: Enter a string or characters (alpha and numeric). You can use ? (the question mark) as a variable for a single character, or use * (the asterisk) for multiple characters. Search in Deployment Solution 320
You can select one of the following options to change the search domains and click Find. Search all open images: Select this to search for a file or folder in the open images. Search entire image: Select this to search for a file or folder in the entire image. Search only in: Select this to search for a file or folder only in the selected file, volume, or folder. Include Matching files: Select this check box to include matching files in the search results. Matching folders: Select this check box to include matching folders in the search results. Sub-folders: You can also select this check box to include subfolders. Filter: Click this option to open the Find Filter dialog. See Filter Results on page 320. Files and folders that meet the specified search criteria are listed in the results field, organized by File Name, Location, and so on. Filter Results This feature lets you open an advanced search for files and folders based on associated system attributes (Read-only, Hidden, System, and so on) and ImageExplorer attributes (Flags) (Excluded, Added, Replaced). See Find Files and Folders on page 319. Field Definitions Find what: Enter the string or characters to find files or folders based on system attributes or ImageExplorer attributes of the files or folders. Select the Include matching files check box to select files. Select the Include matching folders check box to select folders. You can also select the Search sub-folders check box to include sub-folders. Note To search in a specific directory, right-click that directory in the left pane and click Find to open the Find dialog. The following attributes use three-way check boxes with these features: A solid checkmark indicates that the item must contain the attribute. An empty box indicates that the item must not contain the attribute. A dimmed checkmark indicates that the value is NULL and the item can either have the value or not. Attributes: These are the system attributes of the files assigned by the operating system when the image was created. Flags: These are the attributes assigned by ImageExplorer. Defaults: Clicking this button applies the default settings. Make Self-Extracting Images This feature lets you create a self-extracting file for an existing image file so you can run the executable at a client computer. This is helpful when you need to restore an image Deployment Solution 321
to a computer that does not have access to the Deployment Server and RapiDeploy for imaging through the network. You can select image files created using RapiDeploy, which was used to create images beginning with Deployment Server 5.6 or later. You cannot use this feature if you have images created using Altiris IBMaster 4.5 or earlier. However, when you navigate to a folder to select an image, all .IMG files appear. You can use the Convert an Image feature to convert the image to the latest RapiDeploy file format. See Convert an Image on page 317. The self-extracting file comprises a valid image file and RapiDeploy, which is embedded into the executable. You can copy the self-extracting file to a folder or removable media and manually run it on any computer, or you can create a deployment job on the Deployment Server and distribute the self-extracting file to multiple computers. When new versions of RapiDeploy become available through Deployment Server upgrades, you can re-create any self-extracting file by re-running Make Self- Extracting Image. The latest version of RapiDeploy replaces the image files embedded RapiDeploy code. The time required for this process may vary because ImageExplorer reads only the .IMG segment. A 2 GB file takes more time than a 700 MB .IMG segment. RapiDeploy and only the first segment of the image file (.IMG) are combined to create the executable that restores images. However, all other segments that make up the entire image, including the index (.IMX), are required when restoring an image. See also: Create an Image Index on page 318. Field Definitions Current self-extractor type: The image file you selected is of this operating system type. Keep original image file: Select this check box for ImageExplorer to make a self- extracting image file without affecting the original image file. Note If you clear this check box and the Make Self-extracting Image process fails, the original image file may be damaged or corrupted, and you can no longer use the original image file to create a self-extracting file. Image file size: The size of the current selected image. Remove existing self-extractor: Select this option to remove the .EXE code from a self-extracting image. The image file returns to its original state with an .IMG file extension. Note This option is available only if the image file has a self-extracting code. DOS: This mode uses the RapiDeploy graphical user interface to display the image files progress while it is running. Windows: This mode uses the RapiDeploy graphical user interface to display the image files progress while it is running. Linux: This mode uses the RapiDeploy graphical user interface to display the image files progress while it is running. Deployment Solution 322
Processor architecture: These options are available only when you select the corresponding self-extractor type. UI mode: You can select GUI mode or Text mode. To create a self-extracting image file 1. Click File, and select Make Self-Extracting Image. 2. Enter or browse to the location of the image file. 3. Clear Keep original image file if you want to make the original image file a self- extracting image file. 4. Select Remove existing self-extractor type. See Field Definitions on page 321. 5. Click OK. The self-extracting file is created in the same directory as the original image file. If the Not enough free space dialog appears, see Not Enough Free Space on page 322. Not Enough Free Space This indicates that the image file you selected to make into a self-extracting file cannot be created because there is not enough free disk space. The Not enough free space dialog lets you select an alternate location to create the self-extracting file. Enter a directory path or click Browse to navigate to a location with more disk space. Click OK. ImageX Sample Scripts These are sample scripts that let Deployment Solution run ImageX imaging jobs from the Deployment Console. These sample scripts include documentation that helps you specify the name and location of the .WIM files. You can use ImageX to capture several different images into a single .WIM file. You can open the sample job and specify the location of the .WIM file with the correct passwords and network locations. You can run the job from the server, which launches the ImageX utility and captures an image of the target computer. Print Folder Contents You can print a list of the files and sub-folders within an image file, a volume (partition), or a folder. Depending on the options you select, you can print a report that includes the constituent files and subfolders and includes fields with the modified date, time, size, and other attributes for each file. When printing the contents of an image file, volume, or folder, click OK to view a Print Preview of the report file. See Print Preview on page 323. Field Definitions Title: Enter a title for the report page. What to print Just this folder: Select this option to print only the files in the selected image, volume, or folder. This will not print the subfolders. This folder and all sub-folders: Select this option to print the files in the image, volume, or folder and all the subfolders and files. Deployment Solution 323
Print < . > and < .. > entries: Select this option to print an entry in each folder identified as < . > (a dot notation) and < .. >. Attributes and date/time properties will be saved for this hidden folder in the image file. Print Excluded items: Select this option to print the files previously marked as Excluded. Fields to Print Include modified date / time: Select this option to print the date and time when the file or folder is modified. Include size: Select this option to print the size of the file. Include attributes and flags: Select this option to print the system attributes (Read- only, System, Hidden, System, and Compressed) and the flags (Added, Excluded, Replaced). Include file numbers: Select this option to print the file number associated with each file. See also: Print a File on page 323. Print Preview View an online display of the print report for image files, volumes, or folders. The name of the report appears at the top of the page. A table is displayed with the details that you selected in the Print Folder Contents dialog. See Print Folder Contents on page 322. Field Definitions Lines: Displays the number of lines in the report. Print: Click to print the report. Save: Click to save the report to a text file. Print a File From the ImageExplorer interface, you can select and print an actual file using its associated program. If your file is not associated with a program, you can associate it by selecting from a provided list of installed programs on the computer. You can also attempt a Quick Print to open the file using a standard program, such as Microsoft Notepad. Field Definitions Quick print: Click this button to run a default program to open and print the selected file. The default program is Microsoft Notepad. You can change the default program to print files using the Print with program field in the Settings dialog. See Settings on page 324. See also: Print Folder Contents on page 322 and Open a File on page 316. Set a Password on an Image File Right-click an image file and select Properties. In the Flags section, select Has Password. The Set Image Password dialog appears. Deployment Solution 324
Field Definitions Current password: Enter the current password. New password: Enter the new password. Confirm password: Enter the new password again to confirm. Settings Click View > Settings to set the preferences for ImageExplorer. The Settings dialog appears, from which you can set options to confirm specific operations using message boxes in the user interface, for displaying items or excluding items, or for selecting default programs when using the Quick print or Quick open options. See Print a File on page 323 and Open a File on page 316. Action Confirmation Prompts Open Read-only: Select this option to present a confirmation prompt to the user when opening a file in a Read-only state. As a result, no changes are saved. Example: If you open an image file created in RapiDeploy 4.5 or earlier, it is Read-only and any operation performed cannot be saved. When you open this file, a confirmation box appears, reminding you that the file cannot be saved. File overwrite: Select this option to present a confirmation prompt to the user when extracting a file from an image file and overwriting an existing file on a destination drive. File revert: Select this option to present a confirmation prompt when executing a File revert operation, which returns the image file to its original file structure and content after replacing files. Paste and Drop: Select this option to present a confirmation prompt to the user when dragging a file to a new folder in an image file, when using the copy and paste operation to move files to another folder, or when using the Add New Files command. See Add New Files on page 317. Exclude: Select this option to present a confirmation prompt to the user when assigning the Exclude option to a file (to not distribute the selected file as part of the image). This message appears when you click the check box on the file or folder or when you select the Exclude operation. Folder overwrite: Select this option to present a confirmation prompt to the user when extracting a folder from an image file and overwriting an existing folder on a destination drive. General Settings Show Excluded items: Select this option to view the files marked as Excluded in the image. You can see the files after you refresh the screen. Show file numbers: Select this option to view the associated file numbers in the image. In NTFS, the files are numbered automatically. In FAT, EXT2, EXT3, and other file systems, the files are numbered by RapiDeploy when creating the image file. Keep Help on top: Select this option to keep the help file open on top of the ImageExplorer user interface. This lets you view the help with the program rather than allowing it to be sent behind the ImageExplorer user interface. Extract Excluded items: Select this option to extract the excluded files and folders from the image file to a destination folder. This setting lets you include all files Deployment Solution 325
previously marked as Excluded to be saved to an external destination folder when running the Extract command. Color Excluded items: Select this option to mark with red text the files and folders excluded from the image. See Exclude on page 312. Color Added items: Select this option to mark with blue text the files and folders added to the image. See Add Files on page 312 and Add Folder on page 312. Color Replaced items: Select this option to mark with magenta text the files and folders replaced to the image. See Replace Files on page 315. Default Programs to Open and Print Files These settings are the default settings for the Quick Open and Quick Print options that appear with the Open with and Open features. This option lets you associate files to a common program, such as Microsoft Notepad. Open with program: This option lets you set the default program to run with a selected file. The default program is Microsoft Notepad. See Open a File on page 316. Print with program: This option lets you set the default program to print a selected file. The default program is Microsoft Notepad. See Find Files and Folders on page 319. Split an Image This feature lets you select an image file to split (rewrite) into a new image file based on the segment size you select. While the Convert an Image feature changes the file format of an image to the current format used by RapiDeploy, the Split Image feature maintains the format of the original image but changes the size of its segments. See Convert an Image on page 317. Example: If you want to split a 2 GB image file so that it fits on CDs, you can select 650 MB or 700 MB as the new segment size. The result will be one image file with multiple segments. You can copy the segments to CDs and use them to restore the image file at client computers. When splitting image files, be aware of the following: If the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split, but it is converted instead. If this occurs, a message appears, confirming if you want to proceed. If you proceed, all the principles of Convert an Image apply. If the old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code remains, and the new image contains the same version of RapiDeploy as when it was originally created. However, if the image is an old format image (IBMaster 4.5 or earlier), the image cannot be split, but is converted instead. If you proceed, the self-extracting code is removed. If an old image has a password, the new image file has the same password. However, if the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split, but it is converted instead. If you proceed, the password is removed. Field Definitions Image File to Split: This option lets you enter or browse to the image file you want to split. Deployment Solution 326
Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: By default, the number of segments in the image file is displayed. New Output Image File: This option lets you enter or browse to a folder and filename for the image file you want to split. New segment size (MB): This option lets you select a size for image segments from the drop-down list. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is split. Estimated segment count: By default, this field displays the estimated number of segments in the file you selected to split, based on the new segment size. To split an image file 1. Click File, and select Split Image File. 2. In the Image File to Split field, click Browse to navigate to a folder, and select an image file to split. 3. In the New Output Image File field, click Browse to navigate to a folder. Enter a new filename for the image. 4. From the New segment size drop-down list, select a segment size. 5. Click OK. Command-Line Switches This feature lets you create Deployment Server Run Scripts or batch jobs to help you manage images using command-line options. At the end of some switches, select options are listed to indicate that the additional commands are allowed. To access the online command-line options 1. From the Windows environment, select Start > Run. 2. In the Open field, enter the command CMD. 3. Enter C:\Program Files\Altiris\eXpress\Deployment Server\ (default installation path). 4. Enter imgexpl /? to view the command-line switches page. Command line Description Parameters Image files to open or operate on (can be repeated), such as w2k.img and xp.img. Deployment Solution 327
Examples: Open a W2k.img that requires the password develop. Switches -register: Register file types in the Windows Registry. -unregister: Unregister file types in the Windows Registry. -add <src*> <dst>: Add a file or folder to an image. Accepts the <-overwrite> option. You can use wildcards when entering the source (src). -extract <src> <dst>: Extract a file, folder, or volume from an image. Accepts the <-overwrite> and <-size> options. -convert <dst>: Convert an old format image to the current image format used by RapiDeploy. Accepts the <-overwrite> and <-size> options. -split <dst>: Split an image into new size file segments. Accepts <-overwrite> and <-size> options. * Indicates wildcards can be used; accepted options are noted at the end in (). Options -lang <lang code>: *Specify the language code for the user interface. -silent: *Do not display confirmations or errors. -password <pwd>: *Passwords for image files being opened. -overwrite: When in silent mode, do not confirm actions. -size <size in MB>: Size of the new image segments in MB. * Indicates the options that can be used with any command. Process exit codes 0 Success. -2 Internal error initializing application. 2 Command line syntax error. 4 Error registering or unregistering file types. 6 Operation cancelled by the user. 8 Attempted to write to a Read-only image. 10 Invalid password. 12 Error performing an operation. 14 The Image file was not found or an error occurred opening an image. 16 The source was not found, or an error occurred opening the source. 18 The destination was not found or an error occurred opening the destination. Command line Description Deployment Solution 328
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop Open two image files that have different passwords, develop and sales. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop f:\xp.img -password sales Add all *.txt files in e:\to the temp folder of the volume in slot 1 of w2k.img. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -add e:\*.txt 1:\temp Extract kernel.dll from the Windows folder of the volume sys in w2k.img to e:\dump. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -extract sys:\windows\kernel.dll e:\dump) Convert the old format image file, w2k.img, to the new image, new2k.img, in 650 MB segments. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -convert f:\new2k.img -size 650 Deployment Solution 329
Installing Deployment Server Deployment Server is a flexible, scalable computer deployment and management system that can be installed and configured on a single computer, or installed across several computers to distribute processing for large enterprise environments. You can run a Simple install to position all Deployment Server Components on a single computer (most frequently used), or plan and perform a Custom install to distribute installation of components across separate computers in the site. See Deployment Server Components on page 329. The Deployment Web Console can be installed as part of the Deployment Server installation on any computer running Microsoft IIS. After installing Deployment Server components, you can remotely install Deployment Agents on all types of computer resources across your organization: laptops and handhelds, LAN and Web servers, network switches, and so on. Windows computers, Linux computers, and handhelds can be managed as a unified environment, with each client communicating through its own Deployment agent to update inventory data and react to Deployment Server commands and deployment tasks. Select one of the following methods for installing a Deployment Server system: Simple Install for Deployment Server Custom Install for Deployment Server Thin Client Install for Deployment Server Component Install for Deployment Server To install Deployment Agents on the client computer, see Installing Deployment Solution Agents on page 345. Note You can also install the Deployment Server components remotely from the Altiris Console. Deployment Server Components The Deployment Server system includes the following components: Deployment Console Deployment Server Deployment Database Deployment Share Altiris PXE Server DHCP Server (not an Altiris product) Deployment Web Console Installing Deployment Solution Agents Sysprep Deployment Solution 330
You can install all these components on the same computer or distribute them across multiple computers, depending on the environment. Deployment Console The Deployment Console is the Win32 user interface for Deployment Solution. You can install this Windows console on computers across the network to view and manage resources from different locations. In addition, from this console, you can access the Deployment Database on other Deployment Server systems to manage sites across the enterprise. See Deployment Database on page 331 and Connecting to Another Deployment Server on page 93. Deployment Console communicates with the Deployment Database and Deployment Server services. In a Simple Install for Deployment Server, the Deployment Console is installed on the same computer similar to all other components. In a Custom Install for Deployment Server, you must ensure that a connection is available to these computers and security rights are set. You must have administrative rights on any computer running the Deployment Console. See Simple Install for Deployment Server on page 335 and Custom Install for Deployment Server on page 338. See also: Deployment Web Console on page 333, Managing from the Deployment Console on page 70, and Deployment Server Components on page 329. Deployment Server Deployment Server controls the flow of the work and information between the managed computers and the other Deployment Server components (Deployment Console, Deployment Database, and the Deployment Share). Managed computers connect and communicate with the Deployment Server to register inventory and configuration information and to run deployment and management tasks. The computer and deployment data for each managed computer is stored in the Deployment Database. Note To view, start, or stop Deployment Server, go to the Altiris Server services in your Windows Manager. Managed computers require access to the Deployment Server at all times, requiring that you have administrative rights on the computer running the Deployment Server.
Create a user account to run the Deployment Server. The service runs as a logged-on user, not as a system account. You must create this account on all Deployment Server computers. The account must have full rights to the Deployment Share. The account must have a non-expiring password. See Deployment Share on page 332.
Assign a static IP address to the Deployment Server computer. Other components cannot connect to the Deployment Server if you use DHCP and dynamically change the IP address.
To install the Deployment Server on a remote computer, the default administration shares must be present. Restore any shares that have been removed before you install the Deployment Server. Deployment Solution 331
Note It is easier to create an administrative account using the same name and password on all computers than to use the existing name and password of each account. Most packages (.RIP, Personality Packages, and .MSI files) pass through the Deployment Server. Therefore, if you store these files on the Deployment Server, the deployment of these packages is faster. Image files, however, are sent directly from the Deployment Share to the client computer when you run an imaging task. See also Deployment Server Components on page 329. Deployment Database You can install the Deployment Database on Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000. See Deployment Server System Requirements on page 334. Note In Deployment Solution 6.0 and later, if you have already set up multiple instances of the Microsoft SQL Server, you can identify a specific instance using this format: <database instance>\express. Example: If you have a clustered Microsoft SQL Server named SQLClusterSvr to manage multiple Deployment Solution systems on different network segments, you can enter the name SQLClusterSvr\salesSegment or SQLClusterSvr\marketingSegment during the Deployment Server setup, depending on the previously established database instance. This feature is supported in the silent install .INI file and the GUI install executable. The database maintains the following information about the managed computers: Hardware. RAM, asset tag, and serial numbers General Information. Computer name and MAC address Configuration. TCP/IP, Microsoft networking, and user information Applications. The installed applications and information about these applications, such as the name of the application, publisher, and product ID Services. Installed Windows services Devices. Installed Windows devices, such as network adapter, keyboard, and monitors Location information. Contact name, phone, e-mail, department, mail stop, and site The Deployment Server Database also contains jobs and other data used to manage your computers. Note You can install a single Deployment Database in each Deployment Server systemyou cannot have two databases storing data for a single computer. If the computer you are installing the database on has an existing Microsoft SQL Server, the Deployment Database is added to that instance of the database engine. Support for Multiple Database Instances In Deployment Solution 6.0 and later, you can identify a named instance of the Microsoft SQL Server when installing Deployment Solution. You can now identify other named Deployment Solution 332
instances of Microsoft SQL Servers instead of accessing only the default instance. This feature lets you identify and run multiple databases from one clustered Microsoft SQL Server to manage multiple sites or network segments. This feature is supported in the silent install .INI file and the GUI install executable. See Custom Install for Deployment Server on page 338. The 6.9 release of Deployment Solution also supports a different name for the Deployment Database instead of the default name, eXpress. See also Deployment Server Components on page 329. Deployment Share The Deployment Share is a file server or shared directory where Altiris program files and packages are stored. The Deployment Share can be a shared directory (default Simple install in Program Files\ Altiris\eXpress\Deployment Server) or another file server (in the Custom install, you can assign a Microsoft Windows or Novell NetWare file server). Deployment Share is where you store image files, registry files, .MSI packages, Personality Packages, script files, and more. When you are deploying or managing a computer, the Deployment Server stores and retrieves these packages from the Deployment Share as needed. Note You can install only one Deployment Share for each Deployment Server system. However, if the Deployment Share's hard drive gets full, other computers can be used as additional backup storage points. In some cases, other systems emulating a Microsoft or NetWare environment can be used as the Deployment Share. Note for NetWare users: If you have a problem using the Novell NetWare server as a Deployment Share, install the Novell Client instead of the Microsoft NetWare Client. See also Deployment Server Components on page 329. Altiris PXE Server The PXE Server provides service to client computers on a subnet. When the Deployment Server sends a deployment job, the client computer receives a request to boot to automation and the PXE-enabled computers connect to the first PXE Server that they discover, which communicates with the Deployment Server and the client computers. You can install a PXE Server on a Microsoft Server 2003, Windows 2000 Server, Advanced Server. The PXE Server also functions on the same protocols as a standard DHCP Server, so you can place the PXE Server wherever you would place a DHCP
If you want to install Deployment Solution on a remote file server (not the computer where you are running the install program), create a share (or give Read/Write rights for NetWare) on the file server where you want to install the Deployment Server. This share must allow access to all other components, including managed computers and the user account that runs the Deployment Server. You must create this share before you begin installing. If you are not installing on a remote computer, you can select the option to create the share during the installation. Deployment Solution 333
server. You can also install as many PXE Servers as required in your system, but you must also install a DHCP Server. The PXE Server sends a boot menu option list to the client when the computer performs a PXE boot. The deployment job, which contains at least one automation task, uses the default automation environment or the environment specified by a user who has the permission to create a deployment job. Use the boot menu option to request the PXE Server for the boot menu files and download the boot menu files from the PXE Server to the client computers RAM storage. The client computer always boots according to the request and reply communications taking place between the Deployment and PXE Servers. Altiris supports DOS, Linux, and Windows PreInstallation Environment (WinPE) as pre- boot environments. These options let you create a single job, but may contain multiple automation tasks. The default automation environment (the first pre-boot operating system files installed during the Deployment Solution installation) is used for Initial Deployment, unless you specify otherwise. Using a PXE Server to boot client computers to automation saves you from having to install an automation partition on each client computers hard disk, or from manually starting computers using Altiris-supported bootable media. See Boot Disk Creator Help. See also Pre-boot Operating System (Simple) on page 361, Install Automation Partition on page 133, and PXE Configuration Utility Help. DHCP Server The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/ IP addresses to the client computers. This server is not an Altiris product, but is required if you want to use the PXE Server. We recommend that you use DHCP to manage the TCP/IP address in your network, whether you use PXE or not. This greatly reduces the amount of time required to set up and manage your computers. See also Deployment Server Components on page 329. Deployment Web Console The Deployment Web Console remotely manages a Deployment Server installation from a Web browser. It deploys and manages Windows and Linux computers (both client and server editions) in real time with many of the features that are present in the Deployment Console. See Deployment Console on page 330. You can install the Deployment Web Console on any computer running the Microsoft IIS Server, such as a computer running Deployment Server, Notification Server, or a remote computer running only Microsoft IIS. Note If Microsoft IIS is running, the Deployment Web Console is installed automatically during the Windows installation. Note The DS Installer does not detect the version of MDAC that is installed. The Deployment Web Console requires MDAC version 2.71 or later to install. If the version of MDAC is earlier than 2.71, the Web console displays a Target of Invocation error. Deployment Solution 334
See also Deployment Console on page 330 and Deployment Server Components on page 329. Deployment Server System Requirements The following are the system requirements for Deployment Server components and the network environment. Network TCP/IP is used for communication between all Deployment Server components. If you have a NetWare file server for your Deployment Share, IPX can also be used to communicate with this component. For Windows 2000 systems, you must set up Active Directory with the Permissions compatible with pre-Windows 2000 option. If you select the Permissions compatible only with Windows 2000 servers option, the Deployment Server cannot manage domain accounts for you. If you are using Windows 2000 only permissions, change them to the pre-2000 option from the Windows Start menu. Open a DOS prompt to add the group Everyone by typing the following: net l ocal gr oup Pr e- Wi ndows 2000 Compat i bl e Access Ever yone / add Restart all domain controllers for the change to take effect. Deployment Server RAM: 256 MB Disk Space: 200 MB Component Hardware Software All components require Pentium III processors Deployment Server RAM: 256 MB Disk Space: 200 MB Windows 2000 Server and Advanced Server Windows Server 2003 (SP1) Deployment Console RAM: 128 MB Disk Space: 3.5 MB Windows 2000 Professional, Server and Advanced Server Windows XP Professional Windows Server 2003 (SP1) Altiris PXE Server Memory: 128 MB Disk Space: 25 MB (for boot files) DHCP server (must be on the network, but does not have to be on the same computer as a PXE Server) Windows 2000 Server or Advanced Server Windows Server 2003 (SP1) Deployment Solution 335
Deployment Agents The Deployment Agent requirements are similar to the target operating system. The Deployment Agent requires around 5 MB disk space. See the following sections for additional information: Installing the Deployment Agent on page 347 Installing Deployment Agent on Linux on page 351 Installing the Automation Agent on page 352 Managing Licenses on page 353 Simple Install for Deployment Server The Simple Install option places all the Deployment Server Components Deployment Server, Deployment Console, Deployment Share, and Deployment Database on the same computer. (See Deployment Server Components on page 329.) You can install the Deployment Server with a Microsoft Desktop Engine (MSDE) by using the Simple Install. You can install the Deployment Web Console during a Simple Install (and during a silent install) if the Microsoft IIS services and .NET frameworks are running on the selected computer. You can download the Altiris Deployment Solution from the Altiris product CD or from www.altiris.com. Deployment Database Memory: 128 MB Disk Space: 55 MB (for program files), plus space for data. (Microsoft SQL Server TM 2000 (SP3) or MSDE 2000 (SP3) Deployment Share (File server for storage) Memory: 128 MB Disk Space: 100 MB for Deployment Server program files plus space for storing files (image, boot, .RIP, and so on) Windows 2000 Server or Advanced Server Windows Server 2003 (SP1) NetWare (File server only. Cannot be used for any other components). Deployment Web Console Memory: 128 MB Windows 2000 Professional, Server or Advanced Server Windows XP Professional Windows Server 2003 (SP1) MS IIS 5.5 MDAC 2.71 or later. Component Hardware Software Deployment Solution 336
Note Simple installation works only with a default Microsoft SQL 2000, SQL 2005, or MSDE install. To run a Simple Install 1. Start the server and log on using the administrator account you created for the Deployment Server. See Deployment Server System Requirements on page 334. 2. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Altiris Packager Self-Extracting Executable Options dialog appears. 3. Select the Use current temp folder option to use the current temporary folder to download installation files or the Extract to a specific folder option to set a path to an existing folder to download the installation files. 4. Click Extract and Execute App to extract and execute the application immediately. The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll already exists, a prompt appears, asking whether you want to overwrite this file. Click Yes to All. You may have to wait for some time while Altiris Packager extracts files from this archive. Note Click Extract Only to only extract the application and execute the application later. You must run the axInstall.exe file to start the installation. 5. Select the Simple Install option from the installation types listed in the Deployment Server Install Configuration dialog. 6. (Optional) Select the Include PXE Server option to install the PXE Server. (See Altiris PXE Server on page 332.) Click Install. 7. Click Yes on the Software License Agreement page. 8. Enter the following information on the Deployment Share Information page: a. In the File Server path field, enter or browse to the path to install the Deployment Server program files. The default path is C:\Program Files\Altiris\eXpress\Deployment Server.) b. Select the Create Deployment Share option to create a Deployment Share on the computer. The Deployment Share lets you store files on the computer and run Deployment Server system applications. See Deployment Share on page 332. c. Select one of the following options to configure the licensing information:
AltirisDeploymentSolutionWin_(version) installs all Windows components of Deployment Solution. Using the Simple Install option, you can install MSDE 2000 on a local computer if a database is not already installed. Deployment Solution 337
If you do not have a license file, select the Free 7 day license option. The installation continues and lets you use a free evaluation license file. Select the Upgrade using existing license option to upgrade the installation using an existing license. Select the License File option and browse to locate a license file (.LIC file). This is the activation key you receive when you register your Altiris software. See the Altiris Getting Started Guide for further licensing information. Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. d. You must enter an administrator user name and password for the Deployment Server. This account must already exist on the Deployment Share and the Deployment Server. By default, the name you are currently logged on as appears. If you use a domain account, enter the domain and the user name (Example: Domain1\administrator). See Deployment Server on page 330. Note: If a previous installation of the Deployment Database is detected, an axinstall prompt appears, asking whether you want to preserve or overwrite the existing database. Click Yes to preserve the data in your Deployment Database. Click Next. The Pre-boot Operating System page appears. 9. Select a default pre-boot operating system from any one of the options, such as FreeDos, MS-DOS, Linux, WinPE, or None. Browse to locate the FIRM file (for FreeDos and Linux operating systems) or the operating system files (for MS-DOS and WinPE). Click Next. The Installation Information page appears, displaying the components that you selected to install. 10. Click Install to install the listed components, or click Back to modify the settings before starting the installation. The installation process begins and can take several minutes. The Installation Information Summary page appears after the installation completes. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears, stating that the share is already in use and you need to manually set the share to point to the correct directory. Click OK. 11. (Optional) You can select one of the following options to install agents. Enable Microsoft Sysprep Support. Select this option to enable Microsoft Sysprep support and click Next. You must specify the location of the Microsoft Sysprep files. Remotely install Deployment Agent (Windows 2000 or later only). Select this option if you want to push the Deployment Agent to computers running Windows 2000, XP, Windows Server 2003 and 2008, and Vista operating systems. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Deployment Solution 338
Note This option is enabled on Dell computers only when add-ons are present in the oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress directory. 12. Click Finish. You have successfully completed a Simple Install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all the computer resources running Deployment Agents configured for your Deployment Server. Note Antivirus applications can delete service .EXE files or can disable services. Example: When you run the Deployment Server Win32 Console, the Unable to connect to the Altiris Deployment Server DS Management Server. Please ensure this service is started and running currently. error appears. This occurs because the service files are deleted by the antivirus application during scanning. To resolve this issue, disable the antivirus software and reinstall the Deployment Server. See Custom Install for Deployment Server on page 338. Custom Install for Deployment Server The Custom Install option lets you distribute all the Deployment Server Components Deployment Server, Deployment Console, Deployment Share, and Deployment Database on different computers. (See Deployment Server Components on page 329.) You can install Deployment Server with a Microsoft Data Engine (MSDE) or install it on an existing SQL Server. You can download the Altiris Deployment Solution either from the Altiris product CD or from www.altiris.com. To run a Custom Install 1. Start the server and log on as the administrator account you created for the Deployment Server. See Deployment Server System Requirements on page 334. 2. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Altiris Packager Self-Extracting Executable Options dialog appears. 3. Click the Use current temp folder option to use the current temporary folder to download installation files or the Extract to a specific folder option to set a path to an existing folder to download the installation files. 4. Click Extract and Execute App to extract and execute the application immediately.
AltirisDeploymentSolutionWin_(version) installs all Windows components of Deployment Solution. Select the Custom install option to add new components or to install Deployment Solution on an existing database. Deployment Solution 339
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll already exists, a prompt appears, asking whether you want to overwrite this file. Click Yes to All. You may have to wait for some time while Altiris Packager extracts files from this archive. Note (Optional) Click Extract Only to only extract the application and execute the application later. You must run the axInstall.exe file to start the installation. 5. Select the Custom Install option from the installation types listed in the Deployment Server Install Configuration dialog if any of the following conditions exist: You are using the NetWare file server as a Deployment Share. You are managing many computers and require a distributed architecture to meet bandwidth restrictions and other design requirements. 6. Click Install. Click Yes on the Software License Agreement page. 7. Enter the following information on the Deployment Share Information page: a. In the File Server path field, enter or browse to the path to install the Deployment Server program files. The default path is C:\Program Files\Altiris\eXpress\Deployment Server.) b. Select the Create Deployment Share option to create a Deployment Share on the computer. The Deployment Share lets you store files on the computer and run Deployment Server system applications. The Deployment Share can exist on a Microsoft Windows server or Novell NetWare server. Note You can only create the share if it is on a Microsoft Windows Server; the Novell share should already be set up. See Deployment Share on page 332. c. Select one of the following options to configure the licensing information: If you do not have a license file, select the Free 7 day license option. The installation continues and lets you use a free evaluation license file. Select the Upgrade using existing license option to upgrade the installation using an existing license. Select the License File option and browse to locate a license file (.LIC file). This is the activation key you receive when you register your Altiris software. See the Altiris Getting Started Guide for further licensing information. Click Next. Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. 8. Enter the following information on the Deployment Server Information page: a. Select the computer where you want to install the Deployment Server. You can install the Deployment Server on the local computer or on a remote computer. The IP address and the port information for the selected computer are displayed by default. Deployment Solution 340
b. Enter the path where you want to install the Deployment Server. c. You must enter an administrator user name and password for the Deployment Server. This account must already exist on the Deployment Share and the Deployment Server. By default, the name you are currently logged on as appears. If you use a domain account, enter the domain and the user name (Example: Domain1\administrator). (See Deployment Server on page 330.) Click Next. 9. Enter the Deployment Database information and click Next. Specify the Microsoft SQL Server Instance where you want to install the database. See Deployment Database on page 331. Note If you have already set up multiple instances of the Microsoft SQL Server, you can identify a specific database instance in this field using the format: <SQL Server Name>\<database instance>. Depending upon the selection of the SQL Server instance, the default port at which the selected instance is listening appears in the SQL Port Number field. You can edit the port number if you have manually entered the SQL Server name or if the port number does not appear automatically due to some firewall restriction. You can enter a name other than eXpress in the Database Name field. 10. Select the type of Deployment Database authentication to be used. You must enter the user name and password if you want to use SQL Server authentication. Note You cannot use the remote SQL database with NT authentication on a remote computer if you do not have administrative rights on the computer. Click Next. The Pre-boot Operating Systems page appears. Note: If a previous installation of the Deployment Database is detected, an axinstall prompt appears, asking whether you want to preserve or overwrite the existing database. Click Yes to preserve the data in your Deployment Database. 11. Select a default pre-boot operating system from any one of the options, such as FreeDos, MS-DOS, Linux, or WinPE. Browse to locate the FIRM file (for FreeDos and Linux operating systems) or enter the path for the operating system files (for MS- DOS and WinPE). Click Next. Note If you are using a free evaluation license, you cannot use the WinPE Add-On Packages. 12. Enter the PXE Server information. (See Altiris PXE Server on page 332.) Select the pre-boot operating system to use as the default PXE boot menu item. You can select DOS, Linux, or WinPE. If you want to use the previously installed pre-boot operating system, select the Keep current default option. Click Next. 13. Specify how you want to connect your managed computer to the Deployment Server by selecting one of the following options. Deployment Solution 341
Select the Connect directly to Deployment Server option and enter the Deployment Server IP address and port. Select the Discover Deployment Server using TCP/IP multicast option and provide the Server name. Note If you leave the Server name field blank, the Deployment Agent connects to the first Deployment Server that responds. Click Next. 14. Enter the Deployment Console information. You can install the Deployment Console on the local computer or on a remote computer. Click Next. 15. Enter the Deployment Web Console information. You can install the Deployment Web Console on the local computer or on a remote computer. This computer must be running Microsoft IIS .NET framework. Specify the path where you want to install the Deployment Web Console and also valid user credentials. Click Next. See Deployment Web Console Information on page 364. Note This option is disabled if Microsoft IIS is not detected. The Installation Information page appears, displaying the components that you selected to install. 16. Click Install to install the listed components or click Back to modify the settings before starting the installation. The installation process begins and can take several minutes. The Installation Information Summary page appears after the installation completes. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears stating that the share is already in use and you must manually set the share to point to the correct directory. Click OK. 17. (Optional) You can select one of the following options to install agents on the managed computers. Enable Microsoft Sysprep Support. Select this option to enable Microsoft Sysprep support and click Next. You must specify the location of the Microsoft Sysprep files. Remotely Install Deployment Agent (Windows 2000 or later only). Select this option if you want to push the Deployment Agent to Windows computers directly after the installation. This can be done any time by selecting Tools > Remote Agent Installer. Install add-ons to provision server hardware. Select this option to install OEM add-ons for servers. Note This option is enabled only when add-ons are present in the oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress directory. 18. Click Finish. Deployment Solution 342
You have successfully completed a Custom Install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all the computer resources running Deployment Agents configured for your Deployment Server. See Simple Install for Deployment Server on page 335. Thin Client Install for Deployment Server The Thin Client Install option lets you install the Thin Client view of the Deployment Console on your computer. You can install Deployment Server with a Microsoft Data Engine (MSDE) or install it on an existing SQL Server. You need not provide a license file for the Thin Client installation. To run a Thin Client Install 1. Start the server and log on using the administrator account you created for the Deployment Server. See Deployment Server System Requirements on page 334. 2. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Altiris Packager Self-Extracting Executable Options dialog appears. 3. Select the Use current temp folder option to use the current temporary folder to download installation files or the Extract to a specific folder option to set a path to an existing folder to download the installation files. 4. Click Extract and Execute App to extract and execute the application immediately. The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll already exists, a prompt appears, asking whether you want to overwrite this file. Click Yes to All. You may have to wait for some time while Altiris Packager extracts files from this archive. Note Click Extract Only to only extract the application and execute the application later. You must run the axInstall.exe file to start the installation. 5. Select the Thin Client Install option from the installation types listed in the Deployment Server Install Configuration dialog. 6. (Optional) Select the Include PXE Server option to install the PXE Server. (See Altiris PXE Server on page 332.) Click Install. 7. Click Yes on the Software License Agreement page. 8. Enter the following information on the Deployment Share Information page: a. In the File Server path field, enter or browse to the path to install the Deployment Server program files. The default path is C:\Program Files\Altiris\eXpress\Deployment Server. b. Select the Create Deployment Share option to create a Deployment Share on the computer. The Deployment Share lets you store files on the computer and run Deployment Server system applications. See Deployment Share on page 332. c. You must enter an administrator user name and password for the Deployment Server system. This account must already exist on the Deployment Share and Deployment Solution 343
the Deployment Server. By default, the name you are currently logged on as appears. If you use a domain account, enter the domain and the user name (Example: Domain1\administrator). See Deployment Server on page 330. If a previous installation of the Deployment Database is detected, an axinstall prompt appears, asking whether you want to preserve or overwrite the existing database. Click Yes to preserve the data in your Deployment Database. Click Next. The Pre-boot Operating System page appears. 9. Select a default pre-boot operating system from any one of the options, such as FreeDos, MS-DOS, Linux, WinPE, or None. Browse to locate the FIRM file (for FreeDos and Linux operating systems) or enter the path for the operating system files (for MS-DOS and WinPE). Click Next. The Installation Information page appears, displaying the components that you selected to install. 10. Click Install to install the listed components, or click Back to modify the settings before starting the installation. The installation process begins and can take several minutes. The Installation Information Summary page appears after the installation completes. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears, stating that the share is already in use and you must manually set the share to point to the correct directory. Click OK. 11. (Optional) You can select one of the following options to install agents. Enable Microsoft Sysprep Support. Select this option to enable Microsoft Sysprep support and click Next. You must specify the location of the Microsoft Sysprep files. Remotely install Deployment Agent (Windows 2000 or later only). Select this option if you want to push the Deployment Agent to computers running Windows 2000, XP, Windows Server 2003 and 2008, and Vista operating systems. Install add-ons to provision server hardware. Select this option to install OEM add-ons for servers. Note This option is enabled only when add-ons are present in the oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress directory. 12. Click Finish. You have successfully completed a Thin Client install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all the computer resources running Deployment Agents configured for your Deployment Server. Note Antivirus applications can delete service .EXE files or can disable services. Example: When you run the Deployment Server Win32 Console, the Unable to connect to the Altiris Deployment Server DS Management Server. Please ensure this service is started and running currently. error appears. This occurs because the service files are Deployment Solution 344
deleted by the antivirus application during scanning. To resolve this issue, disable the antivirus software and reinstall the Deployment Server. Component Install for Deployment Server The Component Install option lets you add selected Deployment Server Components Deployment Console, Deployment Web Console, PXE Server, and Deployment Agents to the existing Deployment Share. You can also add Microsoft Sysprep files. See Deployment Server Components on page 329. To run a Component install 1. Start the server and log on using the administrator account you created for the Deployment Server. See Deployment Server System Requirements on page 334. 2. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Altiris Packager Self-Extracting Executable Options dialog appears. 3. Select the Use current temp folder option to use the current temporary folder to download installation files or the Extract to a specific folder option to set a path to an existing folder to download the installation files. 4. Click Extract and Execute App to extract and execute the application immediately. The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll already exists, a prompt appears, asking whether you want to overwrite this file. Click Yes to All. You may have to wait for some time while Altiris Packager extracts files from this archive. Note (Optional) Click Extract Only to only extract the application and execute the application later. You must run the axInstall.exe file to start the installation. 5. Select the Component Install option from the installation types listed in the Deployment Server Install Configuration dialog and click Install. 6. Click Yes on the Software License Agreement page. 7. Enter a path for the Deployment Share and click Next. 8. Select the components you want to install and click Next. Install an additional Deployment Console. Select this option to install another Deployment Console (a Windows executable) on another computer. You can add as many Deployment Consoles as required to manage from multiple consoles across your system, but you can install only one at a time. The Deployment Console Information dialog appears. Install an additional Deployment Web Console. Select this option to install an additional Deployment Web Console on the local computer. You can install the Web console only on computers running Windows 2000 or later and Microsoft IIS. See Deployment Web Console Information on page 364. The Deployment Web Console Information dialog appears. Deployment Solution 345
Install an additional Altiris PXE Server. Select this option to add additional PXE Servers across a network segment to handle boot requests for large environments. The PXE Server Information dialog appears. Master PXE Server. When you add another PXE Server, the PXE Server that you initially installed is designated as the Master PXE Server. The Master PXE Server works concurrently with any additional PXE Server to handle boot requests across the network segment, but it also allocates additional blocks of IP addresses to other PXE Servers in the system. For all the available options for installing PXE Server, see Altiris PXE Server Install on page 363. Install additional Deployment Agents. Select this option to install additional Deployment Agents on client computers, setting up managed computers in the Deployment Server system. The Remote Agent Install dialog appears. Enter common administrator credentials for all client computers. See Enter administrator account information on page 347. Add Microsoft Sysprep files. Select this option to install the Microsoft Sysprep files, if you did not install them earlier. The Sysprep dialog appears. See Sysprep on page 364. 9. Select the computer where you want to install the selected components and click Next. The Installation Information page appears. Note If you select the On a remote computer option, you must browse and select the remote computer. 10. Click Install to install the listed components or click Back to modify settings before starting the installation. The installation process begins and can take several minutes. The Installation Information Summary page appears, specifying that the installation was successful. 11. Select the Install add-ons to provision server hardware option to install the add-ons for Dell computers. Click Finish. Note This option is enabled on Dell computers only when add-ons are present in the oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress directory. This is the only option available on the Installation Information Summary page when you select Component Install. You have successfully completed a Component Install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all the computer resources running Deployment Agents configured for your Deployment Server. Installing Deployment Solution Agents Each client computer requires the Deployment Agent to run as the Production Agent on a local hard disk, which communicates with the Deployment Server and registers in the Deployment Database. For Windows and Linux client computers, Deployment Solution lets you push agent software to a client computer from a Deployment Console, or you can pull the Deployment agent to the client computer from the Deployment Web Console (or pull it from the Deployment Share). Deployment Solution 346
You can install an embedded (recommended) or hidden automation partition, which contains an Automation Agent that establishes communications with the Deployment Server to run the deployment jobs that are assigned to the client computer. See Install Automation Partition on page 133. You can also easily install the Deployment Agents for handhelds from the console using prebuilt jobs. Deployment Agent. Install a Production Agent to a Windows desktop, notebook, or server computer. You can also install this agent on any supported Linux workstation or server. See Installing the Deployment Agent on page 347. Deployment Agent on Linux. Install on any supported Linux workstation or server. See Installing Deployment Agent on Linux on page 351. Automation Agent. Install on any Windows desktop, notebook, or server computer. See Installing the Automation Agent on page 352. Installing Deployment Agent for Pocket PC. Install on handheld computers running the Pocket PC operating system. See Managing Licenses on page 353. Deployment Agent on XP, 2003, Vista (Business) and 2008 Server. Install the Deployment Agent on the selected Windows XP, Server 2003, Vista (Business), and Server 2008 computers. Client Connectivity and Network Adapters Altiris supports all standard network adapter cards and includes many drivers with the installation of Deployment Solution. However, sometimes outdated drivers (including default drivers that come with the hardware) cause problems when clients are in automation mode. To avoid these problems, you should check the manufacturers Web site for your network adapter to ensure you use their latest driver in your pre-boot operating system configuration file. Some common client problems that can be solved by updating drivers are: Locking when loading drivers or failing to connect to the server Locking when imaging (downloading, uploading, or multicasting) Microsoft Client Drivers The Boot Disk Creator is set up to work with drivers that follow a certain standard. Because not all NIC drivers follow that standard, you may have to move the files to a different location. Ensure that the following files are in the same directory: The DOS driver for your card (drivername.dos) The sample protocol.ini that comes with your driver (protocol.ini) The OEM setup file that specifies the DOS driver (oemsetup.inf ) Example: The OEM setup file may contain lines similar to the following: [ net car d] NGRPCI =NETGEAR FA310TX Fast Et her net PCI Adapt er , 0, ndi s, et her net , r eal , NGRPCI , NGRPCI _NI F [ NGRPCI ] ( Thi s header must be t he si xt h i t eml i st ed i n t he l i ne above) Devi ce=NGRPCI . DOS ( I f t hi s l i ne i s mi ssi ng, add i t . The synt ax i s devi ce=dr i ver name. ) Deployment Solution 347
If there is no protocol.ini file, create a text file that contains the following command: Dr i ver Name=dr i ver name Novell Client Drivers The Boot Disk Creator performs the following functions: Searches all subdirectories for a directory that contains *.ins, *.com, and net.cfg files. (These files must be in the same directory.) The .INS file is opened to get information about the network card. Searches the file for a line starting with a carat (^). This line must have at least two values listed, separated by a comma. The two values needed are the description of the card (value1) and the .com driver file name (value2). Installing the Deployment Agent For client computers running a Windows operating system, Deployment Solution lets you install agent software using the Remote Agent Installer to push the agent to a client computer from a Deployment Console. (See Remote Agent Installer on page 347.) Or, you can pull the Deployment agent to the client computer by accessing the Windows share or downloading the install package from the Deployment Web Console. You must have administrative rights to the client computers and File and Print Sharing must be enabled to install the agent software. Remote Agent Installer Windows XP To install, each XP computer must have: An Administrator account with a password. This account must be able to browse \ \ host name\ admi n$ on the selected computer. Disabled simple file sharing. This option can be disabled in Windows Explorer by selecting Tools > Folder Options > View tab and clearing the Use simple file sharing check box in the Advanced settings section. File and printer sharing must be enabled in the Windows Firewall. Windows 2003, Vista, and 2008 Servers You must disable the Firewall and UAC options from the Control Panel to install the agent successfully on Vista and 2008 Server. Enter administrator account information Enter common administrator credentials for all client computers, or keep the default credentials to be prompted for each client computer.
Click Remote Agent Installer on the Deployment Console toolbar, or click Tool > Remote Agent Installer to open the utility program. You can also download aclient.exe from the network share or Deployment Web Console to install a Deployment agent. Deployment Solution 348
Let me specify a username and password for each machine as its installed. Prompts for an administrative user name password for each computer in the remote install list. This is the default option. Use this username and password for all clients. Enter credentials for an administrator account that has rights to all the client computers that you add to the remote install list. Specify install directory Enter a location to install the Deployment Agent. Install directory. Enter the path to install the Deployment Agent on the client computer. Enable this agent to use SIDgen and/or Microsoft Sysprep. If you plan to use SIDgen or Sysprep to configure this computer the required files can be copied when the agent is installed. Click Change Settings to set the Deployment Agent settings. For more information, see Deployment Agent Settings on page 110. Automatically Add to a Group You can select one of the following options to automatically add new computers to the group that you specify. Add client(s) to default group. Adds new computers to the All Computers group. Add client(s) to a specific group. Adds new computers to another group. Use back slashes to separate subgroups. Select Computers on the Network Identify client computers on the network and add them to a list of computers to remotely install the Deployment Agent. Add. Select the computers by the name in the list, or enter a computer name or IP address. Computer Name. Enter the name of a computer on the network or its IP address. Properties. Select a computer and view the agent install settings. You can also change SID and Agent settings from the Agent Properties dialog. Import. Import new computers from a file. This file has the following parameters: - c: [ comput er ] u: [ user name] p: [ passwor d] i : [ i nput f i l e] . The parameters must be entered in this order. The password parameter is not required if the administrator account does not have one assigned. If you are using the default settings, you do not need to specify an input filename. Each computer entry must be on a separate line. Export. You can export the listed computers into an export file to use later. The default extension is *.RCI. Remote Agent Installer first looks for an RCI file extension, but any DOS text file can be used. When the computers appear in the installer list and the properties are set, click Finish. The status of the agent install appears. Deployment Solution 349
After the Deployment Agent is installed, it automatically connects to the Deployment Server and appears in the Computers pane of the Deployment Console. Download Microsoft Sysprep If you select Enable this agent to use SIDgen and/or Microsoft Sysprep on the previous dialog, the Remote Agent Installer dialog locates the required installation files for the specific versions of Sysprep. Update file system permissions when changing SIDs. Select this option to automatically update file system permissions to maintain the individual file permissions that you may have set. This also includes the individual network shares that may exist on this client. On selecting this option, SID conversion takes a long time. Note SIDgen is no longer supported and should not be used. Altiris recommends using Microsoft Sysprep in situations where SID replacement is required. Change Settings Click Change Settings to modify access, security and other settings on the Deployment Agent to be installed. See Deployment Agent Settings on page 110. Get Server Security Key This page appears only if you select the Enable key-based authentication to Deployment Server option in the Default Agent Settings dialog. Enter the security key file path for the Deployment Server or browse and select a file containing the security key file path. Installing Deployment Agent for Windows Run AClient.exe from the Deployment Share (shared folder) or download the installation file from the Deployment Web Console. 1. On the Altiris Client Service dialog, enter a location to install the Deployment agent. Select one of these options, if required, and click Next: Secure modification of server properties. Select to prohibit users from changing any agent settings. Enable changing of Security ID. Select to manage the security IDs to run a SID utility as part of an imaging job.
To install Microsoft Sysprep, you must download the installation files required for the Windows operating systems running on the client computer. Windows 2000/XP/2003 (deploy.cab) We recommend installing these files from a Windows 2003 server CD. Windows Vista and 2008 Server include sysprep files by default. Deployment Solution 350
Advanced. Click to open the Computer Configuration Properties dialog and enter the settings for the Deployment agent you are installing. See Computer Configuration Properties on page 101. 2. If you have enabled the security IDs, a page listing the options for managing the SIDs appears. Select the utilities you want to use and enter the path where the utilities are stored. Click Next to install the Deployment Agent. 3. (Optional) Select a group in the Deployment Console to add the client to. You can also leave it at the default group. After the Deployment Agent is installed, it connects to the Deployment Server and appears in the Computers pane of the Deployment Console. See Installing Deployment Solution Agents on page 345. Automating the Installation of Deployment Agent If you do not select Remote Agent Installer to install the Deployment Agent, install the Deployment Agent using log-on scripts or batch flies. However, this requires that you manually complete the installation at each client computer. Instead, you can use a template file to set applicable options and properties. The template file is a text file that can be used to automate configuration of the properties when installing the Deployment Agent from a batch file, login script, or manually from a client computer. The template file can be created using two methods: editing the sample.inp file or using Remote Agent Installer. Editing the Sample.inp file Deployment Solution ships with a sample template file named sample.inp, which contains the commands to configure installation options and properties. This file is located in Program Files\Altiris\eXpress\Deployment Server. Most of the parameters are disabled in this file. To enable an option, remove the semicolon. Example: To specify an IP address and port number for the client to locate the Deployment Server, remove the semicolon from the TcpAddr and TcpPort lines and change the address and port number to the correct values. Using Remote Agent Installer You can create a template file when running Remote Agent Installer. After modifying agent properties and adding computers to the Selecting Clients window, click Export to create a template file to import computers (*.rci) as well as the template file (*.inp). Example: If you have computers named PC-1 and PC-2 listed in the Selecting Clients window and you export these computers using the file name Export.rci, the following two template files are created: Export_PC-1.inp Export_PC-2.inp Using the Template File To use the template file you create, run the AClient.exe installation program specifying the template file and using the -install switch. Example: Deployment Solution 351
\\FX1\eXpress\AClient.exe aclient.inp -install The following command-line options are available: Installing Deployment Agent on Linux You can install the Deployment Agent on any supported Linux workstation or server by downloading and running the Deployment Agent for Linux installation file (a .BIN file) on the client computer. The Deployment Agent is updated automatically on Linux computers when you upgrade to a new version of Deployment Solution. The creation date of the Deployment Agent is checked and updated when a new agent is available. Installing the Deployment Agent for Linux 1. After downloading the .BIN file to a local directory, you can install from the command line. Browse to the directory where you saved the .BIN file, switch to the root user (su) and change the directory to the location of the .BIN file by entering ( cd < di r ect or y>) After changing the directory, you must have the permission to execute the .BIN file; to obtain the permission, enter chmod 544 <filename> Enter: . / <file name> The Deployment Agent for Linux is installed in the / opt / al t i r i s/ depl oyment / adl agent directory. 2. To change the adlagent configuration file settings, update the adl agent . conf file. This file is located in the / opt / al t i r i s/ depl oyment / adl agent / conf directory. You can also change the adlagent configuration file settings by executing the conf i gur e script from the / opt / al t i r i s/ depl oyment / adl agent / bi n directory. To edit the configure file directly, open the adl agent . conf file located in the / opt / al t i r i s/ depl oyment / adl agent / conf directory and make the required changes. You can also edit the configuration file to change the functionality or properties. Example: You can open the adl agent . conf file in an editor and scroll to the Option Definition -install AClient.exe runs and installs the Deployment Agent on the computer instead of just running it in memory. -remove Permanently removes the Deployment Agent from the computer where it is installed. -silent Lets you use the options without being prompted for further input. -stop Stops the Deployment Agent from running, but does not remove it. The next time the computer is booted, the Deployment Agent runs in production mode. -start Starts the Deployment Agent. This option works only when Deployment Agent is installed on the computer. Deployment Solution 352
[ Tr anspor t ] section and the UseMcast line. Change UseMcast =t r ue to UseMcast =f al se. In the TCPAddr =<I P addr ess>line, enter the IP address of the specific Deployment Server you want to manage the client computer. You can also identify and edit additional configuration settings in the configuration file. To run the script to change the settings for the adl agent configuration file, browse to the / opt / al t i r i s/ depl oyment / adl agent / bi n directory from the shell and enter . / conf i gur e You are prompted to select Multicast options to identify a Deployment Server to manage the current client computer, or you can select a specific Deployment Server by setting the Multicast option to false and adding the IP address of the required Deployment Server. 3. After editing the configuration file, restart the Deployment Agent for Linux. To start and stop the Deployment Agent for Linux, enter the full path or browse to the / et c/ r c. d/ i ni t . d directory (with administrator/root rights). You can use either the adl agent st op and adl agent st ar t commands, or only the adl agent r est ar t command. You can also use the Package Manager installed with Linux to restart the Deployment Agent for Linux. By stopping and starting the Deployment Agent for Linux, the service updates the changes made in the adl agent configuration file. You can now view the Linux managed computer from a Deployment Console. See Installing Deployment Solution Agents on page 345. Installing the Automation Agent After Deployment Server has detected a managed computer through the Deployment Agent in a production environment, you can install an Automation Partition from the Computers pane. Here are some other ways to create and install an Automation Agent, which is saved in an embedded (recommended) or hidden partition on the client computers hard disk. For Deployment Solution systems running the PXE Server, create boot menu options from the PXE Configuration Utility, using one of the following methods: Boot Disk Creator, Direct from floppy, or User Specified. See PXE Configuration Utility Help. To install an Automation Partition you can create a Microsoft Install Package (MSI) and deploy it using a job from the console. (See Distributing Software on page 172.) You can also create floppy disks, bootable CDs with an ISO image, or bootable USB devices. See Boot Disk Creator Help. To install an Automation Partition See Install Automation Partition on page 133. Deployment Solution 353
Managing Licenses From the Deployment Console, you can find the number of licenses used, detect an expired license, or apply a license to a client computer. Although you can install multiple Deployment Servers, licensing is based on the number of managed client computers. The Deployment Server system also provides the license utility to install or update regular licenses, or to add licenses to computers installed with Deployment Solution. This utility shows the license status, installs a new license, and adds additional licenses. Licensing Terms See also: Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 356, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358. Using the License Utility The Deployment Server system provides a license utility to update or add licenses to installed sites, which lets you apply the license activation key file (.lic file) after Altiris products are installed. This utility is installed on the Deployment Share during the Deployment Server installation. Term Description AUP - Annual Upgrade Protection Altiris Annual Upgrade Protection or AUP lets registered Altiris software users upgrade to any version of the registered product that is released during the coverage period without paying an upgrade charge. Regular production licenses never have a license expiration date, but always have an AUP date. As long as this date does not expire, you can use the license to register any version of Deployment Server. Licensed Nodes The total number of client and server computers that a Deployment Server is licensed for. Each client computer that has an agent, and that communicates actively with the Deployment Server, uses a single license node. You can view this information on the About Deployment Console box. This information appears in the License Details section when you apply a license using the Product Licensing Utility. DS and PCT These are common abbreviations for Deployment Server and PC Transplant. Both these products are licensed with the same licensing model, and often a single license applies to both products at once, although some licenses apply only to PC Transplant. Expired License All regular licenses (that are purchased) never expire. However, evaluation licenses do have an expiration date. After the expiry date, the trial or evaluation licenses do not function, and need to be replaced with a regular license. Deployment Solution 354
When you open the License Utility, the Altiris Activation Key Wizard appears. On the Select Altiris Program Files to Activate page, you can select the Replace all existing license Activation Keys with this new Activation Key check box, which overwrites the current Activation Key with the one you are installing. You can use the License Utility to view the license status, install a specific product, install new or updated licenses for installed software, and additional licenses for installed software. To view license status 1. Open the License Utility. 2. Enter the directory path to the new .LIC file. 3. Click Next. A summary page displays the activation key information. 4. Click Cancel. Install a Regular License for Altiris Products When a product is installed from the Altiris CD or the Altiris Web site, a 7-day trial license is automatically applied. However, you can apply a 30-day evaluation license or a purchased regular license to installed products that use a license activation key file (.LIC). Note Save the license activation key file, because you will need it when future product updates are released. After you receive the key, store it in a safe place (such as a floppy disk) for future reference. You can store multiple license activation key files in individual folders on a single disk. You can also store multiple license activation key files in the same folder, but the file names must be different. To apply a regular license file 1. Open the License Utility. 2. Enter the directory path to the new .LIC file and click Next. The Altiris Activation Key Wizard displays the activation key information. 3. Click Next. A list displays the Altiris products that are installed on the Deployment Server. Each program file uses license activation key files.
To open the Altiris License Utility Option 1: Click Start > Programs > Altiris > Deployment Solution > Product Licensing Utility. Option 2: 1. Browse to the location where you installed the Deployment Share. 2. Run license.exe. Deployment Solution 355
4. Select the products that you want to license. Use the Shift key to select multiple products. Click Add and browse to add another Altiris product. Select the program filename and click Open. Select the products that you do not want to apply a license to and click Remove. 5. Click Finish to apply the license to the selected products. See Installing Deployment Solution Agents on page 345. HP client computers and licensing HP client computers automatically connect to the Deployment Server with a 30-day trial license. In the Deployment Console, HP client computers display a clock icon to indicate that the trial license is limited and has an expiration date. The steps to upgrade the trial license are as follows: 1. From the Deployment Console, right-click the HP client computer and select Properties. 2. Select Apply regular license. 3. Click OK. The license is automatically upgraded to a purchased license. Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. Install Multiple Licenses Some Altiris utilities can combine multiple licenses together for the total number of nodes. Example: Two 50-node licenses can be combined to a single 100-node license. This option lets you apply an add-on license to the Altiris products that you have installed on the Deployment Server. 1. Open the License Utility. 2. Enter the directory path to the new .LIC file and click Next. The Altiris Activation Key Wizard displays the activation key information. 3. Click Next. A list displays the Altiris products you have licensed. 4. Click Finish. See also: Managing Licenses on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 356, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358. Deployment Solution 356
Adding a License from the Deployment Console Use this option to install a license to a computer from the Deployment Console after the free trial has expired. You must apply a regular (permanent) license to continue managing client computers. You cannot install a license directly on a client computer. However, you must install a regular license on the Deployment Server before you can install and manage licenses for client computers from the Deployment Console. To install a regular license on a single computer 1. From the Deployment Console, right-click the computer to which you want to apply the license. 2. Select Properties. 3. Select Apply regular license. 4. Click OK. To install a regular license on multiple computers 1. From the Deployment Console, right-click the computer group to which you want to apply the license. 2. Select Advanced. 3. Select Apply Regular License. See also: Managing Licenses on page 353, Using the License Utility on page 353, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 356, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358. Rapid Deployment Pack Licensing Rapid Deployment Pack (RDP) is the version of Deployment Server that is released to HP customers. The RDP licensing functionality is similar to the Deployment Server licensing. If you have RDP licenses with AUP longer than 3 years the Deployment Solution license utility might not work. To use these licenses, download the installation files from the HP Web site. These installation files use a slightly different version of the Product Licensing Utility, and they allow licenses with long AUP dates. See also: Managing Licenses on page 353, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Finding the Number of Licenses Used on page 356, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358. Finding the Number of Licenses Used Open the Deployment Console and select Help > About from the main menu bar. You can see the total number of licenses you have purchased, the total licenses you have used, and the total licenses available. You can view the information in the Computers pane to understand for which computers regular licenses have been applied. In the Computers pane, a clock icon in the lower left corner implies that the computer still has a free license. See also: Managing Licenses on page 353, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Deployment Solution 357
Licensing on page 356, Computers Not Using a Regular License on page 357, Detecting an Expired License on page 357, and Expired Licenses on page 358. Computers Not Using a Regular License From the Deployment Console, you can understand which computers do not have a regular license. If the icon has a clock in the lower left corner of the Computers pane, this is an HP computer that still has the free 30-day license. See also: Managing Licenses on page 353, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 356, Detecting an Expired License on page 357, and Expired Licenses on page 358. Detecting an Expired License A computer listed in the Computers pane of the Deployment Console will be gray instead of blue if the license has expired. However, this may not always mean that the license has expired. To verify that the license has expired, use the following options: When you select a computer with an expired license, the following message appears: Client license expired - see computer properties. If you try to view the properties of a computer with an expired license, the following error message appears: Error: You have chosen a computer that has expired. Clients that are expired cannot be managed until a license is purchased for them and they have been flagged in the Computer Properties dialog to accept a regular license. Note If you place a job on a computer with an expired license, the same error message appears. Directing client computers to the correct Deployment Server If you review the client computer list from the Deployment Console and notice that some computers are not available when you select them, it is possible that the computer was moved from one Deployment Server to the other, and the former server had an expired licence. To verify that a client computer is associated with the Deployment Server you want, do the following: 1. Click the Deployment Agent icon on the client computer. 2. Select Properties. 3. Enter the IP address of the correct Deployment Server in the Address/Hostname field. 4. Click OK. See also: Managing Licenses on page 353, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 356, Computers Not Using a Regular License on page 357, and Expired Licenses on page 358. Deployment Solution 358
Expired Licenses Regular Deployment Server licenses do not expire, however the 7-day trial license and the 30-day evaluation licenses do expire, and can cause some problems if not replaced properly after adding regular licenses. Computers with expired licenses become dead nodes and can no longer be managed by the Deployment Console. When a license is first installed on the Deployment Server, each computer in the database takes a license node. If this node is a temporary license, that computer has a tag in the database that says it is a trial node. If that license is not replaced before the time limit, the computer stops accepting jobs or any type of remote management. When the Deployment Server receives new regular licenses, it does not by default release the trial license nodes that it was using before. This can cause problems if the trial licenses are still being used and they expire even after you apply a regular license. You can use one of the following methods to deal with this lingering expired license issue: You can set up a global option that automatically replaces any trial license with a regular license as soon as they become available. This is a long term and preventative solution to expired license issues. 1. In the Deployment Console, go to Tools > Options. 2. Click the Global tab. 3. Select the Automatically replace expired trial licenses with available regular licenses check box. This resolves the computer node licenses expiry issue. You can reapply all regular licenses to the computer nodes. This is helpful if you want to see an immediate resolution to a license issue. 1. In the Deployment Console, right-click the All Computers computer group (or any other computer group you need to do this to). 2. Select Advanced > Apply Regular License. This makes all computer nodes in that group release the license node they were using and take a regular license node. See also: Managing Licenses on page 353, Using the License Utility on page 353, Adding a License from the Deployment Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on page 356, Computers Not Using a Regular License on page 357, and Detecting an Expired License on page 357. DS Installation Help The following are the help file topics for the Deployment Server installation program that you can access by clicking Help or pressing the F1 key. These topics identify and explain the elements on the dialogs used in the installation process. Install Configuration The Deployment Server system supports a Simple Install as well as a Custom Install option. A Simple installation lets you install all components on a single computer. The Custom installation lets you distribute individual components of a Deployment Server system on multiple computers. The Thin Client Install lets you install the Thin Client Deployment Solution 359
view of the Deployment Console on your computer. The Component Install option lets you install additional components on your system. Pre-Installation Simple Install Helper. Select this option to check for an installation of Microsoft SQL Server for a Simple Install. If Microsoft SQL Server or MSDE is located, the installation program continues. Otherwise, the installation program prompts you to download and install MSDE 2000 from the Altiris Solutions Center. Installation Type Simple Install. Select this option to install all Deployment Server components on a single computer. This configuration is recommended for managing computers on a single LAN or across a site with few subnets. See Simple Install for Deployment Server on page 335. Include PXE Server. Select this option to install the PXE Server when running the Simple install option. The PXE Server requires a DHCP server also installed on your network. See Altiris PXE Server on page 332. Custom Install. Select this option to install Deployment Server components on multiple computers across your system. A Custom Install lets you balance network activity for large enterprises with multiple subnets. Example: Use this option to distribute the Deployment Database on another computer or assign another file server as the Deployment Share to store image and package files. See Custom Install for Deployment Server on page 338. Thin Client Install. Select this option to install the Thin Client view of the Deployment Console on your computer. You do not require a license file to install this view. See Thin Client Install for Deployment Server on page 342. Include PXE Server. Select this option to install the PXE Server when running the Simple install option. To install the PXE Server, you must install a DHCP server on your network. See Altiris PXE Server on page 332. Component Install. Select this option to install additional Deployment Server components on your system. Example: Use this option if you want to add a PXE Server to your Simple or Custom installation, or if you need multiple Deployment Consoles. See Component Install for Deployment Server on page 344. If you have multiple network adapter cards, a secondary dialog appears asking you to select the IP address for the Deployment Server interface. See also Deployment Server System Requirements on page 334. Note If you run the Deployment Server on a MS Windows Server 2003 Domain Controller with SMB Signing enabled, you cannot execute any imaging and DOS jobs. When running jobs on MS Windows Server 2003, you must change the SMB Signing Registry Key to execute DOS-based deployment jobs. To disable SMB signing on the Windows 2003 Server 1. Click Start > Control Panel > Administrative Tools > Local Security Policy > Local Policies >Security Options. 2. Locate the Microsoft network server: Digitally sign communications (always) policy setting, right-click it, and select Properties > Disabled. Deployment Solution 360
3. Disable the Microsoft network server: Digitally sign communications (if client agrees) policy setting as well. This is enabled by default. Installing Deployment Server Specify the Deployment Share (shared directory) where you want to store the image files, .RIPs, and other package files. Before installing the Deployment Server, ensure that you have a shared Windows or NetWare directory with free disk space and appropriate security rights. File server path. Select the drive letter and directory path where you want to install the Deployment Server. The default path is the Program Files directory on the local computer. Create Deployment Share. If you are installing the Deployment Server on a local Windows computer, select this option to create a shared directory as your Deployment Share. If you are installing on a remote file server or if you select an invalid path, this option is unavailable. Note If you are installing the Deployment Server on a remote file server, create a share or grant access rights to the Deployment Server directory on the file server before you start the installation. For Windows XP, you must run the Network Setup Wizard accessed from My Network Places to enable sharing. Select one of the following options to configure the licensing information: If you do not have a license file, select the Free 7 day license option to use an evaluation license for a new Deployment Server installation. Select the Upgrade using existing license option to upgrade the installation using an existing license. Select the License File option and browse to locate the license file (.LIC file) that you received when you registered on the Altiris Web site. See the Altiris Getting Started Guide for further licensing information. Service username and Service password. If running a Simple Install, you must enter an administrator user name and password for the Deployment Server and the Deployment Share. This account must already exist on the Deployment Server and the Deployment Share. If you use a domain account, enter the domain name (Example: orgDomain\admin. See also Deployment Server Components on page 329, Installing Deployment Server, and Managing Licenses on page 353. Installing Deployment Server using Component Install Specify the Deployment Share (shared directory) where the image files, RIPs, and other package files are stored. Ensure that you have a shared Windows or NetWare directory with available disk space and security rights before installing. See Deployment Share on page 332. Deployment Server Install Install the Deployment Server on a computer. The service is identified in the Services section of the Windows Computer Management as Altiris eXpress Server. See Deployment Server on page 330. Deployment Solution 361
To install service on a local computer 1. Select the On this computer option. 2. Enter the Deployment Server IP address and port information. 3. Enter the path to install the Deployment Server. 4. Enter the user name and password of the Deployment Server. For a domain account, enter the domain and user name. Create this account before starting the installation. To install service on a remote computer 1. Select the On a remote computer option. 2. Enter the name of the computer or browse to where you want to install. By default, the destination path and IP address of the computer appear. 3. Enter the user name and password of an administrator account for the Deployment Server computer. For domain accounts, include the domain name (Example: orgDomain\admin). The user account must have rights to the Deployment Share. Create the administrator domain account before starting the installation. See Deployment Share on page 332. See also Deployment Server Components on page 329 and Installing Deployment Server on page 329. Pre-boot Operating System (Simple) Select a pre-boot operating system, which the Deployment Server can use as the default, when creating a deployment job with an automation task. You can also install additional pre-boot operating system files later by using Boot Disk Creator. If you are running a PXE Server in your system environment, the first pre-boot operating system that you install becomes the default boot menu option for Initial Deployment. The menu options display DOS Managed, Linux Managed, or Windows Managed. You can assign an automation pre-boot operating system to an automation task when it is added to a deployment job. This flexibility lets you run several automation tasks within a single job, and each task can boot to the automation environment you want. None. Select this option if you do not want to provide a default automation operating system. You can also select this later through the Boot Disk Creator utility. FreeDOS. Browse to the BDCgpl.frm file. This is available on the Deployment Solution download site. MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or browse to the system formatted files. Linux. Browse to the BDCgpl.frm file. This is available on the Deployment Solution download site. WinPE. Browse to the WinPE files. See Boot Disk Creator Help and PXE Configuration Help. Deployment Solution 362
Pre-boot Operating System (Custom) Select a pre-boot operating system that the Deployment Server can use as the default when creating a deployment job with an automation task. You can also install additional pre-boot operating system files later by using Boot Disk Creator. If you are running a PXE Server in your system environment, the first pre-boot operating system that you install becomes the default boot menu option for Initial Deployment. You can assign an automation pre-boot operating system to an automation task when it is added to a deployment job. This flexibility lets you run several automation tasks within a single job, and each task can boot to the automation environment you want. FreeDOS. Browse to the BDCgpl.frm file. This is available on the Deployment Solution download site. MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or browse to the system formatted files. Linux. Browse to the BDCgpl.frm file. This is available on the Deployment Solution download site. WinPE. Browse to the WinPE files. See Boot Disk Creator Help and PXE Configuration Help. Deployment Database Install Install the Deployment Database on a local or remote server with or without an existing Microsoft Data Engine (MSDE) or Microsoft SQL Server. To install the database, you must have administration rights to the selected server. See Deployment Database on page 331. Note If you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific instance using this format: <SQL Ser ver Name>\ <dat abase i nst ance>. The instance of the database can vary. Example: If you have a clustered Microsoft SQL Server to manage multiple Deployment Solution systems on different network segments, you can enter the name sal esSegment \ expr ess or mar ket i ngSegment \ expr ess depending on the previously established database instance. Install the Deployment Database using these options: Select the Microsoft SQL Server instance where you want to install your Deployment database. You can also change the default SQL Port number. You can rename the Deployment Database default name, eXpress, by entering a different name in the Database Name field. However, this does not alter the Deployment Share name. See also Deployment Server Components on page 329. Deployment Solution 363
Altiris PXE Server Install Select the options to boot locally using the Altiris Automation Partition. For PXE- compliant computers, you can boot across the network using the Intel Pre-boot eXecution Environment option in the PXE Server. See Altiris PXE Server on page 332. Note If you have a Novell NetWare file server, you must set up the PXE Server after installing the Deployment Server. The Universal Network Device Interface (UNDI) default driver is not supported by Novell NetWare. Select the No I will be using an Altiris automation partition on each client computer option, if you do not want to use PXE and prefer to use embedded (preferred) or hidden partitions, or bootable media to run tasks. Note This option is unavailable for installing the PXE Servers using the Component Install option. Select the Yes, I want to install PXE Server on this computer option to install the PXE Server on the local computer. Note This option is selected by default for the Component Install. Select Yes, I want to install PXE Server on a remote computer to install the PXE Server on a remote computer. Enter the name of the computer and the path. Enter the IP address for the PXE Server and the Deployment Server. Enter the path where you want to install the PXE Server. Select the pre-boot operating system that can be used as the default PXE boot menu item. The pre-boot operating system options that are enabled depend on the options you selected for the pre-boot operating systems in the Pre-boot Operating Systems page. Example: If you select Linux in the Pre-boot Operating Systems page, the Linux option is enabled as the default PXE boot menu item. See Installing the Automation Agent on page 352, Pre-boot Operating System (Simple) on page 361, and PXE Configuration Utility Help. Client Connection to Server Select the protocol your managed computers can use to connect to the Deployment Server. Connect directly to Deployment Server. Installs the PXE Server using the Intel Pre- boot eXecution Environment (for PXE-compliant computers only). You can use this without PXE for faster access, as it goes directly to the IP address without searching. If managed computers are on a different segment or if you are using the PXE Server with an UNDI driver, click Connect directly to Deployment Server and enter the IP address of the Deployment Server that the managed computers can connect to. Do not change the port number unless the default is already being used. Note If you change the port number, you must change the client configurations. Deployment Solution 364
Discover Deployment Server using TCP/IP multicast. Lets the managed computers connect to any Deployment Server. To use multicasting and connect to a specific Deployment Server, enter the name of the Deployment Server computer. Multicasting cannot be used with the UNDI driver. If you want to use different drivers on the PXE Server, you can create multiple PXE boot files after installing. See also Deployment Agents on page 109. Deployment Web Console Information This feature lets you remotely manage Deployment installations, deploy and manage Windows and Linux computers (both client and server editions) in real-time, and benefit from many of the features available in the Deployment Console. To Install Deployment Web Console 1. By default, the Deployment Web Console installs on the computer that is running the installer. Select the On a remote computer option and browse to a computer where you want to install. If you do not want to install the Deployment Web Console, select the Do not install option. 2. If you want to change the default values, enter the Console port and Deployment Web Console path for the installation. 3. You must enter the Service username and Service password that already exist on the Deployment Share and the destination computer where you install the Web Console. Note If you are installing an additional Deployment Web Console using the Component Install option, the Do not Install option is disabled. See Deployment Console on page 330 and Deployment Server Components on page 329. Sysprep Enter the location of the Microsoft Sysprep files according to the operating system. Specify the location or browse and select the required files. Installing Components Click Install, or click Back to change the settings. See Deployment Server Components on page 329. Installation Information Summary The components are installed. You can remotely install Deployment Agents, enable Sysprep support, and download Adobe Acrobat for documentation. Enable Microsoft Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Deployment Solution 365
Remotely Install Deployment Agent (Windows 2000 or later only). Select this option to push the Deployment Agent. Install add-ons to provision server hardware. Select this option to install the add- ons for Dell computers. Note This option is enabled on Dell computers only when add-ons are present in the oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress directory. This is the only option available on the Installation Information Summary page when you select Component Install. Click Finish. See also Deployment Server Components on page 329. Add Components Summary The components in the list are installed. Download Adobe Acrobat. Select this option to download the Adobe Acrobat Reader to read the documentation in the .PDF format. Click Finish. See Deployment Server Components on page 329. Deployment Database Authentication Specify the type of authentication the Deployment Database will use. You can select Windows authentication or SQL Server authentication. If you select SQL authentication, enter the user credentials with administrative rights for the SQL database. Use Windows NT authentication. Select this option to use the Windows network or Active Directory authentication. Use SQL Server authentication. Enter the user name and password set for the Microsoft SQL Server. If using MSDE, the default sa user name is used and no password is required. See also Deployment Server Components on page 329 and Installing Deployment Server on page 329. Add Components If you have already installed Deployment Server, you can add components to the existing system. Select the type of component you want to add. See also Deployment Server Components on page 329. Console Install You can install the Deployment Console either on the local computer or on multiple remote computers. Installing the Deployment Console on remote computers lets you manage computers from multiple Deployment Consoles across the Deployment Server installation. See Deployment Console on page 330. Select the On this computer option to install the Deployment Console on the local computer. Select the On a remote computer option to install the Deployment Console on a remote computer. Enter the computer name or browse and select a computer. Deployment Solution 366
See also Deployment Server Components on page 329 and Installing Deployment Server on page 329. Installer Return Codes For a list of return codes for the installation program, see the Error Messages in Deployment Solution chapter in the Reference Guide. Deployment Solution 367
Part VII Deployment Web Console The Deployment Web Console allows you to manage and deploy computer resources in real-time from a web browser to manage multiple Deployment Server sites. In addition, the Deployment Web Console loads into the Altiris Console to provide comprehensive reports and integrate additional management solutions. Deployment from the Altiris Console allows you to use the built-in features of Notification Server such as Package Servers, security, and collections with standard Deployment Solution management features. Deployment Solution 368
Managing from the Deployment Web Console Deployment Solution provides both Windows and Web user interface consoles to deploy and manage computer devices across local or wide area networks. As an IT administrator, you can manage all types of computer devices and servers from the Deployment Web Console using all features available in the Windows console. The Web console reads and writes directly to the Deployment Database and can be accessed as a standalone Web application or integrated within the Altiris console: The Deployment Web Console provides basic deployment and management functionality from a Web browser, including the ability to remotely access and manage computer devices, build and schedule jobs, and view multiple Deployment sites. To launch the Deployment Web Console, double-click the icon on the desktop, or click Programs > Altiris > Deployment Solution > Deployment Web Console. The Web console for Deployment Solution provides standard Computers, Jobs, and Details panes to view computer icons and properties, perform remote operations, schedule deployment jobs, and identify the state and status of computers in your system. See Deployment Web Console Basics (page 369). Deployment from the Altiris Console lets you manage and generate reports across multiple Deployment Server systems and integrate additional Web applications available in the client and server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, and Application Metering solutions. Deployment from the Altiris Console lets you generate enterprise-wide reports that track deployment resources and integrate features such as Package Servers for location-sensitive software distribution. Notification Server also provides collection features to group computers by defined criteria. See Deployment from the Altiris Console (page 386). The Deployment Console is a Windows-based console with complete deployment and management features, including remote control, security, PXE server configuration, image editing, and other deployment utilities and features. To launch the Deployment Server Console, double-click the icon on the desktop or click Programs > Altiris > Deployment Solution > Console. See the Deployment Server Help and Deployment Product Guide for additional information. Deployment Solution 369
The Deployment Web Console also provides features and functionality to integrate with Microsofts Automated Deployment Services (ADS). See Automated Deployment Services (ADS) (page 385). See Basic Tasks from the Deployment Web Console (page 372) for steps to manage and deploy computer devices from the Deployment Web Console. Deployment Web Console Basics The Deployment Web Console is a feature-rich Web application that uses Microsoft .NET and other built-in services to provide real-time access to computer resources, deployment jobs, and package files. The Deployment Web Console includes a graphical user interface with distinct icons to identify type and status of the computer, groups, deployment job or other system components. From the Deployment Web Console you can build simple or complex deployment jobs to migrate users, set up new users, install software and image hard disks all from a Web browser. The Deployment Web Console also loads from the Deployment tab in the Altiris Console for integration with the Client Management Suite and Server Management Suite. Refresh. Click to update console information after adding or deleting items, creating groups, or making other screen changes.
Expand. Click to expand or contract feature sections within the Web page. Apply. Click to apply settings, properties or names. You remain on the current page after clicking Apply. Cancel. Click to cancel out of an action or delete a property or name. You remain on the current page after clicking Cancel. New. Click to add new items or objects within a group, such as new computer accounts or conditions sets.
New Computer. Click when Adding New Computers. New Job. Click to create a new job.
Up/Down arrows. Click to change the order of items in a list. Example: the order of tasks in a deployment job. Task User Passwords. Click to change the users task password on multiple Deployment servers. Users have access to the job tasks: Copy file to, Distribute Software, Run Script, Distribute Personality, and Capture personality.
Find. Click to find or filter selected computers in a group or jobs in a folder. You can also filter computers by operating system or jobs by task types. Deployment Solution 370
Like all Deployment consoles, the Deployment Web Console is divided into several panes to organize computers, deployment jobs, software packages and scripts. It gives you a graphical view of your network and provides features to build jobs, store and access jobs and packages, and report the status and state of all of your computer resources. Computers pane From the Computers pane, you can traverse multiple Deployment Server systems and navigate the treeview of each system to select computers or computer groups. You can view Computer Details, run Remote Operations, or Assigning and Scheduling Jobs for each selected computer or group. Elements of each group appear in the Details pane with features to view properties and run management tasks. By drilling down into a selected Deployment Server system, you can view and select New Computers and other computer groups defined for your organization. When running Deployment from the Altiris Console, you can also identify managed computers within the Altiris Console Collections created by Notification Server. These collections identify only managed computers with the Deployment Agent installed, displaying computers by operating system, computer model, type, or other properties. You can now manage computers by defined groups or filtered by client type. When a computer or group is selected, the Details pane shows a list of computers in the group and gives basic information about each computer. The Find detail bar appears in the Details pane to filter computers by a set criteria. When a computer is selected, you can view the computer status in the Details pane, including a list of jobs that have run or are scheduled to run on the computer and the status of each job. See Managing
Go. Click to run a process or actuate a feature. Delete. Click to delete an item.
Deployment Web Console options. Click to set these features set properties for the Deployment Web Console and the ADS features. About Deployment Web Console. Click to view supported Deployment Servers, licensing information for each system, and general information. Help. Click to open help documentation for the Deployment Web Console. Deployment Solution 371
Computers from the Deployment Web Console (page 398) for complete information about organizing computers, running remote operations, and viewing properties from the Computers pane. Jobs pane Use the Jobs pane to create and build jobs with specified deployment tasks. You can organize the job objects using the New job folder command from the Select Action list. Jobs in one Deployment Server group can be scheduled to computers in another Deployment group, where they are replicated to the source Deployment Server. Jobs can also be replicated directly to another system using the Move job command in the Details pane. From the Jobs pane you can schedule and execute deployment jobs such as creating images, deploying computers, changing configurations, or installing software. Once a job is created, you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a particular time, or saved for a later time. See Scheduling Jobs from the Deployment Web Console (page 419) for complete information about setting up, importing, and managing computers from the Jobs pane. Jobs are organized by Deployment Servers, listing all job folders and individual jobs for a specific site under the name of the managing Deployment Server. When a job is selected, the Details pane displays a list of jobs in the folder and provides basic information about each job object, such as its state, status, and task list. It also shows the computers or computer groups to which the job is assigned. Details pane The Details pane is the right-hand pane in the Deployment Web Console. It extends the user interface features when working in the Computers or Jobs panes. When you select Deployment Servers in the Computers pane, the Details pane lists all associated Deployment Server in your organization and displays links to access the computers and jobs for that site. When you select a specific Deployment Server, all computers and computer groups for that system appear. When you select a Deployment Server in the list, the computer groups and managed computers for that system appear. When you select a job icon in the Jobs pane, the Details pane displays information about the job to set up conditions, order tasks, and add, modify, or remove tasks. Deployment Solution 372
Deployment Web Console Options Click the Console Options icon in the toolbar of the Deployment Web Console. The Deployment Web Console appears with the following console options. Clear the computer and job selections after scheduling. Select this option to clear selected computers or computer groups and the associated jobs assigned to them. Prompt before performing operations. Verify actions to the user before scheduling jobs or performing other operations. Show physical devices. Show blade servers as Rack/Enclosure/Bay objects in the Computer pane. Microsoft Automated Deployment Services (ADS) Enable ADS. Deploy and manage using the Microsoft ADS features. See Automated Deployment Services (ADS) (page 385). Basic Tasks from the Deployment Web Console The following are basic tasks you can perform using the Deployment Web Console as a stand-alone console or from the Altiris Console. Remote Computer Operations (page 372) Assigning and Scheduling Jobs (page 373) Finding and Filtering Computers and Jobs (page 373) Remote Computer Operations From the Deployment Web Console, you can quickly deploy and manage computers on- the-fly using remote operation features. 1. Click a Deployment Server or other computer group in the Computers pane. In the Details pane, the computers and computer groups are listed. Select the managed computers to select the check box for specific computers. The computers appear as a Selected Computer. 2. From the Selected Computers list, select an action to perform on the managed computer. See Remote Operations (page 415) for a list of provided management actions. 3. Depending on the selected action, a secondary page may open to run the operation. Set the appropriate values and click OK. The selected operation runs on the managed computers. Reject Client Computer Connections To manage unwanted client computers from attaching to the Deployment Server, use the Reject Connection Computer Action to remove the clients MAC address and other information from the Deployment database. If the client tries to connect to the server, the MAC address cannot be found and the client-server connection is rejected. Deployment Solution 373
Note Virtual client computers cannot be rejected. To reject client computers 1. From the Deployment Web Console, in the Computers pane, click a Deployment Server name. A list of client computers and groups appears in the Details pane. 2. Select the check box next to the computer whose connection you want to reject. 3. Click the Computer actions drop-down list, and select Reject Connection. Assigning and Scheduling Jobs From the Deployment Web Console, you can assign jobs to computers and schedule them to run immediately or at a later time. 1. Click a Deployment Server or another computer group in the Computers pane. Select the check box for specific computers or computer groups in the Details pane. The computer appears as a Selected Computer. 2. Click a job folder in the Jobs pane. Select the check box for one or more jobs in the Details pane. The jobs appears as a Selected Job. . To clear the computers or jobs and reselect, click the clear icon. 3. Click Run Now or Schedule to run the selected jobs on the selected computers. Secondary pages appear to set scheduling values. Finding and Filtering Computers and Jobs You can search for or filter computers or jobs within a selected group or job folder. If you select a computer group in the Computer pane, you can enter a search string for a computer name in the Find field and filter by operating system. If you select a job folder in the Jobs pane, you can enter a search string for a job name in the Find field and filter by task types. See Find a Computer in the Database (page 417) and Creating a Computer Group Filter (page 417). Scheduling Jobs After selecting computers or computer groups and assigning jobs, you can now select to run the job immediately or schedule it for another time. See Scheduling Jobs on page 373. Deployment Server Configuration You can configure all the options for a single Deployment Server from the Deployment Server Options page from the Deployment Web Console. Click the Deployment Servers link in the Computers pane to view a list of all available Deployment servers Deployment Solution 374
appears in the Details pane. Then, double-click a particular Deployment Server in the Details pane to view the Deployment Server Options page. You can change the following options: Global (page 374) Maintenance (page 375) Agent Settings (page 375) Security (page 380) Logon (page 385) Global Set global options for the selected Deployment Server. Synchronize display names with windows computer names. Automatically updates the display name of the managed computer names in the Web console when the managed computer name changes. If this option is not selected, changes to computer names is not reflected in the Web console. Synchronization option is off by default. The computer names do not have to be synchronized for the Deployment Server to manage the computer. Display imaging status on console (percent complete). Shows the status, in percentage, for the scheduled imaging job. Deployment Agent/Deployment Server file transfer port. Specify a static TCP port for file transfers to the clients or choose to assign it dynamically. The default value for static port is 0 and causes the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamically assigned port. The transfer port range is 1 to 2147483647. Remote control ports. You can specify the two ports; Port 1 and Port 2 by selecting the Remote control ports check box. By default the check box for Remote control ports is not selected and dynamic port is used while remote controlling. If the Port 1 is already in use, Port 2 is used for remote control. The remote control port ranges from 0 to 65535. Key. Specifies the primary lookup key type used to associate a new computer with a managed computer. The options are Serial Number (SMBIOS), Asset Tag (SMBIOS), UUID (SMBIOS), or MAC Address (SMBIOS). Speed. This is the file transfer speed between the Deployment Server and client computers. Select a transfer rate from the Speed list. Change Sysprep Settings. Enter the global Sysprep values you want to use when creating or distributing disk images. Click Change Sysprep Settings to view the Sysprep Settings dialog. SysPrep Settings OS Product Key tab Click the drop-down arrow and select an Operating System from the list. Then, click Add product key to enter product key (up to 29 characters) information. Add as many product keys as needed and select a product key from one of the keys listed. To modify a product key, select the product key and click Modify product Deployment Solution 375
key. To delete a product key from the list, select the product key and click Delete product key. Note If a product key is being used by another task, a message prompt appears that the product key is currently in use and you cannot delete the product key until the task completes. Maintenance Retry failed imaging jobs immediately. Immediately retry a failed image deployment job. The program continues to retry until the job succeeds or until the job is cancelled. Automatically replace expired trial licenses. Allows Deployment Server to automatically assign a permanent license to the managed computers after the trial license expires. Delete History older than _____ days. Specify the number of days an entry is kept in the history until it is deleted. If the number of days is set to 0, no entries are kept in the history. If this option is not selected, log entries remain in the history. Remove inactive computers after _____ days. Specify the number of days you want to keep inactive computers in the Deployment database before they are deleted. The default value is 30 days, but any number between 1 and 10,000 is valid. Agent Settings Use the Agent Settings tab to control the default agent settings for new computers. These default settings are applied only for new client computers that have never connected to the Deployment Server and have no information stored in the Deployment Database. Production Agent Settings Force new Production agents to take these default settings. Select this option to force these settings when adding a new computer. Modify default settings. Click this link to change Deployment Agent Settings for Windows and Linux systems. See Production Agent Settings (page 375). Automation Agent Settings. Force new Automation agents to take these settings. Select this option to force these settings to effect new client computers until you can change the settings using the Deployment Console. Modify default settings. Click this link to change Automation Agents Settings. See Automation Agent Settings (page 379). Production Agent Settings The description below is for client computers running the Windows or Linux operating systems. This option is only available if you select Force new agents to take these default settings. Deployment Solution 376
Click the Modify default settings link to set or modify Deployment Agent for Windows and Deployment Agent for Linux properties from the same dialog. The Production Agent Settings dialog appears. Server Connection Connect directly to this Deployment Sever. Select this option so that the client receiving the Deployment Agent connects to the Deployment Server you selected to configure. Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server computer. Port. Enter the port number communicating with the Deployment Server. Enable key-based authentication to Deployment Server. Select this option to valid the client computers that are trying to connect to the Deployment Server. This helps keep rogue computers from connecting to unauthorized Deployment Servers. Key file. Enter or browse to an authorized key. The client computer checks the Deployment Server authentication key and if a match is made, the client connection is allowed. Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast address if they are on the same segment as the Deployment Server or if multicast is enabled on the network routers. Ensure that the multicast address and port match those set up on the Deployment Server. Try using defaults on both the client and Deployment Server if you are having problems connecting. Managed computers should use the Deployment Server IP address if multicasting is disabled on the network routers or if they are not on the same network segment as the Deployment Server. The port number must match the number set on the Deployment Server. Otherwise, your clients cannot connect. Server Name. Enter the NetBIOS name of the computer running the Deployment Server. Port. Enter the port number distributing the multicast address. Multicast Address. Enter the group multicast address. TTL. Specifies the number of routers the multicast request is can pass through. Change this setting if you need to find a Deployment Server that is more than 32 routers away (default setting) or if to restrict the search to a smaller number of routers, making it easier to find the closest Deployment Server. Refresh connection after idle. Select the Refresh connection after idle check box and set the refresh time by seconds, minutes, hours, or days. The Deployment Server closes the connection after the specified time and immediately tries to re-open the connection. This forces clients to realize the network is down. The default checking is of 28800 seconds or 8 hours. It is recommend keeping this setting above 28800. Do not set this option too low--reconnecting to the Deployment Server increases bandwidth when connecting. If this option is set too low you can run into problems where it takes longer for your clients to connect than to refresh their connections. Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by selecting this option, which saves bandwidth when running deployment tasks on slower connections. Deployment Solution 377
Access Set these commands to control how the client handles requests from the server. Allow this computer to be remotely controlled. If you select this option, the administrator can remote control the selected computer. The default setting is to NOT allow the computer to be remote controlled. Prompt the user before performing actions Shut down and Restart. Select for the user to be prompted before shutting down or restarting the computer. This feature overrides the Power Control option from the Deployment Server to Force applications to shut down without a message. Copy file and Run command. Select for the user to be prompted before running a program or executing file copy commands Remote Control. Select for the user to be prompted before running the Remote Control commands. You can set a default time before running or aborting the commands. Select the time for the user to respond and either continue with the operation or abort the operation. Time to wait for response. If one of the Prompt the user before performing actions is selected and the user is not at the computer to respond, you need to decide whether to continue or abort. Select the amount of time you want to wait for a response, and select one of the following: Continue the operation. Click to continue without receiving a response from the user. Abort the operation. Click to not continue without receiving a response from the user. Select when the Deployment Server is denied access to the Deployment Agent. Select the days and set the start and end times when access to the Deployment Agent is denied. Security This page lets you secure data between the Deployment Server and the Deployment Agent, or to set a password so that the user on the client computer can only view and modify the User Properties of the Altiris Client Settings on the managed computer. Encrypt session communication with Deployment Server. Select to allow encryption from this managed client computer to the Deployment Server. This allows encrypted data transmissions between the Deployment Server and the Deployment Agent on the client computer. If selected, the client computer can connect (but is not required to connect) using encryption. To enable encryption protocols, you must open the Deployment Configuration tool (Start > Programs > Altiris > Deployment Server > Deployment Configuration tool), and select the Transport tab. Select the Allow encrypted sessions with the servers check box to allow Deployment Server to transmit using encryption protocols. Require encrypted sessions with the servers. Select to require encryption between the managed client computer and the Deployment Server. If this option is selected and the option to allow encryption in the Deployment Configuration tool is not selected, the Deployment Server does not communicate with the Altiris Client on the managed client computer. Deployment Solution 378
Note Selecting encryption options slows down the communication path between Deployment Agent for Windows and the Deployment Server, so do not use encryption unless it is necessary for high security environments. Password protect Admin properties. Select to allow users on the managed computer to access the Admin properties only if they enter the set password. If the option is selected and the user does not know the password, they have rights only to open the User Properties, which includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog. Click Edit Password to change the password settings for users trying to access the Admin properties. Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer. If you hide the icon you are required to run AClient.exe -admin to view and modify the complete administration properties from the managed client computer. Log File The Log File property page controls how data is logged and saved in a Deployment Server system, allowing you to save different types and levels of information to the log files. You can save a text file with log errors, informational errors, and debugging data using this dialog. If the log exceeds the specified size, older data is dropped from the files. You can maximize the size of the log file to save all selected data. Save log information to a text file. Click to save information to a log file. File name. Enter the name and path of the log file. The default is to save the log file to the \ Pr ogr amFi l es\ Al t i r i s\ ACl i ent \ ACl i ent . l og file. Maximum size. Enter the maximum number of bytes for each log file. Log errors. Select this option to save only the errors returned when running a job or operation between the Deployment Server and the Deployment Agent. Log informational messages. Select this option to save a list of procedural steps run on the client computer. Log debugging information. Select this option to list comprehensive debugging information in the text file. Use this tab to save the Deployment Agent for Windows log file. By default, the option Save log information to a text file is cleared. Select it to enter a file name for the log and the maximum size for the log file. Note If the log exceeds the specified size, older data is dropped from the files, so it is recommended to provide maximum file size. Proxy Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake On LAN packets from the Deployment Server. Setting the managed computer as a proxy client computer forwards or re-creates the multicast packets. A Deployment Solution 379
managed client computer set up as a multicast proxy simply acts as a Deployment Server and advertises the servers name and IP address through multicasting. Or you can set the managed computer as a proxy to send Wake On LAN packets. Set these options to control how the managed computer can act as a proxy agent, identifying the type of traffic this managed computer can forward from the server. Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN packages. Forward Deployment Server multicast packets. Select if you want to advertise the Deployment Server to client computers on another LAN segment or if the client computer is on the other side of the router. Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed computers send multicast advertisement. Startup/Shutdown Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed computers to delay jobs until after system startup. Specify the Windows boot drive. Specify the drive that the client computer can boot from. The default is C: Force all programs to close when shutting down. Select this option to shut down applications when using Power Control features. The user is still prompted to Abort or Continue the shutdown. Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of managed computers with the time of the Deployment Server. Prompt for a boot disk when performing automation jobs. Select this option to prompt for a boot disk while doing any automation jobs. Advanced Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication. Select this option to disable the direct disk access for automation communications. Automation Agent Settings You can configure property settings for the Automation Agents (DOS, Linux, and WinPE) for specified computers or computer groups. You can remotely maintain important agent settings and update settings as required from the console. When a new client computer connects, it receives the default agent settings from Deployment Server for drive mappings, authentication, and LMHost entries. Each client computer still has the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot Disk Creator. Select the Force new Automation agents to take these settings check box, and click the Modify default settings link to view the default settings for the DOS, Linux, and WinPE Automation Agents. Drive Mappings Set drive mappings used by the Automation Agents to access hard disk image files and other packages from a specified network drive. It is required that the F Drive be Deployment Solution 380
mapped to the Deployment Share. You can also map other file server directories when storing large numbers of image files or deployment packages. Drive. Select the drive letter of a shared folder. Example: F: \ \ WebDepl oy\ I mage f i l es. Note You must select a shared folder in this field. From the browse window you are allowed to select any type of folder, but the Automation Agents can only map and access files from a shared folder. Path. Enter a UNC path. Authentication Enter the login credentials that Automation requires to map network drives. The associated credentials for each network drive must have the appropriate rights for the Automation Agents to access files. Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Automation Agents can log on to map the network drives. User name. Enter the user name that the Automation Agents can use to log on so they can map to the specified network drives. Password. Enter the password. Network These settings allow you to match the IP address with the computer name, as maintained in the LMHosts file in automation partition. 1. Click the Add LM Hosts icon. 2. Enter the Computer Name to associate with an IP address. 3. Enter the IP Address. You can click Lookup IP and the IP address field automatically fills in the IP address of the computer you entered in the Computer Name field. 4. Click Apply. Security This features lets you enable or disable security for the Deployment Server. You can also add local users and local groups, import both Active Directory users and groups, and assign rights for users to perform Deployment Solution operations. Use the Security tab to provide enable/disable security and to add local users and local groups. You can also import both Active Directory users and groups and assign rights to all of them. You can create users and groups and set scope-based rights. Enabling Security (page 381) Rights (page 382) Setting Permissions (page 383) Deployment Solution 381
Enabling Security You can enable security by first creating a user with Administrative rights or selecting a user who belongs to a group having Administrative rights and selecting Enable Security. To enable security 1. Click the Deployment Servers link in the Computers pane. A list of all available Deployment servers appears in the Details pane. 2. Select or click the specific Deployment server in the Details pane to view the Deployment Server Options page. 3. Click the Security tab. 4. Click New User to add new user information. Type the user details. Note The first user automatically gets the administrative rights. Any subsequent users do not have rights and cannot be added to any group by default. You can also import new users from the Active Directory. See Importing user groups from Active Directory (page 382). 5. Click Membership to view the membership groups and all available groups. 6. Click Rights to view the available rights. 7. Click Apply to add the user. 8. Now that you are an administrator, select the Enable Security check box. Security is now enabled. You can now create users and groups and assign permissions to computer groups and job folders. Importing users from Active Directory You can import users from Active Directory. 1. Click Import User on the toolbar to view the Import Active Directory User page. 2. Add users from Active Directory (not groups) by providing the user names and domain to which they belong. The users are added to the Deployment Database. Notes If you add Active Directory Syntax name, such as sam@abc.com, the field Domain name becomes disabled. No default group membership is applied nor any default rights are applied unless this is the first user you have imported. However, you still need to assign the users to security groups with appropriate rights and permissions. When logging on with the imported AD account, Deployment Web Console accesses the Windows Active Directory server to validate the user password. Membership Groups Assign the user to previously created groups. If enabling security, you can assign the user to a group with Administrative rights. 1. Click New Group from the toolbar. 2. Enter a name for the group and a description, and click Apply. Deployment Solution 382
Importing user groups from Active Directory You can also import user groups from Active Directory. 1. Click Import Group on the toolbar to view the Import AD Group page. 2. Add groups from Active Directory by providing the group names and domain to which they belong. The groups are added to the Deployment Database. 3. Click Apply to save the changes. DS Authentication If the user is already in the DS database, and it tries to access the Deployment Server Console, DS checks the authentication with the logged on user, and upon matching doesn't prompt for user credentials. Similarly, if a group has already been added in the DS database, and any user who is a part of the group tries to access the Deployment Server Console, DS doesn't prompt for credentials. This method of authentication is the same for AD user and AD group also. Rights Rights allow you to set general rights for a user or group. To verify, add or change the rights assigned to each console user, use the following steps: 1. From the Security tab, click a user and click Rights. 2. Select the check box for every right you want to grant. 3. After selecting all applicable rights, click Apply to save your changes. A brief explanation of each deployment server right that can be assigned is detailed below: Administrator Lets you access all available features from Deployment Web Console. You must have Administrator rights to enable security. Options Console Lets you view and set console options. Options Global Lets you view and set global options Options Domain Accounts Lets you view and set domain accounts options. Options RapiDeploy Lets you view and set RapiDeploy options. Options Agent Settings Lets you view and set agent settings options. Options Database Tokens Lets you create custom data sources options. You can view, create, and set database tokens. Manage Rejected Computers Lets you view rejected computers in Deployment Solution and change their status. Refresh Clients Lets you Refresh Deployment Solution clients. Allow scheduling on All Computers Groups Lets you schedule jobs on all computers. If you have Administrator rights, by default you have the rights to schedule job on all computers, irrespective of the state of the Allow scheduling on All Computers check box. You can grant this right to a specific user or a group. Deployment Solution 383
Setting Permissions Set permissions for jobs, job folders, computers, computer groups, and physical devices. 1. Click the Deployment Servers link in the Computers pane. 2. Select or click a specific Deployment server in the Details pane to view the Deployment Server Options page. 3. Click the Security tab. 4. Log on as a user with administrative privileges. A list of all computers belonging to the selected Deployment Server appears. 5. Click a specific computer to view its property, inventory, and scheduled jobs status. 6. Select Permissions from the Computer actions drop-down list. Notes If you do not have administrator privileges, you cannot view Permissions option. You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers pane without selecting a job or computer object. 7. A list of users or user groups appears. You can select a user or a group and grant permissions accordingly. 8. Select the check box for the permission group to allow the permissions you want to grant for the selected user or user group. Notes Administrators have access to all objects with unrestricted rights and permissions. The description of each permission group appears under Description column. You cannot explicitly deny permissions to computer or job objects for users with administrator rights. 9. Click Advanced to view the advanced options associated with the selected permission group. This page contains Allow as well as Deny check boxes. For information on evaluating permissions, see Evaluate Permissions (page 384). Import/Export Lets you import and export any jobs/computers. Option Task Password Lets you centrally update passwords for users and groups so they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating or modifying jobs. You must have administrative rights to access this option. Use PXE Configuration Utility Lets you set up and modify PXE Configurations. Administrator Lets you access all available features from Deployment Web Console. You must have Administrator rights to enable security. Deployment Solution 384
10. To assign permissions to multiple groups, click Apply permissions recursively to all child objects to assign the permissions. 11. Give permissions as per your requirements, and click Apply. Notes If a user does not have the Schedule this job permission for a particular job, the user cannot schedule it. This is irrespective of any other privileges. If a user has Schedule this task permission for a certain task and the user schedules the job and the user modifies the job by adding another task, for which the schedule task permission is not allowed, the second task also gets executed. This is because the Web console checks the permissions only before scheduling the job, and not after the execution of the job. Permission Rules Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are to be enforced: Permissions cannot be used to deny the user with Administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is the one enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find, which is the one it uses. If a Web Console user does not have permissions to run all tasks the job contains, the user is not allowed to run the job. Evaluate Permissions Identify the combined permissions of groups and containers with contrasting permissions. You can identify effective permissions for each object by resolving any possible conflicts. Permissions are represented in three different stages according to the state of the check box, which is called tri-state check box. This tri-state displays a full check mark when all permissions in the selected group are allowed. It displays a partial check mark (check mark with a grey background) when at least one, but not all permissions in the selected group are allowed. And finally, it displays no check mark if none of the permissions in the selected group are allowed. You can evaluate permissions in three ways: If none of the Allow or Deny options are selected for a permission associated with a subfolder, it inherits the options specified for the permission associated with its parent group. This type of inheritance can be confirmed with the message that appears for the subfolder. If a user group is associated with some permission, the users belonging to that group inherits the same permissions as that of the group. This is true only if none of the 'Allow' or 'Deny' options are specified for a permission for that user. Deployment Solution 385
The Deployment Web Console displays the simple as well as advanced options of granting permissions. The simple option displays only the Allow column, whereas the Advanced option displays both the Allow and Deny column. Security permissions are grouped together and appear as a single Permission group under Simple option. You can use the Advanced option to view all the individual permissions that together form the Permission Group. This grouping of permissions varies from object to object. Example: a Modify permission for a job folder can contain different security permissions than a Modify permission for a computer group. To view all the permissions related to a specific permission group, select the check box for a specific permission, and click Advanced to view the individual permissions related to the selected permission group. If you want to exclude a specific security permission, click Advanced to view the individual permissions related to the selected permission group. A list of all permission with Allow and Deny check boxes appears. Select the Deny check box or clear the Allow check box for the specific security permission, and click Apply. Logon This option lets you set user credentials for the Deployment Server, but only if Role Base Security is enabled for the server you selected. The user can access the server through the Deployment Web Console. If you want to change the Task Password for multiple Deployment Servers, select the servers from the Details pane and click the Task Password icon on the toolbar. Username. Enter the name of the user. Password. Enter a password for the specified user. Confirm Password. Enter the password to confirm the entry. Domain. Enter the domain name for the specified user. Automated Deployment Services (ADS) From the Deployment Web Console, you can utilize and extend features of Microsofts Automated Deployment Services (ADS). 1. Click the Console Options icon in the toolbar of the Deployment Web Console. 2. Select the Enable ADS option. An ADS Controllers collection appears in the Computer and Jobs pane. 3. In the Computers pane, click ADS Controllers. 4. From the Details page, click the Add icon to enter the computer name where the ADS controller is installed. Enter the login credentials and access paths on this page. All specified ADS controllers are listed. 5. In the Jobs pane, click ADS Controllers. Enter credentials and ADS paths as in step 4. All ADS controllers, devices and job templates appear. You can now manage computer devices using standard ADS features. Deployment Solution 386
Deployment from the Altiris Console Deployment from the Altiris Console provides additional features and functionality for managing and deploying computer resources using Deployment Solution. In use, the Altiris Console opens and displays the Deployment Web Console, while providing additional collections, reports and other basic Notification Server features from the Altiris Console. See Installing Deployment Solution from the Altiris Console (page 14). Using Deployment Solution from the Altiris Console Integrate with other IT solutions. Deploy and manage computers from the Deployment tab while managing other aspects of your organization such as inventory reports, software delivery, application management, remote control, patch management and other administration tasks. Generate Reports. From the Reports tab, create reports for all Deployment Servers computers devices and deployment tasks across all sites. By setting polling intervals on the Altiris Agent and the Deployment Server Agent, you can transmit data from the Deployment Database to the Notification Database from which you can generate reports. Organize using Deployment Collections. Computer devices can now be grouped on criteria such as operating system, computer type, workstation or server, mobile computers, and other groupings. Employ the Schedule Wizard. From the Tasks tab, open the Schedule Wizard to select computer groups, assign jobs, and schedule jobs to run immediately or at a specified time. Set Security. From the Configuration tab, set NS security to limit users from using the Deployment tab. All other Deployment security is set from the Deployment Server Console (the Windows console). Deployment Solution 387
Adding Deployment Servers You can manage multiple Deployment Servers from the Deployment Web Console. To consolidate multiple Deployment Server sites, you can identify and add existing Deployment Servers to appear in the Computers and Jobs pane from the Deployment Web Console. Note You can also remotely install Deployment Servers from the Deployment Web Console. See Installing Deployment Solution from the Altiris Console (page 23). 1. Click Add Deployment Server in the Computers or Jobs action list, or click the New Server icon. 2. From the Deployment Servers page, type the name of an existing Deployment Server. This is the computer name of the Deployment Server, in most cases. 3. Enter the Deployment servers port number if it is different than the default value. 4. Click Credentials. If Deployment Solution security is enabled for the Deployment Server, enter a username, password, and Domain name. 5. Click Speed. Select the speed of the network connection for the Deployment Server from the drop-down list. Task Password options This feature lets you centrally set or change user passwords for multiple Deployment Servers to they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating Jobs. However, this tab is only visible to administrators and users who have been granted the appropriate rights to modify task passwords. To change task passwords 1. Click Deployment Servers in the Computers pane. The available Deployment Servers appear in the Details pane. 2. Click one or more Deployment Servers you want to change the task user passwords. 3. Click Change Task User Password icon on the toolbar. 4. Enter the user information for all 4 fields on the page. Click Apply. Configuring the Deployment Server AClient The Deployment Server AClient option lets you view the Notification Server clients that do not have AClient installed. See Viewing Notification Server Clients without AClient (page 388). You can create a package to install AClient to the existing Notification Server clients. See Installing AClient to a Notification Server Client (page 388). You can also assign the Deployment Server AClient package to computers. See Creating Deployment Server AClient Packages (page 388). Deployment Solution 388
Viewing Notification Server Clients without AClient In the Altiris Console, you can view the Notification Server Clients that do not have AClient installed. To view the Notification Server clients without AClient 1. In the Altiris Console, click the Configuration tab. 2. In the left pane, select Configuration > Solutions Settings > Deploy and Migrate > Deploy > Deployment Server AClient Configuration > All NS Clients without AClient. In the right pane, the All NS Clients without AClient page appears with a list of all Notification Server clients that do not have AClient installed. You can view details such as Name, Domain, User, OS Name, OS Version, and so on for each client. You can also double-click a client to view more details. Installing AClient to a Notification Server Client You can install an AClient to the Notification Server client by creating a task to install the AClient. The task that you create uses the package that was created on the Creating Deployment Server AClient Packages page. For more information, see Creating Deployment Server AClient Packages (page 388). To create a task to install AClients to Notification Server clients 1. In the Altiris Console, click the Configuration tab. 2. In the left pane, select Configuration > Solutions Settings > Deploy and Migrate > Deploy > Deployment Server AClient Configuration > Deployment Server AClient Install. 3. In the right pane, make the required changes. 4. To select the computer collections, click All NS Clients without AClient. The Collection Selector dialog box opens. 5. Select the computer collections and click Apply. 6. Select the required scheduling options. 7. Click Apply. The AClient installation task is saved. 8. To enable the task, select the Enable check box. 9. Click Apply. The task is enabled. Creating Deployment Server AClient Packages You can create the Deployment Server AClient package that is used in the Installing AClient to a Notification Server Client (page 388) task. To create the Deployment Server AClient Package 1. In the Altiris Console, click the Configuration tab. Deployment Solution 389
2. In the left pane, select Configuration > Solutions Settings > Deploy and Migrate > Deploy > Deployment Server AClient Configuration > Deployment Server AClient Package. 3. On the Package tabview, specify the Name and Description for the package. 4. Click the Programs tab. 5. Check the command line and the specified parameters in the Command line field. 6. Click Update Distribution Points. 7. Click Apply. The Deployment Server AClient package is created. For more information, see Exporting and Importing Deployment Jobs (page 393). Configuring the Deployment Server Agent To update Notification Server collections and generate reports from the Altiris Console, set the polling intervals from the Configuration tab. Enable. Select to enable communication between the Deployment Database and the Notification Database. Resynchronize all Deployment Server computers/tasks for this configuration. Click to completely transmit all Deployment Server data to the Notification Database. For large Deployment Server systems, this process can take several minutes and require large amounts of bandwidth. Use this feature carefully. Set polling intervals for Deployment Servers 1. Click Add. A list of Deployment Servers is listed. 2. Select the Deployment Server to configure. You can select all Deployment Servers or identify an individual Deployment Server. The new agent configuration appears in the list. 3. Select a Deployment Server. Select a polling interval for that Deployment Server from the list in the Computer/Job Polling Interval box. Database Login ID. Enter credentials for the Deployment Database selected in the list. Role-based user name. Enter credentials if Deployment Solution security has been enabled using the Deployment Server Console. Generating Deployment Reports from the Altiris Console Deployment from the Altiris Console furnishes features to generate comprehensive reports detailing computer information and deployment jobs for all Deployment Server sites. To run deployment reports, you must configure the Deployment Server Agent (see Configuring the Deployment Server Agent on page 389) to transmit data between the Deployment Database to the Notification Database. The Deployment Solution reports are generated from the Altiris Console from data stored in the Notification Database. 1. Click the Reports tab on the Altiris Console. 2. Click Reports > Deploy and Migrate > Deployment. Deployment Solution 390
3. Select reports specific to Client Information, Job Information, Job Status, Server Information, or Software Deliver Execution Status. A description of each report appears in the Details pane after it is selected. 4. Click a report option to run, view, or schedule a report to run. Altiris Console Collections From the Deployment Web Console you can view and order computers based on Altiris Console Collections created automatically in Notification Server and viewed from the Altiris Console. These collections identify computers running the Deployment Agent and meeting the criteria for each collection, such as Mobile Computers, Windows Servers, Windows Workstations, and so on. You can assign jobs and perform operations to these collections from the Deployment Web Console. Collections are updated between the Notification Database and Deployment Database. At each polling interval the new data is transmitted between the databases and updated in the Deployment Web Console. See Configuring the Deployment Server Agent (page 389). Using Package Servers to Replicate Deployment Jobs Deployment Solution takes advantage of Package Servers (a basic component of Notification Server) to automatically copy images, software packages, scripts, and other package files for building deployment tasks for use across multiple Deployment Server installations. From a central Deployment Server installation, packages can be built and saved to a local Library structure, where they are replicated to other Deployment Servers and used in deployment jobs for each Deployment Server system. Note Package Servers can only replicate packages on Deployment Server installations set up as a simple install, where all Deployment Server components are on a single computer. Overview of Package Servers Package Servers are a basic feature of Notification Server and are used to reduce network traffic and HTTP download times when deploying packages across your system. Package Servers replicate and transmit packages from a central computer to local computers during off-peak hours. When deployment tasks are executed, package files are accessed quickly from local package libraries. Notification Server lets you identify managed computers running the Altiris Agent as a Package Server. Deployment Solution 391
Replication of packages from a central Deployment Server to other Deployment Servers is a one-way process: You can build and copy packages from the Library of a central Deployment Server to replicate to other Deployment Servers; however, any changes made to a destination Deployment Server cannot be replicated back to the central Deployment Server. After the package files have been copied once (per each package server), they can never be copied again unless the files are updated, new files are added to the package, or files are set manually to be copied down to other destinations again. When the Deployment is installed and enabled on the Altiris Console (on Notification Server), default packages, collections, and policies are created to take advantage of Package Server technology. To complete the setup process, however, additional configuration steps are required. Setting up Package Servers requires three basic steps: 1. Setting Up a Central Deployment Server Library (page 391) 2. Setting Up Package Servers (page 392) 3. Exporting and Importing Deployment Jobs (page 393) Note Before delivering packages, check the Package Server settings and the package settings to ensure that the package can be delivered. The DS install package by default is not set to use any Package Servers. There is a global configuration variable that says not to allow any package downloads from the server, leaving the DS Install in a state where there is no way to access the package. Setting Up a Central Deployment Server Library Before setting up Package Server in a Altiris Console, you need to select a central Deployment Server to copy and store all packages to be replicated to other Deployment Server installations. After selecting a Deployment Server in your system, you can set up the Deployment Server Library directory structure. The Library is a directory structure that contains your images, RIPs, and any other package files needed for a Deployment Server Task. Because the package used to replicate files only points to one location, all items to be replicated must reside under this substructure. You need to manually create the Library directory and any other subdirectories on the central Deployment Server. 1. Go to your Central Deployment Server directory (default is c: \ Pr ogr am Fi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver ). Deployment Solution 392
2. Create a Library directory. 3. Under the Library directory, create subdirectories to use for images, RIPs, or other package files. 4. Create a Temp directory for deployment tasks that require a temp directory. 5. Copy into this structure any required files accessed during execution of the jobs. Note Any job that is automatically created needs to be modified before running or the default directories cannot be correct. Example: if you choose to change the configuration of a computer by choosing the Configure option in the Deployment on the Notification Server, the task creates a CFG file in the temp directory located in the Deployment Server directory. For this task to replicate correctly, you must copy the file into a temp directory under the Library structure and edit the task to point to the file in the Li br ar y\ t emp directory. Remember that only the files under this structure are replicated to the other Deployment Server installations. After installing Deployment from the Altiris Console, you have two packages and one policy created to help facilitate replication. You can manually modify the packages and enable the policy. Setting Up Package Servers After setting up a Library directory structure on the central Deployment Server computer, you can set up Package Servers on other Deployment Server installations. To set up a Package Server 1. From the Altiris Console, select the Configuration tab. 2. From the left pane, select Server Settings > Notification Server Infrastructure > Package Servers. 3. Select Add Package Server from the bottom of the page. 4. Locate and select the Deployment Server computer (or the Deployment Share for each installation) and click Add. Use the search feature if required. Modify the DS Library Package To replicate files stored in the central Deployment Server Library directory, the DS Library package installed with the Deployment Solution (on Notification Server) must be edited with configuration information, including: The source of the files and programs to be replicated. The Package Servers that can receive the files to be replicated. The destination directory for the files being replicated. The programs that will run after the files are copied to the Package Servers. Follow these steps to modify the DS Library package: 1. Select the Tasks tab and select Deploy and Migrate > Deployment > Deployment Server Replication > DS Library. 2. From the right pane, select the Package Source option to configure the path to the files that are included in this package. Deployment Solution 393
3. Select the applicable Package Source method and enter the correct path to the Central Deployment Server Library. Choose from one of the following options: Access Package from a local directory on the Notification Server computer Use this option when the central Deployment Server is installed on the same computer as the Notification Server. Fill in the Package Location box with the correct path for the Library. Access Package from Existing UNC Use this option when the Deployment Server that has been configured as the Central Deployment Server Library is not installed on the same computer as the Notification Server. When using this option, read and follow the instruction on this page. Note Depending on the amount of data in the Central Deployment Server Library, a message warning you about the size of the files in the Package can appear. This message is to remind you that all files in this directory will be sent when this package is used. 4. Select Package Servers. This option lets you specify to which Package Servers you would like this package to be replicated to. 5. Enable all applicable Package Servers by clicking the Enabled check box. 6. To identify the destination directory (where the package files will be sent) on the destination Deployment Server, select the Advanced tab. 7. At the package destination location, enter the destination path: \ \ %COMPUTERNAME%\ eXpr ess\ Li br ar y 8. Select Apply to save the changes. As soon as the Notification Server Clients Configuration request interval time (on the destination Deployment Servers) has elapsed, the files in the central Deployment Server are sent to the Package Servers on other Deployment Servers. Exporting and Importing Deployment Jobs After creating a Library directory on the central Deployment Server and setting up Package Servers, you need to create the jobs to copy and run the packages on the managed computers. These tasks need to be exported from the central Deployment Server to the destination Deployment Servers by configuring the DS Task Import Utility package and modifying the DS Task Import Utility policy on the central Deployment Server. Note Replicated deployment tasks need to reference files created in the Library directory structure. Example: a deployment task that deploys an image named NT4. i mg would use the file path of . \ Li br ar y\ I mages\ NT4. i mg instead of the standard . \ i mages\ Nt 4. i mg path. Deployment Solution 394
To create a job export file After creating deployment jobs to use with the replicated packages, you can create a job export file. 1. Right-click the jobs you want to export. Select Export (or click File > Import/ Export > Export Jobs) . The Export Jobs dialog appears. 2. Browse to the \ Not i f i cat i on Ser ver \ nscap\ bi n\ wi n32\ x86\ DSUt i l directory and enter a name for the export file. (The default file name used in the task replication package is t ask. bi n.) The DSUtil directory is added when you install the Deployment view on Notification Server. If you want to export the task subfolders, choose the Export subfolders check box. Note If you use an export file name other than t ask. bi n, you must edit the program command-line in the task replication package. 3. Click OK to start the export. Configure the DS Task Import Utility Package After creating deployment tasks and exporting them to the DSUt i l directory, you need to configure (or verify) settings in the DS Task Import Utility package. Modifications to this package are required when any of these alterations are made: The Deployment Server jobs exported are not saved in a file called Task. bi n. The method of handling duplicate job names on the destination Deployment Server needs to be changed. Security for the Deployment view on Notification Server is enabled on the destination Deployment Server. The DS Task Import Utility package runs the axi mpor t . exe program to import deployment jobs. When the Deployment view on Notification Server is installed, the axi mpor t . exe program file is copied to the \ Not i f i cat i on Ser ver \ nscap\ bi n\ wi n32\ x86\ DSUt i l directory. This is the same directory where you saved your exported t asks. bi n file from the central Deployment Server. When all steps are completed, no changes are required for this package. To configure or modify how the DS Task Import Utility package is configured, complete the following steps: 1. Open a Notification Server Administration console and select the Tasks tab. Select Deploy and Migrate > Deployment > Deployment Server Replication > DS Task Import Utility. 2. In the right pane, select the Programs link. By default, the Identification section expands to view settings. 3. If needed, change the name of the file on the command line to match the name of the export file created when the Deployment Server tasks from the central Deployment Server were exported. Deployment Solution 395
As can be seen in the figure above, the default command-line parameters for the axi mpor t . exe program are configured to use the Task. bi n file. This file contains the exported Deployment Server deployment tasks (jobs). Note The /o switch causes the import to replace any tasks with the same name as those being imported. If this is not the desired result, change the command-line options. If you have Console Security enabled, the username (/u) and password (/p) command line options need to be included for this process to work correctly. /u Database user name /p Database user password Example: axi mpor t . exe t ask. bi n / o / u admi ni st r at or / p your pw See the command-line chapter in the Altiris eXpress Deployment Solution User Guide for additional command-line options for axi mpor t . exe. 4. Select Apply. You can choose to force an update of the package to ensure that the task export file is in the package. Modify and Enable the DS Task Import Utility Policy You must enable the DS Task Import Utility policy to allow the Deployment Server tasks to be replicated to the destination Deployment Servers. 1. Open a Notification Server Administration console and select the Tasks tab. Select Deployment and Migration > Deployment > Deployment Server Replication > DS Task Import Utility. The Identification section of the Advertisement page appears by default. 2. Verify that the Applies to Collection option has been configured to use the DS Package Servers collection. This collection is selected by default. Before enabling the DS Task Import Utility policy, ensure that the t ask. bi n file has been created and saved in the \ Not i f i cat i on Ser ver \ nscap\ bi n\ wi n32\ x86\ DSUt i l directory. 3. Click the Enabled check box. 4. Select Apply. The policy is now enabled. The next time the Notification Server Clients configuration timer elapses on the Deployment Servers with Package Server installed, the policy is executed. On the destination Deployment Servers, a DOS box appears on this computer and axi mpor t . exe is run. Synchronize Deployment Server Tasks You can update deployment tasks by creating a new t ask. bi n file and placing it in the DSUtil directory. After all timers elapse, Notification Server compares and detects the new export file by its time stamp. When the Altiris Agent checks for new policies, this policy runs on the destination Deployment Servers. To avoid waiting for Notification Server to detect that the file has been modified, the package can be refreshed manually by selecting the DS Task Import Utility package Deployment Solution 396
(from the Solutions tab of the Notification Server Administration Console) and selecting the Update Distribution Point option. From a destination Deployment Server, the policy to import the Deployment Server jobs can be forced to run again by manually scheduling the policy. Setting Polling Intervals in Deployment Solution You can set polling intervals to transmit data from the Deployment Database to the Notification Database when generating reports from multiple Deployment Server systems. Deployment Solution uses two separate interval settings to synchronize data between the Deployment Database and the Notification Database. (1) To update the Notification Database, new computers and deployment tasks created in a Deployment console and saved to the Deployment Database are transmitted using the DS Agent to update the Notification Database. (2) Conversely, updated collection data created in Notification Server is transmitted using the Altiris Agent to update the Deployment Database. Setting polling intervals and configuration request intervals requires that you plan how often you want to refresh console and deployment information based on network traffic requirements. If you set frequent updates (such as setting a polling interval to 1 minute), your console information is relatively up-to-date, but network traffic is heavy because data is extracted and transmitted every minute from every Deployment Database to update the Notification Database. In contrast, if you set polling intervals and configuration requests for a larger polling interval (such as one day), your network traffic is light--and you can plan the polling updates for off-hours--but report data is more static and out-of-date. The balance between timely deployment information appearing in the Deployment view on the Notification Server and the level of network traffic should meet your IT policies, organizational requirements, and network design. See Setting the DS Agent Polling Interval (page 396). See Setting the Altiris Agent Configuration Request (page 397). Setting the DS Agent Polling Interval To refresh data to the Notification Database, set the polling interval in the Altiris Console. 1. Select the Configuration tab. 2. Select Solution Settings > Deploy and Migrate > Deployment > Deployment Server Agent Configuration > Deployment Server Agent Configuration. Deployment Solution 397
Multiple policies to configure or install Deployment Server Agents are provided. 3. Select the Deployment Server Agent for all Deployment Servers. You can also select settings for each Deployment Server installation. 4. Set the Computer/Job Polling Interval. 5. Click Apply. Setting the Altiris Agent Configuration Request To download collection data from Notification Server for each Deployment Server installation, the Notification Database must update the Deployment Database. This updated data is transmitted automatically through the Altiris Agent at defined configuration request intervals. To update scheduling and configuration information for each Deployment Server installation, you must set the interval request information in the Altiris Console. 1. Click the Configuration tab. 2. Select Altiris Agent > Altiris Agent Configuration > All Windows Servers. 3. In Agent Basic Settings, select new values in the Request new configuration field. You can also set inventory updates, if required. Request new configuration information every: _______. This feature sends a request to Notification Server to flag all new scheduling records in the Notification Database. This transmits data to the Deployment Database to update data. Send basic inventory every: ______. This feature transmits all inventory data from the computer running Deployment Server. This field is only used by Deployment Server when first installing the Deployment from the Altiris Console. By sending basic inventory (including information that Deployment Server is installed on the computer), Notification Server identifies that the DS Agent needs to be installed. 4. Click Apply. Deployment Solution 398
Managing Computers from the Deployment Web Console From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage all computer resources across your organization, including desktop computers, notebooks, handhelds, network and Web servers, and network switches. All computer resources can be accessed and managed as single computers or organized into computer groups with similar hardware configurations or deployment requirements, allowing you to run deployment jobs or execute operations on multiple computers simultaneously. You can use search features to locate a specific computer in the Deployment Database, or set filters to sort computers by type, configuration, OS, or other criteria. Manage multiple Deployment Server sites. From the Deployment Web Console, you can now access different Deployment Server systems and manage all sites or network segments across your organization. Each Deployment Server site is identified in the Computers pane under Deployment Server. You first select a Deployment Server icon and expand the treeview to see the computers and computer groups managed by the selected Deployment Server. See Managing Multiple Deployment Server Systems (page 399). Manage with Computer icons. Major computer types are identified by a computer icon in the console, with a listing of scheduled jobs and operations associated with each computer. In the Deployment Web Console, you assign and schedule deployment jobs to computers or groups with easy-to-use Web features. See Viewing Computer Details (page 402). Add new computers. Deployment Solution lets you add new computer accounts and set configuration properties for new computers before they are recognized by the Deployment Server system. Preset computer accounts automatically associate with new computers when they start up, or can be associated with virtual computers. See Adding New Computers (page 403). Deploy to groups of computers. Organize computers by department, network container, hardware configuration, software requirements, or any other structure to meet your needs. You can deploy and provision computers on a mass scale. To filter computers in a computer group to schedule jobs only to the appropriate computer types, see Creating a Computer Group Filter (page 417).
To select a computer to run remote operation or schedule a job, select a Deployment Server group icon from the Computers pane and select the computer or computer group in the Details pane. Select a job and click Run Now or Schedule. Deployment Solution 399
Configure Computer Agents. See the property pages for modifying Deployment Agent settings. See Deployment Agents (page 410). View and configure computer properties. You can modify computer settings for each computer from the console. See Computer Configuration Properties (page 406). Or you can view the Computer Properties page for detailed access to a computers hardware, software, and network property settings. See Computer Details (page 412). Run remote operations from the console. Perform operations quickly in real-time from a Deployment console. Configure property settings, send a file, run deployment jobs or select from additional management commands. See Remote Operations (page 415). Build and schedule jobs. Build deployment jobs with one or more management tasks to run on selected computers. Create jobs, add tasks, assign the job to computer groups. Jobs can be organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling Jobs on page 102. Managing Multiple Deployment Server Systems From the Computers pane of the Deployment Web Console, you can access multiple Deployment Servers and drill down to view all client computers attached to each Deployment Server system. Adding Deployment Servers You can identify and add existing Deployment Servers to the Deployment Web Console. This lets you manage computers and use jobs created at various sites managed by different Deployment Server systems. 1. In the Computers pane, select Add Deployment Servers from the drop-down list, or click the on the Details page. Note To push down a new installation of Deployment Server using Deployment from the Altiris Console, see Installing Deployment Solution from the Altiris Console on page 14. 2. Enter the computer name for the computer running Deployment Server. Enter the port number if it is different from the provided default. 3. Use Logon tab to set security options, if required. This lets you authenticate to a role if security has been set up in the Deployment Server Console. The Deployment Server appears in the Computers pane with its job folders listed in the Jobs pane.
Deployment Servers collection. All Deployment Servers are listed under this collection. Expand the Deployment Server group icon to view all computers for a specific site or network segment.
Individual Deployment Servers. This icon identifies an individual Deployment Server system with its managed computer devices. Expand the Deployment Server system to view all managed client computers and groups for the selected Deployment Server. Deployment Solution 400
Changing Task User Password options Change Task User Password option lets you update the user credentials to be used for the execution of Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks. Task password option facilitates to update user credentials for multiple Deployment Servers at one time. Note This feature is valid only for the Copy File To, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks. 1. Click Deployment Servers link in the Computers pane. The available Deployment Servers appear in the Details pane. 2. Select Deployment Servers for which you want to perform Change Task User Password operation. 3. Click Change Task User Password from the toolbar. The Task Password page appears. 4. Type the user credentials, and click Apply. 5. Click Yes to the summary message to update the password of specified user. Note This tab is visible only to the administrators and those users who have the rights to modify password. Scheduling Jobs from Other Deployment Server Systems From the Deployment Web Console, you can schedule jobs from one Deployment Server to computers in another Deployment Server. This lets you easily replicate jobs from one site to another site quickly and efficiently. Files (image files, software packages, scripts) associated with a specific job are linked from the Deployment Server Deployment Share of the originating job. 1. Select a job in the Jobs pane of the Deployment Web Console. 2. Click Schedule job in the Jobs Action list. 3. From the Computers pane, select another Deployment Server system. Computers and computer groups of the selected Deployment Server site appear in the Details pane. 4. Select the check box for each computer or computer group you want to run the job. 5. Click Schedule in the toolbar of the Details page. 6. Select scheduling options and click OK. The job from the original Deployment Server appears in the Deployment Share of the targeted Deployment Server. If the job includes associated files, a linked icon appears with the job identifying that the associated files are referenced from the original Deployment Server system. Replicating Jobs to Other Deployment Server Systems 1. Select a job in the Jobs pane of the Deployment Web Console. Deployment Solution 401
2. Select Copy job/folder in the Select Action list. The Job/Folder Selection page appears with all Deployment Server systems and their job folders. 3. Select a folder in another Deployment Server system from this page and click OK. The job is replicated from the original Deployment Server system to the targeted Deployment Server system. If the job includes associated files, a linked icon appears with the job identifying that the associated files are referenced from the original Deployment Server system. Note To successfully replicate a job from one Deployment Server to another Deployment Server, both Create and Modify Permissions are required for the Job objects if security is enabled. Otherwise, the job does not appear in the target Deployment Server Console, and an error appears in the Altiris Console Manager log in the Event Viewer. Replicating Jobs without Copying the Collateral When copying jobs from one Deployment Server to another, the associated collateral, such as files are also copied. However, you can also copy dependent files to the destination server using a different mechanism, such as Package Servers. To enable a Do not copy value for all replication, set the key value in the ExcludeAllTargets registry key as dsword:00000001. The path of this registry key is HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > eXpress > Deployment Web Console > Deployment Console Manager > Job Replication. Note If the key value name does not exist or if the key value is not equal to 1, the files are replicated. When this value is set to 1, the Console Manager waits until the file exists on the destination Deployment Server before copying the job data and scheduling data. The Console Manager logs a warning in the event log stating that Console Manager is waiting for the file to exist. Once the file exists, the Console Manager proceeds. To enable the Do not copy value for an individual target (destination) Deployment Server, set the key value in the Exclude Targets registry key as Timpanogos = dword:00000001. The path of this registry key is HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > eXpress > Deployment Web Console > Deployment Console Manger > Job Replication > Exclude Targets. In the above example, Timpanogos is the name of the target Deployment Server. When the key value is set, replication targeting Timpanogos does not copy collateral files. To enable the Do not copy value of an individual Deployment Server, it must be equal to 1. The Console Manager follows the same procedure for an individual Deployment Server that it follows when the ExcludeAllTargets value is set. Note When the ExcludeAllTargets value is changed or set, the Console Manager must be restarted for the changes to be implemented. However, changing the value for an individual Deployment Server does not require a restart of the Console Manager service. The ExcludeAllTargets global value when set to 1, overrides all Deployment Server- specific flags regardless of their respective settings. When the ExcludeAllTargets value does not exist or is not set to a value of 1, any Deployment Server-specific flags take precedence. Deployment Solution 402
Viewing Computer Details In Deployment Solution, a computer resource is identified in the console with a distinctive icon to display the computer type Windows desktop or notebook, handheld, server, or Linux operating system and its current status. These computer icons change to convey the state of the computer, such as the log on status, server waiting status, or user with a timed license status. You can also view the status of the jobs assigned to the selected computer in the Details pane of a Deployment console. The following is a sample list of computer icons appearing in each Deployment console identifying the computer type and state.
Computer connected to the Deployment Server with a user logged in.
Computer connected to Deployment Server but the user is not logged on.
Computer with a time-limited user license and a user logged on.
Computer not currently connected to the Deployment Server but known to the Deployment Database. The computer is designated as a master computer and is used to broadcast images to other client computers.
A virtual computer with values defined in advance using the New Computer feature. As soon as the computer connects and the Deployment Server recognizes the new computer and changes the icon. See Adding New Computers on page 63.
A client computer waiting for user interaction before running deployment tasks. This icon appears if the Workstations check box is selected on the Advanced tab of Initial Deployment. See Advanced on page 131.
A connected handheld computer.
A managed server connected to the Deployment Server with a user logged on. Additional icons identify different states of server deployment.
A managed Linux computer connected to the Deployment Server with a user logged on. Additional icons identify different states of Linux computer deployment. Deployment Solution 403
See also Deployment Agents on page 67. Adding New Computers Computers can be added to the Deployment Database using three methods: Install the Deployment Agent on a Windows or Linux system. If you install the Production Agent (Deployment Agent) to a computer with the operating system already installed, the computer is added automatically to the Deployment Database at startup. New computers with the Deployment Agent installed are added to the All Computers groups (unless otherwise specified in the Deployment Agent configuration). You can move the computer to another group listed in the Computers pane. Use Initial Deployment to configure and deploy new computers booting to automation. Starting up a new computer in automation lets you image the hard drive, assign IP and network settings, distribute personal settings and software, and install the Deployment Agent for new computers. Using Initial Deployment you can associate new computers with pre-configured virtual computer accounts. These newly configured computers appear in the New Computers group. See Initial Deployment (page 442). Create or import computer accounts from the Deployment console. You can add new computers using the New Computer feature or import computers using a delimited text file. You can pre configure computer accounts by adding names and network settings from the console. See Creating a New Computer Account (page 404).
View the Physical Devices by clicking the drop list in the Computers pane and selecting Show Physical Devices. Physical view of Rack/ Enclosure/Bay components for high-density server systems. These icons appear as physical representations to allow management of different levels of the server structure. In addition, server icons identify logical server partitions. See Bay on page 70 for properties and rules to deploy Rack/ Enclosure/Bay servers.
Select the New Computers or All Computers group to run jobs or operations for these default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar computer types or to list computers of similar departments or locations. Click New Group or select New > Computer Group to create a new group. Deployment Solution 404
About New Computers When a new computer starts up, if Deployment Server recognizes the MAC address provided in a New Computer account or import file, it automatically associates the user account at startup with the New Computer icon. If this value is not provided, the computer appears as a virtual computer, letting you to associate it to a new computer.
A virtual computer account can be associated with a new computer using the Initial Deployment feature. You can create multiple virtual computer accounts and associate the account with a new computer when it boots to automation. At startup, the configuration settings and jobs assigned to the virtual computer can be associated with the new computer. Virtual Computers Deployment Solution provides features to create a virtual computer to pre-define a computers configuration settings and assign customized jobs to that computer even if you do not know that computer's MAC address. This type of computer is known as a virtual computer. Virtual computers offer a great deal of power and flexibility, especially when you need to deploy several computers to individual users with specific needs. The virtual computer saves time because you can configure the computer before it arrives on site. You can set up as much configuration information (computer name, workgroup name, and IP address, for example) you know about the computer and apply it to the new computer as it comes online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer using customized images, MSIs and RIPs based on a user's specific needs. When the new computer finally arrives, you are ready to deploy it because have done all the work ahead of time. Just set the managed computer option in PXE or automation and the new computer can connect to the server as a managed computer. The virtual computer you created now turns into a managed computer in the console. Creating a New Computer Account You can create computer accounts for individual computers or for computer groups. When creating new accounts for computer groups, you can automatically assign new names and associate them with existing computer groups or the New Computer group. To create a new computer account Create new computer accounts in the Deployment Database for one or more computers. 1. To add one or more new managed computers, first select the desired Deployment Server system in the Computers pane and select New computer(s) from the
The New Computer icon appears for a new computer if the MAC Address is provided when creating a new computer account using any import or new computer account feature.
A virtual computer icon appears if specific hardware data (MAC Address) is not known. As soon as the computer starts up and is associated with a virtual computer account, Deployment Server recognizes the new computer and the icon changes. Deployment Solution 405
Computer actions drop-down list or click the new computer icon in the Details pane. The Computer Configuration Properties appears. 2. Type the name of the new computer (up to 15 characters) and configure settings. A virtual computer icon appears in the selected group. When a new computer starts up, you can assign it to this preset account. To create multiple computer accounts Define a name range and create accounts in the Deployment Database for multiple new computers. 1. On the Networking tab, click to open the Define name range section. 2. Enter the number of computers to be placed in the name range. Enter the core name in Fixed text and a numeral for the range start. 3. Select Append to incrementally add the numeral to the end of the Fixed text. If you clear this box, the numeral is added to beginning of the name. Importing New Computers from a Text File You can import computer configuration data using delimited text files (.txt, .csv, or .imp files) to establish multiple computer accounts in the Deployment Server database. This file contains all configuration data for a new computer, including all settings in the Computer Configuration Properties of a selected computer. To import new computers from a text file 1. Click the Action drop-down list in the Computers pane and select Import Computers. A dialog appears, allowing you to select files from the Deployment Share. You can import: .txt; .csv; or .imp type of files. 2. Select the import file. Click Open. 3. If a correctly formatted computer import file is selected, a message appears, informing you that the computer import is complete and identifies the number of computers added. Click OK. Note Jobs can be added to the import file. They can be created and associated with the new computers. If the computer import file is incorrectly formatted, a warning appears stating that the computer import file is incorrect. 4. The imported computers appear in the Computers pane of the Deployment Web Console. Deployment Solution 406
Computer Configuration Properties Computer property settings can be viewed, set, and modified when Adding New Computers, Modifying Configuration, or setting up Initial Deployment. Networking Settings Use the Sysprep utility to generate unique SIDs. This can be done by manually using these utilities or when installing the Deployment Agent. Networking Settings Set the Windows name of the computer and the Workgroup or Domain settings. TCP/IP Settings Set the TCP/IP addresses for one or more network adapters. NetWare Client Settings Set Novell Directory Services client logon options. Operating System Licensing Settings Set the registered name and view the hashed installation license key for the installed operating system. User Account Settings Set the local Windows user account values. Computer name This is the NetBIOS name for the computer. The name must be unique in the network and is limited to 15 characters. Computer Name box is disabled for multiple computer configurations. Deployment Solution 407
Define name range Create a sequential range of computer names. You can identify a root name and automatically increment its associated number. This option is available when selecting groups of computers. For new computers, set a range of names for multiple new computers: Number of computers. Enter the number of computers to be automatically named. Fixed text. Enter the text portion of the name you want associated with each computer, for example: Mar ket i ng. Use Token Select the check box to specify the computer name using tokens. Selecting this option enables Fixed text combo box and disables the Range start, Label, and Append options. Note This option is applicable for multiple computers and not for single computer.Fixed Text: You can select one of the six tokens from the drop-down list. %NAME%- Complete computer name. %NICyMACADDR%- MAC address of the computer with NIC specific number. Selecting this option enables the NIC Number option where you need to specify the NIC number which can range from 1-8. Note The default value for NIC number is 1. %SERIALNUM%- Serial number from SMBIOS. %NODENAME%- First 8 characters of actual computer name. Range start. Enter a numeral to add to the fixed text, for example: Mar ket i ng1. Append Select to add the range after the fixed text in the computer name. If you clear this box, the number is added as a prefix to the fixed text. Microsoft networking Click Workgroup or Domain and enter the name. Enter either the fully qualified domain name, the DNS domain name, or the WINS domain name. You can enter the fully qualified domain name (example: mj ones. your company. com), and specify the organizational unit (OU) using this format: OU/ newOU/ user s. The complete entry to place the computer in the user s OU is the following: mj ones. your company. com/ OU/ newOU/ user s i nt er nal . mySer ver . or g/ New Cor por at e Comput er OU/ Mai l Room/ Expr ess Mai l Ser ver s. Deployment Solution 408
TCP/IP Settings Host name The Windows name of the managed computer that is hosting Deployment Server. Network adapter A list of all network adapters installed in the selected computer. The network adapter with the lowest bus, device, and function number is the first listed (NIC0 - zero based). If the bus, device, and function information cannot be determined for a network adapter, it is enumerated in the order it is detected. When configuring multiple network adapters, ensure that one network adapter is not using an Intel Universal NIC driver (commonly called UNDI driver) to connect to Deployment Server. If one network adapter uses the native driver and one uses an UNDI driver, your computer appears twice in the console. Add. Click the Add icon for additional network adapters installed on the client computer. If a computer in the group has only one network adapter, it is configured only with the IP settings listed first. If IP settings are provided for additional network adapters not present in the computer, they are disregarded. MAC. The MAC address is a unique number assigned to the network adapter by the manufacturer. This is read-only. Domain suffix. Enter this to add domain suffixes to the root address. Use DHCP to obtain IP address. Click to obtain an address from a DHCP server. Assign a static IP address. Click to set static IP address values. Deployment Solution 409
NetWare Client Settings Set Novell NetWare client values for a new or existing computer. Select whether you want to log on directly to a NetWare server or to a NetWare tree in Novell Directory Services (NDS). You can specify the preferred tree, server name, and NDS context. Show advanced Click to set named interfaces for this network adapter. Click the edit icon to modify settings. Select Advanced to set multiple IP Interfaces. Name. Enter a name for the IP interface. Ensure you use the eth syntax when naming new interfaces, for example: et h0: 1 or et h0: new i nt er f ace. IP Address. Enter or modify the IP address common to all interfaces. Netmask. Enter the appropriate subnet mask. State. The default value of the interface state is Up, which denotes that the named interface is operating. Shut down the named interface by selecting Down. Broadcast Address. Enter the Broadcast address for the specified IP interface. Gateway. Click this tab to enter the gateway address for this IP interface. DNS. Click this tab to add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS suffixes (in order): Add the name of the Domain Suffix and use the up and down arrows to set the DNS suffix search order. DNS Suffix. You can enter DNS Suffix and specify DNS Suffix order search also. WINS. Click this tab to add additional WINS settings for this network adapter. You can select one of the three available options; Enable NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, and Use NetBIOS setting from the DHCP Server. Static Routes. Click this tab to enter the router settings information for this IP interface. All the fields, that is, Designation, Netmask, Gateway, Interface, Metric, Flag, Ref, and Use are mandatory. Ignore NetWare settings Select to disregard all Novell NetWare client settings for this computer. Preferred tree Click and enter the name of the NDS tree. Preferred server Click and enter the name of the NetWare server, for example: \ \ OneSer ver . This is the primary login server for the NetWare client. Deployment Solution 410
Operating System Licensing Settings Enter or view the license information for your Windows operating system software (Windows 98, 2000, XP, and 2003 Servers). User Account Settings Set up local user accounts for the newly imaged computer or when running a configuration task. Enter a user name, full name, and password, set standard Windows login options. Deployment Agents To remotely manage computers from a Deployment console, a Deployment Agent is installed on each computer in the Deployment Server system. Deployment Agents are NDS User name Click and enter the name of the user object for the NetWare client. NDS Context Click and enter the organizational unit context for the user. Run login scripts Select this option to run the NetWare client login scripts. Registered user Enter the name of the registered user. Organization Enter the name of the Organization. License key Enter the alpha-numeric license key. This is the hash value rendered from the OEM key or 25-digit license key required when installing the operating system. User name The user name for this local Windows user account. Full name The full name for this local Windows user account. Password The password for this local Windows user account. Confirm Password Retype the password for confirmation. Groups Specify the Windows groups that this user can belong to as a comma-delimited list, for example: Admi ni st r at or s, Mar ket i ng, Management User must change password at next logon Select to force the user to change the password after setting the configuration properties. User cannot change password. Prohibit the user from changing their password at any time. Password never expires. Select to maintain the user password. Deployment Solution 411
provided for various computer types, including Windows, Linux, DOS, and PPC Handhelds. The following Deployment Agents reside on the client computer and communicates with the Deployment Server. Install Deployment Agent to add a managed computer When Deployment Agent is installed on a computer, it searches across the network for a Deployment Server to attach to. When a Deployment Server is located by the Deployment Agent, the client computer is added as a record to the Deployment Database. Automatically update to newer version of Deployment Agent At times, Altiris may update versions of the Deployment Agent to enhance features. For best performance, it is suggested that all managed computers run the latest version of the Deployment Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server, the managed computers automatically update the Deployment Agent. Managing Agent Connections The following utilities are provided for managing transmissions between the Deployment Server and Deployment Agents running on the managed client computers. Deployment Agent on Windows The Deployment Agent runs on Windows computers, including desktops, notebooks, and servers. Deployment Agent on Linux This Deployment Agent runs on Linux workstations and server. Automation Agents The Automation Agents boot client computers when the Deployment Server sends a deployment job. Altiris supports DOS, Linux, and WinPE pre-boot operating systems. Deployment Agent for CE .NET This agent runs on the HP T5000 computer devices running the CE .NET 4.2 operating system. Notification Server Client The NS client is an Altiris agent that runs on computers supported by Notification Server. This agent runs on the Deployment Server computer when running Deployment Solution on Notification Server. Deployment Server Agent This agent runs on the Deployment Server computer when running Deployment on Notification Server.
When the Deployment Agent is running on a computer, the user sees a small icon in the system tray. When the icon is blue, the client computer running the Deployment Agent is connected to the Deployment Solution system.
When the Deployment Agent icon is clear, it shows that the client computer is not connected to the Deployment Solution system. The agent may be configured incorrectly, the Deployment Server is down, or other network problems exist. Deployment Solution 412
Reset a Client Connection Resetting the connection that a managed computer has with the Server simply disconnects and reconnects the computer. This is useful for troubleshooting or if you suspect there is a bad connection. To reset a client connection, right-click a computer and click Advanced > Reset connection. When the computer disconnects, its icon turns gray. The computer should reconnect and its icon color returns to its original active status color. Reject or Retrieve a Rejected Computer If a computer you do not want to manage connects to your Deployment Server, you can reject it. This removes the unwanted computer from the Computers pane in the Web Console. Further attempts by the computer to connect are denied. Although the computer is not deleted, any history or schedule information associated with the computer is deleted. 1. Click the computer you want to reject from connecting to the Deployment Server. 2. Select Reject Connection from the Select action drop-down list. 3. Click OK. View Rejected Computers You can view the rejected computers by clicking on a Deployment Server, and selecting View Rejected Computers from the Select action drop-down list. The rejected computers are prohibited from being active in the Deployment Database. They are identified and rejected by their MAC address. You can remove computers from the Rejected Computers list by selecting it, and clicking Accept Computer(s) icon from the toolbar. This allows the computer to attach again and be managed by the Deployment Solution system. Computer Details View and edit the computer properties and inventory for each managed computer. See Properties (page 412) and Inventory (page 414). Properties The following are the general properties of the selected managed computer. General (page 413) Network (page 413) TCP/IP (page 413) Location (page 413) Bay (page 413) Lights-Out (page 414) Deployment Solution 413
General View or change the name of the computer as it appears in the console. View logged in user name, operating system installed, name of the Deployment Server, whether or not an automation partition is installed, version of the Deployment Agent, and other client information. Network View Microsoft Networking, Novell Netware settings, and user information for the selected managed client computer. TCP/IP View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the selected computer. Click Change to open the configuration window allowing you to modify settings. Location View and edit user-specific properties such as contact name, phone number, e-mail address, department, mail stop, and site name. As the administrator, you can enter this information manually or you can let the user populate this screen using Prompt User for Properties. Bay View location information and other properties for Rack / Enclosure / Bay components for high-density and blade servers. Set rules for automatic re-deployment of blade servers based on physical location changes. Server Deployment Rules From the Bay property page, you can select rules to govern actions taken when a new blade server is detected in a selected bay. These rules are described below: Rule Action Re-Deploy Computer Restore a blade server using deployment tasks and configuration settings saved from the previous server blade in the bay. This lets you replace new blades in the bay and automatically run deployment tasks from its deployment history.See Restoring a Computer from its Deployment History on page 88 All deployment tasks in the bay's history are executed starting from the last Distributing Disk Image task or Scripted OS Install task, or from any script (in a Run Script task) with this command: r emdepl oyment st ar t . Run Predefined Job The server processes any specified job. Select a job to run automatically when a new server is detected in the bay. Deployment Solution 414
Lights-Out View information about the remote management hardware installed on the selected computer (most often a server) used to power up, power down and restart the computer remotely, or to check server status. You can also enter the password for the remote management hardware by clicking Password. Note This feature is currently only available for selected HP Integrated Lights Out (ILO) and Remote Insight Lights-Out Edition (RILOE) features. Inventory The following are the inventory details of the selected managed computer. Hardware (page 414) Drives (page 414) Applications (page 414) Services (page 415) Devices (page 415) Hardware View processor make and type, processor count, RAM installed on the computer, display configuration, manufacturer, model, product name, MAC address of each network adapter installed, serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and configured. Drives View information about each drive on the computer. If you have multiple drives, you can select a drive from the list box to view its settings, such as capacity, serial number, file system, volume label, and number of drives installed. Applications View the applications that are installed on the computer, including description, publisher, version number, product ID, and systems components. Ignore the Change This option lets you move blades to different bays without automatically running jobs. The server blade placed in the bay is not identified as a new server and no jobs are initiated. If the server existed in a previous bay, the history and parameters for the server are moved or associated with the new bay. If the server blade is a new server (never before identified), the established process for managing new computers is executed. Wait for User Interaction (default) No job or tasks are performed (the Deployment Agent on the server blade is instructed to wait). The icon on the console changes to reflect that the server is waiting. Rule Action Deployment Solution 415
Services View the services installed on the computer as well a description, start type, and path for each service. Devices View the devices installed on the computer, including display adapters, disk drives, ports, storage volumes, keyboards, and other system devices. Remote Operations After selecting a specific computer device, click the Computer actions drop-down list and select a remote operation to perform on the selected computer. This menu provides a variety of commands to remotely manage all computers in your site or network segment. Configure Set network and local configuration properties for each computer, including computer name, IP address, domains, Active Directory context. See Computer Configuration Properties (page 406). Quick Disk Image Select a computer and image its hard disk. This creates and stores the image to distribute now or later. To run a disk image job you must have have an Automation Partition installed on the client computer. You can also manually boot a client computer using bootable media created in Boot Disk Creator, or create a boot menu option in PXE Server. When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Image Jobs folder. The job name has a generic format of Cr eat e I mage: <comput er name>. Copy File to Copy selected files, directories, or entire directory structures and send them to the selected computer(s). See Copy File (page 437). Run command Type and run commands remotely. Send a command from the Deployment console as if you were entering a command from the command-line prompt. History View a history of deployment tasks. Click Save to save the deployment history to a file or click Delete to delete the history. Reject Connection To manage unwanted client computers from attaching to the Deployment Server, use the Reject Connection computer action to remove the client's MAC address and other information from the Deployment database. If the client tries to connect to the server, the MAC address cannot be found and the client-server connection is rejected. See Reject Client Computer Connections (page 372). Deployment Solution 416
Wake Up The Wake Up feature is hardware-dependent and is only available for inactive computers. Select this command to start a computer that has been turned off. Your operating system and network adapter must be capable of recognizing and processing the wake-on-lan packets. Non- embedded network adapters must be properly configured. Restart Click to reboot the selected managed computer. Select Force Applications to close without a message box to restart immediately without prompting the user. Shut down Click to shut down the selected managed computer. Select Force Applications to close without a message box to shut down immediately without prompting the user. Log off Click to log off of the selected managed computer. Select Force Applications to close without a message box to log off immediately. Clear Status Clear computer status as shown in the Status field on the Details page. Prompt User for Properties Query for computer location and user information. This feature sends a form to the user to fill out and writes it directly to the database, appearing in the Location properties for the selected computer. If the user changes the computer name, the name in the Computers pane of the Deployment console also changes. These settings are stored directly to the Deployment Database. Install Automation Partition Click Install Automation Partition from the drop-down list, and select a pre-boot operating system for the automation partition. You can select DOS, Linux, or Windows as the pre- boot operating system. Get Inventory Update property settings for a selected computer. These inventory settings can be viewed in Computer Details (page 412). Select it to ensure you have the latest inventory of the computer. Apply Regular License Apply a permanent license if a client computer is using a time- limited license or requires an updated license. Rename Assign the computer or group a new name in the console. Delete Delete a computer, a computer group, or any combination of computers and groups from the database. Change Production Agent Settings Select Change Production Agent Settings to modify the production agent settings. See Production Agent Settings (page 375). Change Automation Agent Settings Select Change Automation Agent Settings to modify the automation agent settings. See Automation Agent Settings (page 379). Move to Group Click to move the selected computer to a new group. Deployment Solution 417
Find a Computer in the Database Enter a search string in the Find field to query database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. In the Find field type all or part of the computers property values you would like to search for: A list of computers meeting the search filter requirements is listed in the Details pane. This search is not case-sensitive and allows wildcard searches using the *. Creating a Computer Group Filter For Computer Filters, this dialog lists all computers in a group according to a specified criteria. Example: you can create a filter to view all computers in a particular group that have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter, you can view all computers with that criteria in the Details pane of the Deployment Server Console. To create or modify a computer filter 1. Click any computer group. In the Details pane, you can view Filter by on the toolbar. 2. Click Add Filter icon from the toolbar to create a new filter. Name BIOS name of the computer. Computer Name Deployment Solution name of the computer. MAC Address 0080C6E983E8, for example. IP Address 192.168.1.1, for example. ID The computer ID. 5000001, for example. Serial Number Serial number installed in BIOS. A primary lookup key. Asset Tag Asset number in BIOS. A primary lookup key. UUID A primary lookup key. Registered User Name entered when the operating system was installed. Product Key Product Key for the operating system. Logged On User Name of user currently at the computer. Physical Bay Name The actual bay number: 7x, for example.
Click a computer group in the Computers pane. The Filter feature appears in the Details pane for the selected computer group. Click Setup to add new filters, or modify and delete existing computer filters. Deployment Solution 418
3. Type a name for the filter in the Filter Name box, and click Edit Filter Name. By default, the filter name is Filter N, where N is a sequentially generated numerical. 4. Click New Filter Item in the Filter Definition area. 5. Define the conditions you want to filter. Click the Field box to see a list of computer values stored in the Deployment Database. Select a computer value and set the appropriate operation from the Filter list. In the Value box enter an appropriate value for the selected database field. Example: You might choose Computer Name as the Field, Contains as the Filter, and Sales as the Value. 6. Repeat steps 4 and 5 to add more conditions. Click OK. See also Find a Computer in the Database (page 417). Deployment Solution 419
Scheduling Jobs from the Deployment Web Console A job represents a collection of predefined or custom deployment tasks that are scheduled and executed remotely on selected managed client computers. You can build jobs with tasks to automatically create and deploy hard disk images, back up and distribute software or personality settings, add printers, configure computer settings, and perform all aspects of IT administration. Jobs can be run immediately for a specific computer, or stored and scheduled for daily or long-term administrative duties on multiple computer groups. The Job Scheduling Wizard (page 422) guides you through common deployment and management jobs. It provides three easy steps to select computers, select a job, and schedule the job to run. Jobs include one or more Deployment Tasks (page 423). You build jobs by adding tasks to a job and customizing the task for your specific needs. You can add tasks to capture and distribute images, software packages, and personality settings. Or you can write and run a script task, or run scripted installs, configure settings, copy files and back up registry settings. You can also modify existing jobs by adding, modifying, or deleting tasks to fit your needs. See Building New Jobs (page 420). Set conditions on jobs to run only on computers with properties that match the criteria you specify. You can build one job to run on different computer types for different needs, and avoid mistakes by ensuring that the right job runs on the right managed computer. Initial Deployment lets you run predefined jobs and configuration tasks on new computers when they start up. You can automatically deploy new computers by imaging and configuring TCP/IP, SIDs, and other network settings and installing basic software packages. See Initial Deployment (page 442). Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs pane. You can run many sample jobs as they are, or you can set environmental variables and run. Viewing Job Details As jobs are assigned, scheduled and executed, it is helpful to know specific details about their status and assignments. The Deployment Console provides job icons to show state and status of the job in the Details pane, including:
Job icons appear in the Jobs pane of the Deployment Web Console. To run a job, select a job and select a computer or computer group from the Computers pane. Select the Schedule Job(s) option from the Select action drop-down list. Deployment Solution 420
Job status icons that update to display the state of the job in running deployment tasks. These icons are graphical symbols in the Deployment console used to identify the status of an assigned job. A description of the job, if available. If a job defines error conditions when individual tasks run, the Status field displays any errors incurred and the tasks that completed successfully. View all jobs, failed jobs, pending jobs, jobs not scheduled, scheduled jobs, and successful jobs from the Details pane. Job Schedule details. This is the job's run time, beginning when the job started and ending when it completed successfully. Currently applied conditions. You can add conditions to different task sets for different computer properties within a job. Conditions specify characteristics that a computer must have before the job is run. A list of tasks assigned to the job and task descriptions also appear. Change the order of the task execution with the arrows. Tasks are executed in the order they are listed. See Deployment Tasks (page 423). Features to add, modify, and delete tasks for each job. A list of assigned computers and its deployment history. Building New Jobs A job can be a single task to distribute software or change computer property settings, or a job can be a series of tasks sequenced to migrate hard disk images, set post- installation TCP/IP and SID values, and install software packages and personality settings.
Indicates that a job is scheduled to run on a computer or computer group.
Indicates that a job is in progress.
In the Details pane, indicates that a job has executed successfully.
Indicates that a job is associated with a computer or group of computers but is not scheduled. Indicates error conditions when individual tasks run. Deployment Solution 421
Create and build jobs by adding tasks and setting conditions to run the job. 1. Click a Deployment Server in the Jobs pane. The job is created in the selected Deployment Server system and saved to the shared folder in its Deployment Share. 2. Select the New job action from the list in the Jobs pane. The Job Details page appears. 3. Enter information for the new job: Job name: Enter a unique name for the job and click the apply icon . Description. Enter a description for the job and click the apply icon . 4. At Condition sets, select a previously created condition set from the list to run the job only on managed computers meeting specified criteria. Click the expand in the Conditions area to create a new condition set. Note The Tasks area is not enabled when the Conditions area is expanded. 5. In the Tasks area, click the New icon . A secondary page displays job information and the condition set. 6. In the Task type field, select from the list of tasks to add to the job. The configuration page for the selected job appears. Enter the configuration information for each job and click OK. See Deployment Tasks (page 423). 7. Repeat steps 5 and 6 to add more tasks to the job. 8. From the Job Details page, set the order of Tasks to run in the job. 9. After creating and building a job, click the Job Actions list and select Schedule job or another option. Delete Job. Select to eliminate the job. Schedule Job. Select to schedule the job to run immediately or at another time. If no computers are selected, the Computers page appears to select a computer or computer group. The Job Scheduling page appears. Move Job. Select to move the job to another folder. 10. Schedule the job to run immediately or at another time. If no computers are selected, the Computers page appears to select a computer or computer group. The Job Scheduling page appears. After scheduling a job, the selected computers assigned to the job appears in the Scheduled computers list box. Create a new job by selecting the New Job command from the drop- down list in the Jobs pane. You can add tasks and create condition sets in the Details pane. Deployment Solution 422
Job Scheduling Wizard The Job Scheduling Wizard provides features to assign jobs to selected computers and computer groups, and schedule to run. Select Computers 1. Click a Deployment Server group and select individual computers or computer groups. If you are running Deployment from the Altiris Console, you can select by defined computer collections in the Altiris Console Collections. See Managing Computers from the Deployment Web Console (page 398). 2. Click Next. Select a Job 1. Select a job in the left pane to assign to the selected computers. Select a pre- defined condition to run the job in the Conditions list. 2. Click Next. Schedule Job 1. Set scheduling options. See Scheduling Jobs (page 422). 2. Click Close. Scheduling Jobs After a job has been created, assign it to computers or computer groups. Click Run Now or Schedule to schedule the job to run immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected from the Jobs pane of the Deployment Web Console are scheduled in the order they were selected, even across multiple Deployment Servers. Note When a software package or deployment job is scheduled to run on client computers, e the Altiris Client Service Message dialog appears, warning them that a job is about to execute. If a user clicks Abort when the message appears, an event is logged to the client's history so that Deployment Solution administrators know when users abort a scheduled event. To schedule a job From the Schedule Job page, select the appropriate options: Assign but do not schedule or run. This option lets you apply jobs to computers but does not run the job until you return to the Schedule Job dialog and set a run time. Run immediately. This option lets you run the job now. Schedule to run at a later time. This option lets you type the date and time to run the job at a specified time and date. When you select this option, Date and Time fields are enabled to specify a time and date to repeat. Deployment Solution 423
Repeat this job every x. A job can be scheduled to execute by minute(s), day(s), hour(s), week(s). Defer this job up to x. A job can be deferred when the server is busy executing other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to five minutes. Schedule in batches of x computers at y minute intervals. This option lets you schedule computers in batches to maximize efficiency. Click OK. Deployment Tasks A task is a subordinate action of a job. After creating a job, you can add tasks to perform basic operations, including: Create Disk Image. Create a disk image from a reference computer and save the image file (IMG or EXE files) for later distribution. See Creating a Disk Image (page 424). Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or create a disk image from a reference computer on the network and simultaneously distribute it (IMG or EXE) to other managed computers on the network. See Distributing Disk Image (page 426). Distribute Software. Distribute RIPs, MSI files, scripts, personality settings and other package files to computers or groups. See Distributing Software (page 429). Capture Personality. Capture the personality settings of a selected computer on the network using the PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing Personality Settings (page 432). Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid Altiris packages and assign passwords and command-line switches to Personality Packages. See Distributing Personality Settings (page 433). Change Configuration. Modify the IP address, computer and user name, domains and Active Directory organizational units, and other network information and computer properties. See Modifying Configuration (page 434). Get Inventory. This lets you gather inventory information from client computers to ensure that the Deployment database is up-to-date with the latest computer properties information. See Get Inventory (page 435). Back up Registry Files. Back up an individual registry file for a selected computer and save it to a selected directory. See Backing up and Restoring Registry Files (page 434). Restore Registry Files. Restore registry settings previously saved for a selected computer. This lets you recover from a hard disk crash or other disaster. See Backing up and Restoring Registry Files (page 434). Run Script. Create custom commands using scripts to perform jobs outside the bounds of the pre configured tasks. Use the Run Script dialog to select or define a script file to run on specified computers or groups. See Run Script (page 435). Copy File to. Copy a file from the Deployment Share or another source computer to a destination computer. See Copy File (page 437). Deployment Solution 424
Shutdown/Restart. Perform power control options to restart, shutdown, power off, and log off. See Power Control (page 438). Tasks are listed for each job in the task list box. Each task executes according to its order in the list. You can change the order using the up and down arrow keys. Creating a Disk Image When you create an image of a client computers hard disk, it is saved to the Deployment Share (by default) as an .img or .exe file. Imaging deployment jobs require that the client computer boot to automation. PXE-enabled client computers can boot to automation from the PXE Server. Other methods of booting to automation include installing an embedded or hidden automation partition, or manually booting a computer using bootable media, created with Boot Disk Creator. See Boot Disk Creator Help, and PXE Configuration Utility Help. To create a Disk Image 1. Enter the path and file name to store the image file. You can store image files to access later when a managed computer is assigned a job that includes the image file. The default file name extension is IMG. Saving image files with an EXE extension makes them self-extracting executable files (it adds the run-time version of RapiDeploy in the file). 2. Click Local image store if you want to store the image file locally on the client computer's hard drive. Enter the path relative to the managed computer (example: c: \ myi mage. i mg). This is optional. When you store an image locally on a computer instead of a file server, you save server disk space and reduce network traffic. If you are imaging multiple computers or image computers frequently, there it is advisable to store images locally. Prerequisite: Ensure you have an embedded (recommended) or hidden automation partition installed on the computers hard disk with enough disk space to save the images you want to store. Note When imaging computers where labs are cached, do not use the option to remove the automation partition unless you want to clear the lab from the computer. 3. Enter an image description (optional) in the Description field to help identify the image. 4. Select Prepare using Sysprep to use sysprep to prepare system for imaging. Click Advanced Sysprep Settings. See Advanced Sysprep Settings for Creating a Disk Image (page 425) 5. Select the operating system from the Operating System drop-down list. Note Click Add new to go to the Sysprep Settings dialog and select the OS Information. 6. Select the product key from the Product Key drop-down list. Deployment Solution 425
7. Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/WinPE/Linux) drop-down list to perform the Create Disk Image task in selected pre-boot environment. By default, the DOSManaged Boot Option type is selected. 8. (Optional) Click Advanced to select Media Spanning and additional options. See Create Disk Image Advanced on page 425. 9. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). 10. Click OK. The task appears in the Task list for the job. Tip If an imaging Job fails on a managed computer, the Deployment agent configuration screen appears on the client. This screen displays a prompt to confirm if the user wants to configure the client or restore the original settings. Select Cancel > Restore Original Settings on the client screen. See also Deployment Tasks (page 423). Advanced Sysprep Settings for Creating a Disk Image Click Advanced Settings to open the Advanced Sysprep Settings dialog. You can use the Advanced Sysprep Settings dialog to specify Sysprep mass storage device support. By default, the Enable mass storage device support using built-in drivers option is selected. Disable mass storage device support. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as Bui l dMassSt or ageSect i on = No. Enable mass storage device support using built-in drivers. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as Bui l dMassSt or ageSect i on = Yes. Enable mass storage device support using the following: When this option is selected, the Sysprep.inf file contains the section [SysprepMassStorage] and is appended by contents of the file mentioned in the Mass storage section file field. You can also copy the drivers directory mentioned in the Mass storage drivers field. Create Disk Image Advanced RDeploy Options Graphical Mode (RDeploy). Click this option if you want to choose the imaging executable as RDeploy. Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT. Text Mode or RDeployT is the default choice. Media Spanning Maximum file size. The Maximum file size supported is 2 GB. To save an image larger than 2 GB, Deployment Server automatically breaks it into separate files regardless of your storage capacity. From the Maximum file size list, select a media type. Specify ___ MB. If the preferred type is not on the list, enter the file size you want in the field. Deployment Solution 426
Additional Options Do not boot to Windows. Select this option to create an image of the hard disk while booted to DOS without first booting to Windows to save network settings (TCP/IP settings, SID, computer name, and so on). If you select this option, these network settings cannot be reapplied to the computer after the imaging task, resulting in network conflicts when the computer starts up. Note This check box should be selected when imaging Linux computers. Compression. Compressing an image is a trade-off between size and speed. Uncompressed images are faster to create, but use more disk space. Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to create a larger compressed image file with a faster imaging time. The default setting is Balanced for Size and Speed. Command-line switches. You can add command-line switches specifically for the RapiDeploy program to execute imaging tasks. See the Altiris RapiDeploy Product Guide located in the Docs folder in the Deployment Share. Distributing Disk Image Distribute an image (.img) or executable (.exe) file to managed computers to set down a previously created hard disk image. 1. Click Select a disk image file to select a stored image file. This lets you set down a new image file from a previously imaged computer. This is a common method to distribute an image file. 2. If you want to image a source computer on the network, click Select a computer on the network. Enter the name and location of the source computer to create an image and distribute the newly created image file. This is optional. This option saves an image of a selected computers hard disk in its current state each time the job executes. You can schedule the job to image a specified computer every time it runs, allowing the image to be updated each time. Note Network mapping must exist on the source computer before imaging. UNC paths are not supported in DOS. 3. Select Local image store if you saved the image file on the client computers hard drive. With local image store, the image file is stored on a partition on the computer being imaged. The server cannot validate the image when a local image store is used. This is optional. 4. Select Prepare using Sysprep to use sysprep to prepare system for imaging. Click Advanced Sysprep Settings. See Advanced Sysprep Settings for Distributing a Disk Image (page 427). 5. Select the operating system from the Operating System drop-down list. Note Click Add new to go to the Sysprep Settings dialog and select the OS Information. Deployment Solution 427
6. Select the product key from the Product Key drop-down list. 7. Click Automatically perform configuration task after completing this imaging task to reboot the computer and push down the configuration settings to the newly imaged computer. This is optional. By default, the DOSManaged Boot Option type is selected. 8. Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/WinPE/Linux) drop-down list to perform the Distribute Disk Image task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. 9. Click Advanced to resize partitions and set additional options. See Distribute Disk ImageResizing (page 427) and Distribute Disk ImageAdditional Options (page 428). 10. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). 11. Click OK. See also Deployment Tasks (page 423). Advanced Sysprep Settings for Distributing a Disk Image Click Advanced Settings to open the Advanced Sysprep Settings dialog. You can generate the Sysprep.inf file for the Distribute Disk Image task, depending on the option selected in the Advanced Sysprep Settings dialog. Use default answer file. When this option is selected, the Deployment Server generates the Sysprep.inf file depending on the data present in the database. Use the following answer file. When this option is selected, the Deployment Server picks up the contents of the file mentioned in the Sysprep answer file textbox and prepares the Sysprep.inf file. Distribute Disk ImageResizing By default, whenever you deploy an image, you have the option to resize the partition to take advantage of the available disk space. Drive Size gives you information about the size of the image, so you can determine if you need to change partition sizes. Minimum indicates the amount of space the image usees on the target computers. Original indicates the image source disk size. Fixed Size. Select this option and enter the desired partition size. Percentage. Select this option and enter the percentage of free space you want the partition to occupy. Min. View the minimum size of the partition. Max. View the maximum size of the partition. Note FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can be sized smaller than the minimum value). HP partitions remain a fixed size. Deployment Solution 428
Distribute Disk ImageAdditional Options This option lets you specify operations for existing automation and OEM disk partitions. The options are as follows: Leave the partition as it is Remove the automation partition Replace the existing partitions RDeploy Options: Graphical Mode (RDeploy). Click this option if you want to choose the imaging executable as RDeploy. Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT. Text Mode or RDeployT is the default choice. Automation Partition: Leave the client's existing Automation partition as it is. If the image file contains no automation partition information, by default, this option is selected. The Automation partion remains unchanged when distributing disk images. Delete the client's Automation partition [-nobw]. Select this option if you want to delete the existing Automation partition from client computers. Replace the client's existing Automation partition from the image file [-forcebw]. Select this option if you want to replace the existing Automation partition on the client computer with the Automation partition from the image file. OEM Partition: Leave the client's existing OEM partition as it is. If the image file contains no OEM partition information, by default, this option is selected. The OEM partion remains unchanged when distributing disk images. Delete the client's OEM partition [-nooem]. Select this option if you want to delete the existing OEM partition from client computers. Replace the client's existing OEM partition from the image file [-forceoem]. Select this option if you want to replace the existing OEM partitions on the client computer with the OEM partition from the image file. Additional Command-line switches. You can add command-line switches specifically for the RapiDeploy program that runs imaging tasks. See the Altiris RapiDeploy Product Guide located in the Docs folder of the Deployment Share. Note The checkdisk command-line option should not be used from a Deployment console, because the post-configuration task fails after an image restore. See also Deployment Tasks (page 423). Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives) Deployment Solution supports imaging clients from bootable USB Disk on Key (DOK) devices. Deployment Solution 429
To image computers from USB Disk on Key Devices 1. Format the USB DOK using HPs USB Disk Storage Format tool as FAT and make it a DOS startup disk. 2. In Boot Disk Creator, create a new automation boot disk while creating a new configuration. 3. Select Bootable disk-Removable disk to install on the USB Disk on Key. 4. Copy HIMEM.SYS to the device. 5. Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment Server\RDeploy\DOS directory to the device. 6. Copy the <Filename>.img file to the device. 7. Create an Autoexec.bat with the script and command-line option, r depl oyt - md - f c: \ I MAGE. i mg - d2 Note The -d2 switch is the most important part of the script, as it specifies the flash drive. 8. Create a Config.sys with the following: DEVI CE=C: \ HI MEM. SYS swi t ches = / f DOS=HI GH, UMB SHELL=command. com/ p / E: 1024 BUFFERS=20 FI LES=20 STACKS=0, 0 FCBS=1, 0 LASTDRI VE=Z 9. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and images correctly. Distributing Software Send MSI, CAB, EXE, and other package files to selected computers or computer groups, including EBS, and RPM files for Linux computers. This task identifies valid Altiris packages and assigns passwords and command-line switches. 1. Enter the name and location of the package to distribute in the Name field. Note Information about the package appears in the Title area for valid packages. If no description appears, the file is not a RIP or a Personality Package. 2. To distribute Software Delivery Packages, click . Deployment Solution 430
Note The Import Software Delivery Packages option is enabled only if the Notification Server is installed on the Deployment server computer. A dialog appears containing a list of all available Software Delivery packages and programs. 3. Select the Software Delivery package from the Software Delivery Packages drop- down list. After you select the package, all available programs for that package are listed in the Software Delivery Programs drop-down list. Select the required program from the Software Delivery Programs drop-down list. 4. Select Package distribution options. Select Run in quiet mode to install the package without user interaction. Select Apply to all users to run the package for all users with accounts on the computer. If sending the package to a managed computer with multiple users and if you only want it installed for certain users with a unique password, clear the Apply to all users box. If distributing an install package or other types of packages with associated support files, you can select Copy all folder files to install all peer files in the directory. Select Copy sub folders to distribute peer files in the directory and all files in associated subdirectories. Note Some clients may have software installed on the client computer that, for protection against harmful software, only allows software programs on a list of well-known executable to run. Therefore, whenever the system administrator wanted to install a patch on client computers, he or she would have to update the well-known-executable list on all the client computers, which could be a lot of work. To save the work of updating that list, or of manually renaming distribution packages, the RenameDistPkg feature was added. Now, the system administrator may update the well-known-executable list once with a filename of their choosing. The well-known filename may be entered into the Windows registry of the Deployment Server computer (the computer running axengine.exe), as the Value data of a string value named RenameDistPkg under the HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options key. If the RenameDistPkg registry entry is set, Deployment Server renames installation files that are copied to the client computers. This feature only affects files that are temporarily copied to the client computer as part of a Distribute Software task. The file that is to be executed only during the installation, sometimes referred to as the package, is the file that gets renamed, not the files that actually get installed to various locations on the target computer. If the Copy all folder files option is enabled, only the main (installable) file is renamed. 5. For RIPs, if you set the Package password option when you created the RIP, you must enter the password for the package to run. 6. Add values to the Command-line switches field, for example: Deployment Solution 431
- cu: J Doe; TMaya; Domai n\ BLee Note The command-line switches are specific to any package you are distributing that supports command-line options, such as RIPs and Personality Packages. For a complete list of command-line switches, see the Wise MSI Editor and the Altiris PC Transplant Pro Product Guide. 7. Click Advanced to specify how files are distributed to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Software-Advanced on page 431. Click Next. 8. Set Return Codes. See Setting Up Return Codes (page 440). This is optional. 9. Click OK. Notes When a RIP or Personality Package is executed through Deployment Server, the quiet mode command-line switch is applied. This means the user cannot interact with the user interface on the managed computer. If the Personality Package is configured to run only if a particular user is logged in and only if the user has an account on the managed computer, the package runs the next time that user logs in. If the user does not have an account, the package aborts and sends an error back to the console via the Deployment Agent. If the package is not run through Deployment Server, a message appears on the managed computer and the user is prompted to abort or continue. Distribute Software-Advanced Copy files using Deployment Server. Click this option to distribute packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. This option is run for Simple installs and is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share if this data store is located on another server (a custom install). It copies the file and runs it, avoiding running through Deployment Server and diminishing processor output. Run directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying. Deployment Solution 432
Capturing Personality Settings The Capture Personality task lets you save personal display and user interface settings defined in the operating system for each user. You create a Personality Package that can be saved and distributed when migrating users. This task runs Altiris PC Transplant from the console to capture and distribute settings. 1. In Personality template file, enter the name of a personality template. A default personality template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). 2. In Store package in folder, enter the name of the folder where you want to save the personality package. 3. In User account and folder login, enter the login credentials for the managed computer from which the personality settings are to be captured, and the file server where the Personality Package is to be stored. 4. In Package login, enter a password for the Personality Package. This is a run time password that is required when the Personality Package runs on the destination computer. 5. Click Advanced to specify additional features. See Capture Personality-Advanced (page 432). 6. Set Return Codes. See Setting Up Return Codes (page 440). 7. Click OK. Notes To capture a personality on a Windows 98 computer, ensure that all users have Write access to the Deployment Server share (by default at C: Pr ogr am Fi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver in a Simple install). Also, ensure that the User account and folder login boxes are blank. A user must also be logged on at the client computer to capture the client profiles. An error is returned if you attempt to capture personality settings on Windows 98 computers that are not authenticated. We recommend that you don't capture personalities for mixed groups of Windows 98 and Windows 2000/XP/2003 computers. Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers to ensure that the appropriate Capture Personality task runs on the appropriate computers. Capture Personality-Advanced Domain users. Select this option to capture personality settings for all domain users on the computer. Local users. Select this option to capture personality settings for all local users on the computer. Custom. Specify users or groups to capture personality settings. Select the Custom check box and enter the Users or Groups you want to capture personality settings. Also, instead of specifying names, you can also select users that have been either created or last accessed in a specified number of days. Use condition. Set conditions for personality files that were accessed (a user logged on) or created (a personality package created) in the past defined days or months. Deployment Solution 433
Command-line switches. You can add command-line switches specifically for the PC Transplant program that migrates personality settings. See the Altiris PC Transplant Guide in the docs folder of the Deployment Share. Distributing Personality Settings The Distribute Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can distribute Personality Packages to migrate personality settings. This task runs Altiris PC Transplant from the console to capture and distribute settings. 1. In the Name box, enter the file name and location of the PCT file. Note Information about the Personality Package appears in the Title area for valid Personality Packages (PCT files). If no description appears, the file is not a valid package. 2. Select Run in quiet mode to install the package without viewing the PC Transplant screens. 3. Specify the users to associate with the Personality Package. Click Apply to all users to run the package for all users with accounts on the specified computer. If sending the package to a managed computer with multiple users and if you only want it installed for certain users with a unique password, clear the Apply to all users box. Example: to install a Personality Packages for a specific user accounts on a computer, add values to the Command-line switches field: - user : J Doe; TMaya; BLee Note The command-line switches are specifically for Personality Packages. For a complete list of command-line switches, see the Altiris PC Transplant Pro Product Guide. 4. In the Package Password box, type the password set for the PCT file when created. 5. Enter command-line parameters in the Command-line switches field. 6. Click Advanced to specify how Personality Packages are copied to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share, or from another file server. See Distribute Personality Advanced (page 434). 7. Set Return Codes. See Setting Up Return Codes (page 440). 8. Click OK. For more information about capturing a computer's personality settings, see the Altiris PC Transplant Pro Product Guide. Deployment Solution 434
Distribute Personality Advanced Copy files using Deployment Server. Click this option to distribute software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file and runs it and avoids running through Deployment Server and diminishing processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. Run directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Modifying Configuration You can add a task to configure or modify the configuration of computer property settings using the Modify Configuration task. The Deployment Agent updates the property settings and restart the computer for changes to take effect. 1. Enter or edit the property settings in the Modify Configuration page. Click a tab to set additional values for each property setting group. See Computer Configuration Properties (page 406). 2. Select the Reboot after Configuration check box to restart client computer after the configuration changes are complete. By Default, the Reboot after configuration check box is selected. 3. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). 4. Click OK. Backing up and Restoring Registry Files Copy registry files of selected computers using the Back up Registry task and save the registry file settings to a selected directory. You can also create a Restore Registry task to copy the registry settings to a managed computer. 1. In the Folder field, enter the directory path to back up or restore registry files. The default is to create a RegFiles folder in the Deployment Share. All computers with registry files in this folder appear in a list. 2. Select the required pre-boot environment from the Automation - PXE or BootWorks environment (DOS/WinPE/Linux) drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOS Managed boot menu option type is selected. 3. Click Advanced if Windows was installed on client computers in a directory other than the default path. Enter the correct path to the root of the Windows directory. Deployment Solution 435
4. Select Include registry information for all users to back up registry keys for all user accounts. Note If you clear this check box, only the Administrator and Guest user accounts are backed up or restored. 5. Set Return Codes. See Setting Up Return Codes (page 440). 6. Click OK. Get Inventory Use this task to gather inventory from an individual or group of client computers. This ensures that the Deployment database is up-to-date with the latest computer properties information. The status of the task shows Received Inventory and Received Inventory in the Scheduled Details pane below the task list on the Jobs page. 1. Click one of the jobs in the Jobs pane 2. Click the New Task icon, and select Get Inventory from the Task type drop-down list. 3. Click OK. Run Script Select an existing script or write a new script file to run on selected managed client computers. 1. If you have a script file defined, click Run script from file and browse from the folder icon to select the file. You can now modify the script in the edit box. 2. To create a new script, click Run this script. Type the script in the provided text box. 3. Click Import to import the scripts from a text file. 4. In the Choose the script operating system area, select Windows, DOS, or Linux as the operating system for running the specified script. 5. Click Advanced to provide the advanced details. See Advanced Run Script Options (page 436). 6. Set Return Codes. See Setting Up Return Codes (page 440). 7. Click OK. Notes When a computer is in Automation mode using the DOS Automation Agent, it does not see DOS partitions. To run a script from Automation, use FIRM (File-system Independent Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive. Deployment Server assumes a return code of zero (0) as a successful script execution. Some programs return a code of one (1) to denote a successful script execution. If a program returns a one (1), you see an error message at the Deployment console even though the script ran correctly. To modify the return codes, you can edit the script file to return a code that the console interprets correctly. Deployment Solution 436
Advanced Run Script Options Select advanced options for running the script such as location of the script and running environment. Script Run Location On the client computer. The option runs the script on the managed computer to which you assign the job. Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of the managed computer. In most cases you can create a server- side script task that runs in context with other tasks. Example: you can add a task to image a computer and add a task to execute a server-side script to post the imaging return codes to a log file stored on the Deployment Server computer. Use the -id switch for running scripts on Deployment Server when using the WLogEvent and LogEvent utilities. Note Scripts requiring user intervention do not execute using this feature. The script runs on the Deployment Server of the managed computer, but is not visible. Example: if you run a DOS command locally on the Deployment Server, the Command Prompt window does not open on the Deployment Server computer when the script executes. When running the script on the Deployment Server, it executes specifically for the assigned managed computer. Example: if you create a job with a script to run locally on the Deployment Server and assign the job to 500 computers, the script runs on the Deployment Server 500 times. Client Run Environment Select the environment for your client. You can run in either production or automation mode. Production - Client-installed OS (Windows/Linux). Click this option to run the script in a Windows or Linux production environment. Security Context - (Windows only) Default (local system account). Use Windows authentication to authorize a users account name and domain information to manage client computer.s Enter user name and password. Enter a name and valid password for the user to manage client computers. Script options (Windows/Linux) Script Window. This determines how you want the Script Window to appear when the script runs. Select Minimized, Normal, Maximized, or Hidden from the drop- down list. Additional command-line switches. Enter any commands you want to execute when the script runs in Windows or Linux. Automation - PXE or Bootworks environment (DOS/WinPE/Linux). Click to run the script in the automation environment. Select a pre-boot automation environment from the drop-down list. If you select Linux as the operating system type, the Locally on the Deployment Server option is disabled and only the Additional command-line switches under the Production Client installed OS(Windows/Linux) is enabled. Deployment Solution 437
If you select DOS as the operating system type, the Locally on the Deployment Server option and the Production - Client-installed OS (Windows/Linux) option is disabled. Example Script The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful completion. Here is an example of the file that is modified to return a code of 0 (which is the success code recognized by the Altiris Console and utilities). You can make similar changes to your script files as needed. CONVERT / FS: NTFS i f ERRORLEVEL 1 got o success got o f ai l ur e : success set ERRORLEVEL = 0 got o end : f ai l ur e echo Fai l ed set ERRORLEVEL = 1 got o end : end Copy File Copy all types of files to managed computers. You can send selected files or directories to a computer or computer group. 1. Click either the Copy file or Copy folder option. Click Copy sub folders to copy all subdirectories. 2. Enter the directory path and name of the file or directory. The Source path defaults to the Deployment Share, but you can type or browse to another file or directory. To copy files or directories through Deployment Server from the Deployment Share, you can enter a relative path in this field. To copy files or directories directly from the Deployment Share to the managed computer, you must enter the full UNC path name (see Copy File Advanced on page 438 features). Note When entering the source path for copying files through the Deployment Server, you can only access the shared directories through an established user account. Specifically, you can only use UNC paths when you have sufficient authentication rights established. 3. Type the destination path. The Destination field automatically enters a sample path, but you can enter the directory path you require. If the destination path does not exist on the destination computer it is created. 4. Click Advanced to specify additional features to copy files through Deployment Server or directly from a file server. See Copy File Advanced (page 438). Deployment Solution 438
5. Set Return Codes. See Setting Up Return Codes (page 440). 6. Click OK. Using Location Variables Location variables are being added to Deployment Server for the Copy Files feature, allowing you to enter a token variable rather than requiring a complete location path when copying files to a managed computer (a client computer running the Deployment Agent). The current variables include: Temp. Enter Temp in the Destination path to set the Temp directory (identified in the system path) for the managed computer. Example: instead of entering C: \ wi ndows\ t emp\ set up. exe in the Destination path, just enter temp:setup.exe. Copy File Advanced Select options to copy files directly from the Deployment Share. This option is for files stored on another network server in a distributed Deployment Server installation. Copy files using Deployment Server. This option distributes software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. You can use a relative path name entered in the Source Path box in the Copy Files dialog. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file directly to avoid running through Deployment Server and diminishing processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. File source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying. Power Control Start the computer using Wake-on-LAN or run standard power control options to restart the computer, shut down, or log off the current user. 1. Select a power control option: Restart, Shut down (if available), Log off, or Wake up (send Wake-On-LAN). 2. Select the Force applications to close without prompting check box to force applications to close without saving unsaved data,. Deployment Solution 439
If you use this option, any unsaved data in open applications is lost. If you do not use this option, open applications with unsaved data do not close until the user chooses to save or not save the data. As a result, the managed computer cannot complete the selected power option until the user makes a selection. 3. Click OK. 4. (Optional) Set Return Codes. See Setting Up Return Codes (page 440). Copy Jobs and Job Folders Jobs or job folders (including their subfolders) can be copied to any other job folder in the treeview of the Jobs pane of the Web Console. A Job folder can only be copied to a root level folder, which has a limit of 30 subfolders, and cannot be copied to a child level folder. If you copy a job or folder with the same name as the destination job or folder, the copied job or folder is automatically named Copy of <job or folder name>. This feature can only be performed by administrators or users who have been granted permissions to create jobs, or job folders. To copy jobs and job folders 1. In the Jobs pane, click a job or job folder. 2. Click the Job Actions drop-down list, and select Copy job/folder. 3. In the Select a folder dialog, select a destination job folder, and click OK. Importing and Exporting Jobs If you have several Deployment Servers in your environment, this feature lets you Import (restore) and Export (back up) job folders, so you can move data from one Deployment Server to another. Administrators and users, who have been granted privileges, do not have to go to the Deployment Console to perform these functions. To import jobs 1. From the Deployment Web Console, click a job or job folder in the Jobs pane. 2. Click the Job Actions drop-down list, and select Backup/Restore job. The Backup Job Restore Job dialog appears. 3. By default the Backup Job(s) option is selected. Click the Restore Job(s) option. 4. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field, or browse to the file you want to import. The file must be a valid .bin file or have been created with a current version of the database schema. 5. By default the job or job folder name you selected in the Jobs pane appears in the Restoring to selected folder field. If you did not specify a job or job folder, the Deployment Server imports the file at the root level in the Jobs pane. 6. Select the Overwrite existing Jobs and Folders with the same name check box to replace jobs and folders with the imported data. 7. Select the Delete existing Jobs in folder check box to delete all the jobs in the folder you selected. The folder is populated with the jobs from the imported file. If you did not specify a specific job folder to import (restore), this option is disabled. Deployment Solution 440
8. Click OK. The import file restores the jobs on the Deployment Server. To export jobs 1. From the Deployment Web Console, click on a job or job folder in the Jobs pane. 2. Click the Job Actions drop-down arrow and select Backup/Restore job. The Backup Job Restore Job dialog appears. By default the Backup job(s) option is selected. 3. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field, or browse to a directory where you want to save the exported file. If you do not enter a file extension, the file is saved with a .bin file extension. Click Save. 4. Click Browse associated with the Select job(s)/folder(s) to backup option. 5. Select a job or folder in the dialog, and click OK. 6. Click OK. The jobs or folders on the Deployment Server back up to the file name you specified. Setting Up Return Codes When you create a task in a job, you can define a response to specific return codes generated from that task after it runs. You can determine the response if the task runs successfully or if the task fails. You can also set up custom return codes generated from scripts or batch files that are unique to your environment or deployment system. Note Return code handling cannot be set up for jobs created in the Job Scheduling Wizard. When creating a task, the Return Codes dialog appears to let you set a response if the task was successful or to determine a default response if the task failed. Because Deployment Server returns a 0 (zero) if the task runs successfully, any other return code value denotes some type of failure in running the task. As a result, in the Success box you can select an action if the return code is 0 (zero), or select an action in the Default box if the return code is not a 0 (zero). Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as successful, it runs the action in the Success box. If it is not successful, it determines if the return code has been assigned a custom code value. If the return code is defined as a custom code, the selected action for that custom code is executed. If no custom code is assigned to the return code, the action set in the Default list is executed. Note If using LogEvent and WLogEvent in Scripts, you can only generate return codes when the level 3 message is specified. Specifying a severity level 3 causes the script job to fail and lets you respond using this return code feature. Return Code Actions For both successful tasks (in the Success list) and failing tasks (in the Default list), you can determine these specific actions: Stop. This action stops the job after the task runs. Subsequent tasks do not run. Deployment Solution 441
Continue. This action continues with subsequent tasks in the job after the task runs. Select a job. This action lets you select existing jobs to run after the task. These actions also apply to custom return codes designed specifically for your system. Custom Return Codes In the Specific return codes area, you can view custom return codes set specifically for your system. Type a custom code in the Code box and select a response action in the Response list. Specify the interpretation of this return code as Success or Failure from the Result list, and give appropriate message in the Status field, if required. These custom codes can respond to any return codes set up in scripts or batch files in the Run Scripts task, or these custom codes can respond to system return codes thrown from Deployment Server or external codes generated when distributing applications, personality settings, or disk images. Any task can have custom codes that respond to different return code values. New. This lets you add a new custom return code for the task. You can also choose to add the return code to the Master Return Codes list. Add Existing Return Codes. This is a list of all the return codes existing in the Deployment database. You can add, modify, and delete the codes and their values so that setting codes for other tasks is easier. Delete. This lets you delete return codes listed in the Other return codes area, but not from the Master Return Codes list. Modify. This lets you modify the return codes listed in the Other return codes area. The changes you make do not update the Master Return Codes list. To set up return codes To set up return codes, you need to determine how to respond to the Deployment Server success return code (zero) in the Success box, how to respond to a failure return code (a non-zero) in the Default box, and how to respond to a custom or externally generated return code defined in the Specific return codes section. The example below describes how to set up a simple process to deal with custom and system return codes: 1. In the Success list, keep the default value Continue. This allows the job to continue running additional tasks in the job after successfully completing this task. 2. Select Select a job from the Default list to select a job to be executed when a default condition is reached. The Select a Job dialog opens, allowing you to select an existing job that runs if the task returns a failed system return code (non-zero) or a return code not defined as a custom return code. 3. Click New to add custom return codes. 4. In the Code box, enter a value of 10 (ten). 5. Click the Response drop-down arrow, and select Continue from the list. 6. Click the Result drop-down arrow, and select Success from the list. Even if the return code was not zero, which is success by default, the task is considered a success as per users choice. Deployment Solution 442
7. Enter a description for the return code in the Status field. This message appears when the task within a selected job, executes. 8. Select the Add to master return code list check box to add the custom code to the master return code list. The code is listed in both, the Other return code and Master Return Codes list. This is helpful if you want to use the return code again. 9. Click Apply. Note The status of the tasks executed in a job appears in the history of a computer. Initial Deployment Initial Deployment is a default job designed to aid in the process of setting up computers that do not yet exist in the Deployment Database. Initial Deployment lets you define how computers are initially set up after being identified by the Deployment Server. You can define various computer configuration sets and deployment jobs to present to the user during startup, allowing the user to select the computer settings and hard disk images, software, and personality settings for their specific needs and environment. New computers appear in the New Computers group in the Computers pane of the Deployment Web Console. Notes Initial Deployment is ideal for small-scale deployments (1 to 10 computers). This feature is not recommended for large deployments (10 to 100 computers) or mass deployments (100 to 5,000) where you would use virtual computers, customized jobs, and the computer import feature. Although Initial Deployment is most commonly used on computers that support PXE, you can also configure a boot disk to run Initial Deployment. In this case, the image deployed must include automation pre-boot environment so that post imaging tasks can run successfully. Installing an Automation Partition on the client computers hard disk ensures that future imaging deployment jobs run. Note To completely deploy and configure a computer using Initial Deployment, you must define at least one Configuration and one Job. Initial Deployment consists of three dialogs with separate features to deploy new computers: Configurations Jobs Options
To access Initial Deployment, select a Deployment Server group in the Jobs pane and select Initial Deployment from the Details pane. The Initial Deployment page appears with three tabs: Configurations, Jobs, Options. Deployment Solution 443
Configurations Click the Configurations tab in Initial Deployment to configure different sets of computer properties. Each configuration set is presented to the user in a menu. The user can select the configuration set designed for their environment. Compare the Configuration tab with the Jobs tab. Note If you do not create any configuration sets, the deployment process automatically sets TCP/IP information to use DHCP and names the computer to match the computers asset tag, serial number or MAC address (in that order, depending on what is available). 1. Click a Deployment Server in the Jobs pane. Double-click Initial Deployment. 2. Click the Configurations tab. 3. Click the Add icon . Enter values to set computer and network properties for new computers. See Modifying Configuration (page 434) for a list of property categories. 4. Name the configuration in the Configuration set name field. You can provide a descriptive name that identifies the configuration set for the user. 5. Click the Add icon again to configure another set of property settings. You can add multiple configuration sets for the user to select from a menu after connecting to Deployment Server. Add as many different configuration sets as required. 6. After setting properties, click Apply. 7. Click Default menu item to select the configuration set you want to be the default. 8. Click Timeout after ___ seconds and proceed so that the default job runs automatically after a specified amount of time. 9. Click OK, or click the Jobs tab to define a task. Jobs Click the Jobs tab in Initial Deployment to add existing jobs or create new jobs to run on the new computer. The jobs you add or build using this dialog are listed in a menu and presented to the user during startup. The user can choose the deployment jobs to image the computer and install applications and personality settings. Compare the Jobs tab with the Configurations tab. Conditions on jobs are limited to the data that can be accessed at the DOS level (example: serial number, manufacturing number, NIC information, manufacturing name). 1. Double-click Initial Deployment in the Jobs pane drop list. The Initial Deployment page appears. 2. Click the Jobs tab. 3. Click the Add icon . 4. Click New to build a new job. See Building New Jobs (page 420). 5. Click Default menu choice to select the job as a default. Deployment Solution 444
6. Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the computer automatically starts the default job. The default setting is 300 seconds. 7. Click OK, or click the Options tab to stop either servers or workstations from running configuration task sets and jobs automatically. See also Initial Deployment (page 442). Options Click the Options tab to set options to stop Initial Deployment from running the default configuration task sets and jobs automatically. This avoids accidental re-imaging or overwriting of data and applications for either workstations (desktop, laptop, handheld computers) or servers (Web and network servers identified by Deployment Server). When a computer not yet known to the Deployment Database is first detected, it is placed in the New Computers group and run an Initial Deployment configuration set and job. However, in many cases you do not want Web or network servers to be automatically re-imaged without confirmation from IT personnel. Servers. Stop servers from automatically running Initial Deployment configuration jobs. Servers are identified as those managed computers running multiple processors or identified as a specific server model from specific manufacturers. Example: both a HP Proliant and a Dell computer with multiple processors are identified as a server. (Identifying a computer as a server by operating system cannot be accomplished for new computers until the server operating system has been installed.) Select Workstations to force desktop, laptop, and handheld computers to stop before automatically running Initial Deployment. Select Process as each agent becomes active if you want to run the job as soon as the computer connects to the Deployment Server. Use this option for imaging 1 to 5 new computers. Select Process in batch mode if you want to run the job once a certain number of computers are connected to the Deployment Server. Enter the minimum number of agents in Minimum agents field. You can set a timeout deadline so that the job does not run if the number of computers you specify fail to connect during a certain amount time. Multicast technology sends the image over the network once, and all computers listen for and accept the image, reducing network traffic and increasing speed. Enter the timeout in Timeout field. Select Hold all agents until this time if you want to process the job on all computers at a particular time of day. All clients are held before the task sets. The message states: Deployment server has instructed Automation to wait. Deployment Solution 445
Part VIII Technical Reference This section technical information for command-line switches, return code values and other detailed information for Deployment Solution components. Deployment Solution 446
Appendix A Command-Line Switches This section provides detailed information about command-line switches for specific executables within Deployment Solution. Job Utilities The Job Utility applications allow you to import, export, create and schedule jobs from the command line. Each action is performed from separate binaries installed in the Deployment Share file directory. axExport.exe Exports jobs from Deployment Server. See Job Export Utility (page 446). axImport.exe Imports jobs in to Deployment Server. See Job Import Utility (page 447). axEvent.exe Creates jobs in Deployment Server. See Create Job Utility (page 448). axSched.exe Schedules jobs in Deployment Server. See Schedule Job Utility (page 450). axComp.exe Imports computers to the Deployment Server from a DOS mode. Axcomp allows you to import .csv and .txt files that are in a comma separated format. ImportComputers55.txt in the Samples folder off of the eXpress share is an example of the format needed. There are various command-line options available depending on whether the user is in a Trusted or Non-Trusted account environment. See Import Computer Utility (page 451). Each utility connects to the Deployment Server Database to perform specific operations. As a result, the appropriate ODBC and security rights are required. Each job utility supports the /o /d /u /p switches. The /o option (ODBC datasource) allows connectivity to the Deployment Server SQL database using a different DSN. By default the standard Deployment Database DSN is used. This is helpful when connecting to a second system from a common machine. The /d /u /p options can be used if no DSN is set up for a particular server. However, the SQL driver must be installed for any of these utilities to work. Each utility has the / ? switch to show the version of the utility and all command-line options. Job Export Utility This utility can be used to export jobs from the Deployment Database. It can be helpful in copying jobs from one Deployment system to another, backing up jobs, creating standard jobs during multiple installations, and other actions. Syntax: axExport <filename> (options) Deployment Solution 447 Command-Line Switches
Options Example 1: Export all jobs to a binary backup file. axExport /s /i backup.dat Example 2: Make a backup copy of a single job. axExport /e "Deploy Office 2000" backup2.dat Example 3: Export all jobs in the Projects folder. axExport /f Projects projects.dat Example 4: Export a job to a binary backup file without supplying the SQL server and instance. axExport Backup.dat /e "Image Job" Example 5: Export a job to a binary backup file with the database server name. axExport Backup.dat /e "Image Job" /d DatabaseServerName /db DatabaseName /u DatabaseUserName /p DatabaseUserPassword Job Import Utility Syntax: axImport <filename> (options) Options
/f <folder-name> Job folder to be exported /e <job-name> Job to be exported /s Process all subfolders also /i Include the Initial Deployment Job /y Suppress confirmation prompts /dsn <odbc-dsn-name> ODBC data source name /d <db-server> Database server name /u <db-user> Database user name /db <db-databaseName> Database name /p <db-password> Database user password /lu <login-user> Deployment Server login user name /lp <login-password> Deployment Server login password /f <folder-name> Job folder to be imported /r Delete current contents of this folder /n Don't notify consoles of the changes /o Overwrite jobs that have the same name and parent folder /y Suppress confirmation prompts /dsn <odbc-dsn-name> ODBC data source name Deployment Solution 448 Command-Line Switches
Note When new jobs are created in a console, by default, Deployment Server will notify all other consoles that changes have been made so they can refresh and show the newly imported jobs. If several batches of jobs are imported, the '/n' option should be used until the last batch to reduce the amount of refreshes performed. Example 1: Restore all jobs from a binary backup file. axImport /r backup.dat Example 2: Restore jobs from a backup file into pre-created folder (named Test Jobs). axImport /f "Test Jobs" backup.dat Create Job Utility Syntax: axEvent <job-name> (options) <task-type> (parameters) /d <db-server> Database server name /u <db-user> Database user name /db <db-databaseName> Database name /p <db-password> Database user password /lu <login-user> Deployment Server login user name /lp <login-password> Deployment Server login password Deployment Solution 449 Command-Line Switches
Tasks Options Note To use the Run Script option (/trs), a script must be created in a file first. If you want the script to be embedded, include the /i option. Otherwise, the task will link to the script filename. Example 1: Create a Job that makes an image of a computer named "Oscar" and run it immediately. /tci <filename> Create disk image /tdi <filename> Distribute disk image /tds <filename> Distribute software /tbr <path> Backup registry files /trr <path> Restore registry files /trs <path> Run Script /tcf <source> <dest> Copy file /tgi Get Inventory /tre Restart /tsd Shutdown /tlo Logoff /a Add task to existing job /r Replace all tasks within this job /x <parameters> Command-line parameters for task /f <folder-name> Job folder to be created in /i Import script into task definition /w Run the script from Windows /lnx Run the script in Linux /n Don't notify consoles of the changes /nc Dont do post image config /de Add Description to task /y Suppress confirmation prompts /dsn <odbc-dsn-name> ODBC data source name /d <db-server> Database server name /u <db-user> Database user name /db <db-databaseName> Database name /p <db-password> Database user password /lu <login-user> Deployment Server login user name /lp <login-password> Deployment Server login password Deployment Solution 450 Command-Line Switches
axEvent CreateOscar /tci .\Images\oscar.img axSched oscar CreateOscar /t "2000-12-31 08:00" Example 2: Shutdown Oscar's computer right now. axEvent Shutdown /tsd axSched oscar Shutdown /t "2000-12-31 08:00" Example 3: Run a Windows program on all computers right now. (Calc.exe is the only line in script.txt.) axEvent /w /i RunCalc /trs script.txt axSched oscar RunCalc /t "2000-12-31 08:00" Example 4: Create a Job (named Win2000 and Off2000) that reimages a computer with Windows 2000 and deploys an Office 2000 Rapid Install Package. axEvent "Win2000 and Office 2000" /tdi .\Images\w2000.img axEvent "Win2000 and Office 2000" /a /tds .\RIPs\off2000.exe To migrate Oscar to Windows 2000: axSched Oscar "Win2000 and Off2000" /t "2000-12-31 08:00" Schedule Job Utility Syntax: axSched <computer/group> <job-name> (options) OR axSched /q <filename> (options) Options Note The format for <time> is yyyy-mm-dd hh:mm. If the date is omitted, the current date is assumed. /t <yyyy-mm-dd hh:mm> Time to schedule /n Don't notify servers of the changes /f <folder-name> Schedule the job-name found in this folder /q <filename> File used for exporting jobs /y Suppress confirmation prompts /dsn <odbc-dsn-name> ODBC data source name /d <db-server> Database server name /u <db-user> Database user name /db <db-databaseName> Database name /p <db-password> Database user password /lu <login-user> Deployment Server login user name /lp <login-password> Deployment Server login password Deployment Solution 451 Command-Line Switches
If the /t switch is not used, the job is assigned to the computer but not scheduled. As a result, it will not execute. If you would like the job to run immediately, choose a date in the past. If you have a group or computer name which include spaces, put the name in quotes. All Computers can now be used as a group option. Example 1: Schedule a job called Office2000 to run on Oscars computer at midnight on 12-31-2002. axSched Oscars Office2000 /t "2000-12-31 00:00" Example 2: Schedule a job called Office2000 to run on the Accounting Group computers tonight at 10PM. axSched Accounting Office2000 /t "2001-2-15 22:00" Example 3: Schedule a job called ShutDown to run on all computers at tonight at 10 PM. axSched "All Computers" ShutDown /t "2001-2-15 22:00" Import Computer Utility Syntax: axcomp <import-file> <options> Options
Example 1: Import a computer using trusted account axcomp <filename> /u <db-user> /p <db-password> /lu <login-user> /lp <login- password> Example 2: Import a computer using non-trusted account. axcomp <filename> /u <db-user> /p <db-password> axengine.exe The Al t i r i s eXpr ess Ser ver (axengi ne. exe) is the Deployment Server component of the Deployment Solution infrastructure. Command-line start parameters /n Don't notify consoles of the changes /y Suppress confirmation prompts /dsn <odbc-dsn-name> ODBC data source name /d <db-server> Database server name /u <db-user> Database user name /db <db-databaseName> Database name /p <db-password> Database user password /lu <login-user> Deployment Server login user name /lp <login-password> Deployment Server login password Deployment Solution 452 Command-Line Switches
for this service are set in the registry setting rather than in the Start Parameters property of the service. If you want to add start parameters after the install, you can modify the registry settings. The registry key is LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Altiris Express Server. Deployment Agent for Windows The following sections identify command-line and input parameters for Acl i ent . exe, the executable file for the Deployment Agent for Windows. Aclient.exe Command-line Switches The Acl i ent . exe executable installs and runs on client computers, enabling them to be managed by a Deployment Server. It enables clients to receive work from the Deployment Server, and it reports client status to the Server. The program is normally installed and configured remotely using the Client Install wizard, or the program is run at the client computer. However, you can use the command-line options to run it from a script file if you want to. (If you use a script file, see the following section on acl i ent . i np for information on using an import file to specify install switches for the Deployment Agent.) You can use either a forward slash (/) or a dash (-) with the command-line options. Commands are not case sensitive. Switch Details -ver Function: Shows the version of aclient.exe running on the computer. -install Function: Installs the client. Option: -silent allows install to complete without sending output to the client. Example: To install aclient.exe from the Deployment Server directory without sending messages to the client, type Depl oyment Ser ver / acl i ent / i nst al l / si l ent -remove Function: Removes (uninstalls) aclient.exe from a computer. Option: -silent removes the Deployment Agent for Windows without sending output to the client. Example: To remove Deployment Agent for Windows, type acl i ent - r emove -start Function: Manually starts aclient.exe on a computer. Option: -silent starts the aclient.exe without sending output to the client. -stop Function: Manually turns off Deployment Agent for Windows on a computer. Option: -silent turns off Deployment Agent for Windows without sending output to the client. Deployment Solution 453 Command-Line Switches
Aclient.inp Parameters You can use this input file to set installation parameters for acl i ent . exe, so you can install the client program from a script file. The file is copied to the Deployment Server program directory when you install the product. Command-line parameters are included in the file, but are marked with a REM statement. To use the input file, open it and remove the REM commands from the parameters you want to use. When you have the file set up the way you want it, you can run it by entering the file name as the first parameter after the acl i ent command.You can also put the same line in a script file if you want to run it from a file. Type acl i ent acl i ent . i np The input file name (acl i ent . i np) and InstallDir parameters are required; all others are optional. Parameters are case sensitive. Note Many parameters will work after setting other parameters first. Example: you can only use ServerName after the multicast parameters, MCastAddr and MCastPort, are set. Parameters Details ForceReboot Function: Specifies how the system should be shut down and rebooted. Applications are forced closed and the system shuts down even if programs hang. (User data could be lost.) Example: To force clients to reboot when a reboot task is assigned, type For ceReboot =Yes The default is No. HardTimeout Function: Specifies the length of time (in seconds) that aclient.exe will maintain an idle connection with the Deployment Server. After the time limit is exceeded, the client will disconnect and establish a new connection with the Server. Example: To establish a new connection with the Deployment Server whenever the connection is idle for 900 seconds, type Har dTi meout =900 InstallDir (required) Function: Specifies the full path name to the directory where aclient.exe will be installed. The default location is c: \ al t i r i s\ acl i ent . Example: To change the default location, replace it with a new path. Type I nst al l Di r =c: \ pr ogr ams\ acl i ent LogFile Function: Specifies the full path name to the log file. Example: To write log entries to a log file in your aclient directory, type LogFi l e=c: \ al t i r i s\ acl i ent \ acl i ent . l og Deployment Solution 454 Command-Line Switches
LogSize Function: Sets the maximum log file size (in bytes). Example: To set the log file size limit to 4096 bytes, type LogSi ze=4096 MCastAddr Function: Specifies the multicast group address to be used to find the Deployment Server. Example: To set the IP address for multicasting, type MCast Addr =225. 1. 2. 3 MCastPort Function: Specifies the port number to use for multicasting. Example: To use port 402 for multicasting, type MCast Por t =402 Password Function: Sets a password on the client to prevent users from accessing aclient.exe settings. Example: To lock the settings, type Passwor d=cl i ent manager PromptExecute Function: Sends output (messages) to the client when tasks are being executed. Options: Yes, No Examples: To allow prompts and messages to be sent to the client, type Pr ompt Execut e=Yes To suppress output, type Pr ompt Execut e=No PromptOverride Function: Specifies the default action to take when there is no user response to a restart prompt. Options: Abort, Continue Examples: To abort the client reboot, type Pr ompt Over r i de=Abor t To reboot the client, type Pr ompt Over r i de=Cont i nue PromptReboot Function: Prompts the user before restarting the client. Options: Yes, No Examples: To prompt for user input before restarting a client, type Pr ompt Reboot =Yes To restart a client without requiring user input, type Pr ompt Reboot =No Parameters Details Deployment Solution 455 Command-Line Switches
PromptSeconds Function: Specifies the length of time (in seconds) that the client will wait for a response from the user. Example: To wait 30 seconds for user input, type Pr ompt Seconds=30 ShowTrayIcon Function: Specifies whether or not to show the Altiris client icon in the system tray. If the icon is not in the tray, users cannot access Aclient. Example: To not show the icon, type ShowTr ayI con=No The default is Yes, which loads the icon into the system tray. SpeedLimit Function: Sets the minimum transfer rate accepted from the Deployment Server (in bytes per second). If aclient.exe cannot receive data from the Server at this rate, it will disconnect and retry at specified intervals. See HardTimeout below. Example: To set a minimum ransfer rate of 7500 bytes per second, type SpeedLi mi t =7500 TcpAddr Function: Specifies the IP address of the Deployment Server that the client will connect to. Using this parameter causes the client to use TCP instead of multicasting to connect to the Server. Example: To have the client connect to a Deployment Server using its IP address, type TcpAddr =192. 1. 2. 3 TcpPort Function: Specifies the port number of the Deployment Server listening for requests. Using this parameter causes the client to use TCP to connect to the Server. Example: To specify the port number of the Deployment Server to connect to, type TcpPor t =402 TTL Function: Sets the maximum number of hops to multicast through. Example: To limit the number of hops to 32, type TTL=32 UpdateFileSystemSids Function: Specifies if you want SIDgen to update permissions on any local NTFS volumes. This parameter only applies if you have domains and use SIDgen to manage the computer IDs. Example: To update permissions on the local NTFS volume, type Updat eFi l eSyst emSi ds=Yes The default is No. Parameters Details Deployment Solution 456 Command-Line Switches
Note A CR/LF (blank line) is needed at the end of the aclient.inp file in order for it to be utilized when installing Deployment Agent for Windows. ADLAgent.config Parameters You can use the ADLAgent.config file to configure the ADLAgent service settings. When the ADLAgent service is suspended, certain information is needed to restore the previous settings. This information is saved in the ADLAgent configuration file. This ensures that the next time the computer reboots, the ADLAgent service starts up without any problems. UseRCDrivers Function: Specifies whether or not to install keyboard and mouse filter drivers that enable remote control on Windows NT and 2000 client computers. (The default is No, so the drivers are not installed. This parameter is not necessary for Win 95/98 computers, because they do not require Ctrl-Alt-Del input to log in. Example: To install the drivers for remote control, type UseRCDr i ver s=Yes UserName Function: Associates a computer with the primary user or users. This is used to target RIP deployments to a specific user or group of users. To assign more than one user, separate the names with semicolons. Examples: To associate user Fred with the client being installed, type User Name=Fr ed To associate users Fred and Sam with the client, type User Name=Fr ed; Sam ServerName Function: Specifies the computer name of the Deployment Server you want the client to connect to. This is useful if you have multiple Deployment Servers on your network and you do not want the client to connect to the first Server it finds. The ServerName parameter is only valid if you are using multicasting (by setting MCastAddr and MCast Port parameters). Note ServerName can only be set after the multicast parameters, MCastAddr and MCastPort, are set. Example: To restrict client connection to a Server named Server3, type Ser ver Name=Ser ver 3 Parameters Details Deployment Solution 457 Command-Line Switches
Parameters Details DebugTrace Specifies whether or not to log any messages. Changes to the DebugTrace field may not be recognized until the ADLAgent is stopped and restarted. Example: DebugTrace=True. LogErrors Specifies the types of messages to be written in the log file. Example: LogErrors=True. LogInformation Specifies the types of messages to be written in the log file. Example: LogInformation=True. LogDebug Specifies the types of messages to be written in the log file. Example: LogDebug=True. UseLogFile Specifies whether or not to write messages in the log file. Example: LogFile=True. LogFile Specifies log file path and name. Example: / opt / al t i r i s/ depl oyment / adl agent / l og/ adl agent . t xt LogSize This is the maximum file size for all trace files in bytes (optional). Example: LogSize=409600. IPTrace Specifies whether or not to log messages between the ADLAgent and the Deployment Server. Changes to the IPTrace field may not be recognized until the ADLAgent is stopped and restarted. Example: IPTrace=True. IPUseLogFile Specifies whether or not to use the IP log file. Example: IPUseLogFile=True. IPTraceFile Specifies the IPTrace log file path and name. Example: / opt / al t i r i s/ depl oyment / adl agent / l og/ adl agent l pTr ace. t xt IPLogSize This is the maximum file size for all trace files in bytes (Optional). Example: LogSize=409600. SyncTimeWithServer Synchronize the agents time with the Deployment Server. This may be set to True or False. Example: SyncTimeWithServer=True. Deployment Solution 458 Command-Line Switches
GetApps Specifies whether or not to get the Applications at a Get Inventory request. Example: GetApps=True. GetServices Specifies whether or not to get the Services at a Get Inventory request. Example: GetServices=True. GetDevices Specifies whether or not to get the Devices at a Get Inventory request. Example: GetDevices=True. GetSmbios Specifies whether or not to read the Smbios table. Example: Smbios=True. EncryptSessions Specifies whether or not the ADLAgent will attempt to make an encrypted session with the server. Example: EncryptSession=True. RequireEncrypt Specifies whether or not the ADLAgent will fail to connect if an encrypted session cannot be established. Example: RequireEncrypt=True. UseMCast Specifies whether or not to use multicast to find a Deployment server or make a connect directly to the Deployment server using the specified IP port and address. Example: UseMCast=True. MCastAddr Specifies the multicast group address to be used to find the Deployment Server (Optional). Example: MCastAddr=225.1.2.3. MCastPort Specifies the port number to use while multicasting (Optional). Example: MCastPort=402. TTL Specifies the maximum number of hops to multicast through (Optional). Example: TTL=32. ServerName Specifies the computer name of the server (Optional). Example: Server=RADAR. TcpAddr Specifies the IP address of the Deployment Server to connect to (Optional). Specifying this parameter will switch the ADL Agent to use TCP to connect to the Deployment Server. Example: TcpAddr =127. 0. 0. 1. Parameters Details Deployment Solution 459 Command-Line Switches
TcpPort This is the IP port number of the Deployment Server listening for requests (Optional). Specifying this parameter will switch the ADL Agent to use TCP to connect to the Deployment Server. Example: TcpPor t =402. WakeOnLANProxy Specifies whether to proxy Wake on LAN packets. Example: WakeOnLANProxy=True. MCastProxy Specifies whether this agent will advertise the presence of the Deployment server. Specifies whether to proxy Multicast packets. Example: MCastProxy=True. UseFQDN Specifies whether the ADLAgent should attempt to reverse the IP address to return a proper fully qualified domain name to the Altiris Deployment Server. If the network is set up to properly resolve PTR record requests this option will return the fully qualified name of the agent, such as myhost.mydomain.com. However, if the network does not resolve PTR records, this option may delay adlagent connection by as much as a minute or two. Example: UseFQDN=True. UseHardTimeout Specifies whether to use the hard time out or not. Example: UseHardTimeout=True. HardTimeout Specifies the number of seconds of inactivity the agent will wait before reconnecting to the Deployment Server. The default is 12 hours. Example: HardTimeout=43200. APPEND_HOSTNAME_TO_L OCAL_HOST This is used should the ADLAgent attempt to append the new hostname to the hosts file as an alias to localhost. Example: APPEND_HOSTNAME_TO_LOCAL_HOST=True. USER_CHECK_INTERVAL Interval at which adl_users should report changes to the logged in users. This value is in seconds, with the default being 6 seconds. Example: USER_CHECK_INTERVAL=6. Note: A value of 0 will not send user updates. KILL_TIME The amount of time in seconds to wait for the agent to the Deployment Server before killing the adlagent. This will reboot the system in automation mode. Currently, this is only supported in automation mode. The default is 3 minutes. Example: KILL_TIME=180. Parameters Details Deployment Solution 460 Command-Line Switches
AClient.config Parameters You can use the AClient.config file to configure the system. This file is used to modify the AClient settings.
MAKE_LOWER_CASE Changes the file path and file name to lower case when copying a file from the Deployment Server. Example: MAKE_LOWER_CASE=True. FORCE_NEW This is for the agent in automation mode only. It forces the agent to run the Initial Deployment event, even if it is already in the database. Example: FORCE_NEW=True. AUTO_UPDATE This allows the agent control as to whether it will automatically update to the newest or only adlagent on the Deployment Server. Example: AUTO_UPDATE=True. Parameters Details Global MACAddrList Specifies the list of MAC Addresses for every NIC installed on the PC separated by a comma. Example: MACAddrList=000C29C63002, 000C29C6300C. Serial-Number Specifies the serial number of the PC. Example: Serial-Number=VMware-56 4d db 10 9f cd 9d 7e-d4 7e 52 4e 88 c6 30 02. Reboot Specifies whether to reboot the computer. By default, AClient will reboot the computer only when it is necessary for the changes that have been made. Example: Reboot=True. RebootAfterConfig Specifies whether to reboot the computer after the configuration task. Example: RebootAfterConfig=True. Status-Code Specifies the status code of the last executed job. Example: Status_Code=0. Status_Module Specifies the module that reported the status code. Example: Status_Module=AClient. Parameters Details Deployment Solution 461 Command-Line Switches
SIDgenCount Specifies the number of times SIDGen has run. Example: SIDGenCount=0. Note: This value is set by the AClient and the user need not set it. TaskSequence Specifies the task sequence of the task executed by the AClient. Example: TaskSequence=0. ScheduleID Specifies the schedule ID of the last job executed by the AClient. Example: ScheduleID=100000008. Remove Specifies whether to remove AClient from the PC. Example: Remove=True. Config Specifies whether to configure the PC. Example: Config=None, Config=New or Config=Reply. Note: Config=Configure. License Sysprep2KLicense Specifies the Sysprep License number. Example: LicenseNumber Specifies the operating system License Key. Example: LicenseNumber=5274-649-6478953- 23135. RegOrganization Specifies the operating system Registered Organization. Example: RegOrganization=Altiris. RegUser Specifies the operating system Registered User. Example: RegUser=Altiris. Prompt Specifies whether to prompt the user for the computer name and to join a Workgroup/Domain during configuration. Example: Prompt=True. Networking DomainPassword Specifies the domain password. Example: DomainPassword=FVZSiJELzmpvn[^][@ DomainUsername Specifies the domain user name. Example: DomainUserName=FVZS@J\iYI ^Vjpsp DSDomainController Specifies the Domain Controller. Example: DSDomainController=mycompany. Parameters Details Deployment Solution 462 Command-Line Switches
DSOrganizationalUnit Specifies the organizational unit for Deployment Solution. Example: DSOrganizationalUnit=myou. ChangeSID Specifies whether to change the SID value. Example: ChangeSID=True. Computer Name Specifies the name of the computer. Example: ComputerName=Altiris. DNSDomain Specifies the DNS domain, which is the name of the Workgroup or Domain that this computer is a member of. Example: DNSDomain=cybage.com. Workgroup Specifies whether the computer is a member of a Workgroup. Example: Workgroup=True or Workgroup=False. Prompt Specifies whether to prompt the user for the computer name and whether to join a Workgroup/Domain. Example: Prompt=True. Netware RunScrits Specifies whether to run NetWare login scripts. Example: RunScrits=True. Context Specifies the NDS Context. Example: Context=NDS Context. PreferredTree Specifies the preferred Netware tree. Example: PreferredTree=Tree. LoginTree Specifies whether to login using the Preferred Tree or Preferred Server. Example: LoginTree=True or LoginTree=False. Username Specifies the NDS User Name. Example: Username=User. Prompt Specifies whether to prompt the user for Netware Client Settings. Example: Prompt=True. TCP/IP MACAddress Specifies the MAC Address. Example: MAC Address=0007E97FD73C. Description Specifies the description of the NIC (Network Interface Card). Example: Description of NIC=AMD PCNET Family PCI Ethernet Adapter. Parameters Details Deployment Solution 463 Command-Line Switches
VendorID Specifies the Vendor ID for the NIC. Example: Vendor ID=32902. DeviceID Specifies the device ID for the NIC. Example: Device ID=4153. PCIFunction Specifies the PCI Function for the NIC. Example: PCI Function=0. PCIDevice Specifies the PCI Device for the NIC. Example: PCI device=8. PCIBus Specifies the PCI Bus for the NIC. Example: PCI Bus=1 WINS-Server1 Specifies the WINS Server 1 for TCP/IP. Example: WINS-Server1=0.0.0.0. WINS-Server0 Specifies the WINS Server 0 for TCP/IP. Example: WINS-Server0=0.0.0.0. WINS-Server-Count Specifies the number of WINS servers for TCP/IP. Example: WINS-Server-Count=2. WINS-Enabled Specifies whether the WINS servers are enabled. Example: WINS-Enabled=True. SetWINSInfo Specifies whether to set the WINS information. Example: SetWINSInfo=True. DNS-Server2 Specifies the DNS server 2 for TCP/IP. Example: DNS-Server2=0.0.0.0. DNS-Server1 Specifies the DNS server 1 for TCP/IP. Example: DNS-Server1=0.0.0.0. DNS-Server0 Specifies DNS server 0 for TCP/IP. Example: DNS-Server0=0.0.0.0. DNS-Server-Count Specifies the number of DNS Servers for TCP/IP. Example: DNS-Server-Count=3. DNS-Domain Specifies the DNS domain for TCP/IP. Example: DNS-Domain=mydomain.com DNS-Host Specifies the name of the DNS host. Example: DNS-Host=TSTWXP2. DNS-Enabled Specifies whether the DNS is enabled. Example: DNS-Enabled=True. SetDNSInfo Specifies the DNS information for TCP/IP. Example: SetDNSInfo=True. Parameters Details Deployment Solution 464 Command-Line Switches
Gateway Specifies the Gateway information for TCP/IP. Example: Gateway=172.17.31.2. Netmask Specifies the Netmask value for TCP/IP. Example: Netmask=255.255.255.0. Address Specifies the address for TCP/IP. Example: Address=172.17.31.98. DHCP Specifies the DHCP value for TCP/IP. Example: DHCP=True. SetIPInfo Specifies whether to set the IP information for TCP/IP. Example: SetIPInfo=True. NIC-Section-Count Specifies the NIC section count for TCP/IP. Example: NIC-Section-Count=2. Interface0 State Specifies the state of Interface0. Example: State=Up. Gateway Specifies the gateway of Interface0. Example: Gateway=172.17.31.2. Netmask Specifies the netmask of Interface0. Example: Netmask=255.255.255.0. IP-Address Specifies the IP address for Interface0. Example: IP-Address=172.17.31.98. DHCP Specifies the DHCP value for Interface0. Example: DHCP=Yes. Name This is the name of Interface0. Example: Name=eth0. Interface1 State Specifies the state of Interface1. Example: State=Up. Gateway Specifies the gateway of Interface1. Example: Gateway=10.10.10.1. Netmask Specifies the netmask of Interface1. Example: Netmask=255.0.0.0. IP-Address Specifies the IP-Address for Interface1. Example: IP-Address=10.10.10.10. NICEntry Parameters Details Deployment Solution 465 Command-Line Switches
MACAddress Specifies the MACAddress for NICEntry. Example: MACAddress=00-FF-3C-03-85-C0. Description Specifies the description of the computer for NICEntry. Example: Description=AMD PCNET Family PCI Ethernet Adapter. VendorID Specifies the Vendor ID for NICEntry. Example: Vendor ID=4332. DeviceID Specifies the Device ID for NICEntry. Example: Device ID=33081. PCIFunction Specifies the PCI function for NICEntry. Example: PCIFunction=0 PCIBus Specifies the PCI bus for NICEntry. Example: PCIBus=1 Gateway Specifies the gateway for NICEntry. Example: Gateway=10.10.10.1. Netmask Specifies the netmask for NICEntry. Example: Netmask=255.0.0.0. Address Specifies the address of NICEntry. Example: Address=10.10.10.10. DHCP Specifies the DHCP value for NICEntry. Example: DHCP=True. SetIPInfo Specifies the IP information for NICEntry. Example: SetIPInfo=True. WINS-Server-Count Specifies the number of WINS servers for NICEntry. Example: WINS-Server-Count=0. WINS_Enabled Specifies whether the WINS servers are enabled. Example: WINS-Enabled=False. SetWINSInfo Specifies the WINS information for NICEntry. Example: SetWINSInfo=True. DNS-Server1 Specifies DNS Server 1 for NICEntry. Example: DNS-Server1=10.10.10.3. DNS-Server0 Specifies DNS Server 0 for NIC Entry. Example: DNS-Server0=10.10.10.2. DNS-Server-Count Specifies the number of DNS servers for NIC Entry. Example: DNS-Server-Count=2. Parameters Details Deployment Solution 466 Command-Line Switches
DNS-Host Specifies the DNS host for NICEntry. Example: DNS-Host=TESTWXP2. DNS-Domain Specifies the DNS domain for NICEntry. Example: DNS-Domain=mydomain.com. DNS-Enabled Specifies whether the DNS is enabled for NICEntry. Example: DNS-Enabled=True. SetDNSInfo Specifies the DNS information for NICEntry. Example: SetDNSInfo=True. ConfigSettings LogFile UseLogFile Specifies whether to save log information to a text file. Example: UseLogFile=Yes. LogFile Specifies the location and name of the log file to save logging information to. UseLogFile must be enabled for this setting to work. Example: Log File=File Location. LogSize Specifies the maximum size of the log file in bytes. UseLogFile must be enabled for this setting to work. Example: LogSize=4096. LogErrors Specifies the log errors. UseLogFile must be enabled for this setting to work. Example: LogErrors=Yes. LogInformation Specifies the log informational messages. UseLogFile must be enabled for this setting to work. Example: LogInformation=Yes. LogDebug Specifies the log debugging information. UseLogFile must be enabled for this setting to work. Example: LogDebug=Yes. Security ShowTrayIcon Specifies whether to show AClient tray icon. Example: ShowTrayIcon=Yes. EncryptSessions Specifies whether to encrypt sessions with the server. Example: EncryptSession=Yes. RequireEncrypt Specifies whether to require encrypted sessions with the server. EncryptSessions must be enabled for this setting to work. Example: RequireEncrypt=Yes. Parameters Details Deployment Solution 467 Command-Line Switches
EncryptedClientID Specifies the encrypted client ID. Example: EncryptedClientID=0 Password Specifies the password. Example: Password=Altiris AllowMod Specifies whether or not to enable or disable security for admin properties. If the value is 0, the security is disabled. if the value is 1, the security is enabled. Example: AllowMod=1 Transport TransportUse Specifies how AClient will find and connect to a Deployment Server. To use TCP/IP multicast, TransportUse=0. To use TCP/IP, TransPortUse=1. Example: TransportUse=0 or TransPortUse=1. MCastAddr Specifies the multicast group address to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: MCastAddr=225.1.2.3. MCastPort Specifies the multicast port to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: MCastPort=402. TTL Specifies the Multicast Time to Live to use to locate a Deployment Server. TransportUse must be 0 for this setting to work. Example: TTL=32. ConsoleName Specifies the server name to use to locate a Deployment Server via Multicast. If nothing is specified, AClient will connect to the first Deployment Server it locates. TransportUse must be 0 for this setting to work. This is optional. Example: ConsoleName=ALTIRIS. TcpAddr Specifies the IP Address or Host Name to use to locate a Deployment Server.TransportUse must be 1 for this setting to work. Example: TcpAddr=172.19.16.20 TcpPort Specifies the IP port to use to locate a Deployment Server. TransportUse must be 1 for this setting to work. Example: TcpPort=402. User Prompts Parameters Details Deployment Solution 468 Command-Line Switches
PromptReboot Prompt before executing shutdown and restart commands. Example: PromptReboot=Yes. PromptExecute Prompt before executing program execution and file copy commands. Example: PromptExecute=Yes. PromptRemoteControl Prompt before executing remote control commands. Example: PromptRemoteControl=Yes. PromptSeconds Specifies how long the user prompt should appear in seconds. Example: PromptSeconds=10. PromptOverride Specifies whether the AClient should continue the operation or abort it, when the user prompt times out. Example: PromptOverride=Continue. Connection ConnectionParadigm Specfies whether to select to either stay connected to the Deployment Server, or check periodically for work. To remain connected, ConnectionParadigm=0. To remain mostly disconnected, ConnectionParadigm=1. Example: ConnectionParadigm=0 or ConnectionParadigm=1. UseHardTimeout Specifies whether to refresh connection after idle time specified in HardTimeout. ConnectionParadigm must be 0 for this setting to work. Example: UseHardTimeout=Yes. HardTimeout Specifies how frequently to refresh the connection to the server in seconds. ConnectionParadigm must be 0 and UseHardTimeout must be Yes for this setting to work. Example: HardTimeout=28800. ReconnectInterval Specifies how often in seconds to reconnect to check for work. ConnectionParadigm must be 1 for this setting to work. Example: ReconnectInterval=28800. CloseTimeOut Specifies how long, in seconds, to wait for work before disconnecting. ConnectionParadigm must be 1 for this setting to work. Example: CloseTimeOut=60. SetSpeedLimit Specifies whether to set speed limit for transfer files. If it is Yes, check transfer rate is slower than the rate specified in SpeedLimit. If it is No, do not transfer files. Example: SetSpeedLimit=Yes. Parameters Details Deployment Solution 469 Command-Line Switches
SpeedLimit Specifies the minimum speed limit in Kbps to transfer files. If the rate is slower than the rate specified here, do not transfer files. SetSpeedLimit must be enabled for this setting to work. Example: SpeedLimit=10000. Blockout ScheduledBlockStart Specifies the beginning of the period when the client cannot connect to the server. Example: ScheduledBlockStart=08:00. ScheduledBlockEnd Specifies the end of period when the client cannot connect to the server. Example: ScheduledBlockEnd=17:00. BlockedDaysSun Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Sundays. Example: BlockedDaysSun=True. BlockedDaysMon Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Mondays. Example: BlockedDaysMon=True. BlockedDaysTue Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Tuesdays. Example: BlockedDaysTue=True. BlockedDaysWed Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Wednesdays. Example: BlockedDaysWed=True. BlockedDaysThu Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Thursdays. Example: BlockedDaysThu=True. BlockedDaysFri Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Fridays. Example: BlockedDaysFri=True. Parameters Details Deployment Solution 470 Command-Line Switches
BlockedDaySat Specifies whether to block the client from connecting to the Deployment Server between the times specified in ScheduledBlockStart and ScheduledBlockEnd on Saturdays. Example: BlockedDaysSat=True. Proxy WakeOnLANProxy Forward Wake On LAN packets sent from the Deployment Server. Example: WakeOnLANProxy=Yes. MCastProxy Specifies whether to advertise for the Deployment Server the client is connected to. This allows local clients to discover the server on a remote network through TCP/IP multicast. Example: MCastProxy=Yes. MCastProxyRate Specifies how often to send multicast advertisements in seconds. MCastPRoxy should be set to Yes for this setting to work. Example: MCastProxyRate=900. BootWorks EnableDirectDiskAccess Specifies whether to enable direct disk access to BootWorks. Example: EnableDirectDiskAccess=Yes. UpdateBootworkTransport Specifies whether to synchronize transport (IP/ multicast) settings with Bootworks. EnableDirectDiskAccess must be enabled for this setting to work. Example: UpdateBootworkTransport=Yes. UpdateBootworkIP Specifies whether to synchronize TCP/IP (static IP, netmask/DHCP) settings with Bootworks. EnableDirectDiskAccess must be enabled for this setting to work. Example: UpdateBootworkIP=Yes. BootDiskMessageUsage Specifies when the user should be prompted for a Bootworks boot disk when performing tasks from DOS. Example: BootDiskMessageUsage= 0 for Never; BootDiskMessageUsage=1 for Always; BootDiskMessageUsage=2 if Bootworks is not detected; BootDiskMessageUsage=3 if PXE is not detected; and BootDiskMessageUsage=4 if neither BootWorks nor PXE is detected. Other Parameters Details Deployment Solution 471 Command-Line Switches
Deployment Agent for DOS Command-line Switches BootWorks (boot wor k. exe) manages client-server connections in DOS for imaging and registry management tasks. Parameters and switches for Altiris program files can be used in batch files and from the command line, usually for troubleshooting. Under normal circumstances, the program interfaces and wizards provide the tools you need to manage your network; you will not need to manually edit files. ForceReboot Specifies whether to force applications to close when shutting down. Example: ForceReboot=Yes. BootDrive Specifies the Windows boot drive. Example: BootDrive=D:\. SyncTimeWithServer Specifies whether to synchronize the client systems date and time with the Deployment Server. Example: SyncTimeWithServer=Yes. SettingsChanged Specifies whether to change the settings. Example: SettingsChanged=Yes. RequirePasswordForUserPro p Admin password required to edit admin properties. If the value is 0, the password is not required. If the value is 1, the password is required. Example: RequirePasswordForUserProp=0 DownloadWait Specifies in seconds whether and how long to wait for download. Example: DownloadWait=10. ReconnectWait Specifies in seconds whether and how long to wait for reconnect. Example: ReconnectWait=10. EnableReconnectDownload Waits Specifies in seconds whether to enable the reconnect and download waits. Example: EnableReconnectDownloadWaits=10. UpdateFileSystemSids Specifies whether to update the SIDs file system. Example: UpdateFileSystemSids=Yes. UpdateSettings Specifies whether to update settings. Example: UpdateSettings=True. UpdateAllSettings Specifies whether to update all settings. Example: UpdateAllSettings=True. Parameters Details Deployment Solution 472 Command-Line Switches
Bootwork.exe You can use either a forward slash (/) or a dash (-) with the command-line options. Commands are not case sensitive. Switch Details -dsbios Function: Disables reading of the BIOS for system information. This is typically used for troubleshooting, if a client computer crashes when it first starts running BootWorks. Example: To load and run BootWorks without reading the BIOS, type boot wor k - dsbi os -f Function: Causes a computer to pause during the BootWorks boot process and wait for a job from the Deployment Server, instead of booting to production if work is not assigned. This allows new computers that need to run Initial Deployment to wait for a connection to the Server. Example: To have a new computer wait for the Deployment Server to assign a job, type boot wor k - f -hr Function: Specifies a hard reboot when a client computer boots to production. This is the default. It ensures the BootWorks boot data is cleared from memory, so the computer reads the MBR when booting to production. If this is not used, the client computer might lock up when it reboots. Example: Because this is the default, you do not need to enter anything. -ip<address> Function: Specifies the IP address of the Deployment Server you want the client to connect to. Use this if the network is not configured for multicasting, or if there is more than one Deployment Server on the network. Specifying the Servers IP address prevents the client from connecting to the wrong Deployment Server. The port number must also be specified if you change this parameter. (See -p<port>.) Example: To connect a client directly to a Deployment Server, type boot wor k - i p207. 197. 28. 38 -mcdelay[xx] Function: Sets the number of seconds the client waits between multicast requests for a Deployment Server. The default is 5 seconds. Example: To set the interval for multicast requests to10 seconds, type - mcdel ay10 -mcwait[xx] Function: Sets the length of time (in seconds) that the client searches for a Deployment Server before rebooting to production. The default is 30 seconds. This parameter applies to multicast sessions only. It does not apply if the clients connect using the Console IP address. Example: To have the client search for a Deployment Server for 45 seconds, type - mcwai t 45 Deployment Solution 473 Command-Line Switches
-mip<IPaddress> Function: Specifies the multicast IP address of the Deployment Server. The default value is 225.1.2.3. If the address is changed on the Server, use this parameter to change the address in BootWorks so the client looks for the correct address. The port number must also be specified if you change this parameter. (See -mp<port>.) Example: If you changed the Deployment Servers multicast address to 225.12.12.13, you would change the address for BootWorks by typing boot wor k - mi p225. 12. 12. 13 -mp<port> Function: Specifies the multicast port address of the Deployment Server. The default value is 402. If you have changed the port number of the Server, use this parameter to change the number in BootWorks. (Any unassigned number that is less than 65536 is valid.) The IP address must also be specified if you change this parameter. (See - mip<address>.) Example: If the Deployment Servers IP address was changed and you set a new port number of 1026, type boot wor k - mp1026 -name Function: Prompts the user to enter the name of the client computer. This name will be registered in the Console Computers list. If no name is specified, the client computers MAC address will be used. Example: To prompt for a computer name, type boot wor k - name The client computer will prompt you to enter a name. The name appears in the Computers list on the Console. -new Function: Runs Initial Deployment. Example: To run Initial Deployment on a client computer, type boot wor k - new -nologin Function: Loads the LAN drivers on the client so BootWorks can check the Deployment Server for work without completing a user login. Example: To load the network drivers and check the Deployment Server, type boot wor k - nol ogi n -p<port> Function: Specifies the port number of the Deployment Server you want the client to connect to. The default port number is 402. If you have changed the port number of the Deployment Server, use this parameter to change the number in BootWorks. (Any unassigned number that is less than 65536 is valid.) The IP address must also be specified if you change this parameter. (See -ip<address>.) Example: If the Deployment Servers port number has been changed to 1026 and clients are not multicasting to find the Server, type boot wor k - p1026 Switch Details Deployment Solution 474 Command-Line Switches
Deployment Agent for DOS Install (Bwinst.exe) Switches The Deployment Agent for DOS is installed by bwi nst . exe, so if you have problems installing you might need to edit these settings in the Deployment Agent for DOS aut oexec. bat file. Parameters are case sensitive. Use a space between the command and the switch, and between switches if you use more than one. -pause Function: Causes the computer to pause for 5 seconds before beginning production boot processes. This allows time to access the bootworks program before the computer boots to production. Example: To add a 5-second pause before a production boot, type boot wor k - pause -s<name> Function: Specifies the computer name of the Deployment Server you want the client to connect to. Otherwise, if you have more than one Console on the network, clients will connect to the first one they find. Example: If you want a client to connect only to a Deployment Server named ServerOne, type boot wor k - ser ver one -sr Function: Specifies a soft reboot when a client computer boots to production. Example: To reboot a client using a soft reboot instead of the default hard reboot, type boot wor k - sr -wb Function: Specifies a warm reboot when a client computer boots to production. Example: To reboot a client using a soft reboot instead of the default hard reboot, type boot wor k - wb Switch Details -mbr Function: Rewrites the BootWorks MBR code and exits. Example: If the BootWorks code is overwritten by another program and you want to rewrite it to the boot record, type bwi nst - mbr -u Function: Uninstalls BootWorks. Example: To uninstall BootWorks from a client, type bwi nst - u -c Function: Checks for Altiris MBR code. Example: To find out if BootWorks is installed on a client, type bwi nst - c Switch Details Deployment Solution 475 Command-Line Switches
-s[x] Function: Works with the -old switch to set the partition size (in MB) for hidden BootWorks partitions. The minimum size is 5 MB, which is the default. Note If you install embedded BootWorks (new style for 4.x versions), this switch does not apply. A 5MB embedded partition is always installed. Example: To set the BootWorks partition size at 10 MB for a hidden partition, type bwi nst - s10 - ol d -old Function: Installs a hidden (old style) BootWorks partition instead of an embedded (new style) partition. The default size is 5 MB. To install a larger partition, use the -s switch. Note When this partition is installed, it will overwrite any data on the drive it is installed to. Ensure the drive is empty, or upload an image of the drive, and then download it to a different drive after BootWorks is installed. Example: To install a hidden BootWorks partition of 30 MB, type bwi nst - s30 - ol d -q Function: Runs BootWorks install in quiet mode, so no user input is required to complete the install. This switch is intended for use with unattended installs, so you should use it in conjunction with the -f switch to install from a file instead of disks. Since there are no prompts, bwinst makes the following decisions/ assumptions. If a partition is found, you will not be asked if you want to move or overwrite the partition. BootWorks will automatically overwrite the partition and existing data will be erased. You will not be prompted for the second BootWorks disk. You will see a message that a file could not be found. If you are installing an embedded partition, it is assumed that NT Service Pack 4 is installed. Example: To install BootWorks unattended from a boot directory on a network drive, type bwi nst - q - f =f : \ boot f i l e Switch Details Deployment Solution 476 Command-Line Switches
Keyboard and Screen Lock Utility (Kbdsclk) Switches This utility can be used to limit user intervention while client computers are in BootWorks mode. BootWorks connects client computers to the Deployment Server to run assigned Jobs (receive images, back up and restore registries, and so on). The Server then releases control of the computers to run their regular boot processes and come up in production mode. KBDSCLK is part of the BootWorks aut oexec. bat file. The utility runs from the file as a TSR. How the Keyboard and Screen Lock Utility (kbdsclk) Works During the time the computer is in BootWorks mode, the Altiris client graphic appears so the user knows the Altiris boot processes are running. However, the keyboard is not locked, so the boot process can be interrupted if a user breaks in using CTRL-C, CTRL-ALT-DELETE, CTRL-Break, or another interrupt command. The screen and keyboard can be locked by setting the security option when you use the Boot Disk Creator to make BootWorks boot files. Or, you can change the settings in the BootWorks aut oexec. bat file. Just remove the REM statements for the commands you want to use. You can also add commands to set and clear keyboard and screen locks in multiple places in the batch file. This is useful for enabling input when applications are loaded (such as the Microsoft client, which prompts for a password), and then relocking the screen and keyboard to complete the boot processes. You can also use KBDSCLK on the command line if you want to temporarily override the batch file settings. Keyboard and Screen Lock Utility Usage Commands are not case-sensitive. The syntax is as follows: kbdscl k [ p=passwor d] [ +| - k] [ +| - s] [ x [ h#] ] [ c| t ] [ w=f i l e] [ b] For help when running the utility, type KBDSCLK ? The batch file includes keyboard and screen lock commands, which are marked out (REM). When you remove the REM commands and run the commands in a batch file, the utility behaves as a TSR. The defaults are: -f= Function: Specifies the source path to the BootWorks files. The default is drive a:. Example: To install BootWorks from a directory named bootfile on a network drive, type bwi nst - f =f : \ boot f i l e -b Function: Reads the BIOS settings for the hard drive if IDE settings fail or return incorrect values. If you get the message, Error creating drive map when installing BootWorks, run bwinst with this switch to correct the problem. Example: To solve the Error creating drive map error and install bwinst, type bwi nst - b Switch Details Deployment Solution 477 Command-Line Switches
The Altiris client graphic appears. The keyboard and screen are not locked. If options are added to the batch file, they are executed in the order they appear in the file. Order Of Operations The order of operations and utility behavior when KBDSCLK is run from the command line is as follows: When c or t is used, it performs its functions and exits without performing any other functions, regardless of order. KBDSCLK does not remain loaded as a TSR, so the keyboard is not locked and no screen output appears. Option Description p=pwd [b] Function: Sets a password to enable/disable the keyboard and screen lock. Maximum character length is 128. Option: b Scans keyboard input for a password to set locks when they are not set. (Be careful using this option. It can interfere with keyboard input for applications that are running!) +|- k Function: Enables/disables keyboard input. To allow keyboard input, use +k. To lock the keyboard, use -k. Default: Locked. +|- s Function: Enables/disables screen output. To allow screen output, use +s. To disable it, use -s. Default: Disabled. x [h#] Function: Displays the wallpaper or graphic and then exits the KBSCLK utility. Once the utility has exited (no longer running as a TSR), the keyboard and screen are not locked. Default: 3 second graphic/wallpaper display, then unload TSR. Options: h Allows use of the Home key to bypass BootWorks and begin production boot processes. # Specifies the time (in seconds) for the graphic to appear (a maximum of 34 seconds is possible). During that time, you can use the Home key to bypass the BootWorks processes. If zero is used, the graphic appears for 3 seconds and no bypass is allowed. c Function: Clears the screen and exits the program. Used mostly for troubleshooting. t Function: Sets video text mode (MODE CO80) and exits. Used mostly for troubleshooting. w=file Function: Specifies the name of a graphic/wallpaper file to appear. This is valid only if the x option is used. Valid files are pcx files with 640x480x16 color. Deployment Solution 478 Command-Line Switches
Use w to specify the name of a wallpaper/graphic file to replace the default. See the table above for details on using graphics files. When x is used, the wallpaper/graphic appears and the KBDSCLK program exits, ignoring all other commands except w and h, regardless of order. KBDSCLK does not remain loaded as a TSR, so the keyboard is not locked. If the utility is loaded as a TSR (in the aut oexec. bat file), and you execute KBDSCLK on the command line and specify the k and s options, it changes the keyboard and screen lock settings of the TSR instance. Options w, p, and b are ignored, regardless of order. If the TSR is not loaded, w, p, and b can be used with k and s in any order. The p option can be used on the command line to set a password for unlocking the screen and keyboard. Deployment Server Install Switches You can run the Deployment Server installation executable (axi nst al l . exe) from the command-line using these switches: Switch Details -s Function: Runs a Simple install where all components are installed on a single computer. Example: axi nst al l - s -a Function: Adds a component when installing a custom install where componentsthe Deployment Server database, PXE server, Deployment Share, services can be installed on separate computers. Example: axi nst al l - a -t Function: Allows you to run a silent install (where the install application executes without asking for user input. Example: axi nst al l - t Deployment Solution 479 Command-Line Switches
Silent Install Options You can add parameters for a silent install using an INI file that is accessed and used by the axinstall executable. The INI file can be named anything, but for the following section it will be identified as SILENT.INI. This file can be modified to directly input values when running an install without user interaction. axinstall.exe -t <INI filename> Example: axi nst al l - t c: \ si l ent . i ni To add the ability to provide all inputs from a Simple Install, Custom Install, or an Add Component install, the Si l ent . i ni file is required and must contain input parameters for each type of install. By adding Version and InstallType entries to the [SilentInstall] group, Deployment Solution can identify if its working with an old SILENT.INI file or a new file. The old file type will be supported for backward compatibility and will continue to function. Note The silent.ini file cannot have comments or blank lines between the header line and the key/value pairs. [ Si l ent I nst al l ] Ver si on=3 SEDat aManager Por t WCLocat i on WCPat h -i - Function: Allows you to create a setup.ini file used for automation or a silent install Example: axi nst al l - i -t <INI file location> Function: Allows you to run a silent install (where the install application executes without asking for user input) and read setting from an INI file. See Silent Install Options (page 479). Example: axi nst al l - t c: \ si l ent . i ni Sample Silent.INI file: [ Si l ent I nst al l ] Pr ogr amFi l es=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver \ Li censeFi l e=axi nst al l . l i c User name=Admi ni st r at or Passwor d= DOSBoot Fi l esPat h= Switch Details Deployment Solution 480 Command-Line Switches
WCRemot eComput er Name WCUser name WCPasswor d WCEncr ypt edPasswor d WCConsol eManager por t The Version and InstallType entries are both required in the new SILENT.INI file. If the Version entry is missing, it is assumed that it is an old SILENT.INI file (implicitly assumed to be version 1). If the InstallType entry is missing for a new version of SILENT.INI, an error will be logged to the log file and the installation will be aborted. Depending on the value of InstallType, different entries will be expected in the SILENT.INI file. The expected entries are listed in the following sections. Note A validator checks all input values during a silent install. It ensures that all user input (such as the user name, password, data path, and so on) is valid before starting the silent install. The validator inherit its behavior from the validation in the wizard pages of a non-silent install. If the validation fails, an appropriate error message writes to a log file and the installation process is aborted. Simple Install Entries If the InstallType is set to Simple, the following entries are expected in the SILENT.INI file. If any of the entries are missing, default values are used. We do not recommend using default values because it may cause the validator function to abort the install because the default values won't work with the specified values. Any entries other than the ones listed below are ignored for a simple install. DAPat h=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver Li censeFi l e=ax85. l i c DAUser name=Admi ni st r at or DAPasswor d=passwor d OR DAEncr ypt edPasswor d=z%l $qr y^w I nst al l PXE=0 Cr eat eExpr essShar e=FALSE | TRUE DOSFi l esPat h=c: \ dos To install Sysprep files, specify the following fields AddSyspr epFi l es=FALSE | TRUE XPSyspr epPat h=c: \ xp\ depl oy. cab 2KSyspr epPat h=c: \ 2k\ depl oy. cab NTSyspr epPat h=c: \ nt \ nt 4pr ep. exe Deployment Solution 481 Command-Line Switches
To install FreeDos files, specify the following fields PBFr eeDOS=FALSE | TRUE PBFr eeDOSFi l e=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m If you install DOS files, the following fields are listed: PBMSDOS=FALSE | TRUE PBMSDOSPat h=c: \ DOSFi l es To install Linux files, specify the following fields For Linux IA64, specify the path of the .FRM file in PBLi nuxFi l eI A64. The PBLi nuxI A64 field should be Tr ue. Example PBLi nuxFi l eI A64=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m PBLi nuxI A64=Tr ue For Linux x64, specify the path of the .FRM file in PBLi nuxFi l eX64. The PBLi nuxX64 field should be Tr ue. Example PBLi nuxFi l eX64=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m PBLi nuxX64=Tr ue For Linux x86, specify the path of the .FRM file in PBLi nuxFi l eX86. The PBLi nuxX86 field should be Tr ue. Example PBLi nuxFi l eX86=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m PBLi nuxX86=Tr ue To install WinPE files, specify the following fields For WinPE x86, to use an add-on file, specify the path of the add-on file in PBWi ndowsPEX86AddOnPat h. The PBWi ndowsPEX86AddOn field should be Tr ue. Example PBWi ndowsPEX86AddOn=TRUE PBWi ndowsPEX86AddOnPat h=c: \ DSSet up\ AddonX86. exe To specify the WinPE disk path, specify the path in PBWi ndowsPEWi nPEX86Pat h and the operating system path in PBWi ndowsPEX86OSPat h. The PBWi ndowsPEWi nPEX86 field should be Tr ue. Example PBWi ndowsPEX86=TRUE PBWi ndowsPEWi nPEX86Pat h=c: \ Wi nPE\ Di sk1 PBWi ndowsPEX86OSPat h=c: \ Wi nPE\ Di sk2 Deployment Solution 482 Command-Line Switches
For WinPE x64, to use an add-on file, specify the path of the add-on file in PBWi ndowsPEX64AddOnPat h. The PBWi ndowsPEX64AddOn field should be Tr ue. Example PBWi ndowsPEX64AddOn=TRUE PBWi ndowsPEX64AddOnPat h=c: \ DSSet up\ AddonX64. exe To specify the WinPE disk path, specify the path in PBWi ndowsPEWi nPEX64Pat h and the operating system path in PBWi ndowsPEX64OSPat h. The PBWi ndowsPEWi nPEX64 field should be Tr ue. Example PBWi ndowsPEX64=TRUE PBWi ndowsPEWi nPEX64Pat h=c: \ Wi nPE\ Di sk1 PBWi ndowsPEX64OSPat h=c: \ Wi nPE\ Di sk2 For WinPE IA64, to use an add-on file, specify the path of the add-on file in PBWi ndowsPEI A64AddOnPat h. The PBWi ndowsPEI A64AddOn field should be Tr ue. Example PBWi ndowsPEI A64AddOn=TRUE PBWi ndowsPEI A64AddOnPat h=c: \ DSSet up\ AddonI A64. exe To specify the WinPE disk path, specify the path in PBWi ndowsPEI A64 and the operating system path in PBWi ndowsPEI A64OSPat h. The PBWi ndowsPEI A64 field should be Tr ue. Example PBWi ndowsPEI A64=TRUE PBWi ndowsPEWi nPEI A64Pat h=c: \ Wi nPE\ Di sk1 PBWi ndowsPEI A64OSPat h=c: \ Wi nPE\ Di sk2 Custom Install Entries If the InstallType is set to custom, the following entries will be expected in the SILENT.INI file. If any of the entries are missing then default values will be used. Using default values is not recommended because it may cause the validator function to abort the install because the default values won't work with the specified values. Any entries other than the ones listed below will be ignored for a custom install. Note If you attempt to push out a silent Deployment Solution install to a computer where Microsoft SQL Server is installed and SQL Server has a password for the "sa" account, then it will not work. DAPat h=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver Li censeFi l e=ax85. l i c DAUser name=Admi ni st r at or DAPasswor d=passwor d Deployment Solution 483 Command-Line Switches
OR DAEncr ypt edPasswor d=z%l $qr y^w Cr eat eExpr essShar e=FALSE | TRUE DOSFi l esPat h=c: \ dos SEPat h= C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver SELocat i on=l ocal | r emot e SERemot eComput er Name=DESKPRO1 SEUser name=admi ni st r at or SEPasswor d=passwor d OR SEEncr ypt edPasswor d= z%l $qr y^w SEI PAddr ess=172. 16. 2. 123 SEDat aManager Por t = 8080 SEDBLocat i on=l ocal | same | r emot e | sql ser ver SEDBRemot eComput er Name=DESKPRO2 SEDBSQLPor t Number =<Ent er SQL Por t Number her e> SEDBEngi nePat h=c: \ mssql 7 SEDBDat aPat h=c: \ mssql 7\ dat a SQLAut hent i cat i on=FALSE | TRUE SQLMachi neUser name=admi ni st r at or SQLMachi nePasswor d=passwor d OR SQLEncr ypt edMachi nePasswor d= z%l $qr y^w I nst al l PXE=FALSE | TRUE PXLocat i on=dos | l ocal | r emot e PXRemot eComput er Name=DESKPRO3 PXMakeMast er Ser ver =FALSE | TRUE PXI PAddr ess=172. 16. 2. 123 PXDSI PAddr ess=172. 16. 2. 123 PXPat h=c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver PXUser name=Admi ni st r at or PXPasswor d=passwor d OR PXEncr ypt edPasswor d= z%l $qr y^w Deployment Solution 484 Command-Line Switches
PXCr eat eDef aul t PXEBoot Fi l es=FALSE | TRUE SQLAut hent i cat i on=FALSE | TRUE SQLUser name=Admi ni st r at or SQLPasswor d=passwor d OR SQLEncr ypt edPasswor d=zl q%r *x+y DSConnect i onMet hod=mul t i cast | t cpi p DSConnect i onSer ver Name=* | <ser ver name> DSConnect i onDSI PAddr ess=172. 16. 2. 123 DSConnect i onDSPor t =402 COLocat i on=l ocal | r emot e CORemot eComput er Name=DESKPRO4 COUser name=Admi ni st r at or COPasswor d=passwor d OR COEncr ypt edPasswor d=zl q%r *x+y WCLocat i on=l ocal | r emot e | none WCPat h= c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver WCRemot eComput er Name=DESKPRO5 WCUser name=Admi ni st r at or WCPasswor d=passwor d WCEncr ypt edPasswor d= zl q%r *x+y WCConsol eManager Por t =8081 Add Component Entries If the InstallType is set to addcomponent, the following entries will be expected in the SILENT.INI file. If any of the entries are missing then the default values will be used. Using default values is not recommended because it may cause the validator function to abort the install because the default values will not work with the specified values. Any entries other than the ones listed below will be ignored for adding new components. AddDSConsol e=FALSE | TRUE AddPXESer ver =FALSE | TRUE AddDSWebConsol e=FALSE | TRUE DOSFi l esPat h=c: \ dos DAPat h=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver SEI PAddr ess=172. 16. 2. 123 Deployment Solution 485 Command-Line Switches
SEDat aManager Por t =8080 COLocat i on=l ocal | r emot e CORemot eComput er Name=DESKPRO4 COUser Name=Admi ni st r at or COPasswor d=passwor d OR COEncr ypt edPasswor d=zl q%r *x+y PXLocat i on=dos | l ocal | r emot e PXRemot eComput er Name=DESKPRO3 PXMakeMast er Ser ver =FALSE | TRUE PXI PAddr ess=172. 16. 2. 123 PXDSI PAddr ess=172. 16. 2. 123 PXPat h=c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver PXCr eat eDef aul t PXEBoot Fi l es=FALSE | TRUE PXUser name=Admi ni st r at or PXPasswor d=passwor d OR PXEncr ypt edPasswor d= zl q%r *x+y WCLocat i on=l ocal | r emot e | none WCPat h= c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver WCRemot eComput er Name=DESKPRO5 WCUser name=Admi ni st r at or WCPasswor d=passwor d WCEncr ypt edPasswor d= zl q%r *x+y WCConsol eManager Por t =8081 Client BIOS Settings for Wake-On LAN and PXE Some network cards have their own setup utilities. If there is a Wake On LAN option on your NIC, enable it. If you want to use Wake On LAN, the motherboard and network card must support Intels Wired for Management (WfM) specification. You will also have to enable the features in the BIOS. (Settings are hardware specific.Your BIOS might not list all of these.). Power Management ON/ENABLED Suspend/Wake-up Features ON/ENABLED Deployment Solution 486 Command-Line Switches
Command-line Switches for the Pocket PC Agent You can manage the Pocket PC Agent through command-line switches. The default path of the agent executable file is: C: \ Al t i r i s\ PPCAgent \ PPCAgent . exe. The following table shows the optional switches and the functions they perform. Note If PPCAgent.exe is run and if the agent has not previously been installed, then the agent will be installed automatically. If the agent was previously installed, it will simply load the agent. Command Line Switches for the Pocket PC Agent Example: to restart the agent, run C: \ Al t i r i s\ PPCAgent \ PPCAgent . exe - r est ar t To use more than one command-line parameter, separate the parameters with a space. Example: ppcagent - i nst al l - si l ent . Command-line Install Switches for Linux The command-line switches used for Linux files are express path where the bootwiz.exe is present -install -os LINUX -x86/x64/ia64 path where the .FRM file is present. The following table lists the Command-line Install and Silent Install Switches for Linux and the functions they perform. Wake On LAN ON/ENABLED Remote Power Up ON/ENABLED Power Switch/Wake-up ON/ENABLED Option Function -install Installs the agent, or re-installs the agent if already installed. -silent When used with - i nst al l , installs the agent without the installation dialog screens. -stop Stops the agent. -start Starts the agent after it has been stopped. -restart Stops and restarts the agent. -remove Stops and uninstalls the agent. Switch Details -install -os LINUX -x86 e:\BDCgpl_6.8.8260.frm Installs the Linux agent for x86 computers. -install -os LINUX -x64 e:\BDCgpl_6.8.8260.frm Installs the Linux agent for x64 computers. Deployment Solution 487 Command-Line Switches
Example: To install the Linux agent for x86 computers, run C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os LI NUX - x86 " e: \ BDCgpl _6. 8. 8260. f r m" Example: To silently install the Linux agent for x86 computers, run C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os LI NUX - x86 " e: \ BDCgpl _6. 8. 8260. f r m" - qui et Tip You can do the same for x64 and ia64 computers. Command-line Install Switches for WinPE The command-line switches used for WinPE files are express path where the bootwiz.exe is present -install -os WINPE -x86/x64/ia64 path where the .EXE file is present. The following table lists the Command-line Install and Silent Install Switches for WinPE and the functions they perform. -install -os LINUX -ia64 e:\BDCgpl_6.8.8260.frm Installs the Linux agent for ia64 computers. -install -os LINUX -x86 e:\BDCgpl_6.8.8260.frm -quiet Silently installs the Linux agent for x86 computers. -install -os LINUX -x64 e:\BDCgpl_6.8.8260.frm -quiet Silently installs the Linux agent for x64 computers. -install -os LINUX -ia64 e:\BSCgpl_6.8.8260.frm -quiet Silently installs the Linux agent for ia64 computers. Switch Details -install -os WINPE -x86 e:\Altiris_DS_Preboot_WinPE2005_x86. exe Installs the WinPE agent for x86 computers. -install -os WINPE -x64 e:\Altiris_DS_Preboot_WinPE2005_x64. exe Installs the WinPE agent for x64 computers. -install -os WINPE -ia64 e:\Altiris_DS_Preboot_WinPE2005_ia64 .exe Intalls the WinPE agent for ia64 computers. -install -os WINPE -x86 e:\Altiris_DS_Preboot_WinPE2005_x86. exe -quiet Silently installs the WinPE agent for x86 computers. Switch Details Deployment Solution 488 Command-Line Switches
Example: To install the WinPE agent for x86 computers, run C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os WI NPE - x86 " e: \ Al t i r i s_DS_Pr eboot _Wi nPE2005_x86. exe" Example: To silently install the WinPE agent for x86 computers, run C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os WI NPE - x86 " e: \ Al t i r i s_DS_Pr eboot _Wi nPE2005_x86. exe" - qui et Tip You can do the same for x64 and ia64 computers. -install -os WINPE -x64 e:\Altiris_DS_Preboot_WinPE2005_x64. exe -quiet Silently installs the WinPE agent for x64 computers. -install -os WINPE -ia64 e:\Altiris_DS_Preboot_WinPE2005_ia64 .exe -quiet Silently installs the WinPE agent for ia64 computers. Switch Details Deployment Solution 489
Chapter 21 RapiDeploy Technical Reference In Deployment Solution, most imaging tasks can be completed directly from task wizard in the Deployment Console. For advanced imaging operations, you might need the extended functionality provided by the command-line interface of the Deployment Solution imaging tool, RapiDeploy. This section provides details on using the RapiDeploy command-line interface. See Also RapiDeploy Executable Files on page 489 Running RapiDeploy from the Command-line on page 489 Using File System Independent Resource Management (FIRM) on page 502 Using File System Independent Resource Management (FIRM) on page 502 Troubleshooting RapiDeploy on page 93 RapiDeploy Executable Files The following table lists and gives a short description of RapiDeploy executable files: Running RapiDeploy from the Command-line You can create and deploy images from the command-line using switches. This is useful if you want to run imaging from a batch file and not use the Rdeploy wizard. RapiDeploy Executable Files File Description rdeploy An Altiris program with a graphical wizard-like interface. When run on a computer, rdeploy.exe temporarily designates the computer as the RapiDeploy Master PC or as the Client PC. The Master PC controls how images are created, uploaded, and downloaded, and how they are sent or multicasted to other computers. Rdeploy.exe lets you set up configurations (such as TCP/IP and networking settings) on the computer after it has received an image. You can run rdeploy.exe with command-line switches and set up other options for imaging and multicasting. rdeployt A text-based version of RapiDeploy, this version does not provide a graphical interface but supports the command-line switches. firm File System Independent Resource Management (FIRM) lets you access files in automation. This is an advanced feature. You do not have to use it to perform normal management tasks. For more information, see Using File System Independent Resource Management (FIRM) on page 502. Deployment Solution 490 RapiDeploy Technical Reference
Switches can be entered in any order and they are not case sensitive. When using multiple switches, leave a space between each option. You can also get a list of switches at the DOS prompt by typing the following: r depl oy - ? If you want to redirect this list to a file, type the following: r depl oy - ? - t ext > r dpar ams. t xt RapiDeploy Command-line Switches The following table lists all the command-line switches that you can use with rdeploy.exe. RapiDeploy Command-line Switches Switch [ parameters] Details -? Function Shows command-line help. -align:[cyl|track|none] Function Sets partition alignment to the provided values. None disables partition geometry rounding entirely, which very slightly affects the partitions when restoring an image. -bsl:[maximum bandwidth] Function Determines the maximum bandwidth to be used by the multicasting session. Example To limit the bandwidth to 5 Megabits per second, type r depl oy - bsl : 5 -c[compression mode] Function Sets the compression mode for image creation. Speed is the default mode. Modes off turn compression off. size make smallest image size with slight speed penalty. speed (default) make a less compressed image in less time. balanced make a reasonable compressed image with a reduced speed penalty. Example To optimize image creation for speed, type r depl oy - mu - f [filename] - cbal anced Deployment Solution 491 RapiDeploy Technical Reference
-cfgfile:[filename] Function Sets the configuration filename (default is lastrun.cfg). The configuration file provides information for post configuration. The default configuration file is lastrun.cfg that can be edited in a text editor with the specific information needed for the computer. This command is useful if you want to run imaging in a batch file using configuration information saved previously by the RapiDeploy program. (If you select the option to save settings in the RapiDeploy program, a configuration file will be created with the name lastrun.cfg.) You can rename lastrun.cfg and specify it in your batch file to apply configuration settings. Example If you have run RapiDeploy and have chosen the option to save configuration settings, you could rename lastrun.cfg to laptop1.cfg and use it in a batch file by typing the following: r depl oy - md - f [filename] - cf gf i l e: l apt op1. cf g You can also put configuration files in a shared directory and load them from the network. See also -m[mode], -f[path & file name] -cmdline Function In text mode, display the command-line options. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 492 RapiDeploy Technical Reference
-d[hard disk number] Function Specifies which hard disk to read from or write to, depending on whether you are uploading or downloading. This switch is used for computers that have more than one hard disk. Examples To download an image to disk 2, combine with the - md switch and type r depl oy - d2 - md - f [filename] To create an image from disk 2, combine with the -mu switch and type r depl oy - d2 - mu - f [filename] See also -m[mode], -f[path & file name] Disk to Disk A colon indicates disk-to-disk imaging. -d1:2 (disk to disk mode, source is disk 1, destination is disk 2) -d3:2 (Source is disk 3, destination is disk 2) Linux Software Raid and LVM When using a Linux software raid or LVM, a comma specifies the disks in the set. r depl oy - d1, 2 - md - f [filename] If using a hardware raid, this syntax might not be required if the disk set is recognized as a single drive. Use the f i r mdr i ves command to determine how the drives are recoginized. -ddio:[on|off] Function Causes RDeploy to bypass the operating system cache and use direct disk access instead. This can improve performance in some circumstances. Default is off. -dpos[1-2] Function Specifies the disk location to set if the imaged disk will be removed after imaging. -dsconfig:[filename] Function Specifies the Deployment Agent configuration file to copy to the computer when the imaging job completes. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 493 RapiDeploy Technical Reference
-f[path & file name] Function Used with the - mswitch. In upload mode, it specifies the filename and location for storing an image file. In download mode it specifies which image file to restore. To create (upload) a regular image file, use an .img extension. To create a self-extracting executable image file, use an .exe extension. Examples To upload an image file to disk g:, type r depl oy - mu - f g: \ i mages\ wi n98. i mg To upload a self-extracting executable image file, type r depl oy - mu - f g: \ i mages\ wi n98. exe See also -m[mode], -f[path & file name] -forcebf Function Forces boot fixup in cases when it does not normally occur. When imaging completes, certain files, such as boot.ini or grub, and the MBR are modified to ensure that the computer boots. This is used in circumstances when you want to keep existing partitions using the -kp switch. If you are replacing a boot partition use this switch to fix booting. If you are replacing a data partition this is not required. -forcebw Function Forces the automation partition to be restored. Use this switch when using PXE or to overwrite an existing automation partition on the hard disk with the automation partition in the image. Example To restore an image and have the automation partition in the image replace an existing automation partition on the hard disk, type r depl oy - md - f [filename] - f or cebw See also -m[mode], -f[path & file name] -forcegui Function Forces the wizard to appear even if it does not have to. Use this switch to force the wizard to appear so that you can view or edit settings for each computer. Example To restore an image but first view or make changes in the settings, type r depl oy - md - f [filename] - f or cegui See also -m[mode], -f[path & file name] RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 494 RapiDeploy Technical Reference
-forceoem Function Forces the OEM partition to be restored. Use this switch to overwrite an OEM partition on the hard disk with an OEM partition in the image. Example To restore an image and have the OEM partition in the image replace an existing OEM partition on the hard disk, type r depl oy - md - f [filename] - f or ceoem See also -m[mode], -f[path & file name] -frm:[name] Function Specifies a FIRM file that contains a list of FIRM commands to be executed after a restore. A FIRM file is a text file containing FIRM commands to execute. Example After a computer has received an image, you can copy a file that is not in the image to the computer. Example: you may want to copy a .cfg file that a computer needs but is not in an image. r depl oy - md - f [filename] - f r m: c: f i l es. t xt In this example, you would have two files: The file that includes the copy commands. The file that you want copied to a computer, sample.cfg Both of these files must be in the RapiDeploy/FIRM application folder. The FIRM file, firm.txt, could have the following FIRM command: copy sampl e. cf g c: \ sampl e. cf g In this example, after the image has been received, sample.cfg is copied from the RapiDeploy application folder on the server to the computer in the specified folder. -grubdir:[dir] Function Specifies the directory where the GRUB boot files are located. If GRUB is installed on a system, the MBR is re-created based on the GRUB files when imaging completes. If GRUB files are located in a non-default directory, use this command to specifiy their location. -h Function Shows command-line help. -i:[20..25] Function Sets screen resolution. For information on setting VESA modes, see -ve:[31.34] Example To set screen resolution to VGA mode 23 (640x480x16), type r depl oy - i : 23 RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 495 RapiDeploy Technical Reference
-i[IDnumber] Function Sets session ID when sending an image file to more than one computer. Use this switch with multicast sessions so the Master PC can identify Client PCs in the same session. Example To send an image to 10 Client PCs, type r depl oy - mdb - f [filename] - s9 - i 5000001 Note -i500001 is given as an example. This value is an example of what the Deployment Server console would send for a session ID. See also -m[mode], -s[number of Client PCs], -f[path & file name] -ip:[n.n.n.n:p] Function Sets the multicast IP address and port. This can be used for two purposes: 1) To allow multicasting through a router that is set up to use a different multicast IP address, and 2) to separate multiple multicasting sessions more efficiently. If you are manually running multiple multicast sessions, you can specify a different multicast IP address for each session to allow the NIC itself to filter out unwanted packets from other sessions. This speeds up all sessions involved. Important Remember to put the port number at the end of the IP address after a colon. Example r depl oy - mdb - f [filename] - s9 - i p: 224. 2. 0. 3: 401 See also -m[mode], -s[number of Client PCs], -f[path & file name] -iosize:[n] Function Sets the size in KBytes of reades and writes to the image file. (4-64k). Default is 32k. If setting this to greater than 32k in DOS, you must use a DOS extender, such as DOS/32A. -kap Function Prevents rdeploy.exe from overwriting any existing partitions on the hard disk. -kp[1-31] Function (Download only) Prevents rdeploy.exe from overwriting a specified partition. n=partition 1 - 31 Example To keep partition 2 from being overwritten during imaging, type r depl oy - md - f [filename] - kp2 See also -m[mode], -f[path & file name] -kprs Function Keeps the recovery partition during image restoration. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 496 RapiDeploy Technical Reference
-m[mode] Function Sets the operating mode. Modes u (Upload image) d (Download image) dd (Disk-to-disk) b (Multicast only) mm (Multicast master) ub (Upload and multicast image) db (Download and multicast image) client (Client mode) Examples To upload an image, type r depl oy - mu - f [filename] To designate a computer as a Client PC, type r depl oy - mcl i ent See also -f[path & file name], -i[IDnumber] -makeimx Function Minimizes the number of disk swaps that occur when restoring a hard disk image that has been split across multiple CDs or other storage media. This switch causes RapiDeploy to create an .imx (IMage IndeX) file which contains data that may reside on other CDs. If RapiDeploy has access to the .imx file, it will not prompt you to insert any CD more than once. Use the -makeimx switch when you create an image. However, no switches are needed when restoring the image. Once the split image file has been created and you are ready to burn the image to CDs, put the .imx file on the CD with the first .img split image file. Subsequent split image files do not require the .imx file to be placed on the CD. -mcastspeed[speed] Sets the speed used in multicast operations. Range: 1 or greater. Deployment Solution 6.5 and previous use 1 as default, later versions use 5. -mclient Function Operate in client mode. When multicasting, set this flag to force the computer to not attempt to act as master. -mcint:[n.n.n.n] Function Specifies the interface used for multicasting. This is useful if you have a computer with multiple NICs and you want to force multicast data to use a specific NIC. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 497 RapiDeploy Technical Reference
-mconv Function Used with the - f switch to convert an existing image file (.img) to a self-extracting .exe file. (Does not upload or download; just converts the file.) Example To convert a file named WINXP.IMG, type r depl oy - mconv - f wi nXP. i mg See also -f[path & file name] -mig:[filename] Function Used to specify a migration file. Prompts before overwriting the drive. This is used mainly by PC Transplant Pro. -n Function Do not save the image to the destination. This is useful to see if an image capture completes successfully without consuming disk space. -nobw Function Makes sure that a BootWorks partition does not exist in the destination, is not on the disk when restoring, and is not in the image when creating. Example To remove an existing BootWorks partition from a hard disk and exclude the BootWorks partition from being downloaded with an image, type r depl oy - md - f [filename] - nobw See also -m[mode], -f[path & file name] -nocancel Function Does not allow the user to cancel the imaging task. -nooem Function Makes sure that an OEM partition does not exist in the destination, is not on the disk when restoring, and is not in the image when creating. Example To remove an existing OEM partition from a hard disk and exclude the OEM partition in an images from being restored, type r depl oy - md - f [filename] - nooem See also -m[mode], -f[path & file name] -noprompt Function Prevents any need for user interaction. Example: clicking OK after an error occurs. This is very useful in scripting situations where there won't be a user present to hit a key. -nors Function Makes sure that a recovery partition does not exist in the destination, is not on the disk when restoring, and is not in the image when creating. -nospacecheck Function Dont check for available space on the volume when creating an image. -nt64k (Download only) Function (NT computers only) Enables a 64K cluster size with a FAT16 partition. This allows you to resize a FAT16 partition up to 4 GB rather than the normal 2 GB limit. Example To change the size, type r depl oy - md - f [filename] - nt 64k See also -m[mode], -f[path & file name] RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 498 RapiDeploy Technical Reference
-p[partition] Function Specifies which partition to process. Parameters n Number (1-31) uploads the partition (each partition must be designated separately) b images the BootWorks partition (works for both hidden and embedded types) oem images the oem partition rs images the recovery partition Examples To upload an image of partition 2, type r depl oy - mu - p2 - f [filename] To upload multiple partitions, type r depl oy - mu - p2 - p3 - p4 - f [filename] To upload the BootWorks partition, type r depl oy - mu - pb - f [filename] To upload the oem partition, type r depl oy - mu - poem- f [filename] See also -m[mode], -f[path & file name] -password:[pwd] Function Specifies the image password. Passwords are case sensitive. Example To create a password-protected image file, type r depl oy - mu - f [filename] - passwor d: Al t i r i s To restore that file, type r depl oy - md - f [ f i l ename] - passwor d: Al t i r i s See also -m[mode], -f[path & file name] -postconfig Function Perform postconfig from within RDeploy. -raid:[n] Function Specify the software raid level. -raw Function Treats all partitions as raw. The Master PC reads and images a partition by sectors rather than by files. This switch makes the image drive geometry dependent (must have the same heads, cylinders, and tracks as the image source). Used mostly by Altiris Technical Support for troubleshooting, or it could be used to make sure that any extra data residing outside of the file system is included in the image. -retainstart Function Retain the start sector of the first partition. DOS partitions only, up to 2048 sectors. -rescan Function Reread the partition table after imaging. -restorebt Function Restore the boot track during download. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 499 RapiDeploy Technical Reference
-restoresig Function Causes RapiDeploy to restore the unique disk signature in the MBR of the hard disk from which the image was created. Normally, RapiDeploy does not transfer the disk signature to the target computer when deploying an image. This switch can be used when restoring an image to the same or similar systems. The -szf switch may be needed in combination with the -restoresig switch. Example One This -restoresig switch has been added to the Distribute Disk Image job in the XP Embedded folder in the Samples folder to protect the Write Filter Partition. It is required for all Restore Image jobs for XPe Thin Clients. Example Two The -restoresig switch is needed when restoring an image to a Citrix Metaframe Server to preserve the alternate drive mappings. In this situation the -szf switch is also required. Note This switch will function only if no production partitions are being preserved on the hard drive when deploying the disk image. -rscs:[name] Function Create a recovery solution checksum during upload. -s[number of Client PCs] Function Specifies the number of Client PCs included in a multicast session. When the Master PC detects the specified number of Client PCs, it automatically starts the multicast session. The number specified does not count the Master PC. Example To set the number of Client PCs that will be connecting to the Master PC in a multicast session to 9 computers, type r depl oy - mdb - f [filename] - s9 See also -m[mode], -f[path & file name] -span Function Prompts between each piece of an image file (if set when using the -split command), allowing you to insert new media. Example To prompt between each file in the image set, type r depl oy - mu - f [filename] - spl i t : 500 - span See also -m[mode], -f[path & file name] -split:[n] Function Breaks an image into multiple files of a specified size during an upload (in megabytes). Example To set the file size to 500 MB, type r depl oy - mu - f [filename] - spl i t : 500 See also -m[mode], -f[path & file name] -sN Function Send to N clients. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 500 RapiDeploy Technical Reference
-szf Function Use this switch to set fixed sizing for all partitions. By using this switch, RapiDeploy will use the original sizes that existed on the computer from which the image was created. Example If the original size of the partition to be downloaded was 250 MB and you want the destination partition to remain 250 MB, use the -szf switch. If the target disk has 500 MB of free space, you will have a 250 MB fixed partition and 250 MB of free space. -sz[parameter] Function Resizes partitions during imaging. Syntax rdeploy -sz[#]:[x{m|p}] where # is the partition number and x is the size based on the number of megabytes or a percentage. Parameters [x]m (Resize partitions in megabytes) [x]p (Resize partitions as a percentage of hard disk size for primary partitions or the percentage of the extended partition for logical drives) Examples If the size of partition 2 being downloaded is 300 MB and you want it to fit in half of the 500 MB of disk space on the client disk, type r depl oy - sz2: 50p - md - f [filename] This resizes the 300 MB partition to 250 MB, leaving the other 250 MB unused. You can set the target size for multiple partitions on the same command-line by including multiple instances of the switch: r depl oy - sz1: 200m- sz2: 50p - md - f [filename] See also -m[mode], -f[path & file name] -text Function Run in text mode instead of GUI mode. To use this switch, all settings must be specified at the command-line. Examples r depl oy - md - f [filename] - t ext or r depl oy - mu - f [filename] - t ext If you want to save a list of command-line parameters to a text file, you can use the -text parameter r depl oy - ? - t ext > r dpar ams. t xt See also -m[mode], -f[path & file name] RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 501 RapiDeploy Technical Reference
-threshold:[n] Function This option applies only to the Restore and Send (- mdb) mode. We have found that when using a small number of clients, it is faster to perform individual downloads on each client than it is to multicast to all of them. There is a point where it becomes more efficient to multicast than it is to perform individual downloads. This threshold is where it becomes faster to multicast than to do individual downloads and can be specified by the -t hr eshol d: [n] command line parameter. Depending upon the network environment, this number may vary. You should perform a few tests to pick a good threshold value for your network. It may be a small number, like four, or it could be much larger, like 15. Once you have found this threshold value, you can specify this number on the command line and then RapiDeploy will, depending on the number of clients that connect, have them do individual downloads or have them multicast. The number [n] specifies the minimum number of clients that will need to connect to the master in order for it to multicast. Example: if you specify - t hr eshol d=5, and four or fewer clients connect to the master PC, it will have them all do individual downloads of the image. If five or more clients connect to that master, it will multicast to them. This becomes more important when multicasting across subnets with a router that doesn't support multicasting. If you start one master and nine clients (10 PC's total), three of which are on one side of the router and seven of which are on the other side, RapiDeploy will detect that there are only three on one side of the router and do individual downloads to them. It will also detect that seven are on the other side and multicast to them. RapiDeploy does all of this automatically. All you must supply is the threshold value to let RapiDeploy determine when it should multicast or not. Example Suppose you have determined that the threshold value for your network is five. In other words, you have found that multicasting from one master to five or more clients is faster than doing individual downloads to those clients and the master. You could then specify the following threshold value on the command line: r depl oy - mdb - f [filename] - s9 - t hr eshol d: 5 See also -m[mode], -f[path & file name], -s[number of Client PCs] -throttle:[n] FunctionThrottle RDeploy operations to N mbps. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 502 RapiDeploy Technical Reference
Using Command-line Switches with Executable Images In rare cases, you might need to use switches with executable image files. Multiple switches can be used on the same command-line. As with other switches, you can use them on the command-line or in a batch file. In addition, you can use the - nopr ompt switch, which bypasses the default screen that prompts the user before imaging begins. Example If you named your self-extracting file baseimag.exe when you created (uploaded) it, you would type the following on the command-line or in your autoexec.bat file: basei mag. exe - nopr ompt You can combine this switch with any of the other switches. Using File System Independent Resource Management (FIRM) FIRM gives you file access to all FAT, NTFS, and EXT2 file systems on your hard disk from the automation environment. This is an advanced feature. You do not have to use it to perform normal management tasks. -ve:[31.34] Function Set VESA screen resolution. Example To set screen resolution to VESA mode 31 (640x480x256), type r depl oy - ve: 31 -w[n] Function When multicasting, specifies the maximum number of minutes to wait for Client PCs to connect. If all Client PCs connect, it will start right away. Default: 5 minutes (or until the specified number of Client PCs is connected). Example To set the timeout to wait for PC Clients to 10 minutes, type r depl oy - w10 - mdb - f [filename] - s9 See also -m[mode], -s[number of Client PCs] -x Function Cause the image to be saved as a self-extracting file. This setting will automatically be set if the image file name specified by the - f parameter ends with .EXE. RapiDeploy Command-line Switches (Continued) Switch [ parameters] Details Deployment Solution 503 RapiDeploy Technical Reference
How FIRM Works FIRM identifies two drive types: DOS drives and FIRM drives. DOS drives are those that DOS recognizes, such as local drives and network drives. FIRM recognizes DOS drives in addition to other local partitions that are present but may not be recognized by DOS. FIRM assigns drive letters to partitions in the order they are defined on the hard disk. Because FIRM and DOS both assign drive letters, they might see different drives. So, the drive letter assignments might be different depending on which operating system you use to see the mappings. Here is an example of what you would see with several operating systems compared to what you would see with FIRM. Note that the only way to see the location of the embedded BootWorks partition is with FIRM. *Drive letters are assigned according to where the drives physically reside on the disk. FIRM uses the following logic to determine which type of drive to use: Drives A: and B: are DOS drives. All other drives are assumed FIRM drives unless prepended with the drive type identifier D. Example: DC: indicates DOS drive C:. If a FIRM drive is not found, then a DOS drive is assumed. FIRM drives can also be explicitly specified by prepending the drive type identifier F. Example: FK: indicates FIRM drive K:. Running FIRM The computer must be booted to DOS. The firm.exe program must be on a disk or a server where you have rights to access it. To run FIRM 1. Put the disk containing FIRM.EXE into drive a:, or log into the server where the program files are located. 2. Type FI RMto run the program. Drive mapping comparison Sample Partitions Partitions recognized by Win 98 Partitions recognized by WIN NT Partitions recognized by WIN 2000 Partitions recognized by FIRM Embedded BootWorks partition (always drive W:)
FIRM Command-Line Switches Drive designations Because FIRM and DOS recognize drives differently, they might assign different letters to the same drive. So, for some commands you must specify the drive type in addition to the drive letter. Drive types are: OS (operating system drive), and f (FIRM drive). Tokens You can use a token in place of a drive letter wherever one is required. Tokens are just another way of accessing a drive on the partition. FIRM replaces tokens with the appropriate drive letter. FIRM Tokens Token Function auto Function Used in place of the BootWorks partition letter (w: drive). Examples To delete the autoexec.bat file from the BootWorks partition, type f i r mdel et e aut o: \ aut oexec. bat To see a directory list of the BootWorks partition, type f i r mdi r aut o: \ prod Function Used in place of the production partition letter (Example: firm c: drive). Examples To see a directory list of firm drive c:, type f i r mdi r pr od: \ To copy backup files from the production partition c: to the BootWorks partition, type f i r mcopy pr od: \ backup. l st aut o: \ backup. l st temp Function This is an environment variable string that maps to wherever your TEMP directory is assigned. Example To see a list of files and directories in your TEMP directory, type f i r mdi r t emp: \ Deployment Solution 505 RapiDeploy Technical Reference
FIRM Modes and Switches Mode Options drives Function Gets a list of all partitions/drives. Shows the file system and FIRM drive letters. Also shows the percentage of the drive used by the partition. Usage f i r mdr i ves Example To see a list of all supported drives, including the embedded BootWorks partition, type f i r mdr i ves type Function Sees the contents of an ascii text file. (Other file types do not display correctly.) Usage f i r mt ype [filename] Option [filename]= path and name of the file you want to read Syntax f i r mt ype[drive type][drive letter or token]: [path][filename] Example To see the contents of a file called disk32.txt, type f i r mt ype f c: \ di skf i l es\ dat a\ di sk32. t xt copy Function Copies a file from one directory to another. Usage f i r mcopy [source file][destination file] Options [source file]=path and filename to be copied [destination file]=location path and filename file will be copied to Syntax f i r mcopy [drive type][drive letter or token]: [path][filename] Examples To copy an autoexec.bat file from DOS drive C: to the BootWorks partition, type f i r mcopy dc: \ aut oexec. bat aut o: \ aut oexec. bat To copy backup files from the production partition to the BootWorks partition, type f i r mcopy pr od: \ backup. l st aut o: \ backup. l st To backup an autoexec.bat file on FIRM drive c: to FIRM drive c:, type f i r mcopy f c: \ aut oexec. bat f c: \ aut oexec. ol d To copy an autoexec.bat file from DOS drive c: to FIRM drive c:, type f i r mcopy dc: \ aut oexec. bat f c: \ aut oexec. bat Deployment Solution 506 RapiDeploy Technical Reference
dir Function Displays file and directory lists. Usage f i r mdi r [directory] Option [directory]=directory letter or path Syntax f i r mdi r [drive type][drive letter or token]: [path] Do not include a filename or you will get an error. The drive type is optional. Examples To see a list of directories and files in the BootWorks directory, type f i r mdi r w: \ or, type f i r mdi r aut o: \ (This shows the same results as dos: dir c:\ when running in BootWorks.) When you are in the BootWorks partition, you can get a list of the contents of the TEMP directory on DOS drive c: by typing f i r mdi r aut o: \ t emp To see a list of files and directories in the Windows system directory, type f i r mdi r pr od: \ wi ndows\ syst em delete Function Deletes a file. Usage f i r mdel et e [filename] Option [filename]=path & name of file to delete Syntax f i r mdel et e [drive type][drive letter or token]: [path][filename] Always use the full path when deleting a file. You can also use tokens. Examples To delete the autoexec file from your BootWorks partition, type f i r mdel et e aut o: \ aut oexec. ol d To delete the file foo.txt from a directory on DOS drive d:, type f i r mdel et e dd: \ mydi r \ f oo. t xt To delete the autoexec file from FIRM drive e:, type f i r mdel et e f e: \ aut oexec. bat FIRM Modes and Switches (Continued) Mode Options Deployment Solution 507 RapiDeploy Technical Reference
backupreg Function Backs up registry files. Usage f i r mbackupr eg [ dest file][local path] Options -noprofile Backs up default registries without the user profiles. [destination file]=destination filename (must be a DOS filename) [local path]=local path to registry files (source) (Default source path for Win NT/2000 is c:\winnt\system32\config. Default for Win 95/98 is c:\windows). If files are stored in the default location, you do not need to enter the path. Syntax f i r mbackupr eg [ destination path and filename] [drive letter or token]:[local path] Include the complete path. Examples To back up registries without user profiles to c:\regback.lst, type f i r mbackupr eg c: \ r egback. l st - nopr of i l e To back up registries from FIRM drive e: to regback.lst, type f i r mbackupr eg c: \ r egback. l st e: \ wi nnt restorereg Function Restores registry files. Usage f i r mr est or er eg [source file] [local path] Options [source file]=source filename (must be a DOS filename) [local path]=local path to registry files (Default source path for Win NT/2000 is c:\winnt\system32\config. Default for Win 95/98 is c:\windows. If files are stored in the default location, you do not need to enter the path.) Syntax f i r mr est or er eg [source path and filename][drive letter or token]: [local path] Include the complete path. Examples To restore registries from c:\regback.lst to default location, type f i r mr est or er eg c: \ r egback. l st To restore registries from c:\regback.lst to e:\winnt f i r mr est or er eg c: \ r egback. l st e: \ wi nnt FIRM Modes and Switches (Continued) Mode Options Deployment Solution 508 RapiDeploy Technical Reference
backuplist Function Backs up a set of files. Usage f i r mbackupl i st [destination file] [list file] Options [destination file]=destination filename (must be a DOS filename) [list file]=filename containing a list of files to back up (source) Must be in a DOS text/ascii file format. Syntax f i r mbackupl i st [destination path and filename][list filename] Include the full path. Example To back up the files in c:\backup.lst and store them in c:\backup.txt, type f i r mbackupl i st c: \ backup. t xt c: \ backup. l st The backup.lst file might contain the following: c:\autoexec.bat c:\config.sys prod:\windows\command\format.com restorelist Function Restores a set of files. Usage f i r mr est or el i st [source file][logical drive] Options [source file]=source filename (must be a DOS filename) [logical drive]= drive letter to overwrite default logical drive Default logical drive = PROD:\ Syntax f i r mr est or el i st [source path and filename][logical drive letter] Include the complete path. Example To restore backup files to DOS drive c:, type f i r mr est or el i st dc: \ backup. t xt FIRM Modes and Switches (Continued) Mode Options Deployment Solution 509
Appendix B Tokens: Dynamic Database Access These are variable tokens that can be inserted in scripts (see Run Script on page 181) or answer files (in Scripted OS Install on page 165) to extract information from the Deployment Database. Example: the token named %ASSETTAG% contains the asset tag of a computer. Tokens are most commonly used when creating custom scripts (using the Run Script Task) or answer files when doing unattended operating system installations. The custom script is unique to the computer in which it is applied. System Tokens The following table lists all predefined system tokens supported by Deployment Solution 5.6 or higher. System tokens are case sensitive. The percent symbol % at the beginning and end of each token is part of the token name and must be included.
Token Description %ASSETTAG% Asset tag from SMBIOS %AGENTIPADDR% The IP address of the NIC of the client computer connected to the Deployment Server. %BWIPADDR% The IP address of the client computer connected to the Deployment Server. This token only works with Bootworks. It is deprecated and it is recommended that you use the token %AGENTIPADDR% instead. %CALLINGJ OBNAME% The name of the job that called this job (as used when Setting Up Return Codes) or the name of this job if not called by another job %COMPNAME% Actual computer name used by the OS %CONTACT% Contact name defined in the Location properties %DATE% Date string in the form of mm/dd/yyyy %DEPT% Department description defined in the Location properties %DNSSUFFIXSEARCHORDER% The DNS suffixes under the DNS tab. %DOMAIN% MS Workgroup or domain name %DOMAINOU% Domain organization units. Example: MyCompany. com/ MyPar ent OU/ MyOU %DSSERVER% The NetBios name of the computer where the Deployment Server is installed. %EMAIL% Email from the Location properties %ID% Unique Computer ID Generated by Deployment Server Deployment Solution 510 Tokens: Dynamic Database Access
%IPNAME% Full DNS name of the computer %J OBNAME% The name of the current job. %J OBUSER% The name of the user logged on to the Deployment console %LDAPDOMAINOU% The LDAP format for AD domains. Example: dc=MyCompany, dc=com, OU=MyPar ent OU, OU=MyOU %MAILSTOP% Mail stop from the Location properties %MANUF% Computer manufacturer from SMBIOS %NAME% Complete computer name as it appears in the console %NETBIOSDOMAIN% The NetBios name for the Microsoft Domain %NICyIPADDR% IP Address for NIC y (y =1-8). Example: the first NIC would be %NIC1IPADDR%I , second %NIC2IPADDR% %NICyIPDNSx% DNS entry x for NIC y. Example: the second NIC fourth DNS entry would be %NIC2IPDNS4% %NICyIPDNSALL% All DNS IP addresses for NIC y. Example: All DNS entries for the second NIC would be %NIC2IPDNSALL%. %NICyIPGATEWAY% Default gateway for NIC y (y =1-8). Example: the first NIC would be %NIC1IPGATEWAY%, second %NIC2IPGATEWAY% %NICyIPHOST% IP HOst for NIC y (y =1-8). Example: the first NIC would be %NIC1IPHOST%; the second would be %NIC2IPHOST%. %NICyIPNETMASK% Netmask for NIC y. Example: the first NIC would be %NIC1IPNETMASK%, second %NIC2IPNETMASK% %NICyIPWINSx% WINS entry x for NIC y. Example: the third NIC first WINS entry would be %NIC3IPDNS1% %NICyIPWINSALL% All WINS addresses for NIC y. Example: All WINS entries for the second NIC would be %NIC2IPWINSALL%. %NICyMACADDR% MAC for NIC y (y =1-8). Example: the first NIC would be %NIC1MACADDR%, second%NIC2MACADDR% %NICyNETBIOSOPTIONS% NetBios options for NIC y. Example: the NetBios options for the third NIC would be %NIC3NETBIOSOPTIONS%. %NICyPCIBUSNUMBER% PCI Bus number for NIC y. Example: the PCI Bus number for the second NIC would be %NIC2PCIBUSNUMBER%. %NICyPCIDEVICENUMBER% PCI Device number for NIC y. Example: the PCI Device number for the fourth NIC would be %NIC4PCIDEVICENUMBER%. Token Description Deployment Solution 511 Tokens: Dynamic Database Access
Finding the Right Token Value By default, all values for the custom tokens can be located using the computer ID number that is automatically assigned to all computers when they are added to the Deployment Server database. This ID number is located in the computer_ID column of its associated table. The computer ID number can be viewed from a Deployment Server console by right- clicking a computer and then selecting Properties > General. After the computer ID number has been located, the associated column value can be used. The example below shows a Deployment Server Job using the Run Script Task, which will extract information from the Deployment database using the alias name of FS2. Script echo Thi s comput er has %#FS2*" SELECT r am_f r ee f r omhar dwar e wher e comput er _i d = 5000001" %MB of f r ee RAM %NICyPCIFUNCTIONNUMBER% PCI Function number for NIC y. Example: the PCI Function number for the third NIC would be %NIC3PCIFUNCTIONNUMBER%. %NICyUSEDHCP% If you use DHCP, the valid values are Yes or No. %NICyUSEWINS% If you use WINS, the valid values are Yes or No. %NODEFULL% Complete computer name %NODENAME% First 8 characters of actual computer name %NWCONTEXT% NetWare context name %NWSERVER% NetWare preferred server %NWTREE% NetWare preferred tree %OS% Specific operating system (WIN98, WIN2K, WINXP) %OSTYPE% Operating system type (WIN9x, WINNT, Linux) %PHONE% Phone defined in the Location properties %PROCDESC% Description of the processor %PROCSPEED% Processor Speed %PROCCOUNT% The number of processors installed (not the number of processor slots) %PROD_LIC% Product License Key %PROCTYPE% Processor Type %RAMTOTAL% Total Random Access Memory %SERIALNUM% Serial number from SMBIOS %SITE% Site description defined in the Location properties %TIME% Time string in the form of hour:minutes %USER_NAME% The Registered To user name that can be viewed on the System Properties page of Windows. %UUID% The Universally Unique Identifier (UUID) of the computer, if supported by hardware. Token Description Deployment Solution 512 Tokens: Dynamic Database Access
Explanation of Script FS2 i s t he al i as name. har dwar e i s t he t abl e name Ram_Fr ee i s t he col umn name t o f i nd t he val ue i n. If a job using the above script was assigned to the PC-1 computer (with the computer_id of 500001), the values specified are located in the database and appear on the clients computer. The message shows the DS database search results. Users Display Message C: \ Thi s comput er has 213 MB of f r ee RAM Pr ess any key t o cont i nue. . . Creating Unique Files Using Tokens There are times, during the deployment of a computer, where the computers being deployed need a unique file to complete the deployment process. Example: when using the Microsoft System Preparation (sysprep) program, a unique configuration file is needed to ensure that each computer gets a unique computer name and that it gets assigned to the correct Domain (among other things.) An answer file used to perform unattended operating system installations is another example. In both of these examples, much of the configuration file is the same for all computers being managed with only a portion of the file contents needing to be unique. The challenge is to get a file with the unique entries to the computers being managed without manually visiting each computer and without having to create each file manually. To meet the demands of this challenge, Deployment Server has the ability to automatically create and distribute a unique text file to meet these needs. This process is known as the Token Replacement Process. The token replacement process is accomplished using a template (reference) file which is automatically customized as needed through the use of tokens (variables) and saved as a unique file. This unique file is then sent to the individual computer. (See Figure below.) Tokens An Altiris token is a type of variable that can be replaced with unique data from the Deployment Server database. Each computer can have its own unique value for each token. Example: the token name of %NAME% stores the name of a computer being managed as seen in the Deployment Server console view, while the token name of %DOMAIN% stores the Microsoft Workgroup/Domain a computer belongs to. Depending on the individual computer, there may or may not be a value stored in the Deployment Server database for every possible token. Token names are case sensitive. See System Tokens on page 509. Token Replacement Template Files To understand the token replacement template file, consider the needs when using Microsofts System Preparation program (Sysprep.) When using Sysprep, each computer Deployment Solution 513 Tokens: Dynamic Database Access
requires a Sysprep.inf file. This file is used, among other things, to set the NetBIOS computer name for a computer and which Domain the computer will belong to (see the sample Sysprep.inf file in the figure to the right.) If the image being deployed to the computers contained this Sysprep.inf file and no other changes were made, all computers would end up with the same computer name and Domain when the Sysprep.inf files was used to configure the computers being deployed. To solve this dilemma, a token replacement template file is used. The token replacement template file is a copy of the text file, which after being edited needs to be copied to each computer. In this example it is theSysprep.inf file. The unique text files that will be sent to the individual computers are created by taking the contents of this template file and adding the unique data using tokens. Therefore, any data in the template file that needs to be unique must be replaced with an applicable token. Example: to ensure that every computer gets a unique computer name, the Sysprep.inf file is edited to use a token to provide this information instead of using the real computer name. As seen in the figure to the right, this is accomplished by placing the %NAME% token after the ComputerName entry. Likewise, the entry that determines the Domain is changed to use the %DOMAIN% token instead of the real Domain name. After the tokens have been added as needed, this file is saved in the Deployment Server directory structure and becomes the template file. After going through the token replacement process, the tokens are replaced with unique data from the Deployment Server database and a new file containing that information is created. The end result is that the new file created would now have an entry such as ComputerName=Bryce in one file while another file might have an entry such as ComputerName=J ackson. Template File Rules The following template file rules are as follows: The template file can have as many Altiris tokens as needed. The template file needs to be saved in the Deployment Server directory or in one of its subdirectories. Example: the template file may be saved in the \Deployment Server\temp directory. By default, the Deployment Directory is located at C:\Program Files\Altiris\eXpress\Deployment Server and is the directory where Deployment Server was installed. It is also referred as the Deployment Share. The Token Replacement Process The method of converting the template file to a unique file is accomplished as follows: The template file (in this example - Sysprep.inf) is created with the necessary tokens and is placed in the Deployment Server\ temp subdirectory. A Job is created containing a Run Script task. The Run Script task contains the command(s) needed to invoke the token replacement process and the specific paths for all files needed in this process. (See The Run Script Task on page 1-32 for the Run Script task syntax.) This Job is then run on selected target computers. Deployment Solution 514 Tokens: Dynamic Database Access
When the Job is executed the following happens: The template file (Sysprep.inf) is examined and all tokens are located. The unique token values for each computer are located in the Deployment Server database and are used to create a new file for each computer. The tokens in the new files have now been replaced with their applicable values and the files are saved in the Deployment Server directory path specified in the task. The name of the new file created is determined by a token variable used in the task allowing each new file to have its own unique name. Each unique file is then copied to the applicable target computer. As the files are copied, they are renamed back to the correct name needed. In other words, all computers will end up with a file by the exact same name (this may or may not be needed depending on what this process is being used for.) The destination of the file on the target computer and its final name are determined by the Run Script task in the Job. Custom Tokens Custom tokens can be defined in a script or answer file to extract data from any MS SQL Server database table. This is most commonly used when creating custom tables to store additional computer inventory information. This token replacement feature allows you to specify any SQL database, look up a specified value, and replace the custom token with the value from the selected database (whether it resides on the local computer or not). Syntax One %#Alias^!table name@column name% Examples: % Identifies the opening and closing of a variable token in the script. # Indicates that this is a custom token. Alias Specify the alias for an external database set up in the Tools > Options > Custom Data Sources dialog. See Custom Data Sources options on page 86. When used, this will provide the information and credentials to gain access to an external SQL database. If the Alias option is not used, the values will be obtained from the same Deployment Server database the Job containing this token is using. ^ Indicates that this is a global identifier token. All tokens by default will be looked up using the Computer_ID value for which the token ID is being replaced. This global identifier tells Deployment Solution to NOT use the value in the computer_ID column. Instead, it will use the first value found in the specified table. ! Specifies that the following text is the table name in the Deployment Database. This field is required for all user-defined tokens. @ Specifies that the following text is the column name in the table. This field is required for all user-defined tokens. Deployment Solution 515 Tokens: Dynamic Database Access
To return the names of the computers: %#! comput er @comput er _name% To return the color column from a custom database and table that has the computer_id column in it: %#DBAl i as! t abl e@col or % To return the color column from the first record from a custom database and table: %#DBAl i as^! t abl e@col or % Syntax Two %#Alias*SQL query statement% Examples To return the names of the computer with an SQL statement: %#*SELECT comput er _name f r omcomput er wher e comput er _i d = 1234567% To return the color column from a custom database and table with a computer_id column: %#DBAl i as*SELECT col or f r omt abl e wher e comput er _i d = 1234567% To return the color from the first record from a custom database and table: %#DBAl i as*SELECT col or f r omt abl e% * Indicates that the following text is an SQL statement. Deployment Solution 516
Appendix C Error Codes This section presents some error messages generated by Deployment Solution. They are divided into the following groups: General Error Messages on page 517 Client Error Messages on page 519 Communication Error Messages on page 520 Memory Error Messages on page 522 Partition Error Messages on page 523 Installer Return Codes (page 524) Deployment Solution 517 Error Codes
General Error Messages Error Message Description "Error reading . . ." "Error writing . . ." Explanation: An error occurred while reading or writing to the disk. Possible causes: Faulty disk hardware. A write-protected disk. The BIOS in some computers has an antivirus capability which attempts to protect the disk from Master Boot Record (MBR) viruses by write-protecting the first sector or track on the hard disk. "Error reading from file." "Error writing to file." "Error opening file for reading." "Error opening file for writing." "Error saving image info to file." "Error closing file." "Error reading image information." Explanation: An image file could not be accessed. Possible causes: The file does not exist, or cannot be read (for downloads). The image file is corrupt. The directory does not exist or cannot be written to (for uploads). The disk where the image file is being written is full. "Geometry Error . . ." "Invalid geometry exception . . ." Explanation: There was an error converting cylinders, heads, and sectors to logical blocks or vice versa. Possible cause: Invalid or corrupt BIOS drive geometry settings. "No such drive . . ." Explanation: The specified drive could not be accessed. Possible cause: An invalid drive letter was entered. "Error reading drive parameters from BIOS." Explanation: The program received an error from the BIOS while trying to read disk geometry information. Possible Cause: Often occurs when trying to run a DOS application from Windows. "Bad image number. File is not an image file." "Bad image number. Buffer doesn't contain image data." "Bad file version number. Cannot read the file." "Bad version number. Buffer doesn't contain image data." Explanation: The file is not recognized as an image file. Possible causes: The file is not a valid image file. File was created with a different version of the imaging program, which is not compatible. Data loss is occurring over the network. "Too many clients for current license count." Explanation: More clients connected to the Console or Master computer than the license allows. Action: Upgrade your license to support more nodes. Call your authorized reseller for more information. Deployment Solution 518 Error Codes
"This program is not licensed for multicasting (peer-to- peer imaging)." Explanation: Multicasting works only when the license count is greater than one. Action: Upgrade your license to support more nodes. Call your authorized reseller for more information. "Exiting with error code . . ." Explanation: The program failed. Possible causes: The operator aborted the program prematurely. A serious program error occurred. Action: A descriptive error message should appear before this message to give you information about the problem that is causing the program to exit. If you do not see a preceding descriptive message, notify Altiris Technical Support. Write down the error code and a description of what was happening before the error occurred. Error Message Description Deployment Solution 519 Error Codes
Client Error Messages Error Message Description "The master PC ended the transfer before we received all of the data." Explanation: The Master computer sent a "goodbye" packet before the image-transfer was finished. The download didn't finish, so the client disk will be in an indeterminate state. Possible cause: The user aborted the download before it was complete. "Error: Received cluster chunk with wrong version . . . (want .. .)." "Client and master versions do not match." "Error: Received cluster map with wrong version . . ." "Error: End of Block packet has wrong version . . . (want . . .)." Explanation: The Master computer sent a packet with the wrong version number. Possible cause: The Master computer and clients are running different versions, and there are packet-header differences. Action: Ensure both master and client programs are updated to the same software version. "Error: Received Wrong NetBlock . . . (expected . . .)." "Received Wrong segment . . . (expected . . .)." Explanation: The Master computer moved on to the next segment in an image transfer before the client successfully received the data in the previous segment. Possible cause: The client may have lost contact with the Master computer during a download. "Error: Master started before we could register." Explanation: The client received an unknown packet before it was ready to begin the download. Possible cause: The "download confirmation" packet sent from the Master to the client is lost. Action: Re-send the image. "Error decoding buffer." "Error while getting image info from master." Explanation: The client was unable to decode packet or image information. Possible cause: Data corruption in a packet somewhere between the Master computer and the client (likely), or a bug in either the master or client software (much less likely). Action: Call Altiris if you see this message and you believe your network is operating reliably. Deployment Solution 520 Error Codes
Communication Error Messages Critical Error Messages Error Message Description "Error opening IP socket." "Error canceling IP listen packets." "IP SendPacket error, code . . ." "IP Error sending packet ..." "Error sending farewell packet: ECB code . . ." "IP error getting local target address." "Unable to bind socket 0x . . ." Explanation: An error was returned from a call to the network protocol stack. Possible causes: The IP protocol stack isn't loaded. An internal error occurred in the protocol stack code. Note The same errors can occur with IPX. Error Message Description "Compression failure, result is 0x. . ." "Decompression failure, result 0x . . ." Explanation: Compression or decompression failure. Possible causes: A decompression failure can be caused by corrupt data in an image file or data accessed across the wire. A compression failure is probably caused by a bug in the program. Action: If you get a compression or decompression failure on a file you know to not corrupted, isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Unable to send packet: buffer too big." Explanation: The program tried to send a packet that was larger than the internal limit. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. Deployment Solution 521 Error Codes
"Unable to register multicast cleanup function." Explanation: Indicates a failure in the programs library routines. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Unhandled exception detected. Please call technical support." Explanation: A top-level handler in the program detected an exception from an unknown location in the program. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Error: Missing chunk number . . . too big." Explanation: Indicates an internal error in the client. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. "Error: Received non cluster map block type 0x . . ." Explanation: The client received a block of data containing unexpected information. Action: Isolate the system from the network and try to reproduce the error. This will determine if the error is on the network or in the Altiris program. If the problem recurs on the isolated system, report the error to Altiris. Error Message Description Deployment Solution 522 Error Codes
Memory Error Messages "Out of range index . . . in removeItem. ElementCount is . . ." "Error removing child subtree." "Invalid item to remove." "Error: Attempted removal of top-level container segment." "Error: unable to copy source segment." "Error getting download info space requirements." "Error getting image info space requirements." "Error getting bitmap space requirements." "Error encoding image info into buffer." "Error encoding bitmap." Explanation: Internal program error. Action: Please report the error to Altiris. Write down the error code and message and a description of what was happening just before the error occurred. "Container segment has invalid Partition-table slot . . ." Explanation: A partition table in an extended partition contains a reference to a nonexistent slot in the partition table. Action: Please report this error to Altiris. Error Message Description "Insufficient memory for . . ." "Ran out of memory while . . ." "Exception . . . while allocating . . ." Explanation: The program is out of memory. Possible cause: The Altiris program requires 16 MB to run. It could also be a lack of conventional memory. Action: Add the emm386. exe file, and load as many drivers, devices, and so on as possible into high memory. Check the Altiris support forum for information on memory errors. "Error adding . . ." Explanation: There was a problem building an internal list structure. Possible cause: This is almost always a result of memory exhaustion. Error Message Description Deployment Solution 523 Error Codes
Partition Error Messages Error Message Description "Collision in partition-table . ." "Collision with . . ." Explanation: More than one partition was defined for a given partition table slot. It can mean one of two things: Possible cause: The on-disk partition-tables (including partition tables in extended partitions) are corrupt. The program was unable to merge an image file with the local disk contents because both the image and the local disk contain a partition definition that must reside in the same slot. "No partitions to process." Explanation: No partitions were found in the partition table. The program has nothing to image (upload). "Segment boundary error: doesn't start on track boundary." "Invalid partition . . . " Explanation: An invalid partition definition exists. Possible cause: The invalid entry might be in the partition tables extended partitions. Action: Try running i bmast er . exe with the -sz or -szf switch. "Error: No partition-table segment to update." "Error: Expected container segment not found." Explanation: An extended partition was found that contained no internal partition table, or contained no internal definitions. Action: The invalid configuration can be resolved by removing the invalid partition definition (using FDISK or similar utility). "Not enough free disk space to accept image." "Underlap error while placing segment." "Overlap error while placing segment." Explanation: The local disk doesn't have enough free space to accept the image being downloaded. Possible cause: The image may have more data than can fit on the client computer hard drive, or the partition cannot be resized to fit the drive. "Collision at beginning of disk while trying to place boot record." Explanation: The program was unable to place the boot record on the disk. Possible cause: Another partition may be defined to cover the required space. This usually indicates corruption in the target disk's partition table, because it is illegal for a partition to occupy the space required by the boot record. Action: Run FDISK to remove all partitions, then reboot the computer and run FDISK/MBR. Also check for viruses. Deployment Solution 524 Error Codes
Installer Return Codes The Deployment Solution Installer returns error codes whenever it encounters any problems while installing. These return codes are saved in a log file, which is used to help understand the installation problems. Below is a list of error codes returned with their descriptions for different components of the Deployment Server. "This image requires that the destination drive have the same geometry . . ." Explanation: The image being transferred contains a geometry-dependent partition, and the geometry of the source disk does not match the geometry of the target disk. This means the disks are not seen as identical drives by the drive controller. "Error flushing MBR sector." Explanation: The program was unable to write data to the first sector on the hard disk. The image transfer is incomplete because the partition-table and/or master boot record code was not successfully written, and the disk is in an indeterminate state. Possible cause: This may be caused by a BIOS setting that prevents programmatic access to the boot sector (see the CMOS setup). Return Code ErrorID Error Description 1000 IDS_ERR_SETUP_INSTALL This return code is for the DataStore component. This error occurs while setting up the installation on a remote computer. This signifies an error in opening the setup INI file. 1001 IDS_ERR_COPYING_LICEN SE This return code is for the DataStore component. This error occurs while copying the license file to the remote computer. Please ensure that the temp directory on the remote computer has at least 100MB free space. 1002 IDS_ERR_SETUP_INSTALL This return code is for the Deployment Server component. This error occurs while setting up the installation on a remote computer. This signifies an error opening the setup INI file. 1003 IDS_ERR_GRANT_LOGON This return code is for the Deployment Server component.This error occurs when it is unable to grant logon as service rights to the Deployment Server Service user. If you continue the installation, it will install the service, but will require you to manually set "Logon as Service" rights for the Deployment Server Service user. Error Message Description Deployment Solution 525 Error Codes
1004 IDS_ERR_INSTALLING_SE RVER_REG This return code is for the Deployment Server component. Thus error occurs while creating some registry entries required for the server to function correctly. If you choose to continue, you will need to set the options manually from the Altiris eXpress Deployment Server Configuration control panel applet. 1005 IDS_ERR_CONNECTING This return code is for the Deployment Server component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1006 IDS_ERR_INSTALLING_SE RVICE This return code is for the Deployment Server component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1007 IDS_ERR_STARTING_SERV ICE This return code is for the Deployment Server component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1008 IDS_ERR_COPYING_LICEN SE This return code is for the Deployment Server component. This error occurs while copying the license file to the remote computer. Ensure that the temp directory on the remote computer has at least 100MB free space. 1009 IDS_ERR_EXECUTE_PACKA GE This return code is for the Deployment Server component. This error occurs when it is unable to execute package on the remote computer. Ensure that the username and password you have supplied has Administrator rights on the remote computer. Return Code ErrorID Error Description Deployment Solution 526 Error Codes
1010 IDS_ERR_COPYING_PACKA GE This return code is for the Deployment Server component. This error occurs while copying the install package to the remote computer. Please ensure the temp directory on the remote computer contains at least 100MB free space. 1011 IDS_ERR_SETUP_INSTALL This return code is for the Deployment Console component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. 1012 IDS_ERR_COPYING_BOOT This return code is for the PXE Server component. This error occurs while copying the PXE boot image files. If you continue the install, you will need to run the Boot Disk Creator from the PXE computer and create these files manually. 1013 IDS_ERR_SETUP_INSTALL This return code is for the PXE Server component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. 1014 IDS_ERR_SETUP_INSTALL This return code is for the Deployment Web Console component. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. 1015 IDS_ERR_GRANT_LOGON This return code is for the Deployment Web Console component. This error occurs when it is unable to grant logon as service rights to the Deployment Server Service user. If you continue the installation, it will install the service, but will require you to manually set "Logon as Service" rights for the Deployment Server Service user. 1016 IDS_ERR_CONNECTING This return code is for the Deployment Web Console component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. Return Code ErrorID Error Description Deployment Solution 527 Error Codes
1017 IDS_ERR_INSTALLING_SE RVICE This return code is for the Deployment Web Console component. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1018 IDS_ERR_STARTING_SERV ICE This return code is for the Deployment Web Console component. This is an unknown error that occurs while starting the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1019 IDS_ERR_CONNECTING This return code is for the Deployment Web Console component. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1020 IDS_ERR_SETUP_INSTALL This return code is for a Hotfix installation. This error occurs while setting up the install on the remote computer. This error is usually encountered when there is a problem in opening the setup INI file. 1022 IDS_ERR_CONNECTING This return code is common for all the components of Deployment Server. This error occurs when it is unable to connect to the remote computer with the given username and password. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1023 IDS_ERR_INSTALLING_SE RVICE This return code is common for all the components of Deployment Server. This is an unknown error that occurs while installing the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. Return Code ErrorID Error Description Deployment Solution 528 Error Codes
1024 IDS_ERR_STARTING_SERV ICE This return code is common for all the components of Deployment Server. This is an unknown error that occurs while starting the Altiris RemoteInstall service. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1025 IDS_ERR_EXECUTE_PACKA GE This return code is common for all the components of Deployment Server. This error occurs when it is unable to execute package on the remote computer. Ensure that the username and password you have supplied has Administrator rights on the remote computer. 1026 IDS_ERR_COPYING_PACKA GE This return code is common for all the components of Deployment Server. This error occurs while copying the install package to the remote computer. Please ensure the temp directory on the remote computer contains at least 100MB free space. 1027 IDS_ERR_COPYING_ISS This return code is common for all the components of Deployment Server. This error occurs while copying the setup.iss file to the remote computer. Please ensure that the system temp directory on the remote computer contains at least 100MB free space. 1028 IDS_ERR_MONITORING This return code is common for all the components of Deployment Server. This error occurs while monitoring the remote install. The install has been started, but there is no way to find out if the install completed successfully. 1029 Install shield writes errors This return code is for all the components of Deployment Server. This error is encountered when any of the components encounter an Install shield problem. 1030 IDS_ERR_PACKAGE_TERMI NATED This error occurs when the package is terminated unexpectedly. Return Code ErrorID Error Description Deployment Solution 529
Appendix D System Jobs for Deployment Solution System jobs are shipped and installed in the Deployment Share (<DS i nst al l pat h>\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver \ Sampl es) to assist in various deployment tasks. During installation, jobs are automatically imported from the sampl es. bi n file into Deployment Solution where they can be viewed in the System Jobs folder in the Jobs area of the console. The System Jobs folder contains subfolders for Imaging, Simple Tests, Migrations, Miscellaneous Jobs, Pocket PC, Scripted OS Installs, Scripts, XP Embedded, and Agent Update jobs. Jobs in each folder marked with an asterisk (*) require input parameters or other minor modifications added before running on your system. These modifications allow you to add parameters to the job such as user name and password, or other required data to allow the job to be functional. These jobs will not function properly if you do not edit the job task with the information specific to your environment. All files without an asterisk (*) can be used to perform the identified functions without modification. However, if the job conditions are not met or are not consistent with the computer type then you may get an error. Example: if the Repair Office XP job runs on a computer without MS Office XP then you will get an error when trying to run the job. Note We recommend that you copy the desired sample job and change the name to avoid overwrites if you reinstall Deployment Solution. Sample files are provided to help create jobs and other files for use in your specific environment. These files portray possible solutions and configurations, and can be modified and rewritten. Each of these jobs can also be created in the Deployment Server Console and executed with the same effectiveness to meet your specific needs. Because of continually changing market conditions and specific requirements for your organization, Altiris cannot guarantee the effectiveness of these sample files working in your environment. See sample jobs in these categories: Imaging (page 530) Simple Tests (page 530) Migrations (page 531) Misc Jobs (page 532) Pocket PC (page 536) Scripted OS Installs (page 537) Scripts (page 544) XP Embedded (page 547) Deployment Solution 530 System Jobs for Deployment Solution
Imaging Use these sample jobs for basic imaging tasks: Create Disk Image (page 530) Distribute Disk Image (page 530) Create Disk Image Description Creates a disk image. Additional files required None. What this task does This task will create a disk image using the name of the computer as the image filename. Steps to use Assign the job to a computer or computer group. Distribute Disk Image Description Distributes a disk image. Additional files required None. What this task does This job will distribute the disk image using the name of the computer as the image filename. Steps to use Assign the job to a computer or computer group. Simple Tests Run simple commands and install software packages using these jobs: DIR Command at DOS (page 530) DIR Command at Windows (page 530) Distribute RapidInstall Package (page 531) DIR Command at DOS Description Runs the DIR command in DOS Additional files required None. What this task does This task runs the DIR command at the DOS prompt. If the managed computer is running in Windows, it will tell the Deployment Agent to restart the computer to automation and the computer will reboot. When the computer starts, the BootWorks application runs and the DIR command executes. After the DIR command runs, the computer will boot back to the production status. This task also uses the Logevent application to send the scripting status back to the Deployment Server. Steps to use Assign the job to a computer or computer group. DIR Command at Windows Description Runs the DIR command in Windows from a command prompt Additional files required None. Deployment Solution 531 System Jobs for Deployment Solution
What this task does This task runs the DIR command in Windows from a command prompt. Steps to use Assign the job to a computer or computer group. Distribute RapidInstall Package Description Runs the shwnm. exe RapidInstall package. Additional files required: None. What this task does This package includes a utility that displays the computer name in a window. A shortcut is created in the startup group so that every time the computer is started the window shows the computer name. Steps to use Assign the job to a computer or computer group. Migrations With the aid of PC Transplant, capture various user settings using these jobs: Capture User Application Settings (page 531) Capture User Desktop Settings (page 531) Capture User Microsoft Office Settings (page 532) Capture User Printer Settings (page 532) Capture User Application Settings Description Collects the users application setting using PC Transplant. Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the application settings for all users that exist on the computer. The client computer will execute the PC Transplant Wizard using the specified template and create a file (comput er name. exe) at the specified location. Steps to use 1. Edit the job. 2. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers, then the logged-in user must have rights to the specified location for the template and package creation. 3. Assign the job to a computer or computer group. Capture User Desktop Settings Description Collects the users desktop setting using PC Transplant Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the desktop settings for all users that exist on the computer. The client computer Deployment Solution 532 System Jobs for Deployment Solution
will execute the PC Transplant Wizard using the specified template and create a file (comput er name. exe) at the specified location. Steps to use 1. Edit the job. 2. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers, then the logged-in user must have rights to the specified location for the template and package creation. 3. Assign the job to a computer or computer group. Capture User Microsoft Office Settings Description Collects the users Microsoft Office setting using PC Transplant Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the Microsoft Office settings for all users that exist on the computer. The client computer will execute the PC Transplant Wizard using the specified template and create a file (comput er name. exe) at the specified location. Steps to use 1. Edit the job. 2. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers the logged-in user must have rights to the specified location for the template and package creation. 3. Assign the job to a computer or computer group. Capture User Printer Settings Description Collects the users printer setting using PC Transplant Additional files required None. What this task does This task will use PC Transplant and a supplied PCT template to gather the printer settings for all users that exist on the computer. The client computer will execute the PC Transplant Wizard using the specified template and create a file (comput er name. exe) at the specified location. Steps to use 1. Edit the job. 2. Assign the username and password for use with Windows 2000/XP/2003 based systems. If you are using this job on Windows 9x computers the logged-in user must have rights to the specified location for the template and package creation. Assign the job to a computer or computer group. Misc Jobs Misc jobs can be executed on computers, including installation and repair of Office XP, computer power control, and SQL service and installation: Install Office XP from Mapped Drive (page 533) Deployment Solution 533 System Jobs for Deployment Solution
Install Office XP from UNC Source (page 533) SQL 2000 Unattended Install (page 534) SQL 2000 Unattended Install Using a RIP (page 534) Copy WLogevent to Client (page 535) Install MSI 2.0 Runtime (page 535) Repair Office XP (page 535) Restart Computer (page 535) Shutdown Computer (page 535) Start SQL Server Service (page 536) Stop SQL Server Service (page 536) Uninstall Office XP (page 536) Wake up Computer (page 536) Install Office XP from Mapped Drive Description Installs Microsoft Office XP. Additional files required Microsoft Office XP setup files located on the network share that will be used in the drive mapping. What this task does This script maps a network drive and installs Microsoft Office XP Professional with Front Page from it. Steps to use 1. To customize the script, change the UNC that the drive is being mapped to, as well as the username and password. 2. To change the username, go into the advanced settings of the script. Note that the client computer must be in the domain if you are using domain authentication. 3. Assign the job to a computer or computer group. Note We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to be deployed. The setup should be customized using the proper tools, and an administrative install should be performed to place the setup files on the network share. For more details, consult the Office XP Resource Kit. Install Office XP from UNC Source Description This task will install Microsoft Office XP. Additional files required Microsoft Office XP setup files located on the network share that will be used in the script. What this task does This script runs a Microsoft Office XP Professional with Front Page install directly from a UNC. Steps to use Deployment Solution 534 System Jobs for Deployment Solution
1. To customize the script, change the location of the setup files, as well as the username and password. Note that the client computer must be in the domain if you are using domain authentication. 2. To change the username, go into the advanced settings of the script. 3. Assign the job to a computer or computer group. Note We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to be deployed. The setup should be customized using the proper tools, and an administrative install should be performed to place the setup files on the network share. For more details, consult the Office XP Resource Kit. SQL 2000 Unattended Install Description This script will do an unattended install of SQL Server 2000. Additional files required The files from the SQL Server 2000 disk. What this task does This script will copy all files and directories from the SQL setup to the client computer, then execute an unattended install using the specified silent install script (sql i ns. i ss). Steps to use 1. Copy the files from the SQL 2000 CD into the . \ sampl es\ mi sc\ sql 2000 directory. Edit the sql i ns. i ss file located in the . \ sampl es\ mi sc\ sql 2000 directory to include your CD key. 2. Assign the job to a computer or computer group. SQL 2000 Unattended Install Using a RIP Description This script will do an unattended install of SQL Server 2000 using a RapidInstall Package to copy the files on the computer and execute the setup using a post install script. Additional files required The files from the SQL Server 2000 disk inserted into the sql 2000pkg. exe RapidInstall package. What this task does This script will copy all files and directories from the SQL setup to the client computer using a RapidInstall package, then execute an unattended install using the specified silent install script (sql i ns. i ss) in a post install script. Steps to use 1. Start RapidInstall Editor and open the sql 2000pkg. exe located in the . \ sampl es\ mi sc\ sql 2000 directory. 2. Edit the sql i ns. i ss file in the TempPat h\ SQL2000 directory in the RIP. To edit the file, select the SQL2000 directory in the Files view and right click the file listed to the right and choose Open With. Choose Notepad as the associated program. Replace the CDKey entry in the file and save the file. Close Notepad. Choose OK in the Edit File dialog to reinsert the changed file into the RIP. 3. Copy the files and directories from the SQL 2000 CD into the SQL2000 directory in the RIP by dragging and dropping them onto the SQL2000 folder. Deployment Solution 535 System Jobs for Deployment Solution
4. After the files have been added to the RIP, save it by choosing File>Save. Close the RapidInstall Editor. 5. Assign the job to a computer or computer group. Copy WLogevent to Client Description Copy the wl ogevent . exe to the windows client computer for use with script logging. Additional files required None. What this task does This job will copy the wl ogevent . exe from the Deployment Server directory to the client computer in the temp directory. This file is used for logging status in windows scripts. Steps to use Assign the job to a computer or computer group. Install MSI 2.0 Runtime Description Installs the Microsoft Installer runtime files. Additional files required None. What this task does This task uses conditions to determine the operating system of the computer and installs the appropriate MSI 2.0 runtime files. Steps to use Assign the job to a computer or computer group. Repair Office XP Description This script will force Microsoft Office XP Professional with Front Page to be repaired on the client computer. Additional files required The source that Office XP was originally installed from must be accessible in order for the repair to function successfully. What this task does This script will force Microsoft Office XP Professional with Front Page to be repaired on the client computer. You can substitute the Product ID of any MSI (Windows Installer) installed application in this sample. Steps to use Assign the job to a computer or computer group. Restart Computer Description Restarts the client. Additional files required None. What this task does Restarts the client if restart is supported. Steps to use Assign the job to a computer or computer group. Shutdown Computer Description Shutdown the client. Additional files required None. What this task does Shuts down the client if shutdown is supported. Deployment Solution 536 System Jobs for Deployment Solution
Steps to use Assign the job to a computer or computer group. Start SQL Server Service Description This script will start the SQL Server service. Additional files required None. What this task does This script will send the NET START MSSQLSer ver command to the computer. Steps to use 1. If you run the SQLServerAgent you need to remove the REM on the line that starts the agent service. 2. Assign the job to a computer or computer group. Stop SQL Server Service Description This script will stop the SQL Server service. Additional files required None. What this task does This script will send the NET STOP MSSQLSer ver and NET STOP SQLSer ver Agent command to the computer. This job will stop the agent service because the SQL server will not stop if this is running from the command line. Steps to use Assign the job to a computer or computer group. Uninstall Office XP Description This script will force Microsoft Office XP Professional with Front Page to be uninstalled on the client computer. Additional files required The source that Office XP was originally installed from must be accessible in order for the uninstall to function successfully. What this task does This script will force Microsoft Office XP Professional with Front Page to be uninstalled on the client computer. You can substitute the Product ID of any MSI (Windows Installer) installed application in this sample. Steps to use Assign the job to a computer or computer group. Wake up Computer Description Wake up a computer. Additional files required None. What this task does Sends a Wake On LAN packet to the computer. If the client supports Wake On LAN, then this will succeed. Steps to use Assign the job to a computer or computer group. Pocket PC These jobs are used to install agents and CAB files to manage handheld devices in Deployment Solution: Deployment Solution 537 System Jobs for Deployment Solution
Distribute Software (page 537) Install Altiris Pocket PC Agent (page 537) Distribute Software Description Installs a simple application that displays the name of the Pocket PC. Additional files required None. What this task does This job allows you to set a condition for a MIPS, ARM, or SH3 processor for your handheld device. Once a condition is set then it will install the correct CAB file from the Samples directory. Steps to use Assign the job to the handheld device appearing in the Computers section of the Deployment Server Console. Install Altiris Pocket PC Agent Description Installs Pocket PC Agent on the host computer (the computer with the handheld cradle) for the handheld device. This job sets a condition to check if ActiveSync is installed on the host computer. If ActiveSync is installed, the Pocket PC agent will install. If ActiveSync is not installed, then an error appears stating that your condition is not met on the selected computer. Additional files required Microsoft ActiveSync on the host computer. What this task does This job places the Pocket PC agent on the host computer to manage a connected handheld device. Steps to use Assign the job to a managed computer acting as host (with Microsoft ActiveSync installed) for a handheld device. Scripted OS Installs These imported jobs allow you to run scripted, unattended installs on both Windows and Linux servers. These jobs are used for both Network installs and Hard Disk installs. To do a network scripted install of Windows, use the Scripted OS install task type in a job: Create W2K Install Disk Image (Target HD) (page 537) W2K Scripted Install (Target HD) (page 539) Create RH7 Install Disk Image (Network) (page 540) Create RH7 Install Disk Image (Target HD) (page 541) RH7 Scripted Install (Network) (page 541) RH7 Scripted Install (Target HD) (page 542) Create RH8 Install Disk Image (Network) (page 543) RH8 Scripted Install (Network) (page 543) Create W2K Install Disk Image (Target HD) Description This job creates a disk image to be used for installing Windows 2000 using files from the local hard drive. This method is not supported from the Scripted OS install task. This process can be repeated for XP and .NET as well. This job is only used once to Deployment Solution 538 System Jobs for Deployment Solution
set up the image that will be repeatedly called from the "W2k Scripted Install (Target HD)" job. Additional files required < DS i nst al l pat h >\ I MAGES\ DOS_ONLY. I MG. Image file containing a simple bootable partition that is provided during the product install. Windows 2000 installation files (I386 directory from the Windows CD). These files need to be copied from the Windows CD to the operating system files directory. The default directory is <DS i nst al l pat h>\ DEPLOY\ WI N\ W2K\ I 386 directory. < DS i nst al l pat h >\ Depl oyment Ser ver \ \ SAMPLES\ SCRI PT~1\ WI NDOWS\ W2KSETUP. BAT. DOS batch file that the job calls to copy the Deployment Agent, other DOS utilities, and the Windows operating system files needed for the target HD install. If you need to supply drivers that are not included with the Windows installation you will need to create a $OEM$ directory under the i 386 directory. If you have hardware or other devices that are not supported in the operating system distribution, you can add the drivers needed in the $OEM$ directory that is supported by the unattended install process. In our examples we have added drivers for Intel display, network and chipset. The $1 specifies the root of the %SYSTEMDRI VE%variable. You will need to verify that the directories are included in the OemPnpDr i ver sPat h value in the Unat t ended section of the unat t ended. t xt file. Note The Windows unattended install process requires that all drivers in $OEM$ be fully extracted. Zip files cannot be used. See the "Microsoft Windows 2000 Guide to Unattended Setup" for more information. This guide is named unat t end. doc and is in the depl oy. cab file in the \ Suppor t \ Tool s folder of the Windows 2000 installation CDROM. What this task does This job creates a hard drive image that can later be used for installing Windows 2000 through the hard disk install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 GB, FAT16 DOS bootable partition. It reboots the client so that DOS will recognize the newly created DOS partition. It calls the w2kset up. bat file to copy the Deployment Agent, and the Deployment Agent input file (acl i ent . i np) as well as various other DOS utilities to facilitate a Windows scripted install. It also copies the Windows operating system files (usually from the I386 directory) to the target's hard drive in the C: \ I 386 directory. It runs r depl oy. exe to create a disk image of the now populated DOS partition. Steps to use 1. Make a copy of the sample job. 2. If you want to create your own DOS_ONLY. i mg with MSDOS instead of using the supplied DR DOS image, you will need to manually create the image. To create your own DOS image, use a DOS boot floppy to run f di sk. exe to create a 2GB partition on a reference computer. Format the partition to be a system drive. Copy the appropriate DOS files needed (example: hi mem. sys, smar t dr v, xcopy). Create an aut oexec. bat file that runs smar t dr v to speed the installation and then looks for a file called i nst al l . bat . I nst al l . bat will be used in our examples to initiate the unattended installation. Deployment Solution 539 System Jobs for Deployment Solution
Example Aut oexec. bat f i l e: @echo of f smar t dr v I F NOT EXI ST c: \ i nst al l . bat got o no_i nst al l cal l c: \ i nst al l . bat got o done : no_i nst al l echo No I nst al l Fi l e : done Be sure to include smar t dr v in the batch file. This command starts SMARTDrive, which creates a disk cache in extended memory. A disk cache will significantly speed up the imaging process. After the above tasks have been performed, create an image of the drive named MS_DOS. i mg. Once the MS_DOS image is created, copy the i 386 folder of the Windows CD (along with the $OEM$ folder if supplemental drivers will be required) to the DOS computer. Now create another image of the drive and name it W2K_AS. i mg. This image will be used for hard drive scripted OS installs to provide the operating system files needed for the Windows installation. A total of two DOS images should be created with the second image containing Windows install files in a C: \ i 386 folder. If you use the MS_DOS. i mg then edit the task and replace DOS_ONLY. i mg with MS_DOS. i mg. 3. Edit the last Run Script task, Create Windows Install Disk Image, and change the SET I mageName=F: \ I MAGES\ W2K_HD. I MG line to the name of the image you wish to create. 4. If you copied the Windows operating system files to a location other than <DS i nst al l pat h>\ DEPLOY\ WI N\ W2K\ I 386, edit the second Run Script task, Copy Windows Files to Hard Drive, and specify the location on the SET OSFi l esPat h= l i ne. 5. Change the name of the job to reflect the desired purpose (optional). Note After this job finishes, it will leave the client computer in an unmanageable state. 6. Assign the job to a computer or computer group. W2K Scripted Install (Target HD) Description Deploys the Windows 2000 operating system using the Target HD scripted install model. This will use the image we created with the Create W2K Scripted Install (Target HD) job. We recommend using FAT32.img rather than DOS_ONLY.img to perform scripted installs. Additional files required <i nst al l pat h>\ I MAGES\ W2K_HD. I MG. This is the image file created by the Create W2K Install Disk Image (Target HD) job described above. You may have changed the name. This image file contains a DOS bootable partition with the Deployment Solution 540 System Jobs for Deployment Solution
Deployment Agent and other various DOS utilities along with the Windows operating system files that are required for a Windows unattended install. <i nst al l pat h>\ I MAGES\ I nst al l . bat . File that executes the scripted install. Windows unattended answer file. A sample provided by the product installation located in the <DS i nst al l pat h>\ SAMPLES\ SCRI PTED OS I NSTALL\ WI NDOWS directory. What this task does This job starts a Windows unattended operating system install on a client using the hard disk install method. It downloads the W2K_HD image (or whatever you have named it) to the selected client. This creates a 2 GB, FAT16 DOS bootable partition with the operating system files to do a Windows unattended install. It then reboots the computer to get the new partition and format information. It uses a script to get the unattended answer file copied to the client. It then reboots the client. Upon reboot, the DOS partition is booted and the operating system install is automatically started with the aut oexec. bat that is called in the image. Steps to use 1. Make a copy of the sample job. 2. Edit the Deploy Image task and change the name of the image file to the name you created with the Create W2K Install Disk Image (Target HD) job described above. 3. Edit the answer file to specify the product key and other information. 4. Change the name of the job to reflect the desired purpose (optional). 5. Assign the job to a computer or computer group. Create RH7 Install Disk Image (Network) Description Creates a disk image to be used for installing RedHat Linux v7.1 through the Network install method. The Network method copies the RedHat files from an FTP server during operating system installation. See the user guide for instructions on setting up an FTP server for this purpose. Additional files required <DS i nst al l pat h>\ I MAGES\ DOS_ONLY. I MG. Image file containing simple bootable partition. Provided during the product install. <DS i nst al l pat h>\ SAMPLES\ SCRI PT~1\ RedHat \ RH7SETUP. BAT. DOS batch file that the job calls to copy the basic RedHat files needed for the Kickstart install such as LOADLI N, VMLI NUZ, and so on. What this task does This job creates a hard drive image that can later be used for installing RedHat Linux through the network install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. Then it reboots the client so that DOS will recognize the newly created DOS partition. It then calls RH7SETUP to copy the basic RedHat files that facilitate a RedHat Kickstart install. It then runs RDepl oy to create a disk image of the now populated DOS partition. Steps to use 1. Make a copy of the sample job. Deployment Solution 541 System Jobs for Deployment Solution
2. Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET I mageName=F: \ I MAGES\ RH71_FTP. I MG line to the name of the image you wish to create. 3. Change the name of the job to reflect the desired purpose (optional). 4. Assign the job to a computer or computer group. Create RH7 Install Disk Image (Target HD) Description Creates a disk image to be used for installing RedHat Linux (v7.1 or later) through the hard disk install method (where files are installed from the local hard drive). Additional files required <DS i nst al l pat h>\ I MAGES\ DOS_ONLY. I MG. DOS_ONLY. I MG is an image file containing a simple bootable partition provided during the product install. RedHat operating system files (REDHAT and DOSUTILS directories from the RedHat CD). These files need to be copied from the RedHat CD to the <i nst al l pat h>\ DEPLOY\ CDS\ REDHAT\ RH71\ REDHAT and <i nst al l pat h>\ DEPLOY\ CDS\ REDHAT\ RH71\ DOSUTI LS directories, respectively. <DS i nst al l pat h>\ SAMPLES\ SCRI PT~1\ REDHAT\ RH7SETUP. BAT. DOS batch file that the job calls to copy the RedHat operating system files needed for the target hard drive install. What this task does: This job creates a hard drive image that can later be used for installing RedHat Linux v7.1 through the Hard Disk install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. It reboots the client so that DOS will recognize the newly created DOS partition. It calls RH7SETUP. bat to copy the basic RedHat files that facilitate a RedHat Kickstart install. It also copies the RedHat operating system files to the target's hard drive in the C: \ REDHAT directory. It runs RDepl oy to create a disk image of the now populated DOS partition. Steps to use 1. Make a copy of the sample job. Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET I mageName=F: \ I MAGES\ RH71_HD. I MG line to the name of the image you wish to create. If you copied the RedHat operating system files to a location other than <DS i nst al l pat h>. \ DEPLOY\ CDS\ REDHAT\ RH71, edit the second Run Script task, Copy RedHat Files to Hard Drive, and specify the location on the SET OSFi l esPat h=line. 2. Change the name of the job to reflect the desired purpose (optional). 3. Assign the job to a computer or computer group. RH7 Scripted Install (Network) Description This job deploys the RedHat Linux operating system using the Network scripted install model. The network method copies the RedHat files from an FTP server during operating system installation. See the Deployment Solution User Guide for instructions on setting up an FTP server for this purpose. Deployment Solution 542 System Jobs for Deployment Solution
Additional files required <DS i nst al l pat h>\ I MAGES\ RH71_FTP. I MG. This is the image file created by the Create RH7 Install Disk Image (Network) job described above. You may have changed the name. This image file contains a DOS bootable partition with the basic RedHat files that facilitate a RedHat Kickstart install. RedHat Kickstart answer file. A sample is located in the \ SAMPLES\ SCRI PTED OS I NSTALL\ REDHAT directory. What this task does This job starts a RedHat Kickstart operating system install on a client using the Network install method. It downloads the RH71_FTP image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with files to facilitate a RedHat Kickstart install. It reboots the client so that DOS will recognize the newly created DOS partition. It uses a Scripted OS Install task to start the unattended install on the client. This task contains the location of the operating system install files located on the FTP server as well as the Kickstart file to be used for the operating system install. Steps to use 1. Make a copy of the sample job. 2. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH7 Install Disk Image (Network) job described above. 3. Edit the Scripted OS Install task and change the location of the Kickstart answer file. 4. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd: hda1/ ks. cf g where hda1 is the default hard drive ID. 5. Change the name of the job to reflect the desired purpose (optional). 6. Assign the job to a computer or computer group. RH7 Scripted Install (Target HD) Description This job deploys the RedHat Linux operating system using the Hard Disk scripted install model. Additional files required <DS i nst al l pat h> \ I MAGES\ RH71_HD. I MG. This is the image file created by the Create RH7 Install Disk Image (Target HD) job described above. You may have changed the name. This image file contains a DOS bootable partition with the RedHat operating system files that are required for a RedHat Kickstart install. RedHat Kickstart answer file. A sample is located in the \ SAMPLES\ SCRI PTED OS I NSTALL\ REDHAT directory. What this task does: This job starts a RedHat Kickstart operating system install on a client using the Target HD install method. It downloads the RH71_HD image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with the operating system files to do a Kickstart unattended install. It uses a Scripted OS Install task to get the Kickstart answer file copied to the client. This task contains the location of the answer file to be used for the operating system Deployment Solution 543 System Jobs for Deployment Solution
install. It reboots the client. Upon reboot, the DOS partition is booted and the operating system install is automatically started. Steps to use 1. Make a copy of the sample job. 2. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH7 Install Disk Image (Target HD) job described above. 3. Edit the Scripted OS Install task and point it to the desired Kickstart answer file. 4. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd: hda1/ ks. cf g where hda1 is the default hard drive ID. 5. Change the name of the job to reflect the desired purpose (optional). 6. Assign the job to a computer or computer group. Create RH8 Install Disk Image (Network) Description Creates a disk image to be used for installing RedHat Linux v8.0 through the Network install method. The Network method copies the RedHat files from an FTP, NFS, or HTTP server during the operating system installation. See the RedHat User guide for instructions on setting up a source server for this purpose. Additional files required <DS i nst al l pat h>\ I MAGES\ DOS_ONLY. I MG. Image file containing simple bootable partition. Provided during the product install. <DS i nst al l pat h>\ SAMPLES\ SCRI PT~1\ RedHat \ RH8SETUP. BAT. DOS batch file that the job calls to copy the basic RedHat files needed for the Kickstart install such as LOADLI N, VMLI NUZ, and so on. What this task does This job creates a hard drive image that can later be used for installing RedHat Linux through the Network install method. It downloads the DOS_ONLY image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. It reboots the client so that DOS will recognize the newly created DOS partition. It calls RH8SETUP to copy the basic RedHat files that facilitate a RedHat Kickstart install. It runs RDepl oy to create a disk image of the now populated DOS partition. Steps to use 1. Make a copy of the sample job. 2. Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET I mageName=F: \ I MAGES\ RH80_FTP. I MG line to the name of the image you wish to create. 3. Change the name of the job to reflect the desired purpose (optional). 4. Assign the job to a computer or computer group. RH8 Scripted Install (Network) Description This job deploys the RedHat Linux operating system using the Network scripted install model. The network method copies the RedHat files from an FTP, NFS, or Deployment Solution 544 System Jobs for Deployment Solution
HTTP server during the operating system installation. See the Deployment Solution User Guide for instructions on setting up an FTP server for this purpose. Additional files required <DS i nst al l pat h>\ I MAGES\ RH80_FTP. I MG. This is the image file created by the Create RH8 Install Disk Image (Network) job described above. You may have changed the name. This image file contains a DOS bootable partition with the basic RedHat files that facilitate a RedHat Kickstart install. RedHat Kickstart answer file, located in the \ SAMPLES\ SCRI PTED OS I NSTALL\ REDHAT directory. What this task does This job starts a RedHat Kickstart operating system install on a client using the Network install method. It downloads the RH80_FTP image (or whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable partition with files to facilitate a RedHat Kickstart install. It reboots the client so that DOS will recognize the newly created DOS partition. It uses a Scripted OS Install task to start the unattended install on the client. This task contains the location of the operating system install files located on the FTP server as well as the Kickstart file to be used for the operating system install. Steps to use 1. Make a copy of the sample job. 2. Edit the Deploy Image task and change the name of the image file to the name you created with the Create RH8 Install Disk Image (Network) job described above. 3. Edit the Scripted OS Install task and change the location of the Kickstart answer file. 4. Change the hard drive ID in the Command Line edit box to the proper ID for the target system. The default is ks=hd: hda1/ ks. cf g where hda1 is the default hard drive ID. 5. Change the name of the job to reflect the desired purpose (optional). 6. Assign the job to a computer or computer group. Scripts These jobs are provided to give some ideas of things that can be accomplished by scripting. The scripts have been divided into scripts for Windows and scripts for Linux: Send Email if Disk Space Low (Linux) (page 545) Logevent Script (Linux) (page 545) Restart HTTPD Service (Linux) (page 545) Move Computer to Default Container (Windows) (page 545) Move Computer to Specific OU (Windows) (page 546) Send Error Email (Windows) (page 546) Server-side Embedded VBScript (Windows) (page 546) WLogevent CMD Script (Windows) (page 546) WLogevent VB Script (Windows) (page 547) Deployment Solution 545 System Jobs for Deployment Solution
Send Email if Disk Space Low (Linux) Description This script will send an email specifying that the computer had less free space than specified threshold. Additional files required None. What this task does This script will send an email notifying the specified user of the computer that has less than the specified threshold of disk space free. Steps to use 1. Edit the embedded script to specify the email username to send to and the threshold percentage. 2. Assign this job to a computer or computer group. Logevent Script (Linux) Description This script shows how to use the logevent utility to send status back to the console while running a Linux script. Additional files required None. What this task does This job sends a status message to the console then executes an l s command, then sends another message to the console. Steps to use Assign the job to a computer or computer group. Restart HTTPD Service (Linux) Description This script will restart the HTTPD service. Additional files required None. What this task does This script will check to see if a page can be loaded from the http server. If it cannot be loaded, then the script will restart the httpd service. Steps to use Assign the job to a computer or computer group. Move Computer to Default Container (Windows) Description This script will take the specified computer and move it to the specified domain default computer container. Additional files required None. What this task does This script will take the specified computer and move it to the specified domain default computer container. Steps to use 1. Edit the movecomp_cn. vbs to specify the domain you want to use for the computer to be moved in. This script will not create the computer account in the domain. If it is not already a member of the domain, this event will fail. 2. Assign the job to a computer or computer group. Deployment Solution 546 System Jobs for Deployment Solution
Move Computer to Specific OU (Windows) Description: This script will take the specified computer and move it to the specified domain OU. Additional files required None. What this task does This script will take the specified computer and move it to the specified domain OU. Steps to use 1. Edit the movecomput er . vbs to specify the domain and OU you want the computer to be moved into. This script will not create the computer account in the domain. If it is not already a member of the domain, this event will fail. 2. Assign the job to a computer or computer group. Send Error Email (Windows) Description This script will send an email specifying that the computer had an error. Additional files required None. What this task does This script will send an email using the job name and computer name to identify the client that had an error. This script is run on the Deployment server and can be used as a job to be run when having a specific error occurs. Steps to use 1. Edit the sendmai l scr i pt . vbs to specify the SMTP server and the user to have the email sent from and to. 2. Assign the job to a return code handler on another task. (See "Setting up Return Codes" in help for more details). 3. Assign the calling job to a computer or computer group. If you have the error then this job (Send Error Email) will be called. Server-side Embedded VBScript (Windows) Description This script will log an event to the event log. Additional files required None. What this task does This script will log an event to the application event log under the WSH module. The text will read Deployment Server Job complete for <computername>. Steps to use Assign the job to a computer or computer group. WLogevent CMD Script (Windows) Description This script shows how to use the Wl ogevent utility to send status back to the console while running a Windows CMD script. Additional files required None. Deployment Solution 547 System Jobs for Deployment Solution
What this task does This job will copy the WLogevent . exe to the Windows client, then sends a status message to the console, then executes a di r command, then sends another message to the console. Steps to use Assign the job to a computer or computer group. WLogevent VB Script (Windows) Description This script shows how to use the Wl ogevent utility to send status back to the console while running a Windows VB script. Additional files required None. What this task does This job will copy the WLogevent . exe to the Windows client, then sends a status message to the console, then executes a di r command, then sends another message to the console. Steps to use Assign the job to a computer or computer group. XP Embedded These jobs are provided to give samples when working with XP embedded that have the Enhanced Write Filter enabled: Disable Enhanced Write Filter (page 547) Enable Enhanced Write Filter (page 547) Distribute RapidInstall Package (page 547) Disable Enhanced Write Filter Description Disable the Enhanced Write Filter. Additional files required None. What this task does This job will disable the Enhanced Write Filter and reboot the client computer. Steps to use Assign the job to a computer or computer group. Enable Enhanced Write Filter Description Enable the Enhanced Write Filter. Additional files required None. What this task does This job will enable the Enhanced Write Filter and reboot the client computer. Steps to use Assign the job to a computer or computer group. Distribute RapidInstall Package Description Runs the shwnm. exe RapidInstall package after disabling the Enhanced Write Filter. Additional files required None. Deployment Solution 548 System Jobs for Deployment Solution
What this task does This job will disable the Enhanced Write Filter, and then install a package that includes a utility that shows the computer name in a window. A shortcut is created in the startup group so that every time the computer is started the window displays the computer name. After installing the RIP, the Enhanced Write Filter will be enabled. Steps to use Assign the job to a computer or computer group. Agent Update This folder contains a list of agent update jobs that are generated dynamically during updation. These jobs are created whenever an auto update for agents is required. The job names can be AClient x64 Update, AClient x86 Update, and adlagent ia64 update. SVS This folder contains a sample script (.bin file) that enables installing the SVS fully licensed version to support customers when they upgrade. The sample script file contains commands that sets new license key to the SVS client. Note You should modify this key before scheduling this job. Deployment Solution 549
Appendix E Network Ports This document lists the details of the ports used by Deployment Solution. It also includes the steps to configure the ports that are configurable. Component Service Port Protocol Where is this port connected? Is this port configurable? PXE MTFTP Altiris PXE MTFTP Server 69 UDP PXE Client No (Industry standard port) Altiris PXE MTFTP Server 1758 1759 UDP (Multicast) PXE Client Yes PXE Server Altiris PXE Server 67 UDP PXE Client No Altiris PXE Server 68 UDP PXE Client No Altiris PXE Server 4011 UDP PXE Client No PXE Manager Altiris PXE Manager 405 TCP PXEConfig Yes
Altiris PXE Manager 406 TCP PXECfg Service Yes PXECfg Service Altiris PXE Config Helper 407 TCP PXE Server and PXE MTFTP Yes Deployment Web Console (Web Console) Altiris Deployment Server Console Manager 8081 HTTP DSWeb Yes Altiris Deployment Server Data Manager 8080 HTTP DSWeb, Console Manager Yes DB Management (Middle Man) Altiris Deployment Server DB Management 505 TCP Win32 console, Axengine, PXEManager Yes Deployment Solution 550 Network Ports
PXE MTFTP The Altiris PXE MTFTP Server service is used to transfer file data between the PXE Server and the PXE Booting client. This service supports both MTFTP and TFTP standard interfaces. To configure the 1758 and 1759 ports 1. Go to the datastore path. Note: By default, the path is: C:\Program Files\Altiris\eXpress\Deployment Server. 2. Open the PXE folder. 3. Open the pxe.INI file in a text editor. 4. In the [MTFTPD] section, set the MCAST_CLNT_PORT value to 1758 and the MCAST_SRVR_PORT value to 1759. 5. Save the pxe.INI file. 6. Restart PXE services. PXE Manager and PXECfg Service The Altiris PXE Manager Service controls the data associated with the PXE components that are included in the PXE package. The PXE Configuration Utility and PXE Servers use Deployment Server Altiris eXpress Server 402 TCP/UDP (multicast) Agents, PXE Server, DataManager, PXEManager Yes Deployment Console (Win32 Console) 5001 TCP AClient Yes 5002 TCP AClient Yes Deployment Agent on Linux (ADLAgent) Altiris Network Management Client for Linux 415 TCP Remote Client Yes Deployment Agent on Windows (AClient) Altiris Client Service 402 UDP Deployment Server Yes Altiris Client Service 401 UDP AClient (Wake- on-LAN Proxy) No Component Service Port Protocol Where is this port connected? Is this port configurable? Deployment Solution 551 Network Ports
the PXE Manager to route, store, and retrieve information about the status, image availability, user input, and so on. To configure the 405, 406, and 407 ports 1. Go to the datastore path. Note: By default, the path is: C:\Program Files\Altiris\eXpress\Deployment Server. 2. Open the PXE folder. 3. Open the RPC.INI file in a text editor. 4. In the PMData class for PXEConfig and PXE Manager section, set the ServerIPPort value to 405. 5. In the PCSData class for PxeCfgservice and PXE Manager section, set the ServerIPPort value to 406. 6. In the PHData class for PxeServer/PxeMtftp and PreCfgService section, set the ServerIPPort value to 407. 7. Save the RPC.INI file. 8. Restart PXE services. Deployment Web Console (Web Console) The Deployment Web Console allows you to remotely administer a Deployment Server installation using a Web browser. The Web Console provides the options to deploy and manage Windows and Linux computers (both client and server editions) in real-time with many features present in the Deployment Console. The Deployment Web Console can be installed on any computer running Microsoft IIS Server, a computer running a Deployment Server or a Notification Server, or a remote computer running only Microsoft IIS. To configure the 8080 and 8081 ports 1. From the Windows Explorer, select My Computer > Local Disk (C drive). 2. Run the axInstall.EXE file in the DSSetup folder. The Deployment Server Install Configuration wizard appears. Note: The DSSetup folder is created on extracting a build. 3. Select the Custom Install option and click Install. 4. The Software License Agreement dialog appears. Click Yes. The Deployment Share Information dialog appears. 5. Select the License file option and click Browse to enter the path of the License file. Click Next. The Deployment Server Information dialog appears. 6. Select the On this computer option. Note: You can choose whether you want to install the Deployment Server on a local computer or a remote computer. 7. By default, the Port is 8080. This port is used by the DataManager service. 8. Enter the Service password and click Next. The Deployment Database dialog appears. Deployment Solution 552 Network Ports
9. Click Next. The Gathering Information dialog appears. 10. Select the appropriate option, provide the authentication information and click Next. The Pre-boot Operating System dialog appears. 11. Enter the required information and click Next. The PXE Server Information dialog appears. 12. Enter the required information and click Next. The Deployment Agent Connection to Deployment Server dialog appears. 13. Enter the required information and click Next. The Deployment Console Information dialog appears. 14. Select the required option and click Next. The Deployment Web Console Information dialog appears. 15. The Console Port is 8081 by default. Click Next. The Installation Information dialog appears. Note: This port is used by the Console Manager service. You can change this port if required. 16. Click Install. DB Management (Middle Man) This component is used for secure communication between the Console and the Database and the Console and the Server. To configure the 505 port 1. Open the Registry Editor. 2. In the left pane, select HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > MMProc > Port 505. The Edit DWORD Value dialog appears. 3. Set the required value and click OK. 4. Restart the AltirisDeployment Server DB Management and the Altiris eXpress Server services after this change. Deployment Server The AltirisDeployment Server controls the workflow and information exchange between the managed computers and the other Deployment Server components, such as Deployment Console, Deployment Database, and Deployment Share. Managed computers connect and communicate with the Deployment Server to register inventory and configuration information and to run deployment and management tasks. Computer and deployment data for each managed computer is then stored in the Deployment Database. There are two methods to configure the 402 port. To configure the 402 port Option 1: 1. From the Start Menu, click Settings > Control Panel > Altiris Deployment Server Configuration Utility. Deployment Solution 553 Network Ports
2. Click the Transport tab. 3. Enter 402 in the TCP Port field and in the Multicast Port field. Click OK. Option 2: 1. Open the Registry Editor. 2. In the left pane, select HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options > TCP Port 402 or Multicast Port 402. Note: This is the port where the server accepts all client connections, such as AClient (Windows Agent), ADLagent (Linux Agent), and DataManager. 3. The Edit DWORD value dialog appears for each port. Set the required values for both TCP Port 402 and Multicast Port 402 and click OK. 4. Restart the AltiriseXpress Server service. About the Multicast Port: On the client computers there is an option in the Altiris Client Service Properties dialog called Discover Deployment Server using TCP I/P Multicast. On selecting this option the client locates the deployment server by multicasting. You have to enter the Multicast Address for using the multicasting option. On finding a Deployment Server, the client computer connects to the port that is received from the server. Deployment Console (Win32 Console) The Deployment Console is the Win32 user interface for Deployment Solution. You can install this Win32 console on computers across the network to view and manage resources from different locations. In addition, from this console, you can access the Deployment Database on other Deployment Server systems to manage sites across the enterprise. Note: You can remotely control an active client computer from the Win32 console. Right-click a connected client and select Remote Control. To configure the 5001 and 5002 ports 1. Open the Deployment Console and click Tools > Options. The Program Options dialog appears. 2. Click the Global tab. 3. Select the Remote control ports check box. 4. Enter port number 5001 in the Primary field. 5. Enter port number 5002 in the Secondary (Optional) field. Note: Port 5002 is the backup port in case Port 5001 is not available. 6. Click OK. Note: By default, Port 5001 is used for controlling the clients remotely. Deployment Agent on Windows (AClient) The Deployment Agent is installed on each client computer in the Deployment Server system to remotely manage the computers from a Deployment Console. The Deployment Solution 554 Network Ports
Deployment Agent on Windows runs on Windows computers, including desktops, notebooks, and servers. To configure the 402 port 1. Click the AClient icon on your desktop. The Altiris Client Service dialog appears. 2. Click Properties. The Altiris Client Service Properties dialog appears. By default, the Server Connection tab is selected. 3. Select the Connect directly to this Deployment Server option or select the Discover Deployment Server using TCP/IP multicast option. 4. Enter the port number. Note: By default, this port number is 402. Note: When the AClient is connected to the Deployment Server on port 402, it internally creates a listening UDP socket on port 402 to accept Wake-up packets from the server. Deployment Agent on Linux The Deployment Agent is installed on Linux workstations and server to establish communication between Linux computers and the Deployment Server. This agent collects and sends data from the client computer to the Deployment Server, executes deployment tasks sent from the server, installs packages, and runs management processes as directed from a Deployment Console. To configure the 402 port 1. To edit the configure file directly, open the adlagent.conf file at the following path: /opt/altiris/deployment/adlagent/conf. 2. Change the value corresponding to the TCPport= if necessary. The default value is 402. 3. Restart the ADLAgent service. To configure the 415 port 1. To edit the configure file directly, open the trace.conf file at the following path: / opt/altiris/deployment/adlagent/conf. 2. Change the value corresponding to the TcpTracePort= if necessary. The default value is 415. 3. Restart the ADLAgent service. Note: Port 415 is used to remotely view debug messages from the ADLAgent. These messages include the debug information and communication details between the ADLAgent and the Deployment Server. This port connects to the Remote Client. Client/Server File Transfer Port Open the Copy File To dialog of the Copy File task and click Advanced. Select the Copy files using Deployment Server option. The files will be copied using this port. Deployment Solution 555 Network Ports
To configure the Client/server file transfer port 1. From the main menu, open the Deployment Console and click Tools > Options. The Program Options dialog appears. 2. Click the Global tab. 3. Select the Client/server file transfer port check box. 4. Enter the port number in the Client/server file transfer port field. 5. Click OK. RapiDeploy Ports This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server. This allows you to deploy images to a group of computers simultaneously, download an image from a file server, or access a local hard drive, and manage the imaging of several client computers. Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter driver, you can enter a range of IP addresses when using the multicasting feature to speed computer deployment and management. Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and operating system layers. However, some network adapter cards do not handle multiple multicast addresses. In such instances, you can define a range of ports to identify these computers. On the first pass Deployment Server accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server accesses the selected computers using the port numbers. To configure the RapiDeploy ports 1. From the main menu, open the Deployment Console and click Tools > Options. The Program Option dialog appears. 2. Click the RapiDeploy tab. 3. Enter the range of ports in the Port > Range fields. Note: The port values are 401 by default. 4. Click OK. Deployment Solution 556
Appendix F Deployment Agent Authentication This article describes the AClient and the Deployment Server authentication process. The authentication process is required to safeguard the use of the AClient from connecting to a malicious Deployment Server. Deployment Solution 557 Deployment Agent Authentication
The authentication process starts with the Deployment Solution installer generating a security key and writing it in the server.key file. You can find the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options > Security > ServerSecurity registry key. This security key is a random numeric value that is generated automatically. When the Deployment Server starts, the server reads this registry key. The AClient has to add the automatically generated security key to the AClient registry by specifying the server.key file path. To specify the server.key file path 1. Click Start > Program > Altiris > Deployment Solution > Configuration > Options > Authentication > Add Key. 2. Select the Server.key file and click Open. Note: The AClient also has to select the Enable key based authentication check box in Start > Program > Altiris > Deployment Solution > Configuration > Options > Transport tab. If this option is not selected, server authentication fails. The Deployment Server stores the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > DSAuthentication The AClient stores the security key at the following location: HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > SecurityKey A random challenge key is generated, which is unique to the AClient. The AClient encrypts this challenge key and stores the challenge key in the registry using the security key. The AClient sends the following connection request to the server in the form of Cipher Text. Request =Aut hent i cat e Ci pher Text = The Deployment Server uses the ServerSecurity key stored in its registry and decrypts the Cipher Text. Using the same key, the server again encrypts the challenge key and sends the following reply in the form of Cipher Text. Repl y=Aut hent i cat e Ci pher Text = The AClient decrypts the Cipher Text using the challenge key already stored in its registry. It compares the decrypted Cipher Text with the random key it has generated. If the two keys match, the server authenticates the AClient connection. If the keys do not match, the authentication fails. The connection is closed and the AClient status is updated to Server Authentication failed. The keys stored on the Server and at the AClient are the same. These keys, however, look different because they are altered using random bytes, and are encrypted using a constant key. The Cipher text sent on the wire also looks different in request Deployment Solution 558 Deployment Agent Authentication
authentication as well as in reply authentication, because it is altered using random bytes. These alterations ensure the safety of the key from malicious users. Deployment Solution 559
Appendix G Windows Registry Keys This section contains a description of the Windows Registry Keys used by Deployment Solution. You can access the keys in the Options folder. 3. Open the Registry Editor. 4. Click HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options. The keys present in the Options folder are listed in the table below, with their description and purpose. Registry Name Description Purpose Keys present in Options folder AgentCommLogDir Specifies the path for client server communication log. This path is used to create the client-server communication log file. AgentCommLogging Checks whether to create a communication log. If the value is 0, it disables the logging, else, it enables the logging. AgentCommLogMaxFileSize Specifies the size of the log file. The maximum the file can grow is up to the size specified by this key. If the size exceeds this, then it starts overwriting the file from the beginning. DebugLogFilename Specifies the path and name of the engine log file. Used to create the engine log file at the specified path. DebugLogging Checks whether to create the engine log file. If 1, creates the engine log file. DebugLogMaxSize Specifies the max log file. The maximum the file can grow is up to the size specified by this key. If the size exceeds this, then it starts overwriting the file from the beginning. PingIntervalMinutes When sending CACKS to active clients, the server will not send CACK to an active computer if there was an activity on the socket associated with that computer in the last PingIntervalMinutes minutes. PingTimeOut CACK timeout in seconds. If the client fails to respond to a CACK within the time out, then it is considered as inactive. Deployment Solution 560 Windows Registry Keys
ReadThreadCount Specifies the number of threads for the read operation. Creates the number of read threads. The default is 10, the minimum is 0 and the maximum is 200. ResetInactiveClientConnectionsBatch Size Number of computers in a batch. While sending WACs to inactive computers, the engine processes n computers at a time. After processing n computers it waits for some time (Specified by ResetInactiveClientConnectionsRest Time) before processing the next batch of n computers. ResetInactiveClientConnectionsHours Reset inactive client connections every n hours. If it is positive, this key is activated. After every n hours, the engine will send WACs to inactive clients. ResetInactiveClientConnectionsRest Time Wait time (in seconds) between two batches. While sending WACs to inactive computers, the engine processes n computers at a time. After processing n computers it pauses before processing the next batch of n computers. This entry defines this pause time. ResetInactiveClientConnectionsTime If ResetInactiveClientConnectionHo urs is negative, this key is activated. Stores time as a string in HH:MM format, where HH can have values 00-23 Hours. If the value is 13:25, it means 1.25 PM. The Engine will send WACs to inactive clients at 1:25 PM everyday or on a particular day of the week depending upon ResetInactiveClientConnectionWeek Day. ResetInactiveClientConnectionsWeek Day If ResetInactiveClientConnectionHo urs is negative, this key is activated. If positive indicates the day of the week (1=Sunday, 2=Monday,...). A negative value means everyday. Engine sends WACs to inactive computers at the given time everyday or on a specific day of the week. SendBufferSize Specifies the size of the buffer for the socket. Sets the size of socket buffer. SendWaitTime For Backward compatibility. ServiceInstallPath Specifies the install path of Deployment Server. Path of the DS. SqlPassword Specifies password for SQL server. Connects to SQL server using this password. SqlUserName Specifies Username for SQL server. Connects to SQL server using this Username. Registry Name Description Purpose Keys present in Options folder Deployment Solution 561 Windows Registry Keys
ThreadLogging Specifies whether to create a log file in thread directory for threads. If checked, creates a thread directory and threading related log files. ThresholdWOL Number of minutes to wait before retrying to wake up the inactive computer. If a job is scheduled on an inactive client, and if UseWOL is 1, the engine will try to wake up that computer by sending WOL every n minutes until it wakes up. TimeSyncMaster Specifies whether to sync the time with the client. If true, syncs the client time with the server. UpdateActiveClientConnectionsHours Updates active client connection every n hours. If it is positive, this key is activated. After every n hours the engine will send CACKs to active clients. UpdateActiveClientConnectionsBatch Size Number of computers in a batch. While sending CACKs to active computers, the engine processes n computers at a time. After processing n computers it waits for some time (specified by UpdateActiveClientConnectionsRestT ime) before processing the next batch of n computers. UpdateActiveClientConnectionsRest Time Wait time (in seconds) between two batches. While sending CACKs to active computers, the engine processes n computers at a time. After processing n computers it pauses before processing the next batch of n computers. This entry defines the time of this pause. UpdateActiveClientConnectionsTime If UpdateActiveClientConnectionsHo urs is negative, this key is activated. Stores time as a string in HHL:MM format, where HH can have values 00-23 Hours. If the value is 13:25, it means 1:25 PM, then Engine sends CACKs to active clients at 1:25 PM everyday or on a particular day of the week depending upon UpdateActiveClientsConnectionWeek Day. UpdateActiveClientConnectionsWeek Day If UpdateActiveClientConnectionsHo urs is negative, this key is activated. If positive indicates the day of the week (1 = Sunday, 2 = Monday,...). A negative value means everyday. Engine sends CACKs to active computers at the given time everyday or on a specific day of the week. Registry Name Description Purpose Keys present in Options folder Deployment Solution 562 Windows Registry Keys
UpdateInventoryBatchSize Number of computers in a batch. While inventorying computers, engine processes n computers at a time. After processing n computers, it waits for some time (specified by UpdateInventoryRestTime) before processing the next batch of n computers. UpdateInventoryHours Update inventory for active computers every n hours. If it is positive, this key is activated. After every n hours the engine will send inventory for the active clients. UpdateInventoryRestTime Wait time (in seconds) between two batches. While inventorying computers, engine processes n computers at a time. After processing n computers it takes a pause before processing the next batch of n computers. This entry defines the time of this pause. UpdateInventoryTime If UpdateInventoryHours is negative, this key is activated. Stores time as a string in HH:MM format, where HH can have values 00-23 Hours. If the value is 13:25, it means 1:25 PM. The Engine will inventory active clients at 1:25 PM everyday or on a particular day of the week depending upon UpdateInventoryWeekDay. UpdateInventoryWeekDay If UpdateInventoryHours is negative, this key is activated. If positive, indicates the day of the week ( 1 = Sunday, 2 = Monday,...). A negative value means everyday. Engine inventories active computers at a given time everyday or on a specific day of the week. UseFD_READ It is related to socket activity. This is being used for internal socket communication activity. UseResetInactiveClientConnections 1 if Update active client connections, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0. If Reset inactive client connections is enabled, the engine periodically send WACs to the inactive computers. If the AClient is running on any of the inactive computers, it just resets the connection with server. UseSql Used to connect to sql server. If true, then connects to database using username and password specified in the configuration dialog. UseUpdateActiveClientConnections 1 if Update active client connections, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0. If Update active client connections is enabled, the engine periodically sends CACKs to the active computers and marks those computers, which fail to respond to CACKs as inactive. Registry Name Description Purpose Keys present in Options folder Deployment Solution 563 Windows Registry Keys
Key in the Security Folder You can access the key in the Security folder. 1. Open the Registry Editor. 2. Click HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options > Security. The key present in the Security folder is listed in the table below, with its description and purpose. UseUpdateInventory 1 if Update inventory for active clients, on the General Tab of the Altiris Configuration Utility, is enabled, otherwise 0. If Update inventory for active clients is enabled the engine periodically inventories the active computers. WakeAgentWithPing Not Used. AllowJobWOL Not Used. Registry Name Description Purpose Key present in Security Folder Server Security Authenticates client to DS server. This key is used to authenticate the client to server. Registry Name Description Purpose Keys present in Options folder Deployment Solution 564
Appendix H Pocket PC Installing Deployment Agent for PocketPC The Deployment Agent for Pocket PC lets you manage and deploy handheld computers running the Pocket PC operating system, including: HP iPAQ Pocket PC HP J ornada Pocket PC Casio Cassiopeia Pocket PC You can manage handhelds through a cradle attached to a host computer, or through direct connection to the network using a LAN or wireless network adapter. When connected through the cradle, the Pocket PC Agent software will reside on the host computer and the Pocket PC Client software will reside on the handheld computer. This configuration allows Deployment Server to recognize and update the handheld each time it returns to the cradle and synchronize with the host computer using Microsoft ActiveSync. Handheld computers connected directly to the network install only the PPC Client softwareand are managed like any other computer in your Deployment Server system. Install from a cradle or cable. See Install a Pocket PC Agent from the Deployment Console on page565 to install to a handheld computer in the cradle attached to a host computer. Download CAB files with ActiveSync. See Install Pocket PC Agent from the Host Computer on page566 to install the handheld by running or copying the Deployment agent install file or the Deployment Client CAB files over the network. Install directly to the handheld. See Install Pocket PC Client on the Handheld on page566 to install only the Deployment Client from CAB files on the handheld computer. System Requirements Processors ARM MIP SH3 Disk space 5 Mb contiguous Operating systems: Pocket PC RAM 16 Mb Deployment Solution 565 Pocket PC
The Deployment Agent for Pocket PC (PA) runs on the host computer, which itself is a managed computer running the Deployment Agent (DS). The Deployment Agent for Pocket PC automatically installs the Deployment Client for Pocket PC (PC). You can also install the Deployment Client for Pocket PC directly to the handheld by installing the required CAB files. Install a Pocket PC Agent from the Deployment Console When installing a handheld running the Pocket PC operating system, you can attach to a host computer and run Microsoft ActiveSync software to synchronize data between the host computer and the handheld. Deployment Solution lets you install Deployment Agents on both the host computer and the handheld to communicate with Deployment Server as a managed computer. The Altiris Pocket PC Agent is software that runs on the host computer. This agent communicates through the handhelds cradle to the Pocket PC Client running on the handheld. The Pocket PC Agent also automatically installs Pocket PC Client on the handheld. The Pocket PC Agent provides communication between the Pocket PC Client on the handheld and the Deployment Server. ActiveSync is required for the Pocket PC Agent because it provides the IP stack the Pocket PC Agent uses to communicate with the handheld. The Pocket PC Agent monitors the connect and disconnect jobs sent to the handheld. If the Pocket PC Client on the handheld is present but not started, then the agent will start it. The Pocket PC Agent also acts as a relay agent to transfer data from the Pocket PC Client on the handheld to the Deployment Server. From a Deployment console, you can schedule and run a Sample job to install the Pocket PC Agent on a host computer. Ensure that the handheld is connected to the host computer and seated in the cradle. You must also download Microsoft ActiveSync and install it (this is free software available on the Microsoft web site) on the host computer. Then synchronize the host computer with the handheld. To install from a Deployment console Use Deployment Solution to find computers with ActiveSync and run deployment jobs to automatically copy the necessary files and install the Deployment PPC Agent and PPC Client. 1 From a Deployment console, in the Jobs pane open the Samples > Pocket PC folder. 2 Click the Install Altiris Pocket PC job and then select the Active Sync computer condition in the Condition box in the Details pane. 3 Drag the Install Altiris Pocket PC job to the host computer. If you are using a Web console, then assign using web features. 4 Schedule the job. After the Pocket PC Agent has installed, the Altiris Pocket PC Agent icon will appear in the system tray of the host computer. When the Deployment Agent is initialized, it will connect to the handheld. The agent will check if the Altiris Pocket PC Client is installed on the handheld. If not, the agent will automatically install it. Deployment Solution 566 Pocket PC
When the Pocket PC Client is installed on the handheld, the Deployment Client icon will appear in the system tray of the handheld and the client details screen appears. Note: For ease of use, the Pocket PC Client will first try to connect to a Pocket PC Agent. If it fails, the Pocket PC Client will try to connect directly to the Deployment Server. 5 Click OK. The handheld appears in the Deployment Console as a unique computer displaying the handhelds name. See Installing Deployment Agent for PocketPC on page564. Install Pocket PC Agent from the Host Computer From the host computer, you can install the Pocket PC Agent by running theppcagent.exe installation file on the host computer. After installing the Pocket PC Agent, it will automatically install the Pocket PC Client when the computers synchronize. This is the fastest and easiest way to install both agents on the host and handheld computers. Note: After you have installed the Altiris Pocket PC Agent on a host computer, the PPCAgent.exe file can be executed from the C:\Altiris\PPCAgent directory (or the directory where you installed Pocket PC Agent if you chose a directory different from the default). This lets you access the features of this program even though the icon has been hidden. In addition, if you are using ActiveSync 3.5 or a later version, you can also log on to the Deployment Share in the Depl oyment Ser ver >Pocket PC Cl i ent folder and copy the correct CAB file for the handheld (based on type of processor) to the host computer. You can then copy the CAB files directly to the handheld using the Explore feature in ActiveSync. To install Pocket PC Client directly with ActiveSync 1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from). 2 Connect your device to your desktop computer using a cradle or cable. 3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device. 4 In Windows Explorer, browse to the CAB file you want to copy. 5 Right-click the file and click Copy. 6 Place the cursor in the desired folder for your device, right-click, and click Paste. 7 From the device, tap Start > Programs > File Explorer. Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the handheld, the Deployment Agent icon appears in the handhelds system tray. Note: If using ActiveSync 3.5, the Pocket PC Agent is not required after the Pocket PC Client is installed. However, the Pocket PC Agent can still be useful for installing the Pocket PC Client onto the handheld, loading the client, and managing client settings. See Installing Deployment Agent for PocketPC on page564. Install Pocket PC Client on the Handheld You can install the Pocket PC Client directly to the handheld computer if your handheld has a network adapter (LAN or wireless), allowing you to download the correct CAB file and install the Pocket PC Client to communicate with the Deployment Server. The following CAB files are provided based on processor type. Copy the CAB files from the Deployment Share in the Depl oyment Ser ver \ Pocket PCCl i ent folder: ppccInt.Arm.CAB, ppccInt.MIP.CAB, ppccInt.SH3.CAB. Deployment Solution 567 Pocket PC
To install Pocket PC Client using CAB files 1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from). 2 Connect your device to your desktop computer. 3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device. 4 In Windows Explorer, browse to the CAB file you want to copy. 5 Right-click the file and click Copy. 6 Place the cursor in the desired folder for your device, right-click, and click Paste. 7 From the device, tap Start > Programs > File Explorer. Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the handheld, the Deployment Agent icon appears in the handhelds system tray. See Installing Deployment Agent for PocketPC on page564. Uninstall the Pocket PC Agent 1 Open the Pocket PC Agent status sheet by double-clicking Altiris Pocket PC Agent icon. 2 Click Options > Uninstall. You can also uninstall the agent by running the ppcagent - r emove switch from the command line. Note: There is no uninstall program for the PPC Client. To remove the Pocket PC Client, you must remove the client file from the My Devi ce\ Wi ndows\ ppccI nt . exe file on the handheld. Command Line Switches for the Pocket PC Agent You can also manage the Pocket PC Agent through command-line switches. The Pocket PC Agent is started using the C:\Program Files\Altiris\PPCAgent\PPCAgent.exe program file. If you need to perform some function with a command-line switch, run the program file followed by the applicable switch. To restart the agent, you would run: C:\Program Files\Altiris\PPCAgent\PPCAgent.exe - r est ar t The following is a list of the supported switches: - st op Stops the agent. - st ar t Starts the agent after it has been stopped. - r est ar t Stops and restarts the agent. - si l ent Installs the agent without the installation dialog screens. - r emove Stops and uninstalls the agent. Deployment Solution 568
Appendix I Managing Switches To administer roles and configurations for network servers, it is necessary to discover and modify the network switch settings for the connected network servers. Deployment Solution provides the Switch Add-On program to discover and manage Virtual Local Area Networks (VLAN) settings on a LAN switch or to run commands from the command-line. This utility allows you to directly discover and provision the port settings of a LAN switch. Switch Management Features Typically, a VLAN setting is port based it is a LAN switch port that can be configured as a member of a specific VLAN. As such, client and server computers connected to that LAN switch port are members of the VLAN and can communicate with other member client and server computers of that VLAN. By changing the VLAN setting of a switch port, you can move client and server computers between logical VLAN groupings without actually changing the physical network infrastructure. Often, when modifying server roles or configurations, it will be necessary for you to change the grouping or VLAN for the servers network. This can be accomplished by changing the VLAN setting on the switch port that the server is connected to. The Deployment Solution Switch Add-On allows you to perform the following functions: Discover the LAN switch MIB II system information (command-line and GUI) Discover the switch ports of a LAN switch (command line and GUI) Discover the VLAN setting for each switch port (command line and GUI) Modify the VLAN setting of a switch port (command line and GUI) Assign physical connectivity of a workstation/server to a switch port (GUI) About Switch Add-On for Deployment Solution Switch Add-On will assume port-based VLANs (not MAC-based VLANs), managing only VLANs for a specified port setting on the switch. For this release, it will assume only one VLAN per port. (Switch Add-On will not perform any type of VLAN trunking management in its initial release.) Deployment Solution Switch Add-On will only support VLAN management based on the list of supported devices in LAN Switch Support List (page 569). Deployment Solution Switch Add-On will only support SNMP v1. You will need the SNMP read community name to discover a LAN switch (along with its port/VLAN mappings) and the SNMP write community name to manage the port/VLAN settings.
To open the Switch Management tool, click Tools > Altiris Tools > Switch Management. The Deployment Solution Switch Add-On utility tool appears. Network switches will be identified in the left pane. Click the star icon to Add New Switches. Deployment Solution 569 Managing Switches
All discovered switch information will be kept in a local database file (Swi t chMngt Db. t xt ). To ease installation and support, this file will be text based and be located in the directory from which the Deployment Solution Switch Add-On applications are executed. Notes If a LAN switch supports the 802.1Q VLAN standard, Deployment Solution Switch Add-On will only provide PVID management on a port. Since most vendors do not support VLAN Add/Edit/Delete through SNMP, Deployment Solution Switch Add-On will not provide these features. All devices that are to be managed must support SNMP v1. LAN Switch Support List Deployment Solution Switch Add-On supports these specific vendors with the following LAN switches: Cisco Catalyst 1900/2820 series switches Models: All models (OS Versions 8.XX and up - Enterprise Edition) Cisco Catalyst 2900 series switches Models: WS-C2900, WS-C2926 (OS versions 3.1 and later) Models: WS-C2948G, WS-C2980G and WS-C2980GA (All operating system versions) Cisco Catalyst 2900 XL / 2900 XL LRE series switches Models: All models (IOS versions 11.2(8) SA3 and later) Cisco Catalyst 3500 XL series switches Models: All models (IOS versions 12.0(5) XP and later) Cisco Catalyst 4000 series switches Models: WS-C4003, WS-C4006, WS-C4912G (All operating system versions) Cisco Catalyst 5000 series switches Models: WS-C5000, WS-C5002, WS-C5500, WS-C5505, WS-C5509, WS-C5509E (OS versions 3.1 and up) Cisco Catalyst 6000 series switches Models: WS-C6006, WS-C6009, WS-C6506, WS-C6509, WS-C6509NEB, WS-C6513 (All OS/IOS versions) HP Models: BL eClass Interconnect Switch (802.1Q PVID management only) Dell Models: PowerEdge 1655MC Integrated Switch (802.1Q PVID management only) Using Deployment Solution Switch Add-On The Deployment Solution Switch Add-On program is a stand-alone application that displays a graphical view of the all switches that have been discovered along with their respective switch ports. Deployment Solution 570 Managing Switches
The following are port attributes appearing in the Details pane of the program: Switch The switch to which the port belongs Port The name of the port (vendor-specific port names will be shown when available) Description The description of the switch port VLAN The VLAN assignment for the switch port Connectivity Any user assigned mapping of clients or servers to the switch port By selecting a device in the tree view pane, the switch port display is updated to show its respective ports. By selecting Network in the tree view, all switch ports that have been discovered will be shown in the switch port view. You can sort on attributes by selecting the appropriate column. Adding a Switch Device To add a switch to the Deployment Database 1. Press the Add icon on the toolbar Or, right-click Network in the tree view. 2. From the pop up menu that opens, click Add Device. Deployment Solution 571 Managing Switches
Note When the device is available and the SNMP communities are correct, the application reads the MIB II system information from the device and add the device to the tree view. If the device is not available, an error message appears. Discovering a Device Once a device has been added to the database, all properties for that device can be discovered. By selecting the device in the tree view and right clicking, the following menu appears: Click Discover Device to discover all the switch device properties and store these values in the Deployment Database. Once the discovery process is complete, the switch ports for that device will be seen in the port view. Deleting a Device A device can be deleted in two ways: 1. Press the Delete icon on the toolbar: Or, right-click and select Delete. Viewing and Setting Device Properties Select and view Properties for a switch device by right-clicking its name in the tree view. The system information for the selected device appears. This dialog will allow you to make any necessary modifications to the SNMP read and SNMP write community strings (passwords). Setting the VLAN for a Switch Port To set a switch port to a specific VLAN, right-click on a switch port in the switch port view and click Click Set VLAN to view all available VLANs on the switch. Select a VLAN from the list. Deployment Solution 572 Managing Switches
The Deployment Solution Switch Add-On application will then use the supplied SNMP community strings (passwords) and attempt to change the VLAN setting on the port. If successful, the VLAN column will be updated. Note It is possible to select more than one port in the port view and assign all selected ports to a particular VLAN in one operation. However, due to the number of operations required to change VLANs on some switching devices, this operation can be time consuming. Assigning Connectivity to a Switch Port From the switch port view, right-click any switch port and click Assign/View Connectivity to determine what client or server computers are connected to a particular switch port. This dialog appears: The Assign/View Connectivity dialog shows all visible devices, including the MAC addresses that are being forwarded by the switch. It also shows any previous connectivity mapping, such as an X in the Connected column). You can add a hostname Deployment Solution 573 Managing Switches
to a specific MAC address by right-clicking the appropriate MAC address. A menu appears. Click Add/Edit Host Info to enter the hostname on the dialog. Note If the IP address and Hostname columns are blank for a MAC address, the application does not have enough information about the global network to display an IP Address/ Hostname binding to that MAC address. You can assign connectivity to a particular switch device by selecting the device (or MAC address) in the list and clicking Assign Connectivity to Port. This will mark the MAC address as connected to this port. You can remove connectivity by selecting the MAC address you want to remove from connectivity and clicking Remove Connectivity from Port. When the dialog is closed, the client and server computers can be seen in the Connectivity column of the switch port view. Command-line Parameters The following command line parameters can be supplied to the Deployment Solution Switch Add-On program to launch the program with the appropriate -d=<switch IP address>: By supplying the IP address of the switch, the Switch Add- On program will launch and automatically select the supplied device in the tree view (thereby, showing all of its ports in the port view). -e=<end node MAC address>: By supplying the MAC address of a client or server computer, the Switch Add-On program will launch and automatically select the switch and port that the client or server computer is connected to (if the connectivity has been previously assigned). GUI Tools The Switch Management Console includes a Tools menu, providing a Ping IP Range command to assist in "pinging" a specified IP range in order to generate traffic to a range of devices that might otherwise be inactive. From this dialog you can specify the starting and ending IP addresses to ping. Success or failure messages will appear in the list. The Ping IP Range tool can be used to lookup the MAC address of the device being pinged. To be successful, SNMP must be enabled on the end device. The user can supply an SNMP Read community name to perform this operation. Otherwise, the user may clear the SNMP MAC Lookup box to ping only the end device. Deployment Solution 574 Managing Switches
Note If a device is inactive, the forwarding tables in the switch will not show the MAC address of the client or server computer. The Ping IP Range tool can be used to refresh the forwarding table in the switch. Deployment Solution Switch Add-On (Command Line Options) Along with the Deployment Solution Switch Add-On graphical program, a command-line interface is provided that will support the command line arguments listed below. This program file is named swi t chcf g. exe. It will be executed from the same directory that the database file (Swi t chMngt Db. t xt ) is located. Command-line Interface Parameters By executing the swi t chcf g. exe without any arguments, you can see the usage of the CLI application as below. The following is a description of the available command line arguments and how they are to be used: -m=<mode> This indicates the mode of the operation to be performed. The two possible values are: 1) discover, and 2) set (as in set VLAN). -d=<target ip> This indicates the switch (by IP address) to perform the operation on. -r=<read community> The SNMP read community name (password) to use to discover the switch. -w=<write community> The SNMP write community name (password) to use to perform any set operations on the indicated device. -p=<port name> The name of the switch port the user is attempting to configure. -v=<VLAN number> The VLAN number to set the switch port to (or). -n-<VLAN name> The VLAN name to set the switch port to. Deployment Solution 575 Managing Switches
-e=<end node MAC address> The MAC address of the workstation/server you want to be put in a particular VLAN. In order for the utility to perform this operation correctly, the connectivity of the MAC address must have already been assigned using the GUI application. When using this option, the user must only supply the SNMP write community (password) and the VLAN (name or number) to put the workstation/server in. The CLI application will use its database to lookup the appropriate (bound) switch and switch port to provision. -c=<SNMP retry count> The number of attempts that SNMP should attempt before giving up. -t=<SNMP timeout> The SNMP timeout value in milliseconds. Note Prior to executing any command to provision a switch, that switch MUST be discovered. Otherwise, the program will report errors. Command-line Examples Discover a Switch swi t chcf g. exe - m=di scover - d=<t ar get I P> - r =<SNMP r ead> Set VLAN on a Switch/Port swi t chcf g. exe - m=set - d=<t ar get I P> - w=<SNMP wr i t e> - p=<por t name> - n=<VLAN name> Set VLAN for a Workstation/Server (End Node) swi t chcf g. exe - m=set - w=<SNMP wr i t e> - e=<MAC addr ess> - n=<VLAN name> Deployment Solution 576
Index Symbols A access 377 account option, domain 85 account settings 410 AClient. see Deployment Agent for Windows adapter network 272, 297 adapter settings adding 273, 297 add component 484 components 365 computer 97, 403 group 90 server 387 user 89 add components 365 adding servers 399 ADLAgent configuration 250 installation 250 administrative tools 78 ADS options 372 set up 385 agent see also Deployment Agent for... ADLAgent see ADLAgent configuring 389 installation overview 345, 411 polling interval 396 production agent settings 375 requirements 335 settings 86, 134, 375, 379 Altiris Console collections 370, 390 configuration request 397 deployment 386 reports 389 application properties 120 applications 414 assigning jobs from Deployment Web Console 373 with conditions 81 Atools.ini 80 authentication 267, 380 agent for DOS 117 database 365 user 90 autoexec.bat file editing 477 order of operations 477 Automated Deployment Services. see ADS Automation Agent settings 379 automation boot disk creating 281 automation partition creating 286, 295 creating setup package 280 installing 280 removing 283 automation tasks 288 axengine 451 axinstall 478 B basics, Deployment Web Console 369 bay virtual 246 bay properties 413 deployment rules 413 server deployment 121 BDC. See Boot Disk Creator best practices 87 BIOS settings 485, 485 blade server. see server blades boot bootloaders, Linux 251 boot configuration protocol settings 274, 298 boot disk creating 281 Boot Disk Creator about 269 additional files 302 advanced 298 configuration summary 277, 301, 301 creating bootable media 279 integration with PXE Configuration Utility 288 modifying settings 273, 298 server communication 274, 299 starting 270 tool icon 78 toolbar 270 tracking boot menu options 288 boot image about 288 boot image files creating 303 boot menu items identifying 289 boot menu options automation tasks 288 creation methods 288 editing 292 importing 292 tracking 288 BootWorks see Deployment Agent for DOSt BootWorks. see Deployment Agent for DOS broadcast address 106 builder, lab 66 building jobs . see jobs bwinst.exe installation switches 474 bwinst.exe see Deployment Agent for DOS C capture personality advanced 432 capturing personality settings 176 packages 432 Central Deployment Server Library 391 change password 400 chat feature 132 clear after scheduling 372 clear status action 416 operation 123 client BIOS setting 485, 485 client/server file transfer port 84 connections 363 connections, managing 118, 411 connectivity 346 driver 346 driver for Novell 347 Client Access Point. see Deployment Share codes, return 190, 440 collections Altiris Console 390 from Notification Server 370 Deployment Solution 577
color code operating system configuration 289 pre-boot configuration 270, 277, 302 command execute 131 command line switches 213, 446 aclient.exe 452 Aclient.inp 453 add on 574 Bootwork.exe 472 Deployment Agent for DOS 471 Deployment Agent for Windows 452, 452 export job utility 446 import computer 451 import job 447 job utility 448 keyboard and screen lock (kbdsclk) 476 Pocket PC agent 486 schedule job 450 command-line switches rdeploy.exe 489 using 502 communication, server 274 components add 365 Deployment Console 330 Deployment Database 331 Deployment Server 330 Deployment Share 332 installing 344 PXE server 332 computer adding 97 booting method 279 communication with Deployment Server 274, 299 computers pane 71 configuring properties 101, 406 details 412 filtering 373 filters 81, 82 finding 140, 373 group filter 82 groups 71 history 125 icons 96, 402 import 451 locating PXE Server 304 managing 398 managment 95 manual boot 281 migrating with wizard 146 new account 99 pane 370 preconfigured 98 properties 119 rejected 94 remote operations 122 removing automation partition 283 removing inactive 83 restoring 124 select with wizard 149 showing 71 conditions 149 creating 81 order sets 150 configuration adding files 278, 278, 303, 303 computer 125, 214 computer properties 101 creating 284 Deployment Server 373 DOS 272, 296 general 263 initial deployment 194, 443 modify 434 modifying 277, 302 modifying multiple tasks 188 multi-network adapter 272, 296 name 271, 295 properties 406 regenerating PXE 293 request, Notification Server 397 summary, Boot Disk Creator 301 configuration summary Boot Disk Creator 277, 301 confirmation settings 324 connection to other sites 93 connections 267 rejection 372 console Deployment Console basics 71 Deployment Console features 71 installation 365 managing from 70 options 83 Web console. see Deployment Web Console Web. see Deployment Web Console copy file 184 folders 189 jobs 189, 439 copy file 437 advanced 438 copy folders 439 creating disk images 154, 424 new script 188 credentials logon 262 custom data sources options 86 install 338 installation 482 tokens 514 D database authentication 365 connecting to new 93 Deployment Database 331 instances, installing to multiple 331 debug 268 default pre-boot operating system 361, 362 delete history entries 83 Dell server blades 139, 246 deployment reports,generating 389 server deployment 121 Deployment Agent installing 335, 411 settings 109, 110, 410 Deployment Agent for Automation. see Deployment Agent for DOS Deployment Agent for DOS autoexec.bat 477 bootwork.exe 472 bwinst.exe 474 command line switches 471, 472 installation 352, 474 settings 116 Deployment Agent for Linux install 351 Deployment Agent for PocketPC install 564 uninstalling 567 Deployment Agent for Windows aclient.exe 214, 452, 452 aclient.inp 453 command line switches 452 install 347 Deployment Console basics 71 features 71 managing from 70 Deployment Database 331 connecting to new 93 installation 362 Microsoft SQL Server and 335 deployment from Altiris Console 386 Deployment Server adding 387 agent configuration 389 communication with client computer 274, 299 component install for 344 components of 329 console basics 71, 71, 369 Deployment Solution 578
console features 71, 71 custom install 338 installation 360, 360, 478 installation overview of 329 library 391 memory requirements 334 setting rights for 330 setting TCP port 305 simple install 335 system requirements of 334 systems, managing multiple 399 Thin Client install for 342 Deployment Server configuration 373 Deployment Share 332 requirements 335 deployment tasks. see tasks Deployment Web Console 333, 364, 364 basics 369 computers pane 370 details pane 371 jobs pane 371 jobs, assigning 373 managing from 368 options 372 requirements 335 description property 316 details computer 412 pane 72, 371 detecting expired licences 353 devices 415 devices properties 120 DHCP server managing TCP/IP 333 DIR command DOS 530 Windows 530 disk image advanced 425 options 428 resizing 427 disk images creating 154 distributing 160 disk imaging 266 disk space requirement 334, 334 display options 324 distribute personality advanced 434 distribute software advanced 431 distributing disk images 160, 426 personality settings 178, 433 software 172, 429 distrubuting software 250 domains account option 85 DOS configuration 272, 296 FreeDOS 285 MS-DOS 285 version restriction 285 DOS agent. see Deployment Agent for DOS drive mappings 379 creating 263 editing 263 network 276, 300 removing 263 setting up 300 drive mappings for DOS 117 drive properties 119 driver selecting 273, 297 drives 414 E editing autoexec.bat 477 packages 79 shared menu 292 editor PC Transplant 79, 79 enabling ADS 372 security 88 enabling security 381 errors client error messages 519 CMD error handling 234 communication error messages 520 critical error messages 520 DOS error handling 234 general error messages 517 implementing effective script reporting 233 memory error messages 522 partition error messages 523 Visual Basic error handling 235 evaluate permissions 93 rights 90 evaluate permissions 384 execute 131 expired licenses 357 replacing 84 explorer image 79 exporting jobs 189, 393, 439 EXT2 file systems 212 EXT3 file systems 212 extract folder 319 extract options 324 F FAT FAT16 503 FAT32 503 file systems 212 FIRM 502 file adding in folder 302 copy 184 operating system 284 overwritten 278, 302 properties 316 file server requirement 335 file server type 271, 296 file system independent resource management. see FIRM file systems EXT2 212 EXT3 212 FAT 212 imaging 212 NTFS 212 file transfer port 84 filter using to find 320 filters computer group 81 creating computer group filter 82 find files and folders 319 finding computers 65, 140, 417 computers and jobs 373 licences used. see licenses FIRM 502 EXT2 502, 503 EXT3 503 FAT 502 firm.exe 489 tokens 504 flash drive not appearing 281, 282, 283 folder adding files 278, 302 extracting 319 folder property 316 Fujitsu-Siemens server blades 247 Fujitsu-Siemens server blades 139 G general properties 119, 413 generating deployment reports 389 get inventory 181, 435 Deployment Solution 579
global options 83, 374 groups 90 adding 90 computer 71 importing 90 selecting with wizard 149 H hardware 414 hardware properties 119 Hewlett-Packard server blades 138 history computer 125 deleting 83 restoring 124 HTTP imaging 214 I IBM server blades 140, 247 icons Boot Disk Creator 78 computer 96, 402 Image Explorer 79 jobs 143, 143, 419 PC Transplant Editor 79, 79 PXE Configuration 78 Remote Agent Installer 79 toolbar 270 toolbars 78 utilities 78 image description properties 316 image file password 323 ImageExplorer 79, 215 convert image 317 create image index 318 flags 320 not enough free space 322 open file 316 self-extracting image 320 settings 324 split image 325 using 315 images 530 creating 154, 424, 530 distributing 160, 426, 530 HTTP 214 Linux 250 properties 315 quick disk 125 rescheduling failed 84 Unix 250 ImageX Sample Scripts 322 imaging disk 266 Import Package Advanced 176 importing groups 90 jobs 393 users 89 users from Active Directory 89 importing computers from text file 405 importing jobs 189, 439 inactive computers, removing 83 INI files 80 Initial Deployment 193, 442 initial deployment stopping servers 195, 444 initial deployment configuration 194, 443 installation 364, 364, 365 agent 345, 474 automation partition 280 component 344, 360, 484 configuration 358 console 365 custom 338, 482 Deployment Agent for DOS 352 Deployment Agent for Linux 351 Deployment Agent for Windows 347 Deployment Database 362 Deployment Server 329, 360, 360 DOS 285 multiple database instances 331 operating system files 284 options of 358 Pocket PC (PPC) client from the network 566 Pocket PC agent from the console 565 Pocket PC agent from the host 566 pre-boot operating system 293 PXE Server 310 PXE server 363 Remote Agent Installer 347 return codes 524 scripted 165 silent 479 simple 335, 480 software packages 148 summary 364 switches 478 Thin Client 342 unattended 165 intervals, setting polling 396 inventory get 181 inventory details 414 inventory update 263 inventory, get 435 IP interfaces 106 J job identifying boot menu items within 289 jobs 143 applying computers with wizard 147 assigning 81, 373 associating destination computers 147 building 143, 148, 420, 448 conditions 81 conditions with wizard 148 conditions,creating 81 defined 143 details 143, 419 exporting 189, 393, 439, 446 filtering computers and jobs 373 finding 373 icon 143 icons 143 imaging 530, 530, 530 importing 189, 393, 439, 447 Initial Deployment 195, 443 Job Scheduling Wizard 149, 422 jobs pane 72 options 195, 443 pane 371 removing 152 removing tasks from 152 replicating jobs 400 rescheduling 84, 151 running from resources view 152 sample 193, 529, 532 scheduling 143, 151, 373, 400, 422, 450 select with wizard 149 selecting computers with wizard 147 software installation with wizard 148 tests 530 using package servers 390 wizard 144 K kbdsclk (keyboard and screen lock utility) 476 L Lab Builder 141 lab builder 66 library package 392 setting up 391 licenses adding 356 expired 357 finding licenses used 353 replacing 84 Deployment Solution 580
licensing settings 410 lights out 122 lights out properties 414, 414 Linux 250 agent. see Deployment Agent for Linux bootloaders 251 Command-line Switches 486 distributing software 250 file location 285 imaging 250 scripted install 172 location properties 121, 413 log file 378 LogEvent utility 183 logon 262 logon option 385 lookup key primary 84 M MAC address adding new 307 servicing 306 maintenance 375 Managing 398 managing computers 95, 398 computers chat feature 132 from Deployment Console 70 from Deployment Web Console 368 licenses 353 user groups tab 90, 90 Managing the SVS Layer 175 map drives 267 mappings network drive 276 mappings, drive 379 mappings, network drive 300 media creating bootable 279 menu editing shared 292 Microsoft ADS. see ADS client driver 346 SQL Server 335 migrating computers with New Job Wizard 146 migration 531 capture settings 531, 531, 532, 532 see also personality package modify task 187 modifying configuration task 179, 434 moving jobs to other systems 400 multicasting Master PC 214 process 213 multi-network adapter configuration 272, 296 load order 272, 297 multiple database instances, installing to 331 deployment servers 399 multiple image files 317 N name configuration 271, 295 NetWare authentication 267 NetWare client settings 409 network drive mappings 300 network adapter 346 adding settings 273, 297 auto-detect 273, 297 configurations 272, 296 modifying card settings 273, 298 network boot disk creating 282 network configuration properties 120 network drive mappings 276 network properties 413 networking settings 406 new Job Wizard 144 server blade 245 server blades 137 new computer 98, 404 account 99, 404 new computers adding 403 New Configuration Wizard about 295 starting 271, 295 Notification Server configuration request 397 Novell client driver 347 NTFS 212 FIRM 502 O OEM system partitions 213 open site 93 operating system configuration color code 289 DOS 294 installing preboot files 293 Linux 295 Linux file location 285 preboot 361, 362 pre-boot installation files 284 regenerating PXE configurations 293 selecting default 286, 295 operations, remote 415 options 182 agent settings 86 console 83 custom data sources 86 Deployment Web Console 372 domain account 85 for Deployment Solution 83 global 83 import boot menu 292 install 479 new shared menu 291 RapiDeploy 85 task password 85, 387 options tab 195, 444 order condition sets 150 of operations, autoexe.bat file 477 OS licensing settings 410 OS product key dialog 84 P package editing tools 79 personality 176 Package Server jobs 390 overview 390 setting up 392 pane computers 71, 370 details 72, 371 jobs 72, 371 shortcuts and resources 73 partitions OEM 213 password 380 password options for tasks 85, 387 password, change 400 password, image file 323 paste folders 189 jobs 189 PC Transplant Editor 79, 79 permission rules 384 permissions 87, 92, 383 evaluating 93 rules 92 personality package application settings 531 desktop settings 531 Microsoft Office settings 532 Deployment Solution 581
printer settings 532 see also migration personality settings 176, 432 distribute 433 distributing 178 physical devices options, show 372 ping time-out 263 ployment 193 Pocket PC Agent command line switches 486 PocketPC agent command-line switches 486 installing 564 polling intervals 396 for Deployment Server Agent 389 setting agent 396 port, TCP for file transfer 84 power control 186 operation 126 task 438 PowerEdge, Dell 139 pre-boot operating system 361, 362 installing files 293 pre-configured computer account 98 primary lookup key 84 print file 323 folder contents 322 preview 323 printer settings, capture 532 product key dialog 84 prompt before performing operations 372 user for properties 132 properties 412 application 120 bay 121 computer 119 configuring computer 101 devices 120 drives 119 general 119, 316 hardware 119 image 315 location 121 network configuration 120 prompting for 132 RILOE 122 services 120 TCP/IP 120 protocol settings setting up 274, 298 Proxy settings 378 PXE BIOS settings 485 boot menu tab 289 client BIOS settings 485 configuration tool 78 server 334 server installation 363 PXE Configuration Utility about 287 integration with Boot Disk Creator 288 opening 288 selecting properties 287 tracking boot menu options 288 PXE Manager about 287 PXE Server 332 communicating with Deployment Server 305, 305 controlling service load 306 installing remotely 310 multicasting 307 setting response times 304 viewing status 310 Q quick disk image 125 R RapiDeploy options 85 RapidInstall distribute package 531 RIP, distributing 172 rdeploy.exe command-line switches 489, 493, 502 executable files 489 refresh displayed data 83 view 94 registry settings backing up and restoring 180, 434 reject connection 372 rejected computers 94 remote computer operations 122, 415 control 130 Remote Agent Installer 79, 347 remote control 127 DS Remote Control 127 other programs 131 Remote Desktop 130 removing computers 83 computers from jobs 152 jobs 152 tasks jobs 152 replicating jobs 390, 400 reports,generating 389 requirements Deployment Web Console 335 Depoyment Server system 334 disk space 334, 334 file server 335 minimum agent 335 rescheduling jobs 84, 151 resizing disk image 427 resources view 73 restoring computers history 124 return codes 190, 440 return codes for installer 524 return codes, setting 440 rights 87, 382 evaluation 90 security 91 RILOE properties 122, 414 RIP. see RapidInstall rules, permission 92 run script 435 run script advanced 436 running jobs from resources view 152 script tasks 181, 435 S sample jobs 193, 529 scan resource files for changes 83 schedule job 422 scheduling jobs 422 scheduling jobs 373, 400, 422 scheduling jobs. see jobs screen lock 476 switch 476 script 182 creating 188 options, advanced 182 scripting 183 task 181, 435 Scripted OS Install Windows Vista 171 scripted OS install 165 Linux 172 Windows 166 scripting DOS/CMD errors 234 reporting errors 233 retrieving values with tokens 232 running scripts on the server 233 server scripting commands 231 Visual Basic error handling 235 writing scripts 231 search for files and folders 319 searching for computers 65, 140, 417 security 377, 380 best practices 87 DS authentication 90 enabling 88, 381 Deployment Solution 582
importing from Active Directory 89 Notification Security 386 permissions 87, 92 rights 87, 91 select computer 149 group 149 jobs 149 select computers 422 select job 422 server adding 387 communication 274 connection to client 363 Deployment Server 330, 334 DHCP Server 333 file server requirements 335 file server type 271, 296 library 391 package server setting up 392 PXE server 332 server access 377 server blades 137, 244 Dell 139, 246 Fujitsu-Siemens 139, 247 Hewlett Packard 138 IBM 140 new 137 server deployment rules 121, 121, 413 settings 136 server deployment rules 413, 413 server management 135 deployment 243 features 242 server package 390 servers adding 399 services 415 services properties 120 setting polling intervals 396 settings account 410 agent 375 Auotomation Agent 379 backing up and restoring files 180 capturing personality 176 changing agent 134 conditions 81, 149 Deployment Agent 109 NetWare client 409 networking 406 OS licensing 410 permissions 92, 383 personality 178 production agent 375 return codes 440 rights 382 Sysprep 84, 84 TCP/IP 408 TCP/IP protocol settings 274, 298 Share Deployment 332 shared menu new 291 shortcuts view 73 show computers 71 physical devices 372 shutdown settings 379 silent install options 479 command line switches 479 simple install 335 simple install entries 480 simple tests 530 DIR command at DOS 530 DIR command at Windows 530 Distribute RapidInstall Package 531 software distributing 172, 429 Software Virtualization Solution (SVS) 79 spanning media 213 split image find 317 open 317 start parameters for axengine 451 startup settings 379 status detail 71 Stored Procedures, allowed 87 switches axengine.exe 451 bwinst.exe 474 command line 446 install 478 kbdsclk 476 LAN support 569 Switch Add-On 569 synchronize display names with Windows computer names 83 Sysprep file location 364 settings 84 Sysprep settings 84 system requirements 334 T tabs manage user groups 90, 90 rights 91 task user password 400 tasks 423 building jobs 148 change configuration 188 copy file to 184 get inventory 181 list of 152 power control 186 removing 152 rescheduling 84 run sript 181 setting conditions 149 task password options 85 TCP port setting 305 TCP/IP properties 120, 413 protocol settings 274, 298 settings 408 tests 530 text file, importing from 405 Thin Client installing 342 Thin Client View 74 tokens create unique files 512 finding the right value 511 replacement 513 retrieving database values 232 template file rules 513 token replacement template files 512 toolbar description 270 tools 78 administrative 78 Boot Disk Creator 78 Image Explorer 79 package editing 79 PC Transplant Editor 79, 79 PXE Configuration 78 Remote Agent Installer 79 toolbar icons 78 Transplant Editor PC 79, 79 transport 265 U unattended install 165 uninstalling Deployment Agent for PocketPC 567 Unix 250 distributing software 250 imaging 250 updates tracking 310 USB flash drive not appearing 281, 282, 283 user name 380 users Deployment Solution 583
add 89 defined token 81 importing 89 utilities 78 icons 78 kbdsclk 476 keyboard and screen lock 476 LogEvent 183 V view refreshing 94 resources 73 shortcuts 73 virtual bays 246 centers 87 computer. see pre-configured computer account Virtual Bays 138 virtual computers 404 Vista Sysprep 30 VMware Virtual Center Web services 87 volume property 316 W Wake-On LAN BIOS settings 485 warn user 83 Web console. see Deployment Web Console Win32 console. see Deployment Console window. see pane WinPE Command-line Switches 487 WinPE Boot Options 277, 277, 301 wizard bootable media 279 Job Scheduling 149 New Configuration 271, 295 New Job 144 starting 271, 295 Wtools.ini 80