ALTIRIS

Deployment Solution 6.9

Admin Guide
Deployment Solution 2

Notice
Altiris Deployment Solution 6.9
2008 Altiris, Inc. All rights reserved.
Document Date: February 12, 2008
Information in this document: (i) is provided for informational purposes only with respect to products of Altiris or its subsidiaries (Products),
(ii) represents Altiris' views as of the date of publication of this document, (iii) is subject to change without notice (for the latest
documentation, visit our Web site at www.altiris.com/Support), and (iv) should not be construed as any commitment by Altiris. Except as
provided in Altiris' license agreement governing its Products, ALTIRIS ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS
OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A
PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. Altiris assumes no
responsibility for any errors or omissions contained in this document, and Altiris specifically disclaims any and all liabilities and/or obligations
for any claims, suits or damages arising in connection with the use of, reliance upon, or dissemination of this document, and/or the
information contained herein.
Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the
Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or
implied, by estoppel or otherwise, to any foregoing intellectual property rights.
No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express
written consent of Altiris, Inc.
Customers are solely responsible for assessing the suitability of the Products for use in particular applications or environments. Products are
not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications.
*All other names or marks may be claimed as trademarks of their respective companies.
Deployment Solution 3

Contents
Chapter 1: About Altiris Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Deployment Solution Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Deployment Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Deployment Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Management Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Automation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Part I: Planning and Installing Your Deployment System. . . . . . . . . . . . 25
Chapter 2: Preparing To Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Step 1: Log on to Your Deployment Server Computer as an Administrator . . . . . . . . . . . . . . . 26
Step 2: Create a Services Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Step 3: Gather Automation Operating System Install Files . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Step 4: Obtain a License File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Step 5: Install .NET and MDAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Step 6: Start Microsofts Internet Information Server (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 3: Installing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Simple or Custom Install? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Simple Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Custom Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Running the Setup Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Enable Microsoft Sysprep Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Enable Microsoft Windows Vista Sysprep Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Remotely Install Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Chapter 4: Post-Installation Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Step 1: Grant Full Control of the Deployment Share to Your Service Account. . . . . . . . . . . . . . 31
Step 2: Create Domain Join and Deployment Share Accounts . . . . . . . . . . . . . . . . . . . . . . . . 31
Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Deployment Share Read/Write Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Step 3: Grant Services Account the db_owner Role to Your Deployment Database . . . . . . . . . . 32
Step 4: Configure Your Deployment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Add Your Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Enable Security and Add Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Grant Console Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Grant Database Rights to Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Configure Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Step 5: Configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Step 6: Install the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Step 7: Configure Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Step 8: (Optional) Configure PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 5: Deployment Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
About the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Installing the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Deployment Solution 4

Using the Remote Agent Installer (Windows-only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Windows XP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Step 1: Disable Simple File Sharing on Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall . . . . . . . . . . . . . . . . . . 37
Step 3: Get Local User Rights (admin$ Share) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Step 4: Run the Remote Agent Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Using a Script, E-Mail Link, or Manual Installation (All Platforms) . . . . . . . . . . . . . . . . . . . . . . 37
Step 1: Provide Users Access to the Agent Installation Program. . . . . . . . . . . . . . . . . . . . 38
Step 2: Create the Input File for a Silent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Step 3: Run the Installation Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Agent Auto Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Part II: Booting Computers to Automation . . . . . . . . . . . . . . . . . . . . . . . 40
: What is Automation?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 6: Automation Boot Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Which Automation Boot Method Should I Use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
PXE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Automation Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Boot Media (DVD/CD, USB Device, Floppy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Chapter 7: Automation Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Which Automation Operating System Should I Use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter 8: Installing and Configuring Automation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring Automation Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Obtaining and Installing WinPE, Linux, or DOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Adding Additional Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Adding Mass Storage Drivers for WinPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Adding Large Files to a Linux Boot Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring Automation Boot Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring Automation Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring Boot Media (DVD/CD, USB device, Floppy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Deploying Automation to Managed Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Using Automation Partitions or Boot Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Using PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Chapter 9: Setting Up the Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
What is PXE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Why Use PXE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
PXE Services and Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
How PXE Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Part 1: DHCP Request and PXE Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Part 2: PXE Bootstrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
PXE Planning and Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Enabling PXE on Managed Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Installing and Configuring DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
How Many Altiris PXE Servers Do I Need? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Deployment Solution 5

Number of Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Network Speed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Physical Layout of your Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
PXE Request Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Installing Altiris PXE Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configuring PXE Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
PXE Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Shared vs. Local. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Session Timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
DHCP Server Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Boot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Shared vs. Local. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
PXE Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Part III: Using Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 10: Deployment Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Creating Jobs and Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Context Menus (Right-click). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Find a Computer in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Using Lab Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Computer Import File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Managing from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Deployment Console Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Features of the Deployment Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Shortcuts and Resources View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Thin Client View of the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Installing the Thin Client View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Switching Between Two Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Computers Pane. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Resources pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Inventory Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Toolbars and Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Deployment Solution Utility Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Software Virtualization Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Using SVS Admin Utility with Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Extending the Tools Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Computer Filters and Job Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Creating Conditions to Assign Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Creating a Computer Group Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
General Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Console options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Global options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Sysprep Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
OS Product Key dialog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Task Password options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Domain Accounts options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Deployment Solution 6

RapiDeploy options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Agent Settings options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Custom Data Sources options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Allowed Stored Procedure List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Virtual Centers options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Security in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Best Practices for Deployment Solution Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Enabling Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Setting Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Connecting to Another Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Rejected Computers in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Refresh Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Managing Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Viewing Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Adding New Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Creating a New Computer Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Importing New Computers from a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Computer Configuration Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
General Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Microsoft Networking Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
TCP/IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
TCP/IP Advanced Options - IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
TCP/IP Advanced Options - Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
TCP/IP Advanced Options - DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
TCP/IP Advanced Options - WINS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
TCP/IP Advanced Options - Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
NetWare Client Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Operating System Licensing Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
User Account Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Deployment Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Server Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Startup/Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Deployment Agent for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Deployment Agent Settings for DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Drive Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Managing Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Computer Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Deployment Solution 7

Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Bay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Server Deployment Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Remote Operations Using Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Restoring a Computer from its Deployment History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Configuring Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Quick Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
DS Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Remote Desktop Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Additional Remote Control Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Prompt User for Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Install Automation Partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Change Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Deploying and Managing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Server Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Server Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Managing Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Managing New Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Virtual Bays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Hewlett-Packard Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Dell Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Fujitsu-Siemens Server Blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
IBM Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Find a Computer in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Using Lab Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Building and Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Viewing Job Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
New Job Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Migrating Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Selecting Computers in the New Job Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Apply Computers to a Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Associating Destination Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Setting up Conditions in the New Job Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Install Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Summary of Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Building New Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Job Scheduling Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Select Job(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Select Computer(s) or Computer Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Setting Conditions for Task Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Order Condition Sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Creating a Mac Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Creating a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Deployment Solution 8

Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 159
Advanced Sysprep Settings for Creating a Disk Image in Windows Vista . . . . . . . . . . . . . 159
Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Distributing a Mac Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Distributing a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 163
Advanced Sysprep Settings for Distributing a Disk Image in Windows Vista. . . . . . . . . . . 163
Distribute Disk Image-Resizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Distribute Disk Image-Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 164
Scripted OS Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Scripted Install for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Select Operating System Version and Language. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Installation Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Operating System-Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Partition and Format Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Import an Answer File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Answer File Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Add a New Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Delete a Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Add a New Variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Command-line Switches for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Deployment Agent Settings for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Scripted Install for Windows Vista and 2008 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Scripted Install for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Distribute Software Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Managing the SVS Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Import Package Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Capture Personality Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Distributing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Script Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Using LogEvent and WLogEvent in Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Copy File to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Copy File to Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Modifying Tasks in a Deployment Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Modifying Multiple Modify Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Creating New Script Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Copy and Paste Jobs and Job Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Importing and Exporting Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Setting Up Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Sample Jobs in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Initial Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Deployment Solution 9

Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Advanced Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Part IV: Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Chapter 11: Securing Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Part 1: Deployment Server Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Service Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Deployment Share Read/Write Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Part 2: Deployment Administrator Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Role and Scope Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Deployment Console Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Manage By Exception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Rights and Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Grant Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Grant Permissions to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Permission Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Part 3: Database Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Required Database Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Rights Required to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Rights Required for the Services Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Rights Required for Deployment Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Part 4: Securing Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Deployment Agent Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Key Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Additional Agent Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Keyboard Locks in Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Appendix A: Remote Agent Installer Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Appendix B: Managing Task Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Appendix C: Managing Key-Based Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Backing up the Server Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Enabling Key-based Authentication with Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Chapter 12: Migrating Application Data and User Settings . . . . . . . . . . . . . . . . . . . . . 211
Chapter 13: Capturing and Deploying Disk Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
What is a Disk Image? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Imaging in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
How Imaging Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Partitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Partition Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Spanning Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
How Multicasting Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
HTTP Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Capturing Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Deploying Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Post-Imaging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Managing Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Deployment Solution 10

: ImageX Imaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Obtaining and Installing ImageX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Capturing and Distributing ImageX Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Chapter 14: Mac Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Creating an Automation Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Step 1: Configure a Source Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Step 2: Provide Credentials to Access Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Step 3: Image the Source Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Configuring the NetBoot Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Step 1: Configure the NetBoot Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Step 2: Start the NetBoot Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
: Symantec Ghost Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Chapter 15: Software Packaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Why Use Software Packaging? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Overview of the Software Packaging Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Setting up a Reference Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Accessing Wise SetupCapture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Capturing a Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
What Can I Capture?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
The Capture Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Customizing a Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Distributing a Software Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Appendix A: Migrating From RapidInstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Appendix B: Windows Installer Format Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Advantages of Windows Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Appendix C: SetupCapture Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Chapter 16: Deploying Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Writing a Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Server Scripting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Retrieving Database Values Using Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Running Scripts on the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Reporting Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
DOS/CMD Error Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Visual Basic Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Linux Shell Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Chapter 17: Creating an Image Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . 237
Why Use an Image Distribution Framework? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
PXE Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
What if I Am Not Using PXE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Creating a Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Step One: Set Up Local Image Stores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Step Two: Replicate Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Step Three: Configure the Server Lookup Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Create a Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Create a Server Lookup File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
GetSRV.EXE Parameter Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Step Four: Create a Boot Disk Creator Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Modify Mapdrv.bat to call Getsrv.bat. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Deployment Solution 11

Deploy the Boot Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Step Five: Distribute an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Chapter 18: Deploying and Managing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Server Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Server Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Managing Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Managing New Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Hewlett-Packard Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Virtual Bays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Dell Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Fujitsu-Siemens Server Blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
IBM Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Part V: Operating System and Platform Reference . . . . . . . . . . . . . . . . 248
Chapter 19: 64-bit Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
64-bit Job Conditions and Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
64-bit PXE Boot Images & Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Adding Files to a Boot Disk Creator Configuration for 64-bit. . . . . . . . . . . . . . . . . . . . . . . . . 249
: Linux and Unix Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
ADLAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Installing and Configuring ADLAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Imaging Linux and Unix Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Linux Bootloaders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Chapter 20: Managing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Supported Thin Client Manufacturers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Thin Client Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Windows XP Embedded (XPe) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
The Enhanced Write Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Using the EWFMGR Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Windows CE .NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Licensing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
: Windows Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Install the Deployment Agent on Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
UnInstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Start and Stop the DAgent Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Vista Software Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Vista Run Script Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Vista Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
: Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Installing The Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Removing the Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Deployment Solution 12

Part VI: Reference: Deployment Solution Help Files . . . . . . . . . . . . . . . 260
Deployment Server Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Service Logon Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
General Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Drive Mappings Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Transport Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Disk Imaging Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Authentication Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Connections Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Debug Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Introduction to Altiris Boot Disk Creator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Boot Configuration Creation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Toolbar Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
New Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Configuration Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
File Server Type (DOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Multi-Network Adapter Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Network Adapters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Have Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
TCP/IP Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Altiris Deployment Server Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Network Drive Mappings and Mount Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
WinPE Boot Option Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Optional Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Configuration Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Edit Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Additional Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Create PXE Boot Image Files (PXE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
PXE Boot Image Creation Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Automation Partitions, Network and Automation Boot Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Create Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Create Automation Partition Install Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Create Automation Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Create Network Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Remove Automation Partition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Missing Files for Processor Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Install Pre-boot Operating System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
FreeDOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
MS-DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Set Default Pre-boot Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
PXE Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Boot Menu Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
New Shared Menu Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Edit Shared Menu Option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Import Boot Menu Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Deployment Solution 13

Regenerate Boot Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Install Pre-boot Operating System Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
FreeDOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
MS-DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Set Default Pre-boot Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
New Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Configuration Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
File Server Type (DOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Multi-Network Adapter Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Network Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Have Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
TCP/IP Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Altiris Deployment Server Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Network Drive Mappings and Mount Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Optional Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Configuration Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Edit Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Additional Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Create PXE Boot Image Files (PXE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
PXE Boot Image Creation Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
PXE Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
DS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
MAC Filter Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Define MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Multicast Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Data Logs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Remote PXE Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Altiris ImageExplorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Using ImageExplorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
View Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
General Properties for an Image File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
General Properties for a Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
General Properties for a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
General Properties for Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Description Properties for an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Open a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Open Split Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Find Missing Split Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Add New Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Convert an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Create an Image Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Extract a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Find Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Filter Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Make Self-Extracting Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Not Enough Free Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Deployment Solution 14

ImageX Sample Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Print Folder Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Print Preview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Print a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Set a Password on an Image File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Split an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Command-Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Installing Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Deployment Server Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Deployment Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Support for Multiple Database Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Deployment Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Deployment Server System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Simple Install for Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Custom Install for Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Thin Client Install for Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Component Install for Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Installing Deployment Solution Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Client Connectivity and Network Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Installing the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Remote Agent Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Enter administrator account information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Specify install directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Automatically Add to a Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Select Computers on the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Download Microsoft Sysprep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Change Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Get Server Security Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Installing Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Automating the Installation of Deployment Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Editing the Sample.inp file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Using Remote Agent Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Using the Template File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Installing Deployment Agent on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Installing the Automation Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Managing Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Using the License Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Install a Regular License for Altiris Products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
HP client computers and licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Install Multiple Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Adding a License from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Rapid Deployment Pack Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Finding the Number of Licenses Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Computers Not Using a Regular License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Detecting an Expired License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Expired Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
DS Installation Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Install Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Deployment Solution 15

Installing Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Deployment Server Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Pre-boot Operating System (Simple) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Pre-boot Operating System (Custom) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Deployment Database Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Altiris PXE Server Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Client Connection to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Deployment Web Console Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Sysprep. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Installing Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Installation Information Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Add Components Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Deployment Database Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Add Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Console Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Part VII: Deployment Web Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Managing from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Deployment Web Console Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Deployment Web Console Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Basic Tasks from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Remote Computer Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Reject Client Computer Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Assigning and Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Finding and Filtering Computers and Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Deployment Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Production Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Automation Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Enabling Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Setting Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Automated Deployment Services (ADS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Deployment from the Altiris Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Adding Deployment Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Task Password options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Configuring the Deployment Server AClient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Viewing Notification Server Clients without AClient . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Installing AClient to a Notification Server Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Creating Deployment Server AClient Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Configuring the Deployment Server Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Generating Deployment Reports from the Altiris Console. . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Altiris Console Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Using Package Servers to Replicate Deployment Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Overview of Package Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Deployment Solution 16

Setting Up a Central Deployment Server Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Setting Up Package Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Modify the DS Library Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Exporting and Importing Deployment Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Setting Polling Intervals in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Setting the DS Agent Polling Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Setting the Altiris Agent Configuration Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Managing Computers from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . 398
Managing Multiple Deployment Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Adding Deployment Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Changing Task User Password options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Scheduling Jobs from Other Deployment Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Viewing Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Adding New Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Creating a New Computer Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Importing New Computers from a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Computer Configuration Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Networking Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
TCP/IP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
NetWare Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Operating System Licensing Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
User Account Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Managing Agent Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
TCP/IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Bay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Server Deployment Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Remote Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Find a Computer in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Creating a Computer Group Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Scheduling Jobs from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Viewing Job Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Building New Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Job Scheduling Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Select Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Select a Job. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Schedule Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Deployment Solution 17

Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 425
Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Distributing Disk Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 427
Distribute Disk ImageResizing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Distribute Disk ImageAdditional Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 428
Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Distribute Software-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Capture Personality-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Distributing Personality Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Advanced Run Script Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Copy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Copy File Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Copy Jobs and Job Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Importing and Exporting Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Setting Up Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Initial Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Part VIII: Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Appendix A: Command-Line Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Job Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Job Export Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Job Import Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Create Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Schedule Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Import Computer Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
axengine.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Aclient.exe Command-line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Aclient.inp Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
ADLAgent.config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
AClient.config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Deployment Agent for DOS Command-line Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Bootwork.exe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Deployment Agent for DOS Install (Bwinst.exe) Switches . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Keyboard and Screen Lock Utility (Kbdsclk) Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Deployment Server Install Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Silent Install Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Simple Install Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Custom Install Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Add Component Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
Client BIOS Settings for Wake-On LAN and PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
Deployment Solution 18

Command-line Switches for the Pocket PC Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Command-line Install Switches for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Command-line Install Switches for WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Chapter 21: RapiDeploy Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
RapiDeploy Executable Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Running RapiDeploy from the Command-line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
RapiDeploy Command-line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
Using Command-line Switches with Executable Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Using File System Independent Resource Management (FIRM). . . . . . . . . . . . . . . . . . . . . . . . . . 502
How FIRM Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Running FIRM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
FIRM Command-Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Appendix B: Tokens: Dynamic Database Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
System Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Finding the Right Token Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Creating Unique Files Using Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Token Replacement Template Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Template File Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
The Token Replacement Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Custom Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Appendix C: Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
General Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Client Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Communication Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Critical Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Memory Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Partition Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Installer Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Appendix D: System Jobs for Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Create Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Distribute Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Simple Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
DIR Command at DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
DIR Command at Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Distribute RapidInstall Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Migrations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Capture User Application Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Capture User Desktop Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Capture User Microsoft Office Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Capture User Printer Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Misc Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Install Office XP from Mapped Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Install Office XP from UNC Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
SQL 2000 Unattended Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534
SQL 2000 Unattended Install Using a RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534
Copy WLogevent to Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Install MSI 2.0 Runtime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Repair Office XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Deployment Solution 19

Restart Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Shutdown Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Start SQL Server Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Stop SQL Server Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Uninstall Office XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Wake up Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Distribute Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Install Altiris Pocket PC Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Scripted OS Installs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Create W2K Install Disk Image (Target HD). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
W2K Scripted Install (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
Create RH7 Install Disk Image (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540
Create RH7 Install Disk Image (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
RH7 Scripted Install (Network). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
RH7 Scripted Install (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Create RH8 Install Disk Image (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
RH8 Scripted Install (Network). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
Send Email if Disk Space Low (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Logevent Script (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Restart HTTPD Service (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Move Computer to Default Container (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Move Computer to Specific OU (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
Send Error Email (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
Server-side Embedded VBScript (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
WLogevent CMD Script (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
WLogevent VB Script (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
XP Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
Disable Enhanced Write Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
Enable Enhanced Write Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
Distribute RapidInstall Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
Agent Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
SVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
Appendix E: Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
PXE MTFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
PXE Manager and PXECfg Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
Deployment Web Console (Web Console) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
DB Management (Middle Man) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Deployment Console (Win32 Console). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
Deployment Agent on Windows (AClient) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
Deployment Agent on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554
Client/Server File Transfer Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554
RapiDeploy Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Appendix F: Deployment Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Appendix G: Windows Registry Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Key in the Security Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
Deployment Solution 20

Appendix H: Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
Appendix I: Managing Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568
LAN Switch Support List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Using Deployment Solution Switch Add-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Adding a Switch Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Discovering a Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Deleting a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Viewing and Setting Device Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Setting the VLAN for a Switch Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Assigning Connectivity to a Switch Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
Command-line Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
GUI Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
Deployment Solution Switch Add-On (Command Line Options) . . . . . . . . . . . . . . . . . . . . . . 574
Command-line Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
Deployment Solution 21

Chapter 1
About Altiris Deployment Solution
Altiris Deployment Solution software provides a suite of tools to quickly install
operating systems and software. Deployment Solution leverages a number of Altiris
technologies to provide extensive management capabilities:
In addition, the following technologies are integrated with the features of Altiris
Deployment Server software to provide comprehensive deployment and migration:
Altiris Technology Description
RapiDeploy Imaging Capture and deploy computer images using PXE,
DVDs, CDs, or USB drives.
Scripted OS Installation and
Sysprep Integration
Perform automated scripted operating system
installations using sysprep.
PC Transplant Personality
Migration
Migrate user data and application settings to new
hardware and operating systems.
Software Virtualization and
Software Distribution
Deploy, activate, and manage SVS layers, and
install other software packages.
Wise Package Studio and Wise
SetupCapture
Build and capture custom installation packages
using the latest Windows Installer technology.
Script deployment engine Remotely execute Visual basic and Linux shell
scripts.
Deployment Server Feature Description
Task-sequencer Management tasks provided by Deployment
Server can be grouped and executed in order,
enabling you to perform complex management
operations in a single job.
Computer groups Computers can be organized into multiple groups
to simplify job deployment. Drag and drop a
computer group onto a job and the job runs on all
computers in the group.
Dynamic insertion of database
values (tokens)
Scripts, Sysprep configuration files, and other
values can use tokens to retrieve database values
at run time.
Computer discovery Quickly install the Deployment Agent on large
numbers of Windows computers using the
Remote Agent Installer.
Inventory Managed computers are inventoried for software
and hardware, and conditions and filters can be
created based on this inventory. Example: a
distribute software task could check the operating
system and distribute the correct software
version.
Deployment Solution 22
About Altiris Deployment Solution

Deployment Solution Architecture
Before installation, you should become familiar with the different components of a
Deployment System and how these components interact. The following diagram
provides an overview of the Deployment System components:
Depending on the needs of your environment, multiple Deployment System components
can be installed on the same computer. A single dedicated server could host your
Deployment Server, Deployment Share, Deployment Database, Management Consoles,
and PXE Server.
Extensive supported platforms Support for 32- and 64-bit architecture, servers,
blades, thin clients, and Itanium, running
Windows and Linux operating systems.
Power control, Wake on LAN Managed computers can be started or shutdown
remotely.
Deployment Server Feature Description
Deployment Solution 23
About Altiris Deployment Solution

Deployment Server
The Deployment Server is the central component of a Deployment System and manages
the Deployment Database, the communication between the different components, and
schedules jobs to run on managed computers.
Deployment Database
The Deployment Database provides the back-end datastore and stores details about the
computers, groups, and jobs in your Deployment System. Most of the time, you do not
need to interact directly with the database.
Deployment Share
The Deployment Share stores all files, such as installation programs, disk images, and
SVS layers you want accessible to managed computers.
This share can reside on your Deployment Server or on another computer, and is often
replicated to different locations to provide better access, especially in distributed
networks or when sharing large files.
Management Consoles
Deployment Solution provides three management consoles:
Deployment Console: A Windows application that provides complete access to the
Deployment System administration.
Deployment Solution 24
About Altiris Deployment Solution

Deployment Web Console: A Web application that provides browser-based
administration. This console can be executed remotely using any Web browser, and
has built-in tools to manage multiple Deployment Servers.
Deployment Tab in the Altiris Console: This interface is integrated into the Altiris
Console to provide integrated management with other Altiris Solutions. Its features
are the same as the Deployment Web Console.
Automation Tools
Automation is the preboot environment loaded by Deployment Server to perform tasks
which need to happen outside of the normal operating system. If you have ever used a
disk imaging utility, or booted a computer using an installation CD, you are probably
familiar with running computers in a similar environment.
Deployment Solution provides several tools to boot computers to this environment and
supports several automation operating systems.
Deployment Agent
This agent runs on managed computers to report inventory, run software and scripts,
perform power control, and boot the computer into automation.
A Remote Agent Installer is provided to quickly install the agent on multiple Windows
computers. Linux computers can install the agent using startup scripts and other
automated processes.
Deployment Solution 25

Part I
Planning and Installing Your
Deployment System
Deployment Solution is designed to meet deployment, management, and migration
needs for small, medium and large organizations with diverse topologies and varying
computer management requirements. This section provides steps for installing
Deployment Solution components, but also includes system architecture details and
discusses planning strategies to install and optimize your Deployment Solution system.
The installation process is divided into the following sections:
Preparing To Install (page 26)
Installing (page 29)
Post-Installation Configuration (page 31)
Deployment Agent Installation (page 36)
Deployment Solution 26

Chapter 2
Preparing To Install
This sections lists the tasks you need to complete before you install Deployment
Solution.
Step 1: Log on to Your Deployment Server Computer as an Administrator (page 26)
Step 2: Create a Services Account (page 27)
Step 3: Gather Automation Operating System Install Files (page 28)
Step 4: Obtain a License File (page 28)
Step 5: Install .NET and MDAC (page 28)
Step 6: Start Microsofts Internet Information Server (IIS) (page 28)
Step 1: Log on to Your Deployment Server Computer as an
Administrator
The account you use to install Deployment Solution must be a Windows Administrator
and must possess System Administrator rights on the SQL server that will host your
Deployment Database to install the Deployment Database. These database rights can be
granted temporarily and revoked after the installation completes.
If you want to use a different account to create the database, you must select a custom
install and provide SQL credentials instead of Windows NT authentication.
Important
In SQL Server 2005 TCP/IP is disabled by default. This must be enabled before you
install Deployment Solution.
To grant database rights
1. Open Enterprise Manager and connect to your SQL Server.
2. Browse to Security > Logins:
Deployment Solution 27
Preparing To Install

3. Select the Administrator account you are using to install Deployment Solution. If it
does not exist, add it.
4. Click the Server Roles tab, and enable System Administrators:
5. Click OK and verify that the role was added.
MSDE Database Engine
Optionally, in smaller installations, you can use the MSDE database engine instead of
SQL Server. This is typically not recommended due to the lack of database management
tools. MSDE must be installed on the same computer as the Deployment Server
component.
If you decide to use MSDE, it can be installed by selecting the Simple Install Helper
option in the installation program. We recommend using the Simple Install Helper to
install MSDE as this version is usable by Deployment Solution immediately after
installation and requires no additional configuration on your part.
Step 2: Create a Services Account
Create an account to run the services and connect to the database. This account is used
only by Deployment Server, and is not tied to a user. For security reasons, we dont
recommend using an existing administrator account which might possess rights beyond
those needed by Deployment Server. The account should not be part of a group and
should not posses interactive login privileges.
If your Deployment Database, Server, and Share are installed on the same computer,
create a local account on that computer.
If your Deployment Database or Share will be on a different computer than your
Deployment Server, create a domain-level account, or create local accounts with the
same credentials on each computer hosting a Deployment Solution component.
Example:
If your SQL Server is on another computer and you are not using a domain-level
account, create a local account with the same credentials on your SQL Server computer.
The same situation applies if your Deployment Share is hosted on another computer.
Deployment Solution 28
Preparing To Install

To create a services account
1. On each computer where you host a Deployment System component, click Start >
Administrative Tools > Computer Management.
2. Browse to Local Users and Groups, and add a new user:
The process for creating domain-level accounts is similar. This is the only account that
needs to be created before you install.
Step 3: Gather Automation Operating System Install Files
If you are ready to install an automation operating system, this can be done during the
installation. If you are new to Deployment Solution and are not familiar with
automation, we recommend skipping this step and installing automation operating
systems later.
Place your automation install files (BDC*.frm) in the same folder as the Deployment
Solution installation program (by default, this is c:\DSSetup). During install, these files
are detected automatically.
Step 4: Obtain a License File
For evaluation, you can use the integrated 7-day license, or you can use the 30-day 10-
node trial license that is sent automatically when the software is downloaded. If you
have purchased a license, you need to have the .lic license file available during
installation.
Step 5: Install .NET and MDAC
Your Deployment Server computer requires .NET 1.1 and MDAC 2.7 SP1 or later. This
software is available on the Microsoft download site.
Step 6: Start Microsofts Internet Information Server (IIS)
If IIS is running during the Deployment Solution installation, the Deployment Web
Console is installed automatically.
Deployment Solution 29

Chapter 3
Installing
Simple or Custom Install?
If you plan to install your Deployment Server, Database, and Share on the C drive of the
same computer, select the Simple install. Otherwise, select Custom.
Simple Install
Installs to the C drive.
Installs each of the Deployment System components (with the exception of the
Deployment Agent) on the computer where the install was launched.
Lets you install a single automation operating system (more can be added later).
The Simple Install Helper installs the MSDE database engine if no database is
detected.
Custom Install
Installs to a drive other than C.
Lets you select a computer other than the computer the install was launched from to
install each Deployment System component. If you select to do this, certain values
regarding the installation are stored in the local Windows registry. This simplifies
adding components or installing add-ons such as the Altiris packaged WinPE.
Lets you select a custom name and instance for the Deployment Database.
Lets you select a different computer to host the Deployment Share. If you plan on
doing this, you must create the share and grant the account you created in Step 2:
Create a Services Account (page 27) full control before installation.
Lets you install multiple automation operating systems (more can be added later).
Running the Setup Program
After you have completed the steps outlined in the previous section, launch setup.exe.
Use the administrator account you configured in the previous section to perform the
installation, and provide the services account you created when prompted. If you need
clarification during any of the installation steps, click Help.
After Deployment Solution is installed, you have the option of enabling Sysprep support
and remotely installing the Deployment Agent.
Enable Microsoft Sysprep Support
If you plan on using Sysprep to deploy standard images and scripted operating system
installs, provide the location of the deploy.cab file for the operating systems for which
you want to enable Sysprep. These are located on your Windows installation CDs.
Deployment Solution 30
Installing

This can be installed later by running setup.exe and selecting Component Install.
Enable Microsoft Windows Vista Sysprep Support
Microsoft Windows Vista Sysprep lets Sysprep run on a Vista Client after an Imaging
event.
Vista Sysprep lets Administrators prepare generic images for deploying images to
different types of systems within an environment to eliminate the support for multiple
images. After building the basic image, the Administrator can run Microsoft Sysprep on a
computer to delete unnecessary information and prepare the system for imaging and
distribution to other systems.
Remotely Install Deployment Agent
After the installation completes, you have the option of remotely installing the
Deployment Agent.
Unless you are familiar with Deployment Solution and the Remote Agent Installer, we
recommend you do not install the agent at this time. A full discussion of Deployment
Agent rollout is contained in Deployment Agent Installation (page 36).
Deployment Solution 31

Chapter 4
Post-Installation Configuration
This section contains the tasks you should perform after installation to complete the set
up of your Deployment System:
Step 1: Grant Full Control of the Deployment Share to Your Service Account
(page 31)
Step 2: Create Domain Join and Deployment Share Accounts (page 31)
Step 3: Grant Services Account the db_owner Role to Your Deployment Database
(page 32)
Step 4: Configure Your Deployment System (page 33)
Step 5: Configure Security Settings (page 35)
Step 6: Install the Deployment Agent (page 35)
Step 7: Configure Automation (page 35)
Step 8: (Optional) Configure PXE Server (page 35)
Step 1: Grant Full Control of the Deployment Share to Your
Service Account
If your Deployment Share was created during the installation, grant the services account
full control of this share. By default, this folder is C:\Program
Files\Altiris\eXpress\Deployment Server.
Step 2: Create Domain Join and Deployment Share Accounts
After installation, we recommend creating some additional accounts. These accounts are
different than the accounts used by the people who are going to manage computers.
These accounts are not tied to users, and should not possess interactive login or any
rights beyond what is recommended here.
The domain join account is used to join or re-join computers to a domain after imaging
or initial deployment. The Deployment Share read/write account is used to access this
share from the automation environment.
Domain Join Accounts
Create a separate domain-level account for each domain in which you
manage computers, granting the rights recommended in the following
table:
Rights Description
Domain Grant privileges to add computer to domain.
Deployment Solution 32
Post-Installation Configuration

Deployment Share Read/Write Account
Create this account on the computer hosting your Deployment Share,
granting the rights in the following table:
Step 3: Grant Services Account the db_owner Role to Your
Deployment Database
1. Open Enterprise Manager and connect to your SQL Server.
2. Browse to Security > Logins:
3. Double-click the account you are using to run the Deployment services. If the login
is not listed, add it.
4. Click the Database Access tab, select the eXpress database, and enable the
db_owner role:
Rights Description
File System Grant read/write privileges to your Deployment Share.
Deployment Solution 33
Post-Installation Configuration

5. Click OK and verify that the change was successful.
Step 4: Configure Your Deployment System
The majority of tasks you perform in your Deployment System use the Deployment
Console.
To open the Deployment Console
1. Click Start > Programs > Altiris > Deployment Solution > Console.
Add Your Domain Join Accounts
If you are using accounts to join computers to a domain you need to provide the account
credentials.
To add domain join accounts
1. In the Deployment Console, click Tools > Options > Domain Accounts.
2. Provide the accounts you created in Step 2: Create Domain Join and Deployment
Share Accounts (page 31).
Enable Security and Add Administrators
By default, the Deployment Console can be used on your Deployment Server by any
user who possesses rights to log in and run applications. This works well in situations
where you already have policies in place to control server access, and you have a group
of administrators who will have full access to deployment functionality.
If you want to provide more granular access to configuration options, jobs, and
computers, you can enable security.
To enable security
You must add at least one user or group to enable security.
Deployment Solution 34
Post-Installation Configuration

1. In the Deployment Console, click Tools > Security.
2. Add a new user or group. We recommend clicking AD Import and importing Active
Directory groups, as this simplifies rights management. The first user or group
added is granted administrator rights. Each additional user or group after the first
are granted no rights and must be assigned rights explicitly.
Security is automatically enabled after a user or group is added. Additional users or
groups can be added using this same method.
Grant Console Rights to Administrators
1. In the Deployment Console, click Tools > Security.
2. Select a user or Group and click Rights.
3. Enable the rights you want granted. For a more complete discussion, see See
Securing Deployment Solution 6.8 on the Altiris Knowledgebase.
Grant Database Rights to Administrators
Each Administrator with console access must be granted public rights to your
Deployment Database. The best way to do this is by assigning public access to the
Active Directory groups containing your Deployment administrators.
This prevents you from manually granting this access to individual administrators as
they are added or removed from Deployment management responsibilities.
1. Open Enterprise Manager and connect to your SQL Server.
2. Browse to Security > Logins.
3. Add a login for each user or group that will manage computers using Deployment
Solution.
4. For each user or group, on the Database Access tab, grant the public role for the
eXpress database:
Deployment Solution 35
Post-Installation Configuration

Configure Deployment Server
The Deployment Server Configuration Utility lets you configure advanced settings for the
Deployment Server component.
You can stop, start, or restart the Deployment Server services, update the services
account, and configure additional options. You do not need to perform any configuration
at this time, though you should become aware of the configuration options provided.
To Open the Deployment Server Configuration Utility:
1. Click Start > Programs > Altiris > Deployment Solution > Configuration.
Step 5: Configure Security Settings
See Securing Deployment Solution 6.8 on the Altiris Knowledgebase for an in-depth
discussion of Deployment Solution security.
Step 6: Install the Deployment Agent
The Deployment Agent needs to be installed on all computers you want to manage using
Deployment Solution.
See Deployment Agent Installation (page 36).
Step 7: Configure Automation
If you plan on imaging computers or deploying computers using scripted installs you
need to configure your automation environment.
See Deployment Solution 6.8 Preboot Automation Environment on the Altiris
Knowledgebase for an in-depth discussion of automation.
Step 8: (Optional) Configure PXE Server
Preboot Execution Environment (PXE) is an open industry standard that enables
computers to boot remotely using a network card.
Deployment Solution 36

Chapter 5
Deployment Agent Installation
The Deployment Agent runs on managed computers to perform local management tasks
as directed by Deployment Server. Some of these tasks include:
Software installations
SVS layer management
Script execution
Remote control
Inventory and configuration
If you plan on doing more than computer imaging or scripted installations, you should
install the Deployment Agent on managed computers. Without installing the Deployment
Agent, you can still boot computers to automation using PXE, embedded partitions, or
boot media to perform some tasks.
The agent simplifies these tasks by automatically restarting the computer and
controlling when to boot the embedded partition, but it is not required.
About the Deployment Agent
The Deployment Agent can be installed in the production environment of all the
computers you want to manage. Additionally, the Deployment Agent is automatically
included in each of the automation boot configurations you create using PXE,
automation partitions, or boot media.
There are three versions of the Deployment Agent:
DAgent - Windows Vista, Windows 2008
AClient - Windows XP and previous
ADLAgent - Linux, UNIX, Solaris, Mac
DAgent provides experimental support for Windows XP, see the release notes for details.
References in this document to the Deployment Agent refer to all versions; references to
DAgent, AClient, or ADLAgent refer to the specific executable.
Installing the Agent
There are two standard methods to install the Deployment Agent on multiple
computers:
Using the Remote Agent Installer (Windows-only) (page 37)
Using a Script, E-Mail Link, or Manual Installation (All Platforms) (page 37)
For Additional details on the Vista, Linux and Mac agent see Operating System and
Platform Reference (page 248).
Deployment Solution 37
Deployment Agent Installation

Using the Remote Agent Installer (Windows-only)
Advantage: Browse your network to quickly select computers, monitor installation
status in real time, and retry failed installations.
Disadvantage: Requires Local User rights on each computer. Does not work with simple
file sharing in Windows XP.
Windows XP
Step 1: Disable Simple File Sharing on Windows XP
1. In Windows Explorer, click Tools > Folder Options > View tab.
2. Clear the Use simple file sharing check box in the Advanced settings section.
Step 2: Allow File and Printer Sharing in Windows
XP SP2 Firewall
1. Open the Security Center from the Windows Control Panel.
2. Manage the security settings for the Windows firewall to add an exception for File
and Printer Sharing.
Step 3: Get Local User Rights (admin$ Share)
To initially install the agent on managed computers, you need an account with Local
User rights. You need access to this account only when performing the one-time agent
installation, so either use your domain administrator, a domain account with local user
rights, or any other account with local rights. After the agent is deployed, you no longer
need access to this account.
To determine whether you have sufficient rights, browse to:
\ \ host name\ admi n$
Replacing hostname with the name of the computer where you want to install the
Deployment Agent. If you can access this share you have sufficient rights.
Step 4: Run the Remote Agent Installer
In the Deployment Console, click Tools > Remote Agent Installer. If you need
clarification during any of the installation steps, click Help.
Using a Script, E-Mail Link, or Manual Installation (All
Platforms)
Advantages: You do not need Local User rights to install if you have individual logged-
in users initiate the install, works for Linux and Unix computers.
Disadvantages: Not as automated as the Remote Agent Installer, troubleshooting will
likely require direct intervention.
The remaining installation methods are grouped together because they perform the
same functions: Execute the agent installation while providing a configuration file for a
silent install.
Deployment Solution 38
Deployment Agent Installation

Step 1: Provide Users Access to the Agent
Installation Program
The agent installation programs are stored in the Agents folder on your Deployment
Share. Copy this file to a location that your users can have access.
For security purposes, we do not recommend granting any users direct rights to your
Deployment Share, especially if you are storing software or computer images on this
share.
Tip
If you are managing 32- and 64-bit computers, you can install the 32-bit agent on both
hardware types. After connecting, the 32-bit computers automatically update to the 64-
bit version.
Step 2: Create the Input File for a Silent Install
To configure new computers using a silent install, you can specify an input file containing
configuration settings.
Windows computers installing AClient use aclient.inp file. Linux and UNIX computers
installing ADLAgent use adlagent.conf. Details on the options are contained within each
file and are also described in the Deployment Solution Reference Guide.
When modifying adlagent.conf, ensure you use a text editor that properly handles UNIX-
format line endings.
Configure each file and place a copy with the agent installation program.
Optionally, for Windows computers, you can use the Force Deployment Agent Settings
on New Computers feature to reduce the amount of configuration you need to perform in
the input file. When this is enabled, the agent receives global settings you have specified
when it connects for the first time.
To force agent settings on new computers:
1. In the Deployment Console, click Tools > Options.
2. Click the Agent Settings tab and select the Force new agents to take the
default settings check box.
3. Click Change Default Settings to define default settings.
Step 3: Run the Installation Program
On each computer, you need to run a command similar to the following:
\ \ myshar e\ ACl i ent . exe acl i ent . i np - i nst al l
or
. / adl agent
To run this, you could:
Have users copy and paste it into the Windows Run dialog, or send the link in an e-
mail message.
Place it in a startup script.
Execute it remotely using Telnet or SSH.
Deployment Solution 39
Deployment Agent Installation

Agent Auto Update
The Deployment Agent has the ability to update itself to a newer version automatically,
and is set to update computers in batches to prevent network overload. This greatly
reduces the effort required when upgrading.
See the release notes on the Altiris Knowledgebase for specific information on Agent
upgrades.
Troubleshooting
See the following article on the Altiris KnowledgeBase:
Additional articles can be found by searching the Altiris KnowledgeBase.
18248 Remote Agent Installer Fails for AClient
Deployment Solution 40

Part II
Booting Computers to Automation
Deployment Solution has the ability to perform work on computers before the normal
operating system loads. To do this, a managed computer is booted into an environment
where it can communicate with your Deployment Server to perform tasks.
This preboot environment is called automation. In order to perform image capture and
deployment, scripted installs, or execute certain scripts, you must implement a way to
boot computers into this environment.
This section provides the information you need to configure a boot method, including
PXE, and select an operating environment for automation tasks.
Deployment Solution 41

What is Automation?
Deployment Solution uses two modes to manage computers:
Several of the tasks you perform to manage your network can be completed in the
production environment. However, other tasks, primarily imaging, must be performed
before the operating system boots. In Deployment Solution, this pre-boot environment
is called the automation environment, or booting into automation mode.
The following table contains a list of Deployment Solution tasks and the environment in
which they execute:
In order to manage computers in automation, you must select a method to boot
computers to automation and decide which operating to use in the automation
environment.
Deployment Solution provides support for a broad range of boot methods and
automation operating systems; this section helps you decide which works best for your
environment.
In order to set up automation, you must make the following decisions:
Which Automation Boot Method Should I Use? (page 42)
Which Automation Operating System Should I Use? (page 45)
Automation Automation is to the pre-boot environment loaded by
Deployment Server to perform tasks which need to take
place outside the normal operating system.
If you have ever used a disk imaging utility, or booted a
computer using an installation CD, you are probably
familiar with running computers in a similar
environment.
Production The normal operating system of the computer.
Production tasks include software installation and
personality capture.
Production Tasks Automation Tasks
Distribute Software Create Disk Image
Capture Personality Distribute Disk Image
Distribute Personality Scripted OS Install
Get Inventory Run script
SVS
Copy File to
Modify Configuration
Power Control
Run script
Deployment Solution 42

Chapter 6
Automation Boot Methods
Which Automation Boot Method Should I Use?
Deployment Solution supports a broad range of methods to boot computers into the
automation pre-boot environment: PXE, automation partitions, or boot media (CD/DVD,
USB device, or floppy).
This section provides an overview of the available boot methods to help you select the
method that works best for your environment, and contains the following:
PXE (page 42)
Automation Partitions (page 43)
Boot Media (DVD/CD, USB Device, Floppy) (page 43)
PXE
Pre-boot Execution Environment (PXE) is an industry standard developed to boot
computers using a network card. PXE can boot computers regardless of the disk
configuration or operating system installed, and doesnt require any files or
configuration settings on a client. After PXE boot is turned on in the BIOS, a computer
can communicate with your DS PXE server to receive automation jobs.
PXE provides a number of advantages, especially when you are using the initial
deployment features of DS, which enables you to remotely deploy an image to a
computer which has no software installed.
Example: the receiving department of your company could have PXE enabled on their
subnet. When a new computer arrives, a technician could quickly unpack and plug the
computer into the network, and possibly enable PXE boot if it was not enabled by the
manufacturer.
When this unknown computer contacts the Deployment Server, it is assigned an initial
deployment job, which could image the computer with the corporate standard image,
install additional packages, and power off the computer. The computer is now ready for
delivery with minimal effort.
PXE also provides an advantage if you need to use multiple automation operating
systems in your environment. Since the image containing the automation operating
system is downloaded when a task is executed, different operating system environments
can easily be assigned to different tasks.
At the same time however, this can be a disadvantage if you are using an operating
system with a large footprint, such as WinPE, since the entire image must be
downloaded each time you run an automation task. If you often run automation jobs,
especially on several computers simultaneously, embedding the automation operating
system on the disk is faster and significantly reduces network traffic.
It is also possible to use PXE for initial deployment and install an automation partition as
part of the deployment. In this case, you could use the initial deployment features of
PXE for arriving computers and install an automation partition in case you need access
to automation at a later time.
Deployment Solution 43
Automation Boot Methods

This configuration does not require PXE in your general network environment, but still
provides access to the automation environment without physical access.
When using the DOS automation environment, PXE provides an additional advantage:
multicast boot. This enables your PXE server to simultaneously boot up to 100
computers in a single session to perform automation work.
Although multicast imaging is supported in WinPE and Linux, multicast PXE booting is
not provided in WinPE and is not supported in Linux. That means that after each
computer has booted to automation, an imaging task can be multicast, but you cannot
use multicast to boot these computers.
Automation Partitions
An automation partition is a sector of your hard disk drive partitioned and managed by
DS. This partition contains the automation operating system and the files needed to
contact your Deployment Server, and must be present on each managed computer.
The biggest advantage to an embedded partition is that it does not require PXE, yet it
still enables you to boot into automation remotely. The biggest disadvantages to
embedded partitions are that they consume space on the drive, they require an existing
partition on the drive, and they must be manually installed from a disk on Linux and
Unix operating systems.
Another drawback, depending on your configuration, might be the fact that only one
automation operating system can be installed to a managed computer that is using an
automation partition. If you have tools that are supported only in DOS, this might limit
you to DOS for all automation tasks on a particular managed computer.
Automation partitions have an additional advantage in some configurations. Optionally,
you can create a different type of automation partition, called a hidden partition, to store
an image (or other files) locally.
This provides advantages in environments where computers need to be re-imaged often
or in environments where there is limited bandwidth or network connectivity. Since the
image is stored locally, the time needed to create and restore images is greatly reduced
and network traffic is significantly reduced as well.
Boot Media (DVD/CD, USB Device, Floppy)
Generally, the biggest drawback to boot media is that it forces you to physically access
the managed computer. However, if you are managing smaller numbers of computers or
do not plan to access the automation environment often, it might be a good choice. Also,
if you have employees with the ability and access to boot their own computers using
disks you provide, this could also be a good solution.
Boot media has some configuration limitations though. Deployment Solution is designed
to manage computers remotely, even in the automation mode, and several tasks and
jobs require access to both the production operating system and the automation
environment.
Example:
An imaging operation first captures configuration details from the production operating
system before booting to automation to capture the image. After imaging, this
configuration is restored.
Because of this, it is often difficult to schedule a job and coordinate booting the
managed computer to the right environment at the right time. If you assign a job which
Deployment Solution 44
Automation Boot Methods

requires booting into automation mode, the boot disk must be present at the right time
to boot automation. If a complex job requires access to the production environment
during this time, the BIOS will most likely continue to boot to automation until the boot
media is removed. If this job, or a subsequent job, requires automation access again,
the boot media must be re-inserted.
To avoid these issues, some customers load the automation operating system, the
RapiDeploy imaging executable, and the image on bootable physical media. They boot a
computer, execute the necessary commands, and provide the required image files. In
this circumstance, the remote management capabilities of Deployment Server are not
being used, so the process is more manual, but it does not require network access.
This works especially well when managing thin clients or other computers where all
necessary files can fit on a single disk or USB device.
Deployment Solution 45

Chapter 7
Automation Operating Systems
Which Automation Operating System Should I Use?
After you have selected a method to boot computers into automation, you need to
decide which operating system you want to use. In the past, MS DOS was the only
supported option. Deployment Solution now supports WinPE, Linux, MS DOS, and
FreeDOS.
This section provides an overview of the available automation operating systems so you
can find an environment (or environments) that suit your needs.
An important thing to note is that the automation environment you use is not
constrained by the production operating system on the computer. All of the DS
automation tools support these operating systems, so you can perform DS automation
tasks in any operating system (Linux computers can be imaged from DOS, Windows
computers can be imaged from Linux, and so on).
You might even use two automation operating systems for different tasks within the
same job. Example: you might use a vendor-supplied tool to perform a BIOS update in
DOS, boot to WinPE or Linux to perform an imaging task.
When you set up your test environment, you might want to run automation jobs in
multiple operating systems to see if one performs better in your environment.
The following sections contain an overview of the automation operating systems:
DOS (page 45)
WinPE (page 46)
Linux (page 46)
Although you can use these environments to perform a wide-variety of management
using scripts and other tools, support for these environments is limited to the task
performed by Deployment Solution.
DOS
DOS is still used often today as a pre-boot environment, though new technologies have
emerged that might better suit your environment, such as WinPE.
The largest roadblocks most companies face when using DOS are access to drivers that
support modern hardware, and security concerns. DOS still performs well for several
tasks though, and can be a good choice if you have the proper driver support.
DOS typically requires only around 1 MB of space.
DOS provides an additional advantage in a PXE environment. When performing an
automation task on multiple computers, the PXE server can use multicast to boot
automation, which enables large numbers of managed computers to boot DOS
simultaneously.
Deployment Solution 46
Automation Operating Systems

WinPE
WinPE (Windows Pre-boot Environment) is the next generation boot environment for
Windows computers. WinPE provides several advantages over DOS, including better
driver support (WinPE uses the same drivers used by the other modern versions of
Windows), increased speed, and generally more functionality.
The biggest drawbacks are its size, which causes increased boot time, especially when
booting over the network using PXE.
Linux
Linux provides an alternate pre-boot environment to DOS or WinPE. Many vendors
provide gigabit and wireless drivers for Linux that are not available in DOS.
Deployment Solution 47

Chapter 8
Installing and Configuring Automation
This section explains:
Configuring Automation Operating Systems (page 47)
Configuring Automation Boot Methods (page 50)
Deploying Automation to Managed Computers (page 51)
Configuring Automation Operating Systems
The following sections guide you through installing and configuring the automation
operating systems supported by Deployment Solution.
Obtaining and Installing WinPE, Linux, or DOS
Automation operating systems are installed using the Boot Disk Creator, which is
available in the Deployment Console by clicking Tools > Boot Disk Creator.
The following files are required to install the listed automation operating system:
To install
1. In Deployment Console, click Tools > Boot Disk Creator.
2. In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems.
WindowsPE WinPE is available on the Deployment Solution for Client
or Servers download page at http://www.altiris.com/
Download.aspx.
Linux The Linux 32 and 64-bit and FreeDOS preboot
environments are available on the Deployment Solution
for Clients or Servers download page at http://
www.altiris.com/Download.aspx.
Click the Linux and FreeDOS Automation Environment
link and save the file. Browse to the downloaded file
when prompted during the installation, or when adding
preboot operating systems using the Boot Disk Creator.
MS DOS A Windows 98 installation CD (Windows 98 SE is
preferred), and the proper licensing to use this on the
intended computers. Files are copied from the win98
folder from this installation CD.
FreeDOS The FreeDOS preboot environment is contained in the
same file as the Linux preboot, see the Linux
instructions for details. For additional information on
FreeDOS visit www.freedos.org.
Deployment Solution 48
Installing and Configuring Automation

3. Click Install and complete the wizard, providing the files listed in the previous table
when prompted.
For complete details on this process see the Boot Disk Creator help.
Adding Additional Files
Occasionally, you might need to make additional files available within an automation
environment, such as utilities or mass storage drivers. These files can be added to every
automation configuration of a specific type, or to select configurations only. This is
determined by the location you add the files in Boot Disk Creator:
Deployment Solution 49
Installing and Configuring Automation

The following example provides an overview of this process.
Adding Mass Storage Drivers for WinPE
1. Select either the WinPE Additional Files folder, or a specific Boot Disk Creator
configuration.
2. Right-click and select add > Folder. Using this add folder command, create the
following path: i386\system32\diskdrivers
3. Within the diskdrivers folder, create the necessary folders to contain your drivers.
The folders you add should contain a txtsetup.oem file, and at least one *.sys file,
and possibly additional files. You must also ensure that any sub-folders specified by
txtsetup.oem are included, and that the [defaults] section references the proper
device driver (some textsetup.oem files might support multiple devices and drivers,
and the proper device must be specified in the [defaults] section).
The diskdrivers path is for adding mass storage drivers. If you are adding different
driver types, you might need to modify this path.
Adding Large Files to a Linux Boot Configuration
Linux automation is typically loaded into RAM. Due to limitations on the amout of RAM
available on most computers, there is a size constraint on the files that can be included.
If you need to access larger files locally (such as a disk image), Boot Disk Creator
provides a mechanism to mount a folder outside of the ramdisk, letting you access files
that are too large to fit on the ramdisk.
This is done by creating a folder named . in the root of your boot configuration.
1. Right-click your configuration and select New > Folder.
2. Name this folder . (do not include the quotes, just .).
Deployment Solution 50
Installing and Configuring Automation

Files placed in this folder are mounted in Linux automation at / mnt / at r sboot .
Example
You can place a disk image and the rdeployt executable in this folder, create a boot DVD,
and restore the included image without network access, using a command similar to the
following:
/ mnt / at r sboot / r depl oyt - md - f / mnt / at r sboot / [ i magename] . i mg
Configuring Automation Boot Methods
When pre-boot tasks need to be performed, DS sends a message to the client computer
to restart in the automation environment. This includes a shutdown command issued
from DS, and a modification to the MBR if using an automation partition.
After the managed computer reboots, the automation environment is loaded from PXE,
an automation partition, or from boot media. The deployment agent now contacts the
Deployment Server.
After a connection is established, the Deployment Server sends the client computer its
assigned jobs and tasks. After the automation tasks run, a status message is sent to the
Deployment Server indicating that all work is complete. The Deployment Server sends a
message that the client computer should reboot back to the Production environment
(the MBR is restored when using automation partitions).
The following sections guide you through the process of setting up PXE, automation
partitions, or media to boot your computers into the automation mode:
Configuring PXE
Configuring Automation Partitions
Configuring Boot Media (DVD/CD, USB device, Floppy)
Configuring PXE
PXE is a server-based technology, and requires additional components on your DS
server, and possibly other computers. Setting up and configuring PXE is covered in detail
in a separate document, PXE in Deployment Solution.
Configuring Automation Partitions
DS provides two types of automation partitions:
Embedded
Partition
A small embedded section installed on the production
partition of a managed computer which contains the
automation operating system. Depending on the
operating system, the size varies from 5 to 200 MB (you
can specify the size when the partition is created based
on recommendations).
Hidden Partition A larger partition installed on the hard drive of a
managed computer to contain not only the automation
operating system, but to provide room to store images
and other files. This partition is not normally viewable in
the production operating system.
Deployment Solution 51
Installing and Configuring Automation

An embedded partition doesnt create an actual disk partition, it reserves space on an
existing partition by marking the sectors on the disk as unusable. The target drive must
have an existing partition before an embedded partition can be installed.
A hidden partition creates an actual disk partition, but this partition is hidden from
normal view within the production system, though it is still viewable by FDISK or by an
administrator. The partition is listed as a non-DOS partition.
When a computer using an automation partition is assigned jobs, the Master Boot
Record (MBR) of the computer is modified to boot to this hidden partition. After the work
is completed, the MBR is restored to the previous configuration.
Hidden partitions are very useful for computers which are imaged often, such as those in
a test lab or provided for general use (such as a hotel or a library). After the visiting
person is done using this computer, you may want to quickly re-image to ensure that the
next visitor finds the computer in good working order. In these circumstances, a hidden
partition enables you to quickly restore an image without needing access to a high
bandwidth network.
Automation partitions can be installed using an installation package deployed from DS
(windows only), or installed from a CD, USB device, or floppy. This is different than
using boot media to access automation, because the automation partition media is used
once per computer to install, later the partition is used to perform tasks.
Using boot media to access automation doesnt leave any files on the computer, but the
media must be used each time you want to access automation.
Configuring Boot Media (DVD/CD, USB device, Floppy)
Creating and using boot media is a straightforward process. Boot media boots a
managed computer to automation without leaving any files on the computer, and can be
installed to DVDs, CDs, USB devices, or floppy disks.
Boot media is created directly from the Boot Disk Creator utility.
Deploying Automation to Managed Computers
Automation partitions and boot media configurations are created using the Boot Disk
Creator utility. PXE configurations are created using the PXE configuration utility.
This difference is due to the way in which the automation operating system is deployed
to the managed computer. Automation partitions and boot media use install packages or
boot disks, while PXE uses a configurable menu to provide boot options, with each
option on the PXE menu linked to a specific automation configuration.
This section contains guidelines to create PXE, automation partitions, or boot media
configurations and deploy these configurations to managed computers.
Using Automation Partitions or Boot Media
1. Install the automation operating systems you want to use, as explained in Obtaining
and Installing WinPE, Linux, or DOS.
2. In Boot Disk Creator, Create a new configuration. The wizard is accessed by clicking
File > New configuration.
Deployment Solution 52
Installing and Configuring Automation

This configuration contains the automation operating system files, network drivers,
IP address of your server, and other settings which control how the managed
computer communicates with your Deployment Server.
This configuration does not specify how this automation configuration is installed.
This is done using the Create Boot Disk wizard, which is launched automatically
after you create a configuration.
3. The Create Boot Disk wizard provides three options:
4. After selecting how you want to install automation, complete the wizard.
See the Boot Disk Creator help for additional details.
You can also uninstall an automation partition using an install package, or configure a
CD, USB device, or floppy from Boot Disk Creator.
Using PXE
1. Install the automation operating systems you want to use, as explained in Obtaining
and Installing WinPE, Linux, or DOS.
2. In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services >
PXE Configuration Utility), create a new menu item to correspond to the
automation configuration you want to install.
Create an automation
partition install
package
Creates an executable, or configures a CD, USB
device, or floppy to install the automation
environment. This process is executed once per
device. After that, the computer uses the files from
the automation partition.
Select this if you are using automation partitions.
For managed linux computers, you need to use a
CD, USB device or floppy because no executable is
provided for this platform.
Create an automation
boot disk
Configures a CD, USB device, or floppy with the
files necessary to boot a computer to automation
mode. After booting, the computer executes any
automation work previously scheduled, or waits for
work to be assigned.
Select this if you are using boot media to boot
computers to automation. None of these files are
installed, so the media must be used each time you
need to access automation.
Create a network boot
disk
Configures a CD, USB device, or floppy with the
files necessary to boot to a prompt.
This is useful if you have management task to
perform that doesnt require interaction with DS, as
your Deployment Server is not contacted in this
scenario. None of these files are installed to the
managed computer.
Deployment Solution 53
Installing and Configuring Automation

3. Click Create Boot Image to launch the configuration wizard. This wizard is identical
to the wizard used when creating configurations for automation Partitions or boot
media.
When this option is selected from the PXE menu, the necessary files are loaded, the
job is performed, the computer boots to the production operating system. None of
these files are saved on the managed computer, they are downloaded each time the
computer boots to automation.
4. Provide any additional configuration options and click Save.
Deployment Solution 54

Chapter 9
Setting Up the Altiris PXE Server
What is PXE?
Preboot Execution Environment (PXE) is an open industry standard which enables
computers to boot remotely using a network card.
PXE uses standard network protocols to establish a communication channel between a
computer and an Altiris PXE server during the boot process. Using this channel, an Altiris
PXE server sends an execution environment to the computer so that work can be
performed in a pre-boot state.
In Deployment Solution, this pre-boot state is called the automation environment, and
DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An
overview of the automation boot methods and environments is contained in a separate
document, Deployment Solution: Automation Preboot Environments.
An advanced, tightly integrated PXE environment is provided with Deployment Solution.
Deployment Solution leverages PXE to provide the following advantages:
When a managed device needs to boot into automation, Deployment Solution
restarts the computer and notifies the Altiris PXE Server. Altiris PXE Server now
boots the computer into the automation environment indicated in the Deployment
Solution job automatically.
PXE can perform an initial deployment of a new system by checking to see if a
computer exists in Deployment Solution.
All PXE configuration is done using the PXE Configuration Utility from the
Deployment Solution console, enabling you to remotely configure all PXE servers in
your network.
Why Use PXE?
PXE is used in Deployment Solution to perform two tasks:
Boot managed computers into the automation environment
Perform initial deployment of new managed computers
How you implement PXE is partially dependent on what you plan to do with it. Many
organizations use PXE only on a subnet in a receiving department to deploy corporate
images and initial configuration of new computers. After this computer is assigned to a
user, PXE is not used in the normal production environment.
This limits the extent of the PXE environment, but prevents you from accessing the
automation environment to capture images and perform other automation-only tasks.
Other companies which often use automation select PXE because it leaves no footprint
on the managed computer, and has several other advantages such as image
multicasting and tight Deployment Solution integration.
Deployment Solution 55
Setting Up the Altiris PXE Server

Regardless of how broadly you implement PXE, Deployment Solution provides tools and
services to simplify management of PXE in your environment. This section contains the
following topics providing an overview of PXE in Deployment Solution:
PXE Services and Architecture
How PXE Works
PXE Services and Architecture
PXE services use a tiered-architecture which enables you to provide global settings and
boot options shared across all Altiris PXE Servers, override configuration and expand
boot options on a local level.
Boot options and PXE settings can be applied to a shared configuration. This shared
configuration is inherited by all Altiris PXE Servers in your environment. Each Altiris PXE
Server still has its own specific configuration, so you can override settings and add
additional boot options as needed.
New services have been provided to replicate settings and data automatically, making it
unnecessary for you to individually configure each PXE server.
The following table contains an overview of the PXE services:
The PXE Manager service interacts with Deployment Server, PXE Helper service, and the
PXE config utility to perform centralized PXE management:
Service Description
PXE Manager Provides all boot options and configuration settings
for each Altiris PXE Server in your environment.
Interfaces with the PXE Config Utility to replicate data
and apply PXE configuration.
Manages all communication between your
Deployment Server and your Altiris PXE Servers.
The PXE Manager Service is installed on your Deployment
Server regardless whether or not you have also installed
an Altiris PXE Server.
PXE Config Helper Interfaces with PXE Manager to receive data and
configuration.
Configures, starts, and stops the additional PXE
services on the Altiris PXE Server.
Altiris PXE Server Provides the PXE listener and proxy DHCP to respond
to PXE requests and send the location of bootstrap
files.
MTFTP Sends bootstrap files to managed computers using
TFTP.
Deployment Solution 56
Setting Up the Altiris PXE Server

On each individual Altiris PXE Server, the Altiris PXE Server service and the MTFTP
service are installed to perform the work of an Altiris PXE Server. These services are
configured, started and stopped by the PXE Config Helper service. Clients connect
directly to these services during the PXE boot process:
How PXE Works
Before a computer can boot over a network, it needs two things: an IP address to
communicate, and the location of an Altiris PXE Server to contact for boot instructions.
The following sections outline the PXE boot process:
Part 1: DHCP Request and PXE Discovery
Part 2: PXE Bootstrap
Deployment Solution 57
Setting Up the Altiris PXE Server

Part 1: DHCP Request and PXE Discovery
Request and Receive an IP Address
Initially, the boot agent directs the execution of normal DHCP operations by
broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local
physical subnet to discover a DHCP server.
Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating
their server IP.
When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet
that includes its MAC address and the IP address of the selected DHCP server. The
DHCPREQUEST also contains option 60 to identify the client as a PXE client.
PXE Option 60
DHCP lets clients to receive options from the DHCP server indicating various services
that are available on the network. A number of standard and custom options are
available that can convey a vast amount of information to DHCP clients. Option 60 deals
specifically with PXE related services. Both PXE clients and servers use option 60 to
convey specific information about the PXE services they need or are providing.
Contacting the Altiris PXE Server
All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a
different server, the IP address they offered is reclaimed. The DHCP server providing the
accepted offer supplies a DHCPACK packet to the client to acknowledge the clients
receipt of its IP.
During this process, the Altiris PXE Server monitors the wire for DHCPREQUEST packets
with an option 60 (PXE client). When a packet is recognized, the clients MAC address is
used to find any pending automation work in Deployment Server. If no automation work
is required, the Altiris PXE Server does not respond to the client and it boots normally.
If there is work to do, the Altiris PXE Server responds with its address using a DHCPACK
with option 60.
At this point, the client has received a DHCPACK containing an IP address, and a
DHCPACK with option 60 containing an Altiris PXE Server. If the Altiris PXE Server is
located on the same server as DHCP, both are contained in the same DHCPACK packet.
Part 2: PXE Bootstrap
The client is ready to contact the Altiris PXE Server for boot files. After this request,
clients are provided with a boot menu containing all boot options that the Altiris PXE
Server can provide. Most of the time, the correct boot option has already been selected
by the Deployment Server, so this is transfered to the client.
After the selection is made, the client requests the necessary boot files using MTFTP.
This consists of a .0 and a .1 file.
The .0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the
BIOS interrupt vectors, interrupt structures and hardware information tables to make
the RAM disk function exactly like a typical floppy disk. This file copies the .1 file byte by
byte into the newly created RAM disk.
Deployment Solution 58
Setting Up the Altiris PXE Server

The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and
additional files which ultimately provide the automation environment on the managed
computer.
The following diagrams contain a basic outline of this process:
PXE Planning and Installation
This section contains an overview of the PXE deployment process, in the following
sections:
Enabling PXE on Managed Computers
Installing and Configuring DHCP
How Many Altiris PXE Servers Do I Need?
Installing Altiris PXE Servers
Deployment Solution 59
Setting Up the Altiris PXE Server

Enabling PXE on Managed Computers
Each computer you plan to manage using PXE must have PXE boot enabled (sometimes
called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea
to apply the latest BIOS updates, especially if your network card is integrated on the
motherboard.
Deployment Solution also supports Wake on LAN to power on managed computers
remotely. If this is enabled, a Wake on LAN signal is sent to the managed computer if
the device is disconnected from Deployment Server when a job is scheduled to start.
Installing and Configuring DHCP
DHCP is an integral part of the PXE process, and must be installed and configured in
order to use PXE. A DHCP server is not provided with Deployment Solution, you must
obtain, install, and configure this component separately.
After DHCP is set up and your Altiris PXE Servers are installed, you need to configure
how your Altiris PXE Servers interact with the DHCP server. This is done using the PXE
Configuration Utility.
How Many Altiris PXE Servers Do I Need?
Number of Client Connections
Altiris PXE Servers do not typically require a lot of resources. By using multicast, a single
Altiris PXE Server can deploy a DOS boot image to up to 100 computers at a time, and
not consume any more resources than it would while deploying a single image. If you
are using WinPE or Linux however, multicast boot is not available.
Usually a single Altiris PXE Server in a specific location is enough if you either use
multicast to deploy images or spread out your image capturing jobs to be in line with the
capabilities of your server. Additional Altiris PXE servers can easily be added if
necessary.
Network Speed
Since the majority of the resources on an Altiris PXE Server are used for transferring
files over the wire, the faster the network, the more work a single Altiris PXE Server can
do. A single Altiris PXE Server on a gigabit network can capture and deploy several times
as many images over a period of time than even multiple servers on a slower network.
Physical Layout of your Network
Your PXE configuration might be set up according to the physical layout of your network.
If you have three offices in different locations, it might make sense to install an Altiris
PXE Server at each location to reduce traffic and resolve routing issues (see PXE Request
Routing).
In these configurations, the deployment share can be mirrored to a local server, and
images are usually taken from and restored to local file servers. See PXE Redirection
(page 62) for an example of this type of configuration.
Deployment Solution 60
Setting Up the Altiris PXE Server

PXE Request Routing
PXE clients use broadcast packets to find DHCP and PXE services on a network, and
multicast packets (MTFTP) to transfer files. These packet types can present challenges
when planning a PXE deployment because most default router configurations do not
forward broadcast and multicast traffic.
Because of this, either your routers need to be configured to forward these broadcast
and multicast packets to the correct server (or servers), or you need to install an Altiris
PXE Server on each subnet.
Routers generally forward broadcast traffic to specific computers. The source subnet
experiences the broadcast, but any forwarded broadcast traffic targets specific
computers.
Enabling a router to support DHCP is common. If both PXE and DHCP services are
located on the same computer, and DHCP packet forwarding is enabled, you shouldnt
have any problem transferring broadcast packets.
If these services are located on different computers, additional configuration might be
required.
If you are going to forward packets, ensure your router configuration lets DHCP traffic to
access the proper ports and IP addresses for both DHCP and Altiris PXE servers.
Once the broadcast issues are resolved, the routing of multicast traffic must be
considered. Multicasting leverages significant efficiencies in transferring files but also
introduces challenges similar to broadcast packet forwarding. Like the broadcasting
solution, routers can be configured to support multicast traffic between PXE Clients and
Altiris PXE Servers.
Please consult the documentation provided by your router vendor for additional
information on packet forwarding.
Installing Altiris PXE Servers
After you have determined the PXE needs of your network, you must to determine
where to install these Altiris PXE Servers.
An Altiris PXE Server can be installed on your Deployment Server, on your DHCP server,
on another server in your network (such as a file server), or as a standalone server. You
can also use a combination of these (example: an Altiris PXE Server on your Deployment
Server and your DHCP server).
The actual installation process is straightforward. You can install an Altiris PXE Server at
the same time as you install Deployment Solution, or you can install one later by
running the installation program and selecting the add additional components option.
After these servers are installed an running, they are configured using the PXE
Configuration Utility. See the following section.
Configuring PXE Settings
All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is
used to create and modify two things:
Global and local configuration settings. These settings include timeout values,
replication and logging options, and so on.
Deployment Solution 61
Setting Up the Altiris PXE Server

Boot options. Each boot option corresponds to a specific configuration which
includes an operating system, network and other drivers, utilities, mapped drives,
and so on.
This section contains a brief overview of selected PXE configuration and boot options.
For complete details, see the help for the PXE Configuration Utility.
PXE Settings
Shared vs. Local
Deployment Solution provides a PXE settings hierarchy enabling you to provide shared
and local PXE configuration values. All Altiris PXE Servers inherit the shared values
unless they are overridden on the local server.
Session Timeout
The PXE configuration utility connects the PXE Manager service on Deployment Server.
To ensure your changes are not overwritten by another instance of the PXE
Configuration Utility, only one instance of PXE config can connect to PXE manager at any
given time.
If you attempt to launch PXE Configuration when another instance is running, you
receive an error. To prevent you from being completely locked out for extended periods
(example: an instance is inadvertently left open on another computer), a timeout has
been added which terminates a connection after 30 minutes of inactivity after someone
else attempts to connect.
This timeout only applies if someone else is attempting to launch PXE Configuration. If
no other connections are attempted, the timeout is never enabled and your session
remains active.
DHCP Server Options
For most circumstances, you want option 1. If you have DHCP installed on your
Deployment Server but it is not active, Deployment Server might still attempt to
communicate with that instance. This is changed by selecting option 3. If you are using
a 3rd party DHCP server which automatically sends the client 60 message, select option
2.
Boot Options
Boot options are the boot configurations provided to a client by an Altiris PXE Server.
Each boot option has a corresponding automation operating system, network drivers,
and other settings.
Shared vs. Local
Deployment Solution provides a PXE boot option hierarchy enabling you to provide
shared and local PXE boot options. Shared boot configurations are available on all Altiris
PXE Servers, while local boot options are available on a specific Altiris PXE server.
Deployment Solution 62
Setting Up the Altiris PXE Server

PXE Redirection
Lets you redirect a global PXE menu option to a local PXE menu option. Redirection
settings are not available globally, they are always specific to an individual Altiris PXE
Server. This is due to the role redirection plays in your PXE environment.
Consider the following example:
You manage computers in three locations: Two offices in Ontario, and one office in
Alberta. To limit transfer between each site, each office has a local Altiris PXE Server,
and a file server with a mirror of the deployment share. This enables clients at each
location to contact the local Altiris PXE Server to boot and use the local deployment
mirror to access the network tools and to store images.
You need to create a job to capture an image of each managed computer on Friday
evening, once a month. To create this job, you add an imaging task, select a PXE boot
option, and set the schedule.
Hold on. If you select the same PXE boot option for each office, you are going to have
problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress,
and stores captured images on alb1\images. The two Ontario offices use the ont1 and
ont2 servers respectively.
You could go ahead and create three global configurations and three different jobs, but
that is confusing and could potentially cause problems if the wrong selection is made. If
you took this route, on each Altiris PXE Server, two of the three global configurations
could potentially cause problems (they are mapped to drives in remote offices). To avoid
problems, select a single global configuration for a job and update it based on the
location of the Altiris PXE Server.
This is exactly what redirection does. You create a global configuration (example: named
Imaging Environment). On each Altiris PXE Server, you create a local configuration for
each office with the correct server mappings.
The Imaging Environment global option is redirected to the local option, and the
process is simplified. Now the imaging job can be applied to all computers at once,
simplifying the process and reducing the chance of errors.
Deployment Solution 63

Part III
Using Deployment Solution
This section provides feature identification and basic procedures for deploying and
managing computers using Altiris Deployment Solution software.
Deployment Solution 64

Chapter 10
Deployment Basics
Deployment Solution provides a graphical, object-based interface to manage computers.
After you have installed the Deployment Agent and the computer has connected, the
computer can be managed using the Deployment Console.
Computers
Each computer and computer group in your environment is represented in the
computers pane:
Computers can be dragged into a group, or automatically assigned to a group when the
agent is installed. Computers can belong to only one group.
When a new computer connects, it is placed in the New Computers group.
Jobs
Jobs contain a sequence of tasks to perform work on managed computers. Example: a
job might be install and activate Winzip 10. This job might have a condition specifying
that it should only execute on Windows XP computers with 500 MHZ or greater
processors.
Deployment Solution 65
Deployment Basics

Each job that can be assigned to a computer or computer group is represented in the
jobs pane:
Computers are assigned jobs by dragging and dropping computers onto a job. Jobs can
also be scheduled by right-clicking and selecting the Job Scheduling Wizard.
Creating Jobs and Tasks
Jobs are created by adding one or more tasks to a job. Tasks include create disk image,
distribute software, manage SVS layer, and run script.
These tasks run sequentially and can trigger other events, such as a stop job or execute
other job depending on the return code of the task.
Context Menus (Right-click)
In the Deployment Console, you can right-click almost any object for a context-specific
list of management options.
Example: if you right click a computer or group, you are given the option of viewing
computer details or job history, remote controlling or opening a chat session, renaming,
power control, and several other options.
Find a Computer in the Database
This search filter lets you type a string and query specified database fields for specific
computer properties. You can search for user or computer names, licensing or location
information, or primary lookup keys: MAC address, serial number, asset number, or
UUID. This search filter queries the property values appearing in the Computer
Properties (page 119).
Deployment Solution 66
Deployment Basics


1. In the Search For field, type all or part of the computers property values you
would like to search for. This alpha-numeric string will be compared with specified
database fields.
2. In the In Field box, select the field you want to search in the Deployment
Database.
Example: to find a computer by searching for its IP address, type the address in the
Search For field and select IP Address from the In Field drop-down list.
The computer you are looking for appears highlighted in the Computers window in the
console.
Note
This search is not case-sensitive and lets wildcard searches using the *.
Using Lab Builder
Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a
classroom or lab environment.

Click <CTRL> F or click Find Computer on the console toolbar to search
the Deployment Database for computers by property settings.
The computers that match the search will be highlighted in the
Computers pane.
Name BIOS name of the computer.
Computer Name Deployment Solution name of the computer.
MAC Address Example: 0080C6E983E8.
IP Address Example: 192.168.1.1.
ID Example: The computer ID. 5000001.
Serial Number Serial number installed in BIOS. A primary lookup key.
Asset Tag Asset number in BIOS. A primary lookup key.
UUID A primary lookup key.
Registered User Name entered when the operating system was installed.
Product Key Product Key for the operating system.
Logged On User Name of the user currently using the computer.
Physical Bay
Name
The actual bay number. Example: 7x.

Click Lab Builder on the console toolbar or click File > New > Lab
Builder to set up jobs specifically created for managing multiple
computers in a lab environment.
Deployment Solution 67
Deployment Basics

You can set up jobs to:
Create Disk Image
Deploy Lab
Restore Lab
Update Configuration
Upload Registries
Each job contains a default list of tasks. Lab Builder places these five new jobs under a
folder (which you name) located under the Lab folder. All tasks in the jobs are assigned
default paths and file names that let them use the same images and configuration
information, registry data, and so on. We recommend that you do not change the file
names and paths. If you change the default settings (Example: changing the image
name), you must change it in all jobs where the image is used.
To use Lab Builder
1. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder.
2. Enter the name of the lab setup.
Note
The lab name must be unique because the program creates a default image file
name based on the name, and the image file name must be unique. The default
image name is synchronized in all lab jobs, so if you change the name later you
must change it in all jobs that use the image.
3. Enter a lab description to help you differentiate the lab from others. This field is
optional. Click OK.
4. Identify an image in the Create Disk Image job.
5. Set computer names and addresses in the Update Configuration job.
The following information describes the default jobs. To run one of these jobs, drag it to
the computer or computer group you want it applied to.
Create Disk Image. This job uploads an image of a computer to the server and an
image name is created automatically based on the lab name. However, there is no actual
image in the job until you drag the image source computer to this job.
Deploy Lab. This job has three default tasks: Deploy image, Apply configuration
settings, and Back up registry files. The image that is uploaded using the Create Disk
Image job is deployed when you use this job. The configuration settings you specify in
the Update Configuration job are applied to the computers, and the computer registry
files are uploaded to the Deployment Server.
Restore Lab. This job restores the image and registry files to a computer where a lab
was previously deployed. You can quickly get a computer running again by restoring the
lab on that computer.
Update Configuration. This job lets you to set unique configuration information (such
as computer names and network addresses) for client computers. When a lab is
deployed, each computer has an identical image, but not the same configuration
settings. This means you don't have to visit each computer to reset IP addresses and
other settings when you deploy an image.
Upload Registries. This job backs up computer registry files to the Deployment Server.
Deployment Solution 68
Deployment Basics

Computer Import File
Use the following format to import new computers from a text file. You can easily create
a computer import file by entering data in the provided Microsoft Excel spreadsheet
(I mpor t Comput er s55. xl s) located in the Samples folder of the Deployment Share.
A semicolon as the first character denotes comment lines.
Quotes around fields are optional.
Leaving the job name blank does not assign the computer to any job.
Leaving the start time blank makes an entry in the job for the computer, but does
not schedule it for a specific time.
Only the Name field is required.
Quotes around fields are optional.
You can populate your computer database using the format provided below. The Import
Computers text file can be imported into Deployment Solution using the File > New
Computer > Import or File > Import/Export > Import Computers.
Tips for creating a new computers import file
When using Boolean references, do not use quote marks. These fields are marked
with a B: 1=On/True and 0=Off/False.
For some fields, this input format supports multiple IP Addresses, delimited by a ;
(semicolon) within the field. These fields are marked with a (;).
Example: the gateway field could read, 30.11.11.2, for a single IP address
or, 30.11.11.2;30.11.11.3;30.11.11.4, to support three IP addresses.
All fields (up to and including site) must be present in the file, but all data except
for Name is optional.
To use optional fields for multiple network adapters, the preceding fields are
required. Example: to use Nic3 fields, all fields for Nic2 are required.
For Deployment Server to read the import text correctly, ensure there is a final hard
return at the end of the file.
Format for the New Computers text file
Outlined below is the field order for the database input. Fields marked (ignored) are
not used by version 5.5 and later, but are included to support previous versions.
;Name,MAC Address 1,Serial Number,Asset Tag,Computer Name,Domain(B),Domain/
Workgroup Name,Domain Controller Name(ignored),DHCP(B),IP
Address(;),Netmask(;),Gateway(;),Preferred DNS(;),Alternate DNS,Alternate 2
DNS,Preferred WINS,Alternate WINS,Hostname,Domain Suffix,Use Preferred
Tree(B),Preferred Server,Preferred Tree,Netware User,NDS Context,Run
Scripts(B),User,Organization,Key,Password Never Expires(B)(ignored),Cannot Change
Password(B)(ignored),Must Change Password(B)(ignored),Username(ignored),Full
Name(ignored),Groups(ignored),Password(ignored),Contact,Department,Email,Mailstop
,Phone,Site,Computer Group,Job,Job Start Time,NIC2 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC3 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Suffix,NIC4 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC5 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Deployment Solution 69
Deployment Basics

Suffix,NIC6 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC7 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Suffix,NIC8 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix
Example Import File
DB Computer
1,00a0c95c2640,6X18FHGZP21P,6X18FHGZP21P,Computer1,1,Altiris,,1,,,,,,,,,computer
1h,altiris.com1,1,server1,tree1,user1,context1,1,John Doe,"Altiris, Inc.",12345-OEM-
1234567-12345,,,,,,,,John Doe,Engineering,jdoe@altiris.com,111,(801) 805-
1111,Lindon,Test Group,Test Job,12/31/2001
17:30,00a0c95c2641,0,172.25.10.180,255.255.0.0,172.32.0.4,172.32.0.1;172.32.0.7,
172.32.0.4,altiris.com2,00a0c95c2642,1,,,,,,altiris.com3,00a0c95c2643,0,1.1.1.1;2.2.2
.2,255.255.255.255;255.255.255.0,1.1.1.2;2.2.2.1,3.3.3.3;4.4.4.4,5.5.5.5;6.6.6.6,alti
ris.com4,00a0c95c2644,1,,,,,,altiris.com5,00a0c95c2645,0,1.1.1.1,2.2.2.2,3.3.3.3,4.4.
4.4,5.5.5.5,altiris.com6,00a0c95c2646,1,,,,,,altiris.com7,00a0c95c2647,0,5.5.5.5,4.4.4
.4,3.3.3.3,2.2.2.2,1.1.1.1,altiris.com8
Deployment Solution 70

Managing from the Deployment Console
Deployment Solution provides both Windows and Web user interface consoles to deploy
and manage computer devices across local or wide area networks. It also provides a
Thin Client view of the Deployment Console. As an IT administrator, you can manage all
computer devices from one of these Deployment Consoles:
The Deployment Console is a Windows-based console with complete deployment and
management features, including remote control, security, PXE Server configuration,
image editing, and other deployment utilities and features. See Deployment Console
Basics on page 71.
The Deployment Web Console provides basic deployment and management
functionality from a Web browser, including the ability to remotely access and manage
computer devices, build and schedule jobs, and view multiple Deployment connections.
The Thin Client View of the Deployment Console provides a simplified experience when
dealing exclusively with Thin Clients. The functionality of the Thin Client Console is
identical to that of the current Deployment Console. However, you can toggle from Full
View to Thin Client View.
Deployment from the Altiris Console combines management and reporting features
across multiple Deployment Server systems and lets you integrate additional Web
applications in the client and server management suites, including Inventory, Software
Delivery, Recovery, HelpDesk, Patch Management, and Application Metering solutions.
Features of the Deployment Console. The Windows console for Deployment Solution
provides standard Computers, Jobs, and Details panes to drag and drop icons, view
properties, and identify the state and status of Deployment objects. In addition, the
Deployment Console also includes a Shortcuts and Resources view and provides the
tools, utilities, and features required for complete computer resource management. See
Deployment Console Basics on page 71.
Set Program Options. From the Tools > Options dialog, you can set preferences for
each Deployment Server system. See General Options on page 83.
Set Security. From the Tools > Security dialog, you can set security rights and
permissions for all Deployment Consoles. See Security in Deployment Solution on
page 87.
Connecting to other Deployment Server systems. Connect to other Deployment
Server connections from your current Deployment Console and manage computers
outside of your current network segment or site. See Connecting to Another Deployment
Server on page 93.
Customize the Tools menu. You can add commands to the Tools menu to open
commonly-used deployment programs and utilities. See Extending the Tools Menu on
page 80.

To launch the Deployment Console, click the icon on the desktop, or click
Start > Programs > Altiris > Deployment Solution > Console.
Deployment Solution 71

Deployment Console Basics
The Deployment Console is your main portal to Deployment Solution. It is a feature-rich
Win 32 program with real-time access to computer resources, deployment jobs, and
package files, each represented by distinct icons to identify the status and settings.
From the Deployment Console, you can build simple or complex deployment jobs, assign
them to a computer group, and verify deployment execution.
Because the Deployment Console can reside on its own computer, you can have multiple
consoles running from different locations. The Deployment Console needs to be running
only while creating assignments or viewing information about the managed computers.
You can turn on the console, run management tasks, and turn off the console.
Scheduling information is saved in the Deployment Database and tasks are executed at
their scheduled time. If an assignment to a managed computer is made from two
different consoles at approximately the same time, the computer is assigned those tasks
in the order they are received. See Console options on page 83 to set refresh intervals
for the Deployment Console.
Features of the Deployment Console
The Deployment Console is divided into several panes to organize computers,
deployment jobs, and software packages and scripts. It gives you a graphical view of
your network and provides features to build jobs, drag and drop icons to schedule
operations, store and access jobs and packages, and report the status and state of your
computer resources. The Deployment Server includes three main panes, toolbars,
wizards, shortcuts, and utility programs.
Computers pane
Use this area to view and select managed computers for the Deployment Server system.
You can select and right-click a computer in the Computers pane to run remote
operations using Deployment Solution or to view the computer properties. You can also
create computer groups to organize collections of similar computers. See Remote
Operations Using Deployment Solution on page 122 and Computer Properties on
page 119.
When you select a computer or group, a list of the computers in the group appears in
the Details pane and provides the basic information about each computer. The Filter
detail bar appears in the Details pane that helps to view computers according to set
criteria. When a computer is selected, you can view the computer status in the Details
pane, including a list of jobs that are running or are scheduled to run on the computer
and the status of each job.
To get more details about all tasks that are run on computers, click Status Detail.
Status Detail displays a more detailed breakdown of the tasks that the job has executed
and a status message indicating the status of the tasks.
Create computer groups by clicking Computer Groups on the toolbar, or
right-clicking in the Computers pane and selecting Groups. Click View >
Show Computers to display only computer group icons and not individual
computers.
Deployment Solution 72

You can also import new computers from a text file or add security rights and privileges
for a specified computer or group of computers. See Managing Computers on page 95
for complete information about setting up, importing, and managing computers from the
Computers pane.
Jobs pane
Use this area to create and build jobs using specific deployment tasks. You can select
and right-click a job in the Jobs pane when building new jobs or running the New Job
Wizard. You can also import new jobs from a text file or add security rights and
privileges for a specified job or collection of jobs. See Building New Jobs on page 148
and New Job Wizard on page 144.
Set up folders to organize and access jobs according to your specifications. To create a
new folder, right-click in the Jobs section and select the New Folder option. You can
also create folders by selecting File > New > Folder.
When you select a job, the Details pane displays a list of computers in the folder and
gives a basic information about each job, such as its state and status. It also shows the
computers or computer groups to which the job is assigned.
The Conditions detail bar also appears, letting you assign jobs to computers. See
Setting Conditions for Task Sets on page 149.
In System Jobs, folders are created to store jobs that are created when running
operations from the console.
Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when
you drag an .MSI, .RIP, or other package files from the Resources view to a
specific computer or group. See Shortcuts and Resources View on page 73.
Image Jobs. Jobs are placed in this folder when you create a Quick Disk Image.
See Quick Disk Image on page 125.
Restoration Jobs. Jobs are placed in this folder when you restore a computer from
its Deployment history. See Restoring a Computer from its Deployment History on
page 124.
From the Jobs pane, you can drag job icons to computer icons to run jobs, such as
creating images, deploying computers, changing configurations, or installing software.
After you create a job, you can change it by adding, modifying, or deleting tasks. You
can run jobs immediately, schedule them to run at a particular time, or save them for a
later time. See Building and Scheduling Jobs on page 143 for complete information
about setting up, importing, and managing computers from the Jobs pane.
Details pane
The Details pane extends the user interface features when working in the Computers,
Jobs, or Shortcuts panes.
Click View > Jobs View to show or hide the Jobs pane.
Deployment Solution 73

When you select a computer in the Computers pane, the Details pane changes to
a Filters section (if you click a group icon) and displays the status of all jobs
assigned to the selected computer.
When you select a job icon in the Jobs pane, the Details pane displays the
information about the job to set up conditions, order tasks, and to add, modify, or
remove tasks.
When you select a computer or computer group in the Computers pane, the
Details pane displays the information about a computer, such as its IP address,
MAC address, and status.
When you select a batch file, you can click Modify to update the file.
When you select a hard disk image file (.IMG), the Details pane displays a
description of the image file and information about the included partitions.
When you click on the package files, the Details pane displays the title, description,
version, creation date, and platform of an .RIP file or Personality Package.
Shortcuts and Resources View
The Shortcut and Resources pane provides easy access to the computers and job
objects identified in the console and the software packages stored in the Deployment
Share. In the Shortcuts view, you can drag computers, computer groups, jobs, and job
folders to organize and access commonly-used console objects. In the Resources view,
you can identify and assign package files.
The Shortcuts view provides quick links to view and access computers, jobs and
packages. It can act as a palette of Deployment Solution icons that you can drag to
other working panes in the console, or as a storage to save commonly-used jobs and
computer icons.
The Resources view lets you see a filtered view of the package files .MSI files, .RIPs,
image files, Personality Packages, and other resource packages stored in folders in
the Deployment Share. From the Resources view, you can drag packages directly to
the computers in the Computers pane to deliver the software. This automatically
creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the Jobs pane. The
Resources view lets you identify packages assigned to each job and assign those
packages to create new jobs.
Using Resources Directly
If you do not want to create a shortcut to a resource, but still want to use a resource to
assign a job to a computer, you can move the resource to a designated computer. To do
so:
1. Enable the Shortcuts view.
2. Click Resources at the bottom of the Shortcuts window.

Click View > Shortcuts View to open the Shortcuts and Resources
pane. You can drag the jobs and computer icons to this pane. Click
Resources in the Shortcuts and Resources view, or click View >
Resources or CTRL+R to open a filtered list of packages on the
Deployment Share.
Deployment Solution 74

3. Browse to the selected resource and drag it to the appropriate computer.
You can create a new script file from the Resources view and use it directly to schedule
it on a computer. See Creating New Script Files on page 188.
See Console options on page 83 for options to set refresh intervals for the Resources
view.
Thin Client View of the Deployment Console
The Thin Client view of the Deployment Console provides a simplified experience when
dealing exclusively with Thin Clients. The functionality of the Thin Client view is identical
to that of the current Deployment Console. However, you can switch from Full view to
Thin Client view.
The Thin Client Console has the following panes:
Computers
Resources
Software Packages
Inventory
The Computers, Resources, and Software Packages panes are on the left side of the
Thin Client view, while the Inventory pane is on the right side of the Thin Client view.
Installing the Thin Client View
During installation, you can install the Deployment Solution Thin Client view. By default,
the traditional Deployment Console is installed.
If you select Thin Client view, a Thin Client Jobs system folder is created. All the jobs
created from the Deployment Solution Thin Client view are stored in this folder. During
the installation process, the following folders are created in this hierarchy for the Thin
Client resources:
Configuration Packages
Images
Software Packages
Deployment Solution for Thin Clients uses the same installation program as Deployment
Solution. No licensing is required even if you select Thin Client Install.
To install Thin Client
To install Thin Client, choose one of the following options:
On the Deployment Server Install Configuration dialog, select the Thin Client
Install option. The Deployment Console Thin Client View appears.
On the Deployment Server Installation dialog, select the Simple Install option.
The Deployment Console appears. Click View > Show Thin Client View. The
Deployment Console Thin Client View appears.
Deployment Solution 75

Switching Between Two Views
When you switch between the traditional view and the Thin Client view, you can
maintain the last state in which you viewed the console. This ensures that you open the
console in the same view that you last closed it in.
To switch between the traditional and the Thin Client view
1. Click View.
2. Select Show Thin Client View.
Note
By default, the Thin Client view is visible if you select Thin Client Install.
When you switch to the Thin Client view, all the menus and items that are not necessary
for the Thin Client view are unavailable. These are visible when you switch to the
traditional view.
Computers Pane
This pane is the same as that in the traditional view. However, only thin clients are
displayed. You can right-click this pane to view a new menu. When you right-click a thin
client, you can view the following options:
Capture Configuration
Capture Images
Deploy Configuration
Deploy Image
Install Automation Partition
Get Inventory
Power Control
Properties
Remote Control
Delete
Manage Inventory View
If you select a Capture option, a text field appears, prompting you for the name of the
captured resource. By default, the name is the same as the serial number on the Thin
Client, which you can change.
If you select a deploy option, a list of the available resources appears for the selected
type, such as Configurations, Images, or Software Packages. You can select a resource
from this list.
To create a job
You can create a job in one of the following ways:
Select any of the first six options from the Computers pane. All these jobs are
scheduled at the current time.
Deployment Solution 76

Note
The Schedule Computers for Job dialog does not have the Job Schedule tab.
Also, all the automation jobs have the default option selected for boot image.
Drag resources to the Computers pane or computers to the Resources pane to
schedule jobs at the current time.
Note
Ensure that you have the required permissions to drag and drop resources.
All thin client job details are saved in the Thin Client Jobs system folder. You cannot
delete or rename this new system folder from the console.
All the above options, except Properties, are disabled when the client is not active.
Note
All the jobs on the thin clients are automatically created and scheduled by the console,
and this happens only when the clients are active. When creating the jobs, the console
refers to the operating system type (platform) of the client.
Resources pane
This pane is a treeview listing all the resources that you can drag and drop to the thin
clients and vice versa. The following types of resources appear in this pane:
Configuration Packages. Example: Captured Registry Settings.
Images
Software Packages. Example: HP Tools.
Note
All these resources reside in the eXpress share in the ThinClient directory.
When you click any of the submenus corresponding to the subdirectories within the
ThinClient directory, the tree expands and displays all the resources included in the
directory. If the folder is empty, an appropriate message appears. You can rename or
delete the resources.
Software Packages
The Software Packages pane displays the software packages that can be created for
the available computers. You can drag and drop this resource to the thin clients and vice
versa.
When you right-click the Software Packages pane, you can view the following options:
New folder. Select this option to create a new folder.
Import. Select this option to import a job. See To import a job on page 77.
Rename. Select this option to rename a folder.
Note
You cannot rename the Software Packages pane. You can only rename a folder.
Delete. Select this option to delete folders.
Deployment Solution 77

Find Software Packages. Select this option to find software packages.
To import a job
1. Open the Thin Client view.
2. Right-click the Software Packages pane and select Import.
The Import Job dialog appears.
3. In the Job file to import field, browse and specify the file that you want to import.
Note
By default, the Import to Job Folder, Overwrite existing Jobs and Folders
with the same names, and Delete existing Jobs in folder options are disabled.
To preserve the source operating system file paths of Scripted Install, select the
Preserve Scripted Install OS source paths option.
Click OK.
To delete the Software Packages option from the Deployment Console
1. Open the Deployment Console.
2. In the Jobs pane, select System Jobs > Thin Client Jobs > Software Packages.
3. Right-click Software Packages and select Delete.
A confirmation dialog opens.
4. Click Yes to confirm the deletion.
The Software Packages option is deleted from the Deployment Console view.
Note
The Software Packages option is automatically added in the Jobs pane in System
Jobs > Thin Client Jobs when you switch from the Deployment Console view to
the Thin Client view.
Inventory Pane
This pane displays a table that lists all the thin clients identified by the console. The
following columns appear in the Inventory pane:
Name
Computer Status
Action Status
Product Name
Operating System
Image Version
Flash Size
Memory Size
BIOS version
Deployment Solution 78

You can select which columns to view. The following columns are available, but do not
appear:
Automation Partition
CPU
Domain name
IP address
MAC address
To view Inventory columns
1. Right-click the Inventory pane. The Manage Inventory Columns dialog appears.
2. You can add columns to either the Selected columns list or the Available columns
list by clicking the required arrows.
3. Click OK.
Toolbars and Utilities
The toolbars and menus on the Deployment Console provide major features and utility
tools to deploy and manage computers from the console. From the Main toolbar, you
can create new jobs and computer accounts and run basic deployment tasks. On the
Tools toolbar, you can launch Deployment Solution administration tools and package
editing tools. It also includes icons to quickly run commonly used remote operations.
See Remote Operations Using Deployment Solution on page 122.
Deployment Solution Utility Tools
The Deployment Console lets you open utility programs from the Tools menu or from
the Tools toolbar. You can launch Deployment Solution administration tools (Boot Disk
Creator, PXE Configuration, Wise SetupCapture and Remote Agent Installer) and
package editing tools (Wise MSI Editor, PC Transplant Editor, and Image Explorer) from
the toolbar.
Administration tools
Boot Disk Creator. Use this tool to create boot disk configurations, and
automation and network boot media to image client computers. The Boot Disk Creator
can maintain several different boot disk configurations for different types of network
adapter cards. See Altiris Boot Disk Creator help.
PXE Configuration. After installing the PXE Server, you can create and modify
configurations, which make up the boot menu options that appear on client computers.
This is another another option to boot computers to automation. See the Altiris PXE
Configuration help.
Deployment Solution 79

Remote Agent Installer. Remotely install the Deployment Agent on client
computers from the console. This utility lets you push the agent installation to client
computers from the Deployment Console.
Package Editing Tools
PC Transplant Editor. Use this tool to edit a Personality Package to add or
remove data. See the Altiris PC Transplant Help located in the Deployment Share.
Image Explorer. After a disk image is saved to the Deployment Share, this
tool lets you view and manage data in the image file. You can edit and split an image,
create an index, and more. See the Altiris Image Explorer help file located in the
Deployment Share.
Wise MSI Editor. Edit .MSI packages generated from the Wise Setup Capture
tool or other .MSI files used to distribute software and other files.
SVS Admin Utility. Create, import, and manage virtual software layers. See
Software Virtualization Solution on page 79.
Software Virtualization Solution
Altiris Software Virtualization Solution (SVS) is a revolutionary approach to
software management. SVS places applications and data into managed units called
virtual software packages. You can use SVS to activate, deactivate, or reset applications
to avoid conflicts between applications without altering the base Windows installation.
The SVS Admin Utility is a part of SVS. It creates, imports, and manages virtual
software layers, which are part of the packages. For information on installing and using
the SVS Admin Utility, see the Software Virtualization Solution Reference Guide.
For information on the integration of the SVS Admin Utility with Deployment Solution,
see Using SVS Admin Utility with Deployment Solution on page 79.
Using SVS Admin Utility with Deployment Solution
On a Deployment Solution computer, you can capture application and data files. The
installed application, data files, and settings are captured into the virtual software
layers.
The Deployment Solution computer should have a clean installation of the Windows
operating system. The computer should not have any background processes or
programs running that can be captured into the layers. Your base computer should not
be running an antivirus program or any other computer management program. If
possible, the computer should not have an active Internet connection.
Deployment Solution 80

You can create layers on a virtual computer. (See Managing the SVS Layer on
page 175.) This lets you disconnect a computer from the network and reset the
computer after each capture. This ensures that you have a clean operating system.
You can also distribute .RIPs, .MSI files, scripts, personality settings, and other package
files to computers or groups. See Distributing Software on page 172.
Extending the Tools Menu
You can add commands to the Tools menu on the Deployment Console to quickly access
additional management applications. This lets you easily access applications commonly
used with Deployment Solution.
Commands are added by modifying or adding new .INI files. You can insert commands
to the root ATools.ini file for the main menu or add new .INI files to create submenus.
Place both types of .INI files in the directory where the Deployment Console executable
(eXpress.exe) is located. The default location is Program Files\Altiris\
eXpress\Deployment Server.
You can add up to eight menu items to the main menu, and eight menu items for each
submenu.
These .INI fields are included for each application added to the Tools > Altiris Tools
menu:
[ Appl i cat i on name or submenu decl ar at i on]
MenuText =<t he appl i cat i on name di spl ayed i n t he menu>
Descr i pt i on=<t he name di spl ayed when you mouse over t he menu i t em>
Wor kDi r =<di r ect or y set as def aul t when execut abl e i s r un>
Execut abl e=<pat h t o t he execut abl e f i l es>
The ATools.ini file extends the main Tools menu on the console. This sample file
contains one submenu, Web Tools, and two additional menu items, Notepad and
Netmeeting. The .INI files are located in the Deployment Share.
[ Submenus]
Web Tool s=wt ool s. i ni
[ Not epad]
MenuText =Not epad Edi t or
Descr i pt i on=Si mpl e Edi t or
Wor kDi r =.
Execut abl e=C: \ WI NNT\ not epad. exe
[ Net Meet i ng]
MenuText =Net Meet i ng
Descr i pt i on=Net Meet i ng
Wor kDi r =.
Execut abl e=C: \ Pr ogr amFi l es\ Net Meet i ng\ conf . exe
Deployment Solution 81

Another Tools .INI file is wtools.ini. It is a submenu file referenced by the main
ATools.ini file. On the main menu, this is titled Web Tools (see Tools.ini) and contains
two applications, Internet Explorer and Adobe Acrobat.
[ Expl or er ]
MenuText =Expl or er
Descr i pt i on=Wi ndows Expl or er
Wor kDi r =.
Execut abl e=C: \ Pr ogr amFi l es\ I nt er net Expl or er \ expl or er . exe
[ Acr obat ]
MenuText =Acr obat Reader
Descr i pt i on=Acr obat Reader
Wor kDi r =.
Execut abl e=C: \ Pr ogr amFi l es\ Adobe\ Acr obat \ acr obat . exe
Computer Filters and Job Conditions
Use this dialog while creating a computer group filter to filter only the specified
computers in a computer group, or while setting conditions for task sets when running a
job only on the specified computers in a group. See Creating a Computer Group Filter on
page 82 and Setting Conditions for Task Sets on page 149.
Creating Conditions to Assign Jobs
You can set conditions on a scheduled job to run only on the computer devices that
match a defined criteria. As a result, you can create a single job with tasks defined for
computers with varying properties, including the type of the operating system, network
adapters, processors, free disk space, and other computer properties. For each job, you
can now create task sets that are applicable only to the computers matching those
conditions.
Creating Custom Tokens
You can create custom tokens to set conditions based on the database fields not
provided in the available preset conditions in the Conditions dialog. Example: Select
User Defined Token from the drop-down list in the Fields box. Select contains in the
Operation field, and enter Milo in the Value field. In the Token field, enter the
following custom token: %#! comput er @l i c_os_user %. This filters out only the jobs
with the registered license user named Milo. The job runs only on the computers that
meet the specified criteria.
Click a job in the Jobs pane. The Condition feature appears in the Details
pane. Click Setup to add new conditions or edit existing conditions. When
you are setting conditions to schedule a job, select from a list of predefined
database fields or create custom tokens that key on other fields in the
database.
Deployment Solution 82

Creating a Computer Group Filter
The Computer Filters dialog displays a list of all computers in a group according to the
specified criteria. Example: You can create a filter to view all the computers in a
particular group that have Windows 2000, 256 MB of RAM, and 20 GB hard disks only.
By applying the filter, you can view all the computers that meet the specified criteria in
the Details pane of the Deployment Console.
To create or modify a computer filter
1. Click the All Computers group or any other computer group.
2. On the Filter bar in the Details pane, click Setup > New to create a new filter.
Or
Click Setup > Modify.
3. Type a name for the filter and click Add. The Filter Definition page appears.
4. Define the conditions you want to filter.
Click the Field box to see a list of computer values stored in the Deployment
Database. Select a computer value and set the appropriate operation from the
Filter Name Description
Active
Computers
Displays all the active computers.
Inactive
Computers
Displays all the inactive computers.
Computers With
Failed Jobs
Displays all the computers where jobs have failed to execute.
Windows 2000/
2003/2008
Displays only the computers with Windows 2000, 2003, or 2008
operating systems.
Windows XP/
Vista
Displays only the computers with Windows XP or Vista operating
systems.
Windows CE
(PDAs)
Displays only the computers with Windows CE operating systems.
Linux Displays only the computers with Linux operating systems.
Windows XP
Embedded
Displays only the computers with Windows XP Embedded
operating systems.
Windows CE
.NET
Displays only the computers with Windows CE .NET operating
systems.
Pocket PC
(PDAs)
Displays only the Pocket PC computers.

Click a computer group in the Computers pane. The Filter feature appears
in the Details pane for the selected computer group. Click Setup to add
new filters, or to modify and delete existing computer filters.
Deployment Solution 83

Operations list. In the Value box, enter an appropriate value for the selected
database field. Example: You can choose Computer Name as the Field, Contains
as the Operation, and Sales as the Value.
5. Repeat to include other conditions. Click OK.
General Options
Use the Program Options feature to set the general options for Deployment Solution.
Click Tools > Options to view the Program Options dialog.
Console options
Global options
Task Password options
Domain Accounts options
RapiDeploy options
Agent Settings options
Custom Data Sources options
Console options
Set basic console features for miscellaneous refresh actions and warning messages.
Scan resource files for changes every ____ seconds. Specify how frequently (in
seconds) the Deployment Console updates its view of package files in the Resources
view. See Shortcuts and Resources View on page 73.
Warn user when no tasks are assigned to the 'default' condition. When a job is
assigned to computers and the default condition has no tasks assigned, a message
appears. The job has no secondary default tasks assigned if a computer in the group
does not meet the primary conditions. See Setting Conditions for Task Sets on
page 149.
Refresh displayed data every ____ seconds. Refresh the display of data accessed
from the Deployment Database. This lets you refresh console data at defined intervals
instead of updating every time the Deployment Console receives a command from the
server, which can be excessive traffic in large enterprises.
Global options
Set global options for the Deployment Server system.
Delete history entries older than _____ days. Specify the number of days entries
are kept in the history before they are deleted. Enter any number between 1 and
10,000. If you dont select this option, log entries remain in the history.
Remove inactive computers after ____ days. Specify the number of days you want
to keep inactive computers in the Deployment Database before they are deleted. The
default value is 30 days, but any number between 1 and 10,000 is valid.
Synchronize display names with computer names. Automatically update the
displayed name of the managed computer names in the console when the client
computer name changes. If this option is not selected, changes to the computer names
Deployment Solution 84

are not reflected in the console. Synchronization is off by default. The names do not
have to be synchronized for the Deployment Server to manage the computer.
Reschedule failed image deployment jobs to immediately retry. Immediately
retry a failed image deployment job. The program continues to retry until the job
succeeds or until the job is cancelled.
Client/server file transfer port: _____. Specifies a static TCP port for file transfers
to the clients. The default value is 0 and causes the server to use a dynamic port. This
setting is useful if you have a firewall and need to use a specific port rather than a
dynamically assigned port.
Automatically replace expired trial licenses with available regular licenses. Lets
Deployment Solution automatically assign a permanent license to the computer after the
trial license expires.
Note
Be careful when using this option. Ensure that you do not give a permanent license to
computers you do not want to manage after their trial license expires.
Display Imaging status on console. Displays the status of the imaging job on the
Deployment Console.
Remote control ports. Specifies ports for using the Remote Control feature. You have
the option to enter a primary port address and a secondary port address (Optional).
Remove task passwords when exporting or copying jobs. Specifies that you must
remove the task password when exporting or copying jobs.
Display only computers and jobs the user has permission to operate on.
Displays only the computers and jobs that the user can operate. If this option is not
selected, all computers and jobs are displayed. If this option is selected when security is
enabled and the logged-on user has administrator rights, all computers and jobs are
displayed. However, if this option is selected when security is enabled and the logged-on
user does not have administrator rights, the code to compose the computer tree and job
tree requires a few additional steps. A computer is displayed if the logged-on user has
any permission on the computers group or if the computers group inherits any
permissions from a parent folder. This option applies to jobs and job folders.
Primary lookup key(s). Specifies the lookup key type used to associate a new
computer with a managed computer. The options are Serial Number, Asset Tag,
UUID, or MAC Address.
Sysprep Settings. This lets you enter global values for Sysprep. See Sysprep Settings
on page 84.
Sysprep Settings
View and configure the Sysprep settings for the Deployment Server.
OS Product Key dialog
In the OS Product Key dialog, select the suitable operating system from the
Operating System drop-down list. After you select the operating system, a list of all
product keys for the selected operating system appears. Select an operating system
from the Operating System drop-down list, and click Add to type the Product Key. You
can type up to 29 characters for the Product Key. The new product key is added to the
list of available keys of the selected operating system.
Deployment Solution 85

To modify a product key, select the product key to be modified, and click Edit. To
remove a product key, select the product key to be deleted, and click Remove.
Note
If the product key is being used by another task, you cannot delete the product key. You
are prompted with a message stating that the product key is being used by another
task.
Task Password options
According to the network and security properties, the passwords for administrators and
users change after a certain number of days. In such a scenario, the password becomes
invalid and all jobs and tasks using the user name whose password changes must be
modified to use the new password. The Task Password option provides administrators
with a simple option to manage all password changes from a centralized location.
This feature lets you set or change user passwords from a central location, so you can
modify the password for the Copy File to, Distribute Software, Run Script,
Distribute Personality, and Capture Personality tasks when creating or modifying
jobs. However, this tab is enabled only to administrators and select users who have
been granted the appropriate privileges.
The Status field displays the results of password updates. Example: User As user name
and password is used in ten tasks. If you want to update the password for these ten
tasks, you can do so through the Task Password option. After the password is
updated, the Status field displays the message: Password for 10 tasks updated.
Domain Accounts options
This sign-on feature retrieves the name of the administrator (or user with administration
rights) and the password for each domain, avoiding the need to log on for each
managed computer when completing imaging and configuration jobs.
Click Add to enter the Domain name. The Add Domain Account page appears. Enter
the name of the selected domain and provide the administrator credentials. Click OK.
The administrator name and domain are listed in the Domain Accounts list box.
Note
To enter the administrator user name for a Windows XP domain, you must add both the
domain name and the user name. Example: Instead of entering only the user name
j doe, you must enter domai nName\ j doe.
RapiDeploy options
This feature optimizes the multicasting ability of the RapiDeploy application in the
Deployment Server, letting you deploy images to a group of computers simultaneously,
download an image from a file server, or access a local hard drive, and manage the
imaging of several client computers concurrently.
Because RapiDeploy is more efficient when writing directly to the IP address of the
network adapter driver, you can enter a range of IP addresses when using the
multicasting feature for faster computer deployment and management. The Deployment
Server accesses the range of computers using the defined IP pairs and avoids retrieving
the computers through the port and operating system layers.
Deployment Solution 86

However, because some network adapter cards do not handle multiple multicast
addresses, you can also identify a range of ports to identify these computers. On the
first pass, the Deployment Server accesses the selected computers using the list of IP
numbers. On the second pass, the Deployment Server accesses the selected computers
using the port numbers or higher level operating system IDs.
Note
Multicasting images are not supported when using the UNDI driver on PXE, and are
disabled on the client.
Click Reset to set the default values.
Agent Settings options
These are the default agent settings for new computers. Click Change Default
Settings to change Windows Agents Settings for Windows and DOS. The Change
Default Settings option is enabled only if you select the Force new agents to take
these default settings or the Force new Automation agents to take these
default settings option. Set Deployment Agent settings for new computer accounts or
set Deployment Agent settings for DOS for new computers. See Deployment Agent
Settings on page 110 and Deployment Agent Settings for DOS on page 116.
These default settings are applied only for new client computers that have never
connected to the Deployment Server, and have no information stored in the Deployment
Database. These settings are not for the existing managed computers, nor are these
settings applied when setting properties using the Remote Agent Installer.
When the Deployment Agent connects, the Deployment Server verifies if the computer
is a new or an existing computer. If the client computer is new and if the Force new
agents to take these default settings option is selected, the Deployment Agent on
the client computer receives the default settings established in the Options > Agent
Settings dialog. If the computer is recognized as an existing managed computer, it
uses the existing agent settings. The same process occurs for automation agents if the
Force new Automation agents to take these default settings option is selected.
Force new agents to take these default settings. Select this option to force the
default settings when adding a new computer.
Force new Automation agents to take these default settings. Select this option to
force the default settings when adding a new automation agent connects.
Custom Data Sources options
This option lets you set up credentials to authenticate to external Deployment
Databases and other Microsoft SQL Server databases to extract data using custom
tokens. Click Add to enter an administrator alias and other login information for the
Microsoft SQL Server (or MSDE) hosting the desired Deployment Database.
The information required to create a custom data source entry is listed below:
Alias. The alias name you want to use when referencing the external SQL database.
Server. The name of the external SQL database server or IP address.
Database. The name of the external database from which you want to extract data.
Use Integrated Authentication. This option authenticates to the external
database using the domain account you are currently logged on as.
Deployment Solution 87

User name and Password. When the integrated authentication is not being used,
you must provide a user name and password to authenticate to the external
database.
Allowed Stored Procedures. Click this tab to modify the existing list. See Allowed
Stored Procedure List on page 87.
Allowed Stored Procedure List
Click Allowed Stored Procedures to identify the stored procedures from the selected
custom data source. You can now select from the list of available stored procedures in
the data source. This lets you call stored procedures outside of the Deployment
Database (eXpress database) using custom tokens within scripts or answer files.
Virtual Centers options
You can keep a list of all VMware Virtual Center Web services. The hosts and virtual
computers from each Virtual Center that have corresponding computers in the
Deployment Database appear in the computer tree. These virtual computers appear
under the Virtual computers node in the Computers pane.
Click Add. On the Virtual Center page, enter the Display name, Server hostname,
and Username. By default, the port number is displayed. You can also set up a
password for the selected user.
Security in Deployment Solution
Deployment Solution provides a security system based on associating job and computer
objects with user and group permissions, letting IT personnel be assigned to different
security groups to manage operations on specific computer groups or job folders. Each
security group can perform only a defined scope of deployment operations on each
computer group or job folder. Additionally, each user can be assigned rights to access
general console features.
Note
Security rights and permissions set in one console are enforced in all Deployment
Consoles.
See Best Practices for Deployment Solution Security on page 87, Enabling Security on
page 88, Setting Permissions on page 92, Groups on page 90, and Rights on page 91.
Best Practices for Deployment Solution Security
Deployment Solution is based on defining groups of users and groups of computers and
jobs, and associating one with another. Altiris recommends that you first create user
groups based on administration duties or access to levels of deployment operations.

To set general security rights, click Tools > Security and add a user name
and password. You can create users and groups and set scope-based rights.
To set feature-based permissions for specific computers or jobs, select the
object in the console, right-click and select Permissions.
Deployment Solution 88

Example: You will most probably set up a group with full Administrator rights. This
group will have access to run all operations on all computers using all types of jobs. No
permissions need to be set on each computer group or job folders for the Administrator
group because this has full rights to all features and resources.
However, you can also set up a Technician group that has only basic access and
permissions limiting deployment operations. This prohibits members of the group from
re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You
can explicitly Allow or Deny the group from running these operations for each
computer group in the Computers pane or each job folder in the Jobs pane.
After creating the Technician group, you can limit their rights to set General Options and
set permissions on each computer groups and job folder for the group. See General
Options on page 83. You can select the computer group, right-click it and select
Permissions. Select the group name in the left pane, and click Allow or Deny for a list
of deployment operations. Example: You can select the Deny check boxes for Restore,
Schedule Create Disk Image, and Schedule Distribute Disk Image.
Additional groups can be created with different rights and permissions depending on the
needs and responsibilities in the IT team. If users are assigned to multiple groups, the
Evaluate Permissions and Evaluate Rights features are sorted and display effective
permissions and rights.
Enabling Security
You can enable security by first creating a group with Administrator rights, adding a user
to the Administrator group, and selecting Enable Security.
Note
When the Administrator Right is selected, you do not need to select any other rights
because the Administrator Right implies that all other rights are selected.
1. Click Tools > Security.
The Security dialog appears.
2. Click the Manage User Groups tab and click Add. The Add User Group dialog
appears.
3. Select the authentication type. You can add a DS group or a group from the Active
Directory. To add groups from Active Directory, see Adding groups from the Active
Directory on page 90.
4. Click DS Group.
Note
The Browse option is disabled for Local Group.
5. Type a name and description in the Add User Group dialog. Click OK.
The group name appears in the window.
6. Select the new group name and click Rights.
7. Select Administrator in the Rights dialog. This assigns complete rights and
permissions to the group. Click OK, and click Close.
8. On the main Security dialog, click the Manage Users tab, and click Add.
The Add User Account dialog appears.
Deployment Solution 89

9. Select the authentication type. You can add a DS user or a user from the Active
Directory. To add users from the Active Directory, see Adding users from the Active
Directory on page 89.
10. Select the DS User option in the Add User Account dialog.
Note
The Browse option is disabled for DS User.
11. Type the user name, full name, and password. Retype the password, and enter a
description for the user. Click OK.
12. Select the user name in the main Security dialog. Click Rights.
13. Click the name of the new Administrator group in the Groups window. This assigns
the new user to the new group with Administrator rights. Click OK.
Note
You can assign the user Administrator rights directly, but we recommend you to
assign users to groups. See Best Practices for Deployment Solution Security on
page 87.
14. Now that you have a user with administrator rights, select the Enable Security
box.
Security is now enabled. You can now create users and groups and assign permissions
to computer groups and job folders.
Adding users from the Active Directory
You can add users from the Active Directory.
1. In the main Security dialog, click the Manage Users tab, and click Add.
2. Select the AD User option in the Add User Account dialog.
3. If you know the user name, type it in the User name field, or click Browse to
select the user from the Active Directory.
The password field is deactivated because the user is being added from the Active
Directory.
Note
You can add only one user at a time. To import users, see Importing users from the
Active Directory on page 89.
4. Enter a description for the user in the Description box.
5. Click OK.
Importing users from the Active Directory
You can also import users from the Active Directory. To open a standard Windows Active
Directory dialog, from the main Security dialog, click the Manage Users tab, and click
AD Import. Add users from Active Directory, not groups. The users are added to the
Deployment Database. However, you still need to assign the users to security groups
with appropriate rights and permissions.
Deployment Solution 90

Note
When logging on with the imported AD account, Deployment Solution accessed the
Windows Active Directory server to validate the user password.
Evaluate Rights
Click Evaluate Rights to identify the combined rights of the selected user and its user
group(s). This feature identifies effective rights for each user by resolving any possible
conflicts between multiple group settings.
Groups
Assign the user to previously created groups. If you are enabling security, you can
assign the user to a group with Administration rights.
To add groups, from the Security dialog, click the Manage User Groups tab, and click
Add. Select the authentication type, and type the required details. You can view the
members of any group by clicking the group in the Manage User Groups dialog and
clicking View Members.
See also Best Practices for Deployment Solution Security on page 87 and Enabling
Security on page 88.
Adding groups from the Active Directory
You can add users from the Active Directory.
1. In the main Security dialog, click Manage User Groups tab, and click Add.
2. Select AD Group in the Add User Group dialog.
3. If you know the group name, enter it in the Name field, or click Browse to select
the group from the Active Directory. A list of groups, along with their descriptions,
appears in a new dialog. Select a group from the list and click OK.
4. The Name, Domain, and Description are displayed. However, you can modify the
description. Click OK.
The newly added group appears in the main Security dialog.
Importing groups from the Active Directory
You can also import users from the Active Directory. In the main Security dialog, click
the Manage User Groups tab, and click AD Import to open a standard Windows
Active Directory dialog. Add groups from Active Directory. You can choose a domain
from the Domain List, and select a group from the displayed list. The group is added to
the Deployment Database. However, you still need to assign the users to security
groups with appropriate rights and permissions.
DS Authentication
If the user is already in the Deployment Database and tries to access the Deployment
Console, the Deployment Server checks the authentication with the logged on user, and
upon matching does not prompt for user credentials. Similarly, if a group is already
added in the Deployment Database and if a logged-on user, who is a part of the AD
group, tries to access the Deployment Console, the Deployment Server does not prompt
for credentials.
Deployment Solution 91

Rights
This dialog lets you set general rights for a user or group. To verify, add, or change the
rights assigned to each console user, use the following steps:
1. On the Security page, select a user and click Rights.
2. On the Set rights for window, click the Rights tab.
3. Select the check box for each right you want to grant.
4. After selecting all applicable rights, click OK to save your changes.
A brief explanation of each Deployment Server right that can be assigned is given
below:
Administrator. Lets the user access all features available on the Deployment
Console. You must have Administrator rights to enable security. See Enabling
Security on page 88.
Options Console. Lets you set the view and the Console options. See Console
options on page 83.
Options Global. Lets you set the view and the Global options. See Global options
on page 83.
Options Domain Accounts. Lets you set the view and the Domains Accounts
options. See Domain Accounts options on page 85.
Options RapiDeploy. Lets you set the view and the RapiDeploy options. See
RapiDeploy options on page 85.
Options Agent Settings. Lets you set the view and the Agent Settings options.
See Agent Settings options on page 86.
Options Custom Data Sources. Lets you create Custom Data Sources options.
See Custom Data Sources options on page 86. You can view, create, and set
database aliases.
Manage Rejected Computers. Lets you view rejected computers in Deployment
Solution and change their status. See Rejected Computers in Deployment Solution
on page 94.
Refresh Clients. Lets you refresh Deployment Solution clients. See Refresh
Deployment Solution on page 94. You can use the View > Refresh clients <CTRL
+F5> feature to disconnect and reconnect client computers.
Allow Scheduling on All Computers Group. Lets you schedule jobs on All
Computers. If you have administrator rights, by default, you have the rights to
schedule job on all computers, irrespective of the check box state. You can grant
this right to a specific user or a group.
Import/Export. Lets you import and export jobs and import computers as well.
See Importing and Exporting Jobs on page 189 and Importing New Computers from
a Text File on page 100.
Options Task Password. Lets you centrally update passwords for users and
groups so they can access the Copy File to, Distribute Software, Run Script,
Distribute Personality, and Capture Personality tasks. You must have administrative
rights to access this option. See Task Password options on page 85.
Use PXE Configuration Utility. Lets you use the PXE Configuration Utility.
Deployment Solution 92

Options Virtual Centers. Lets you view and add options for Virtual Centers. See
Virtual Centers options on page 87.
Setting Permissions
Set permissions for jobs, job folders, computers, and computer groups. See Best
Practices for Deployment Solution Security on page 87 for additional design tips.
1. Right-click on a computer group or job folder (or individual computers and jobs) and
select Permissions. The Object Security dialog appears.
2. Click the Groups tab and select a group name. Or click the User tab and select a
user name.
3. From the list in the right pane, select if you want to Accept or Deny permission to
run the operations on the selected computer or job objects. These permissions
include access to remote operations using Deployment Solution and features for
scheduling Deployment tasks. See Remote Operations Using Deployment Solution
on page 122 and Deployment Tasks on page 152.
4. Select the Allow or Deny check box to explicitly set security permissions for these
Deployment Solution features for the selected objects.
Note
Administrators have access to all objects with unrestricted rights and permissions.
You cannot explicitly deny permissions to computer or job objects for users with
administrator rights.
5. To assign permissions to multiple groups, click Set permissions on all child
objects to assign the values without closing the dialog.
Note
You can set permissions for all jobs and computers by clicking in the Jobs pane or
Computers pane without selecting a job or computer object.
Permission Rules
Permissions received through different sources may conflict with each other. The
following permission rules determine which permissions are enforced:
Permissions cannot be used to deny the user with Administrator console rights
access to use any console objects or features.
User permissions take precedence over Group permissions.
Deny overrides Allow. When a user is associated with multiple groups, one
group could be allowed a permission at a particular level while the other group
is denied the same permission. In this scenario, the permission to deny the
privilege is enforced.
Permissions do not flow down an object tree. Instead, the object in question
looks in the current location and up the tree, and uses the first permission it
finds.
If a console user does not have permissions to run all tasks the job contains,
the user cannot run the job.
Deployment Solution 93

Evaluate Permissions
Click Evaluate Permissions to identify the combined permissions of groups and
containers with conflicting permissions. This feature identifies effective permissions for
each object by resolving any possible conflicts.
If a job includes multiple tasks and one of the tasks does not have sufficiently assigned
permissions, the whole job fails due to lack of access permissions.
Note
Permissions to schedule jobs also lets a user delete jobs in the Details pane after a job
runs. Example: If a job contains errors and does not run, no other jobs can be
scheduled. The user must delete the job before scheduling a new job.
Connecting to Another Deployment Server
From the Deployment Console, you can connect to other Deployment Servers on your
LAN and manage computers outside of the network segment you are currently logged on
to. To open a connection, you must connect to the Deployment Database of the
preferred Deployment Server connection using the ODBC Data Source Administrator.
Note
Although you are accessing another connection (another Deployment Database),
Windows remembers the last place you browsed to, which would be the Deployment
Share of the previous Deployment Server connection. You need to browse to the new
connections Deployment Share to access its shared folder that contains its RIPs,
images, executables, and other resources.
Connecting to a new Deployment Database
1. Click New. The Define Connection Information dialog appears.
2. Enter a name for the connection to be opened.
3. Establish an ODBC data source.
a. Click ODBC Administrator.
b. Click the System DSN tab, and click Add.
c. Select the SQL Server driver source and click Finish.
d. In the Create a New Data Source to SQL Server dialog, enter a name and
description for the data source.
e. If an entry for your server already exists, select it from the menu. Otherwise,
enter the name of the server hosting your remote SQL server in this field. Click
Next.
f. Click Next in the Create a New Data Source to SQL Server dialog to accept
the default settings for authentication.
Click File > Connect to or press CTRL+O to open the Connect to
Deployment Server dialog. Enter the required information to connect to the
external Deployment Server connections using an ODBC driver.
Deployment Solution 94

g. Select the Change the default database to option and select eXpress from
the drop-down list. Click Next.
h. Click Finish. The specifications for the new ODBC data source appear.
i. Click Test Data Source to verify that the source is reachable.
j. Click OK. You return to the main ODBC Data Source Administrator dialog
with your new data source listed in the System DSN tab. Click OK.
4. From the ODBC Data source name drop-down list in the Define Connection
Information dialog, select the new Data Source name you just created.
5. In the Installation Directory path field, enter or browse the full UNC path (or
path using any locally mapped drive) to the directory of the required Deployment
Server, such as:
\\server\express or H:
6. Click OK.
Rejected Computers in Deployment Solution
When an unwanted managed client computers attaches to your Deployment Solution
system, you can right-click the computer in the Computers pane and select Advanced
> Reject Connection. You can view these rejected computers by clicking View >
Rejected Computers.
The rejected computers are prohibited from being active in the Deployment Database.
They are identified and rejected by their MAC address.
You can remove computers from the Rejected Computers list by selecting it and clicking
Accept Computer(s). This lets the computer to attach again and be managed by the
Deployment Solution system.
Refresh Deployment Solution
You can refresh the Deployment Console by clicking View > Refresh Console (or
pressing <F5>) to update data from the Deployment Database. You can also click View
> Reset Client Connections (or press Ctrl+<F5>) to disconnect and reconnect all
managed computers in a Deployment Server system.
When you refresh the managed client computers, you are asked if you want to
disconnect all computers. Click Yes. This tells the Deployment Agent to shut down and
restart. It also creates additional network traffic when all computers connect and
disconnect. By refreshing the managed client computers, you ensure that you are
viewing the current status and state of all computers resources in your system.
Deployment Solution 95

Managing Computers
From the Computers pane of a Deployment Solution console, you can identify, deploy,
and manage all computer resources across your organization, including desktop
computers, notebook computers, handheld computers, network and Web servers, and
network switches. You can quickly modify any computers configuration settings or view
its complete management history. Or you can take on big projects, such as completely
re-image the hard drive, restore software, and migrate personality settings for a whole
department. You now have management of all your computer resources available from a
Windows or Web console from any location.
All computer resources can be accessed and managed as single computers or organized
into computer groups with similar hardware configurations or deployment requirements,
letting you run deployment jobs or execute operations on multiple computers
simultaneously. You can use search features to locate a specific computer in the
Deployment Database, or set filters to sort computers by type, configuration, operating
system, or other criteria.
Manage with Computer icons. Major computer types are identified by a computer
icon in the console, with a list of scheduled jobs and operations associated with each
computer. In the Deployment Console, you can assign and schedule deployment jobs to
computers or groups by dragging the computer icon to a job in the Jobs pane, or vice
versa. See Viewing Computer Details on page 96.
Add new computers. Deployment Solution lets you add new computer accounts and
set configuration properties for new computers before they are recognized by the
Deployment Server system. Preset computer accounts automatically associate with new
computers when they start up, or can be associated with pre-configured computers. See
Adding New Computers on page 97.
Deploy to groups of computers. Organize computers by department, network
container, hardware configuration, software requirements, or any other structure to

Computer icons appear in the Computers pane of the Deployment
Console, where they can be organized into groups. To assign and schedule
a job on a computer in the Deployment Server Console, drag a computer
icon or group icon to a job icon.

Click New Computer on the console to create a new computer account.
You can also click File > New > Computer or right-click in the
Computers pane and select New Computer.
When the new computer starts up, you can assign it a preset account.

Click New Group on the console to add a new group in the Computers
pane of the Deployment Console. You can also click File > New >
Computer Group or right-click in the Computers pane and select New
Group.
Deployment Solution 96

meet your needs. You can deploy and provision computers on a mass scale. To filter
computers in a computer group to schedule jobs only to the appropriate computer
types, see Computer Filters and Job Conditions on page 81.
Configure Computer Agents. See the property pages for modifying Deployment Agent
settings. See Deployment Agents on page 109.
View and configure computer properties. You can modify computer settings for
each computer from the console. See Computer Configuration Properties on page 101.
Or you can view the Computer Properties page for detailed access to a computers
hardware, software, and network property settings. See Computer Properties on
page 119.
Run remote operations from the console. Perform operations quickly in real time
from a Deployment Console. Restore a computer to a previous state, configure property
settings, send a file, remote control, chat, set security, run deployment jobs, or select
from additional management commands. See Remote Operations Using Deployment
Solution on page 122.
Build and schedule jobs. Build deployment jobs with one or more management tasks
to run on selected computers. Create jobs, add tasks, and assign the job to computer
groups. Jobs can be organized and assigned for daily tasks or to handle major IT
upgrades. See Building and Scheduling Jobs on page 143.
Manage Servers. Deployment Solution also manages network or Web servers to
administrate high-density server farms or server network resources across your
organization. See the Deployment Solution Reference Guide.
Viewing Computer Details
In Deployment Solution, a computer resource is identified in the console with a
distinctive icon to display the computer type Windows desktop or notebook,
handheld, server, or Linux operating system and its current status. These computer
icons change to convey the state of the computer, such as the log on status, server
waiting status, or user with a timed license status. You can also view the status of the
jobs assigned to the selected computer in the Details pane of a Deployment Console.
See Viewing Job Details on page 143.
The following is a sample list of computer icons displayed in each Deployment Console,
identifying the computer type and state.
A computer connected to the Deployment Server with a user logged on.
A computer connected to the Deployment Server, but the user is not logged
on.
A computer with a time-limited user license and a user logged on.
A computer not currently connected to the Deployment Server, but known to
the Deployment Database.
Deployment Solution 97

See also Deployment Agents on page 109.
Adding New Computers
Computers can be added to the Deployment Database using the following methods:
A pre-configured computer with values defined in advance using the New
Computer feature. As soon as the computer connects, the Deployment
Server recognizes the new computer and this icon appears. See Adding New
Computers on page 97.

A managed computer waiting for user interaction before running deployment
tasks. This icon appears if the Workstations check box is selected in Initial
Deployment. See Sample Jobs in Deployment Solution on page 193.
A computer identified as a master computer used to broadcast images to
other client computers.

A connected handheld computer.
A managed server connected to the Deployment Server with a user logged
on. Additional icons identify different states of server deployment.
A managed Linux computer connected to the Deployment Server with a user
logged on. Additional icons identify different states of Linux computer
deployment.

Physical view of Rack/Enclosure/Bay components for high-density
server systems. These icons appear as physical representations to
allow management of different levels of the server structure. In
addition, server icons identify logical server partitions. See Bay on
page 121 for properties and rules to deploy Rack/Enclosure/Bay
servers.

Select the New Computers or All Computers group to run jobs or
operations for these default groups identified by an icon in the Computers
pane.

Additional computer groups can be added to the Computers pane to
organize similar computer types or to list computers of similar departments
or locations. Click the New Group icon on the toolbar or select File > New >
Computer Group to create a new group.
Deployment Solution 98

Install the Deployment Agent. If you install the Deployment Agent to a computer
with the operating system already installed, the computer is added automatically to
the Deployment Database at startup. New computers with the Deployment Agent
installed are added to the All Computers groups (unless otherwise specified in the
Deployment Agent configuration). You can move the computer to another group if
required.
Use Initial Deployment to configure and deploy new computers booting to
automation. Starting up a new computer with the Automation Agent lets you
image the hard drive, assign IP and network settings, distribute personal settings
and software, and install the Deployment Agent for new computers. Using Initial
Deployment, you can associate new computers with pre-configured computer
accounts. These newly configured computers appear in the New Computers group.
See Sample Jobs in Deployment Solution on page 193.
Create or import computer accounts from the Deployment Console. You can
add new computers using the New Computer feature or import computers using a
delimited text file. You can pre-configure computer accounts by adding names and
network settings from the console. See Creating a New Computer Account on
page 99.
About New Computers
When a new computer starts up, if Deployment Server recognizes the MAC address
provided in a New Computer account or import file, it automatically associates the user
account at startup with the New Computer icon. If this value is not provided, the
computer appears as a pre-configured computer account, letting you associate it with a
new computer.

Pre-configured Computer Account
A pre-configured computer account can be associated with a new computer using the
Initial Deployment feature. You can create multiple pre-configured computer accounts
and associate the account with a new computer when it boots to automation. At startup,
the configuration settings and jobs assigned to the pre-configured computer account can
be associated with the new computer.
Deployment Solution provides features to create a pre-configured computer account to
pre-define a computers configuration settings and assign customized jobs to that
computer even if you do not know that computer's MAC address. This type of computer
is known as a pre-configured computer account.
Pre-configured computer accounts offer a lot of power and flexibility, especially when
you need to deploy several computers to individual users with specific needs. Pre-
configuring a computer account saves your time because you can configure the
computer before it arrives on site. You can set up as much configuration information

The New Computer icon appears for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.

A pre-configured computer account icon appears if specific hardware data
(MAC Address) is not known. As soon as the computer starts up and is
associated with a pre-configured computer account, Deployment Server
recognizes the new computer and this icon appears.
Deployment Solution 99

(such as computer name, workgroup name, and IP address) as you have about the
computer and apply it to the new computer when it comes online. You can also prepare
jobs prior to the arrival of the new computer to deploy the computer using customized
images, .MSIs, and .RIPs, based on a user's specific needs.
Example: A user might request Windows 2000 with Office 2000 and virus scanning
software installed on the new computer. The user also might request that the computer
personality (customized user settings, address books, bookmarks, familiar desktop
settings) be migrated from the old system. You can build any job, including any of the
available tasks, and assign it to a pre-configured computer account.
When the new computer finally arrives, you are ready to deploy it because you have
done all the work in advance. Boot the client computer to automation, and the new
computer can connect to the server and become a managed computer. Now you can
perform an Initial Deployment or run a deployment imaging job on the new computer.
Creating a New Computer Account
You can create computer accounts for individual computers or for computer groups.
When creating new accounts for computer groups, you can automatically assign new
names and associate them with existing computer groups or the New Computer group.
To create a new computer account
1. In the New Computers dialog, click Add. The New Computer Properties page
appears.
2. Enter names and configuration settings for each new computer account using the
Computer Configuration screens. See Computer Configuration Properties on
page 101 for a description of the configuration settings.
Note
If you do not enter a MAC address, the computer you create or import becomes a
virtual computer.
3. (Optional) Click Import to add new computers from a delimited text file. See
Importing New Computers from a Text File on page 100.
4. Click OK.
A pre-configured computer account icon appears in the Computers pane.
When a new computer starts up, you can assign it to this preset account.
To create and associate multiple computer accounts
You can create computer accounts and automatically assign predefined names. These
computer accounts can be associated with computers in a selected computer group.

Click the New Computer icon on the console to create a new computer
account. You can also click File > New > Computer or right-click in the
Computers pane and select New Computer.
Deployment Solution 100

1. Select a computer group, including the New Computers group (empty groups
cannot access features). Right-click and select the Configure command. The
Computer Configuration Properties dialog appears.
2. Enter names and configuration settings for each new computer account using the
Computer Configuration screens. See Computer Configuration Properties on
page 101.
3. (Optional) Click the Microsoft Networking category and click Define Range.
a. In the Fixed text field, enter a base computer name. Example: Sales.
b. In the Range start field, enter a numeral or letter to add to the Fixed Text
name. This creates a unique name for a group of computers starting with the
specified character. The range of numerals and letters is assigned to the
computer name. Example: Enter 3.
c. Select Append to add the range of numerals after the computer name. Clear
the check box to add names before the computer name.
In the above example, the Result field displays computer names beginning
with Sales3 and ending with Sales12.
4. Click Associate. You can now associate computers in a group (including the New
Computers group) with the multiple computer accounts.
5. Click OK.
Importing New Computers from a Text File
You can import computer configuration data using delimited text files (.TXT, .CSV, or
.IMP files) to establish multiple computer accounts in the Deployment Server database.
This file contains all configuration data for a new computer, including all settings in the
Computer Properties of a selected computer. See Computer Properties on page 119.
1. Click File > Import/Export > Import Computers.
A dialog appears, letting you select import files. These files can have .XML, .TXT,
.CSV, or .IMP extensions.
2. Select the import file. Click Open.
If a correctly formatted computer import file is selected, a message appears,
informing you that the computer import is complete and identifying the number of
computers added. Click OK.
New computers appear as pre-configured computer accounts in the Computers
pane of the console (as single computers or in groups), and any jobs imported from
the import file are listed in the Jobs pane.
Note
Jobs can be added to the import file. They can be created and associated with the
new computers.
If the computer import file is incorrectly formatted, a warning appears, stating that
the computer import file is incorrect.
3. Edit computer settings by selecting a computer from the list and clicking
Properties.
Deployment Solution 101

4. The Computer Properties page opens. You can edit or add values not set in the
import file, such as computer name, TCP/ IP settings, user name, and other
configuration settings.
5. Click OK.
The imported computers appear in the Computers pane of the Deployment
Console.
You can also import a computer to be placed in a sub-folder in the Computers pane and
create a job to be associated with the imported computer. See the sample import file for
additional information.
Referencing the Sample Import File
When creating an import file, use either the ImportComputers55.txt file or the
ImportComputers55.xls file in the Samples folder of the Deployment Share. The
ImportComputers55.txt file provides a sample import template you can access to test
the Import feature. The ImportComputers55.xls file is a Microsoft Excel spreadsheet
that lets you add values to each identified column and save the file as a delimited TXT
file to import to the Deployment Database. The sample import file places a computer
(DB Computer 1) in a computer group (Test Group) and adds a job (Test Job) associated
with the imported computer.
Deploying New Computers on a Mass Scale
If you need to deploy large numbers of computers (100 to 5,000), consider using a
barcode scanning system to collect user information (names, operating system, and
application needs) and computer information (MAC address, serial numbers, asset tags).
You can save this information to a file, which can be imported into the New Computers
List View. Depending on the number of incoming computers, the amount of information
you have about those computers, and the needs of individual users, you can use either
the pre-configured computer account method (best for smaller numbers of new
computers) or the Initial Deployment job (best when deploying generic setups by
departments or groups).
If you are using an import file, ensure you know the primary lookup key. This
information is required by Deployment Server to set up a unique computer. The primary
lookup key can be the Serial Number, Asset Tag, UUID, or MAC address.
Computer Configuration Properties
These computer property settings can be viewed, set, and modified when performing
the following computer management operations:
Adding New Computers on page 97.
Modifying Configuration on page 179. Create or edit property settings in a
deployment job.
Sample Jobs in Deployment Solution on page 193.
Click the configuration group icons to set additional computer property values. After you
edit these computer property settings, the computer restarts so that the changes can
take effect.
Deployment Solution 102

General Configuration Settings
General Configuration Settings Set the most important value from this property
sheet. It includes the name of the computer in
Deployment Solution, the NetBIOS name of the
computer, the MAC address and other settings.
Microsoft Networking
Configuration Settings
Set the Windows name of the computer and the
Workgroup or Domain settings.
TCP/IP Configuration Settings Set the TCP/IP addresses for one or more
network adapters.
NetWare Client Configuration
Settings
Set Novell Directory Services client logon
options.
Operating System Licensing
Configuration Settings
Set the registered user name and view the
hashed installation license key for the installed
operating system.
User Account Configuration
Settings
Set the local Windows user account values.

The General category provides access to important property settings that
are also listed in other configuration categories. Click other category icons
to view and set additional configuration properties.
Field Description
Name Provides a name that appears in the Deployment Console (not the
BIOS name of the computer).
Note
The Name field is disabled for multiple computer configuration.
MAC address The unique identification address of the network adapter.
Serial Number The serial number of the computers motherboard.
Asset Tag The asset tag of the computer, if available.
Computer
Name
The Windows name of the computer.
IP Address Current IP address of the computer. Multiple IP addresses are
listed in this box.
Registered
User
The name of the user who registered the operating system
software.
License key The hash value rendered from the OEM key or 25-digit license key
required when installing the operating system.
User name The user name for the local Windows user account.
Full name The full name for the local Windows user account.
Deployment Solution 103

Microsoft Networking Configuration Settings
Use Sysprep to generate unique SIDs. This can be done by manually running the utility
or selecting this feature while installing the Deployment Agent.
Password The password for the local Windows user account.
See also Computer Configuration Properties on page 101.

Enter the computer name and workgroup or domain property settings for
the managed computer. If you are using Active Directory, you can add
computers to a domain and a specified organizational unit (OU).
Field Description
Computer
name
This is the NetBIOS name for the computer. The name must be
unique in the network and limited to 15 characters.
Note
This field is disabled for multiple computer configuration.
Use Token for
computer
name
Select this check box to specify the computer name using tokens.
Selecting this option enables the Select Token option and
disables the Define Range option.
Note
This option is applicable for multiple computers and not for single
computers.
Select Token: You can select one of the following tokens from the
drop-down list.
%NAME%- Complete computer name.
%NICyMACADDR%- MAC address of the computer with NIC
specific number. Selecting this option enables the NIC
Number option. You need to specify the NIC number, which
ranges from 1-8.
%SERIALNUM%- Serial number from SMBIOS.
%NODENAME%- First 8 characters of actual computer name.
The NIC Number textbox is visible for NIC number input; the
default value is 1.
Field Description
Deployment Solution 104

TCP/IP Configuration Settings
Define Range Click to create a sequential range of computer names. The
Computer Name Range dialog appears. For new computers, set
a range of names for multiple new computers.
Fixed text. Enter the text portion of the name that you want
to associate with each computer. Example: MARKETING.
Range start. Enter a whole number to add to the fixed text.
Example: 1.
Append. Select this check box to add the range after the
fixed text in the computer name. If you clear this box, the
number is added as a prefix to the fixed text.
Result. View an example of the selected names that is
assigned to each computer. Example:
MARKETING1...MARKETING6.
Note
When setting name ranges, do not set names using multiple
Modify Configuration tasks and assigning the names by setting
conditions for task sets. If you set up two separate name ranges
to be assigned by separate conditions, the computer names
increment irrespective to the base name. See Modifying
Configuration on page 179, Setting Conditions for Task Sets on
page 149, and Computer Configuration Properties on page 101.
Workgroup Select this option and enter the name of the workgroup to place
the managed computer.
Note
You can select either the Workgroup or the Domain option.
Domain Enter either the fully qualified domain name, the DNS domain
name, or the WINS domain name. You can enter the fully qualified
domain name (Example: mjones.yourcompany.com), and specify
the organizational unit (OU) using this format: OU/newOU/users.
The complete entry to place the computer in the users OU is the
following:
mj ones. your company. com/ OU/ newOU/ user s
i nt er nal . mySer ver . or g/ New Cor por at e Comput er OU/
Mai l Room/ Expr ess Mai l Ser ver s

Enter TCP/IP settings for one or more network adapters. Click Advanced
to setup IP Interfaces, Gateways, DNS, WINS, and Static Routes. For
computer groups, click Associate to assign a range of pre-defined IP
addresses.
Field Description
Deployment Solution 105

Field Description
Host name The DNS name of a device on a network. The name is used to
locate a computer on the network.
Network
adapter
A list of all network adapters installed in the selected computer.
The network adapter with the lowest bus, device, and function
number is the first listed (NIC0 - zero based). If the bus, device,
and function information cannot be determined for a network
adapter, it is enumerated in the order it is detected.
When configuring multiple network adapters, ensure that one
network adapter is not using an Intel Universal NIC driver
(commonly called UNDI driver) to connect to Deployment Server.
If one network adapter uses the native driver and one uses an
UNDI driver, your computer appears twice in the console.
Add. Enter new settings for additional network adapters
installed on the client computer.
You can add virtual network adapter settings to send a job
to a computer group containing computers with varying
numbers of network adapters. If a computer in the group has
only one network adapter, it is configured only with the IP
settings listed first. If IP settings are provided for additional
network adapters not present in the computer, they are
disregarded.
If you add a new network adapter, the Remove button
appears. You can remove the new network adapter by clicking
Remove.
See also Computer Configuration Properties on page 101.
Description MAC Address. The MAC address is a unique number assigned
to the network adapter by the manufacturer. You cannot
change this number. The MAC address appears in this box
when you view computer configuration settings. This box is
disabled when creating a Modify Configuration task.
DNS connection suffix. Enter this to add domain suffixes to
the root address.
Obtain an IP Address automatically.
Use the following IP address.
Obtain DNS server address automatically.
Obtain the following DNS server addresses.
Reboot After Configuration. Restarts the computer after
configuration.
Deployment Solution 106

TCP/IP Advanced Options - IP Interfaces
IP Interfaces (Linux and Windows type only). Click Add to set named interfaces for this
network adapter. You can add TCP/IP addresses to an existing network adapter card on
Linux or Windows operating systems.
TCP/IP Advanced Options - Gateway
View Gateway addresses. Click Modify to edit an existing IP address. Use the up and
down arrows to move an address to the top of the list, which acts as the primary
address. Review all selection by clicking the TCP/IP option on the Configuration page.
TCP/IP Advanced Options - DNS
Click Add to set a new DNS address.
DNS server addresses, in order of use: Add additional Domain Naming Servers
(DNS) for this network adapter.
Append these DNS Suffixes (in order): Add the name of the Domain Suffix and use
the up and down arrows to set the DNS suffix search order.
TCP/IP Advanced Options - WINS
Click Add to set a new WINS address.
Add additional WINS settings for this network adapter. Select one of the Enable
NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, or Use NetBIOS settings
from DHCP server options for this network adapter. See also Computer Configuration
Properties on page 101.
Field Description
IP Address Add or modify an IP address common to all interfaces.
Subnet mask Enter the appropriate subnet mask.
Field Description
Interface
Name
Establish Linux-specific IP interface settings. Ensure you use the
eth syntax when naming new interfaces. Example: eth0:1 or
eth0:new interface.
Broadcast
Address
Enter the Broadcast address for the specified IP interface.
Interface
State
The default value of the interface state is Up, which denotes that
the named interface is operating. You can shut down the named
interface by selecting Down.
See also Computer Configuration Properties on page 101.
Field Description
Gateway Add additional gateways for this network adapter.
Deployment Solution 107

Note
You cannot edit this information in the Windows 98 operating systems. The Deployment
Console disables the edit feature on these types of clients.
TCP/IP Advanced Options - Static Routes
NetWare Client Configuration Settings
Field Description
Destination IP address of the destination Deployment Server.
Netmask Subnet mask.
Gateway Additional gateways required to reach the destination server.
Interface IP address for the interface over which the destination can be
reached.
Metric Cost associated with the route
Flags (Linux) Enter the flag associated with a Linux-specific operating system.
Possible flags include:
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)

Set Novell NetWare client values for a new or existing computer. Select
whether you want to log in directly to a NetWare server or to a NetWare
tree in the Novell Directory Service (NDS). You can specify the preferred
tree, server name, and NDS context.
Field Description
Ignore
NetWare
settings
Select to disregard all Novell NetWare client settings for this
computer. Clear to specify the required information.
Preferred
server
Select this option and enter the name of the NetWare server.
Example: \\OneServer. This is the primary login server for the
NetWare client.
Preferred tree Select this option and enter the name of the NDS tree.
Deployment Solution 108

Operating System Licensing Configuration Settings
User Account Configuration Settings
NDS User
name
Enter the name of the user object for the NetWare client.
NDS Context Enter the organizational unit context for the user.
Run login
scripts
Select this option to run the NetWare client login scripts.
See also Computer Configuration Properties on page 101.
Enter or view the license information for your Windows operating system
software (Windows 98, 2000, XP, 2003, and 2008 Servers, and Vista).
Field Description
Registered
user
Enter the name of the registered user.
Organization Enter the name of the organization.
License key Enter the alpha-numeric license key. This is the hash value
rendered from the OEM key or 25-digit license key required when
installing the operating system.
See also Computer Configuration Properties on page 101.

Set up local user accounts for the newly imaged computer or when running
a configuration task. Enter a user name, full name, and password; and set
standard Windows login options.
Field Description
User name The user name for this local Windows user account.
Full name The full name for this local Windows user account.
Password The password for this local Windows user account.
Confirm
password
Confirm the password for the local Windows user account.
Field Description
Deployment Solution 109

Deployment Agents
To remotely manage computers from a Deployment Console, a Deployment Agent is
installed on each computer in the Deployment Server system. Deployment Agents are
provided for various computer types, including Windows, Linux, DOS, and PPC handheld
computers.
The following Deployment Agents reside on the client computer and communicate with
the Deployment Server.
Groups Specify the Windows groups that this user belongs to as a
comma-delimited list. Example: Administrators, Marketing,
Management.
User must
change
password at
next logon
Select to force the user to change the password after setting the
configuration properties.
User cannot
change
password
Prohibit the user from changing the password at any time.
Password
never expires
Select to maintain the user password.
See also Computer Configuration Properties on page 101.

To set or modify Deployment Agent settings from the Deployment Server
Console, right-click a computer or group, select Change Agent Settings
and click Production or Automation.
To set or modify agent settings for new computers, click Tools > Options,
click Agent Settings.
Deployment Agent on
Windows
The Deployment Agent runs on Windows computers,
including desktops, notebooks, and servers. See
Deployment Agent Settings on page 110.
Deployment Agent on Linux This Deployment Agent runs on Linux workstations
and servers. See Deployment Agent Settings on
page 110.
Automation Agent The Automation Agent is used when you create
configurations to boot client computer to automation.
This is done through Boot Disk Creator. See Boot
Disk Creator Help and Install Automation Partition on
page 133.
Deployment Agent on
ThinClient CE 6.0
This agent runs on ThinClient Windows CE 6.0
operating systems and lets the Deployment Console
manage WinCE 6.0 based Thin Clients.
Field Description
Deployment Solution 110

Install Deployment Agent to add a managed computer
When a Deployment Agent is installed on a computer, it searches the network for a
Deployment Server to attach to. When the Deployment Agent locates a Deployment
Server, the client computer is added as a record to the Deployment Database.
Automatically update to newer version of Deployment Agent
At times, Altiris may update versions of the Deployment Agent to enhance features. For
best performance, we recommend that all managed computers run the latest version of
the Deployment Agent. When a new version of the Deployment Agent is saved to the
Deployment Share file server, the managed computers automatically update the
Deployment Agent.
1. From the computer where Deployment Server is installed, click Start > All
Programs > Altiris > Deployment Solution > Configuration. The Altiris
Deployment Server Configuration Utility page appears.
2. Click Options.
3. Click Transport.
4. Select the Automatically update clients option and click OK.
Deployment Agent Settings
You can set the default agent settings when new client computers are added to the
system that the Deployment Server will manage.
Deployment Agent on CE
.NET
This agent runs on the CE .NET 4.2 operating
system.
Notification Server Client The NS client is an Altiris agent that runs on
computers supported by the Notification Server. This
agent runs on the Deployment Server computer
when running Deployment Solution on the
Notification Server.
Deployment Server Agent This agent runs on the Deployment Server computer
when running Deployment Solution on the
Notification Server.

When the Deployment Agent for Windows is running on a computer, the user
sees a small icon in the system tray. When the icon is blue, the client
computer running the Deployment Agent is connected to the Deployment
Solution system.

When the Deployment Agent for Windows icon is clear, it shows that the client
computer is not connected to the Deployment Solution system. The agent
may be configured incorrectly, the Deployment Server is down, or other
network problems exist.
Deployment Solution 111

You can also modify the properties settings for the Production or Automation Agent
through the Automation Agent.
When the client agent is first started, the agent establishes a connection to the
Deployment Server using the following general steps:
1. The agent service is started and initialized.
2. A TCP socket is created.
3. A connection is made to the Deployment Server.
4. The agent is updated, if required.
5. A basic inventory of the client is sent to the Deployment Server.
After the initial connection process is complete, no additional data needs to be sent to or
from the Deployment Server for the client agent to remain connected.
Note
If no Deployment Solution traffic is sent to the Deployment System agent, the TCP/IP
protocols send an occasional watchdog packet (approximately every 24 hours) to ensure
that the connection is still valid.
Deployment Agent Properties
Right-clicking the Deployment Agent icon gives you access to the following options:
View status. Brings up the Altiris Client Service box to observe the current status
of the Deployment Agent. You can also see the computer name, deployment server
connected to, IP address, multicast address, and MAC address. You can also watch
Deployment Agent communicate with the Deployment Server. Clicking Properties
lets you edit the Deployment Agent properties. Passwords protect this option.
About. Displays the version and licensing statement for the Deployment Agent.
Passwords do not affect this option.

To set or modify agent settings in the Deployment Server Console for
Windows or Linux clients, right-click the computer and select Change
Agent Settings > Production Agent Settings.
To set or modify agent settings for the Deployment Agent, click Tools
> Options.
Click the Agent Settings tab.
Select the Force new agents to take these default settings check
box to set the Deployment Agent settings for all new computers.
Click the Change Default Settings tab. Click each agent setting tab
to set the properties. See Server Connection on page 112, Access on
page 113, Security on page 114, Log File on page 114, Proxy on
page 115, and Startup/Shutdown on page 115.
Click OK.

To view or modify settings from the Windows client, right-click the
Deployment Agent icon in the system tray (or double-click the client icon in
the system tray and click Properties).
Deployment Solution 112

View log file. View the Deployment Agent log file, if you have chosen the option to
create a log file. Passwords have no effect on this option.
Clear log file. Clear the log file that has been created.
Shutdown for imaging. Make an image of a computer without using a job. This
makes the required preparatory changes to the computer before an image is made.
Failure to do this breaks the reconfiguration phase when deploying the image using
a job. Passwords protect this option.
Change Name in Console. Change how this computer is listed in the deployment
server console. This option does not change the NetBios name of the computer or
the name of the computer in the database, but only changes the name of the
computer displayed in the Computers window. Passwords protect this option.
Remove. Uninstall Deployment Agent from the computer. Passwords protect this
option.
Exit. Stops all Deployment Agent services from running but does not uninstall
Deployment Agent. Deployment Agent loads normally the next time you boot the
computer. Passwords protect this option.
User Properties. Quickly go to the User Properties page to view or make changes.
Passwords protect this option.
Admin Properties. Quickly go to the Admin Properties page to view or make
changes. Passwords protect this option.
Show Network Interfaces. View what network cards are in your computer.
Passwords protect this option.
The following configuration properties (organized using tabs in the dialog) are included
in the Production Agent Settings dialog.
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client
receiving the Deployment Agent connects to the Deployment Server you selected to
configure.
Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server
computer.
Port. Enter the port number communicating with the Deployment Server.
Enable key-based authentication to Deployment Server. Select this option to
specify mandatory authentication for client computers to connect to the Deployment
Server. This helps keep rogue computers from connecting to unauthorized Deployment
Servers.
Discover Deployment Server using TCP/IP multicast. Managed computers can use
the multicast address if they are on the same segment as the Deployment Server or if
multicast is enabled on the network routers. Ensure that the multicast address and port
match those set up on the Deployment Server. Try using defaults on both the client and
Deployment Server if you have problems while connecting.
Server Connection Log File
Access Proxy
Security Startup/Shutdown
Deployment Solution 113

Managed computers should use the Deployment Server IP address if multicasting is
disabled on the network routers or if they are not on the same network segment as the
Deployment Server. The port number must match the number set on the Deployment
Server. Otherwise, the client computers cannot connect.
Server Name. Enter the NetBIOS name of the computer running the Deployment
Server.
Port. Enter the port number distributing the multicast address.
Multicast Address. Enter the group multicast address.
TTL. Specifies the number of routers the multicast request can pass through. Change
this setting if you want to locate a Deployment Server that is more than 32 routers away
(default setting) or to restrict the search to a smaller number of routers, making it
easier to find the closest Deployment Server.
Refresh connection after idle. Select the Refresh Connection after idle check box
and set the refresh time in hours or days. The Deployment Server closes the connection
after the specified time and immediately tries to re-open the connection. This sends a
message to client computers that the network is down.
The default checking is of 28800 seconds or 8 hours. We recommend keeping this
setting above 28800. Do not set this option too lowreconnecting to the Deployment
Server increases bandwidth when connecting. If this option is set too low, your client
computers will take longer to connect than to refresh their connections.
Abort files transfers if rate is slower than. Select this option to preserve bandwidth
when running deployment tasks on slower connections.
Access
Set these commands to control the way the client handles requests from the server.
Allow this computer to be remote controlled. Select to let the administrator
remotely control the selected computer. The default setting is to NOT let the computer
be remotely controlled.
Prompt the user before performing actions. You can select the following options to
prompt the user before the corresponding action is performed:
Shut down and Restart. Prompts the user before shutting down and restarting the
computer. This feature overrides the Power Control option from the Deployment
Server to force applications to shut down without a message.
Copy file and Run command. Prompts the user before running a program or
executing file copy commands.
Remote Control. Prompts the user before running the Remote Control commands.
Time to wait for user response. If one of the Prompt the user before perform
actions is selected and the user is not at the computer to respond, you need to decide
whether to continue or abort the operation. Specify the time to wait for the users
response, and select one of the following:
Continue the operation. Select to continue if there is no response from the
user.
Abort the operation. Click to not continue if there is no response from the
user.
Deployment Solution 114

Select when the Deployment Server is denied access to the Deployment Agent.
Select the days and set the start and end times when access to the Deployment Agent is
denied.
Security
This page lets you secure data between the Deployment Server and the Deployment
Agent, or to set a password so that the user on the client computer can only view and
modify the User Properties of the Altiris Client Settings on the managed computer.
Encrypt session communication with Deployment Server. Select to allow
encryption from this managed client computer to the Deployment Server. This lets
encrypted data transmissions between the Deployment Server and the Deployment
Agent on the client computer. If selected, the client computer can connect (but is not
required to connect) using encryption.
To enable encryption protocols, you must open the Altiris Deployment Server
Configuration Utility, click Options and select the Transport tab. Select the Allow
encrypted sessions check box to let Deployment Server transmit using encryption
protocols.
Require encrypted session with any server. Select to require encryption between
the managed client computer and the Deployment Server. If this option is selected and
the option to allow encryption in the Deployment Configuration tool is not selected, the
Deployment Server does not communicate with the Altiris Client on the managed client
computer.
Note
Selecting encryption options slows down the communication path between the agent
and the Deployment Server.
Password protect Admin properties from user. Select to let users on the managed
computer access the Admin properties only if they enter the set password. If the check
box is selected and the user does not know the password, they will have rights only to
view the User Properties, which includes only the User Prompts and Remote Control
tabs on the Altiris Client Settings dialog.
Enter the password in the Password field and re-enter the password for
confirmation in the Confirm password field.
Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the
managed computer. If you hide the icon, you must run AClient.exe with the -admin
switch to view and modify the complete administrative properties from the managed
client computer.
Log File
The Log File page controls how data is logged and saved in a Deployment Server
system, letting you save different types and levels of information to the log files. You
can save a text file with log errors, informational errors, and debug data using this
dialog.
If the log exceeds the specified size, the older data is dropped from the files. You can
maximize the size of the log file to save all selected data.
Save log information to a text file. Select this option to save information to a log file.
By default, this option is cleared. Selecting this option enables the File name and
Maximum size fields.
Deployment Solution 115

File name. Enter the name and path of the log file. The default path is \Program
Files\Altiris\AClient\AClient.log file.
Maximum size. Enter the maximum number of bytes for each log file.
Log errors. Select this option to save only the errors returned when running a job or
operation between the Deployment Server and the Deployment Agent.
Log informational messages. Select this option to save a list of procedural steps run
on the client computer.
Log debugging information. Select this option to list comprehensive debugging
information in the text file.
Note
If the log exceeds the specified size, the older data is dropped from the files, so it is
recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive
multicast or Wake-On-LAN packets from the Deployment Server. Setting the managed
computer as a proxy client computer forwards or re-creates the multicast packets. A
managed client computer setup as a multicast proxy simply acts as a Deployment
Server and advertises the servers name and IP address through multicasting. You can
also set the managed computer as a proxy to send Wake-On-LAN packets.
Set these options to control how the managed computer acts as a proxy agent,
identifying the type of traffic this managed computer forwards from the server.
Forward Wake-On-LAN packets. Select if you want the managed computer to
forward Wake-on-LAN packets.
Forward Deployment Server discovery multicast packets. Select if you want to
advertise the Deployment Server to client computers on another LAN segment or if the
client computer is on the other side of the router.
Send multicast advertisement every. Set the time in seconds, minutes, or hours for
managed computers to send a multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time in seconds, minutes, or hours
for managed computers to delay jobs until after system startup.
Specify the Windows boot drive. Specify the drive that the client computer boots
from. The default is the C drive.
Force all programs to close when shutting down. Select this option to shut down
applications when using Power Control features. The user is still prompted to Abort or
Continue the shutdown.
Synchronize date/time with Deployment Server. Select this option to synchronize
the system clock of managed computers with the time of the Deployment Server.
Prompt for a boot disk when performing automation jobs. Select this option to
prompt for a boot disk while running any automation jobs.
Advanced
Deployment Solution 116

Disabled direct disk access for Deployment Agent for DOS (BootWorks)
communication. Select this option to disable the direct disk access for Automation
communication.
Deployment Agent for Linux
The Deployment Agent for Linux is an agent software that runs on managed Linux
computers. The agent collects and sends data from the managed computer to the
Deployment Server system, executes deployment tasks sent from the server, installs
packages, and runs management processes as directed from a Deployment Console.
See Installing Deployment Agent on Linux on page 351 for additional information.
A Linux managed computer is identified in the Deployment Console by unique Linux
icons reflecting deployment and process status, letting you deploy and manage
computers similar to the Deployment Agent for Windows, with the following exceptions:
Deployment Agent Settings for DOS
You can configure property settings for the Automation Agent for specified computers or
computer groups. You can remotely maintain important agent settings and update
settings as required from the console.
When a new client computer connects, it receives the default agent settings from
Deployment Server for drive mappings, authentication, and LMHost entries. Each client
computer still has the capability to maintain its unique settings for the Deployment
Agent for DOS as set in the Boot Disk Creator.
Automation Agent Settings include the following property settings:
Deployment Task Deployment Agent for
Windows
Deployment Agent for
Linux
Create Disk Image Yes Yes
Distribute Disk Image Yes Yes
Scripted OS Install Yes Yes
Distribute Software Yes Yes
Capture Personality Yes No
Distribute Personality Yes No
Change Configuration Yes Yes
Run Script Yes Yes
Copy File Yes Yes
Shutdown/Restart Yes Yes

To set or modify agent settings for a specific computer, right-click the
computer icon and select Change Agent Settings > Automation Agent
in the Deployment Console.
To set or modify agent settings for ALL computers, click Tools > Options,
click Agent Settings > Change Default Settings.
Deployment Solution 117

Drive Mappings
Authentication
Network
Drive Mappings
Set drive mappings used by the Deployment Agent for DOS to access hard disk image
files and other packages from a specified network drive. You must map the F Drive to
the Deployment Share. You can also map other file server directories when storing large
numbers of image files or deployment packages.
Click Add to open the Add Drive Mapping page. Select the following options:
OS. Select the operating system from the drop-down list.
Drive Mapping. Enter the drive letter and volume of a shared folder. Example:
F: \\WebDeploy\Image files.
Note
You must select a shared folder in this field. You can browse and select any type of
folder, but the Deployment Agent for DOS maps to and accesses files only from a shared
folder.
Path. Enter a UNC path.
You can also edit or remove a drive mapping from the list. See also Deployment Agents
on page 109.
Authentication
Provide the login credentials that the Deployment Agent for DOS needs to map network
drives. The associated credentials for each network drive must have the rights that the
Automation agents need to access files.
Domain/Workgroup. To map the network drives, enter the name of the users Domain
or Workgroup that the Deployment Agent for DOS uses to log on.
Username. To map the network drives, enter the user name that the Deployment
Agent for DOS logs on as.
Password. Enter the password.
Confirm Password. Retype the password for confirmation.
See also Deployment Agents on page 109.
Network
These settings let you match the IP address with the computer name, as maintained in
the LMHosts file in the Deployment Agent for DOS partition.
1. Click Add. The Add LMHosts Entry dialog appears.
2. Enter the Computer Name. Enter the name of a computer to associate with an IP
address.
3. Enter the IP Address.
or
Deployment Solution 118

Click Lookup IP. This automatically populates the field with the IP address of the
entered computer name.
4. Click OK.
See also Deployment Agents on page 109.
Managing Client Connections
The following utilities are provided for managing transmissions between the Deployment
Server and the Deployment Agents running on the managed client computers.
Reset a Client Connection
Resetting the connection that a managed computer has with the Server simply
disconnects and reconnects the computer. This is useful for troubleshooting or if you
suspect a bad connection.
To reset a client connection, right-click a computer and click Advanced > Reset
Connection. When the computer disconnects, its icon turns gray. The computer should
reconnect and its icon color returns to its original active status color.
Reject or Retrieve a Rejected Computer
If a computer you do not want to manage connects to your Deployment Server, you can
reject it. This removes the unwanted computer from the Computers pane in the
console. Further attempts by the computer to connect are denied. Although the
computer is not deleted, any history or schedule information associated with the
computer is deleted.
1. Right-click the computer you want to reject from connecting to the Deployment
Server.
2. Click Advanced > Reject Connection.
3. Click OK.
Rejected computers are stored in a Rejected Computers list. Select View > Rejected
Computers to view this list.
Accept a Previously Rejected Computer
If you now want to accept a previously rejected computer, you can retrieve it and
reconnect it to the Deployment Server.
1. Click View > Rejected Computers.
2. From the list, select the computer you want to retrieve.
3. Click Accept Computer(s) to remove the computer from the rejected list (this
doesnt delete the computer, just removes it from the list of rejected computers).
4. Click Yes to confirm the action, click Close.
This client computer can now be managed from within the Computers pane.
Connection requests from this client computer are now allowed.
See also Deployment Agents on page 109.
Deployment Solution 119

Computer Properties
View and edit the computer properties for each managed computer.
General
See also Computer Configuration Properties on page 101.
Hardware
See also Computer Configuration Properties on page 101.
Drives

View and edit computer properties by double-clicking a computer icon in
the Computers pane, or right-clicking and selecting Properties, or
clicking the icon in the toolbar.
General Services
Hardware Devices
Drives Location
Network Configuration
TCP/IP
Applications

View or change the name of the computer as it appears in the console. You
can view the following: logged-on user names, operating system installed,
name of the Deployment Server, whether an automation partition is
installed, version of the Altiris Windows Client, and other client information.

View processor make and type, processor count, RAM installed on the
computer, display configuration, manufacturer, model, product name, MAC
address of each network adapter installed, serial number, asset tag, UUID,
and whether Wake On LAN and PXE are installed and configured.

View information about each drive on the computer. If you have multiple
drives, you can select a drive from the list to view its settings, such as the
capacity, serial number, file system, volume label, and number of drives
installed.
Deployment Solution 120

See also Computer Configuration Properties on page 101.
Network Configuration
See also Computer Configuration Properties on page 101.
TCP/IP
See also Computer Configuration Properties on page 101.
Applications
See also Computer Configuration Properties on page 101.
Services
See also Computer Configuration Properties on page 101.
Devices

View Microsoft Networking, Novell Netware settings, and user information
for the selected managed client computer.

View TCP/IP information, including a list of all installed network adapter
cards (up to eight) for the selected computer. Click Change to open the
Configuration page to modify settings (see Configuring Computers on
page 125).

View the applications that are installed on the computer, including their
description, publisher, version number, product ID, and system
components.

View the services installed on the computer along with the description,
start type, and path for each service.

View the devices installed on the computer, including display adapters,
disk drives, ports, storage volumes, keyboards, and other system devices.
Deployment Solution 121

See also Computer Configuration Properties on page 101.
Location
See also Computer Configuration Properties on page 101.
Bay
Server Deployment Rules
From the Bay property page, you can select rules to govern actions taken when a new
blade server is detected in a selected bay. These rules are described below:

View and edit user-specific properties such as contact name, phone
number, e-mail address, department, mail stop, and site name. As the
administrator, you can enter this information manually or you can let the
user populate this screen using the Prompt User for Properties option.
See Prompt User for Properties on page 132.

View location information and other properties for Rack /
Enclosure / Bay components for high-density and blade servers.
Set rules for automatic re-deployment of blade servers based on
physical location changes. This property is available only to
systems using blade servers.
Rule Action
Re-Deploy
Computer
Restore a blade server using deployment tasks and configuration
settings saved from the previous server blade in the bay. This lets
you replace new blades in the bay and automatically run
deployment tasks from its deployment history. (See Restoring a
Computer from its Deployment History on page 124.)
All deployment tasks in the bay's history are run starting from the
last Distributing a Disk Image task or Scripted OS Install task, or
from any script (in a Run Script task) with this command: rem
deployment start. See Distributing a Disk Image on page 160,
Scripted OS Install on page 165, and Run Script on page 181.
Run
Predefined Job
The server processes any specified job. Select a job to run
automatically when a new server is detected in the bay.
Ignore the
Change
This option lets you move blades to different bays without
automatically running jobs. The server blade placed in the bay is
not identified as a new server and no jobs are initiated. If the
server existed in a previous bay, the history and parameters for
the server are moved or associated with the new bay. If the server
blade is a new server (never before identified), the established
process for managing new computers is executed.
Deployment Solution 122

See also Computer Configuration Properties on page 101.
Lights-Out
Note
This feature is currently only available for selected HP Integrated Lights Out (ILO) and
Remote Insight Lights-Out Edition (RILOE) features.
See also Computer Configuration Properties on page 101.
Remote Operations Using Deployment Solution
The Operations menu in the Deployment Console provides a variety of commands to
remotely manage all computers in your site or network segment. Some operation
commands, such as Restore, automatically create and schedule deployment jobs and
place them in the System Jobs folder in the Jobs pane. Other commands, like Chat or
Remote Control, open utility programs to access and remotely manage computers.
Wait for User
Interaction
(Default) No job or tasks are performed (the Deployment Agent on
the server blade is instructed to wait). The icon on the console
changes to reflect that the server is waiting.

View information about the remote management hardware installed on the
selected computer (most often a server) used to power up, power down
and restart the computer remotely, or to check server status. You can also
enter the password for the remote management hardware by clicking
Password.

Open the computer operations menu by right-clicking a computer icon in
the Computers pane, clicking Operations on the menu bar, or clicking
the icons in the toolbar.
Restore Reconfigure your computer to a former state. Select from a list
of previous deployment tasks and select to restore only the ones
you want. See Restoring a Computer from its Deployment
History on page 124.
History View, print, delete, and save to file a history of deployment
tasks. See Viewing a Computers History on page 125.
Rule Action
Deployment Solution 123

Configure Set network and local configuration properties for each
computer, including computer name, IP address, domains,
Active Directory context. See Configuring Computers on
page 125.
Quick Disk
Image
Select a computer and image its hard disk. This creates and
stores the image to distribute now or later. See Quick Disk
Image on page 125.
Power Control Wake up, restart, shut down, and log off remotely. See Power
Control on page 126.
Remote Control Open a remote control window directly to a selected client
computer. Investigate problems directly from your console. See
Remote Control on page 127.
Execute Type and run commands remotely. See Execute on page 131.
Copy File to Copy selected files, directories, or entire directory structures
and send them to the selected computer(s). See Copy File to on
page 184.
Chat Start an individual chat session with one or more selected client
computers. Communicate actions or query for symptoms during
administration. See Chat on page 132.
ADVANCED >
Clear Computer
Status
Clear computer status as shown in the title bar of the List View.
Prompt User for
Properties
Query the user for personal information. This feature sends a
form to the user to fill out. See Prompt User for Properties on
page 132.
Reset
Connection
Disconnect and reset the connection between Deployment
Server and the Deployment Agent on the selected computer.
Install
Automation
Partition
Embed automation partitions onto the selected computers hard
disk to enable a managed computer to run automation tasks.
Get Inventory Update property settings for a selected computer. These
inventory settings can be viewed in Computer Properties on
page 119. Select it to ensure that you have the latest inventory
of the computer.
Set the timeout value in the General tab of the Deployment
Server Configuration utility (in the Control Panel).
Reject
Connection
Refuse communication with the selected computer.
Install BIS
Certificate
Install a BIS certificate for the selected computer.
Remove BIS
Certificate
Remove a BIS certificate from the selected computer.
Uninstall agent Uninstall the agent from the selected computer.
Apply Regular
License
Apply a permanent license if a client computer is using a time-
limited license or requires an updated license.
Deployment Solution 124

Restoring a Computer from its Deployment History
Occasionally, it is necessary to restore a computer to its original settings based on
operations or deployment jobs previously executed on the computer. A computers past
deployment history appears in the Restore Computer dialog, where you can restore a
computer by selecting the tasks from its history file. You can rerun the deployment tasks
to restore the computer.
1. Right-click a computer and click Restore.
The Restore Computer dialog appears with a list of previous tasks with check
boxes.
2. (Optional) Select the type of tasks to be displayed from the Show only drop-down
list. Select the date from the Since list box to filter tasks.
3. Click Next to view a summary of tasks selected to reschedule.
4. Click Next to schedule the job. See Scheduling Jobs on page 151.
5. Click Finish.
When you finish this computer operation, a new job appears in the Jobs pane of the
Deployment Console under the System Jobs > Restoration Jobs folder. The job name
has a generic format of Restore: <computer name>.
New Job Wizard Open this to build, assign, and schedule deployment jobs for the
selected computer. See New Job Wizard on page 144.
New Group Click to create a new computer group in the Computers pane.
New Computer Create a new computer account. See Adding New Computers on
page 97.
Rename Assign the computer or group a new name in the console. Right-
click a computer or group to edit in the Computer pane.
Delete Delete a computer, a computer group, or any combination of
computers and groups from the database.
Change Agent
Settings
Update property settings for the Deployment Agent running on
selected computer(s). See Deployment Agents on page 109.
Permissions View security settings for the selected computer(s).
Job Scheduling
Wizard
Open this to assign deployment jobs to the selected computer.
Properties View computer configuration and network properties. See
Computer Properties on page 119.

Restore a computer by right-clicking a computer icon in the Computers
pane and selecting Restore, clicking Operations > Restore Computer
on the menu bar, or clicking this icon in the toolbar. You can restore a
computer using Remote Operations Using Deployment Solution or by
creating and scheduling a job using the New Job Wizard. See Remote
Operations Using Deployment Solution on page 122 and New Job Wizard
on page 144.
Deployment Solution 125

Viewing a Computers History
You can view the history of deployment tasks for a specific computer. Users who do not
have administrative privileges or the permissions to delete a computers history cannot
access this option.
1. Right-click a computer and click History.
The History of <Computer Name> dialog appears with a list of previous tasks,
including when the task was scheduled, its deployment status and other deployment
information.
2. (Optional) Click Save As to save the file as a .TXT or .LOG file.
3. (Optional) Click Print to print the History file.
4. Click Delete to delete the History file. Click Yes to the confirmation message.
5. Click Close.
See also Remote Operations Using Deployment Solution on page 122.
Configuring Computers
From the Operations menu, you can enter and modify configuration settings for
computers. See Computer Configuration Properties on page 101 for complete
information about configuration settings.
1. Right-click a computer and click Configure.
The Computer Configuration Properties dialog appears.
2. Set basic configuration values in the General configuration group (default view).
3. Click other configuration group icons in the left pane to set additional values.
4. Click OK.
See also Remote Operations Using Deployment Solution on page 122.
Quick Disk Image
This computer operation creates a disk image of the selected computer. This option is a
quick and easy way to create a disk image of a selected managed computer from the
Deployment Console.
To run a disk image job you must have an automation partition installed on the client
computer, or it is PXE-enabled and can boot to automation by connecting to a PXE
Server.
1. Right-click a computer and click Quick Disk Image.
The Schedule Computers for Job dialog appears. See Scheduling Jobs on
page 151.
2. Schedule the job to run immediately or at a later time. You can also click the option
to not schedule the job (this option places the job in the working area and does not
run until you manually drag it to a selected computer and reschedule it).
3. Click OK.
A new job appears in the Jobs pane of the Deployment Console under the System
Jobs > Image Jobs folder. The job name has a generic format of Create Image:
<computer name>.
Deployment Solution 126

See also Remote Operations Using Deployment Solution on page 122.
Power Control
This computer operation lets you wake up a computer, restart a computer, shut down,
or log off as the current user for a selected managed computer. You can also power a
computer on if Wake-On-Lan is supported.
1. Right-click a computer and select Power Control.
A secondary menu appears with the following options:
2. Select a Power Control option. A Confirm Operation dialog appears. Select the
Force application to close without a message option to shut down users
without a warning. If you do not select this option, the user is prompted to save
work before the power operation continues.
3. Click Yes.

Restore a computer by right-clicking a computer icon in the Computers
pane and selecting Power Control, clicking Operations > Power
Control on the menu bar, or clicking the icon on the toolbar.
Wake-up The Wake-Up feature is hardware-dependent and is available only
for inactive computers. Select this command to start a computer
that has been turned off.
Notes
Your operating system and network adapter must be capable of
recognizing and processing the Wake-on-LAN packets. Non-
embedded network adapters must be properly configured.
Example: 3Com NICs have an extra header cable that enables
Wake-on-LAN. Check the documentation that comes with your
network adapter for more information about Wake-on-LAN.
For NICs and operating systems that support Wake-on-LAN Power
Management features, go to the Properties dialog of the network
adapter driver and select the Power Management tab. Click the
Allow this device to bring the computer out of standby option
for this device to bring the computer out of standby status.
You must enable this feature for some computers in their BIOS.
Restart Click to reboot the selected managed computer. Select Force
Applications to close without a message box to restart
immediately without prompting the user.
Shut down Click to shut down the selected managed computer. Select Force
Applications to close without a message box to shut down
immediately without prompting the user.
Log off Click to log off the selected managed computer. Select Force
Applications to close without a message box to log off
immediately.
Deployment Solution 127

See also Remote Operations Using Deployment Solution on page 122.
Remote Control
Multiple methods are provided to remote control managed computers. The integrated
DS remote control utility can be used on Windows XP, 2003 Server, and 2000 computers.
Additionally, you can access the built-in Remote Desktop feature built into many
Windows operating systems directly from the Deployment Console. You can also
manually add access to other remote control utilities by modifying a configuration file.
DS Remote Control (page 127)
Remote Desktop Connection (page 130)
Additional Remote Control Programs (page 131)
DS Remote Control
Remote Control is a computer management feature built into the Deployment Server
Console. It lets you control all types of computers to view problems or make immediate
changes as if you were sitting at the managed computers screen and using its keyboard
and mouse.
Note
You cannot disable the flashing eye icon while the computer is being remotely
controlled.
Before you can remotely control a managed computer:
The managed computer must have the Altiris Agent for Windows installed and
properly set up.
The client must have the appropriate Proxy option selected in Altiris Client
Properties. See Proxy on page 115.
The client and Deployment Server Console must be able to communicate to each
other through TCP/IP.
To remotely control a managed computer
1. Right-click a computer and click Remote Control > DS Remote Control.
This opens the Remote Control window displaying the managed computers
screen.


When a managed computer is being remotely controlled, the Deployment
Agent icon in the managed computers system tray flashes these two icons
alternately.
Remote Control also provides Chat, Refresh, , Send File, and
Ctrl+Alt+Delete features to assist in managing computers from the
console. See Chat on page 132 and Copy File to on page 184.
Deployment Solution 128

Note
If you cannot perform a remote-control operation from the selected managed
computer, you can change this client setting by using the Remote Control options
in the Change Agent Settings command. The default setting is to not allow
remote control of the managed computer. See Proxy on page 115.
2. From the Remote Control window, you can execute the following commands:
3. To end a Remote Control session, click Control > Close Window in the Remote
Control window.
Toolbar
Chat Click to open a chat session with the selected managed computer.
This starts a chat session between the console computer and the
managed computer. The chat session opens a chat window that
lets you send messages back and forth between the Deployment
Console and the managed computer. If you start a chat session
while controlling multiple computers in a single window, the chat
session is only between the Deployment Console and the master
client.
Refresh Click to update the screen view of the managed computer.
Ctrl+Alt+Delet
e
Click to select Restart or Logon options for the managed
computer.
Note
The managed computer must be running Windows 2000, XP, 2003,
2008, and Vista and have the keyboard and mouse driver installed
for this feature to be available.
Send File See Send Files during Remote Control on page 129.
Toggle Control Click to toggle between the view of control access of the managed
computer (default) and of access only of the managed computer.
Control menu
Disable Input
from the Client
Click to prohibit the user of the managed computer from using the
keyboard or mouse during the remote-control session.
Close Window Click to close the remote control window of the managed
computer.
View menu
Refresh Click to refresh the view of the screen.
Fit to Window If this option is selected, the client display image becomes the
same size as the Remote Control window. If this option is not
selected, the image retains the size of the client display.
Color Depth See Remote Control Properties on page 129.
Properties See Remote Control Properties on page 129.
Deployment Solution 129

Send Files during Remote Control
Click to send files to the managed computer that is remotely controlled. Enter the name
of the source file to be copied and the destination path on the managed computer.
Select the required compression and encryption options.
If you are controlling multiple clients within a single window, this dialog sends a file only
to the master client.
Source filename. Enter the name of the file to be sent.
Destination path. Enter the path where you want the file to reside on the managed
computer.
Compress Data. Select to compress the file during the copy process to decrease
network traffic.
Encrypt Data. Select to encrypt data package for security.
You can also drag entire folders from the Deployment Console computer to the remote
control window, which copies the files to the remote client computer.
Remote Control Properties
Color Depth. Click to specify the color depth (number of colors) used by the Remote
Control window. This setting applies only to the Remote Control window at the console,
not to the display of the managed computer. There is no benefit of setting a color depth
on the Remote Control window greater than that of the managed computer. The benefit
of lower color depths is improvement in speed.
Use specific image resolution. Click to specify the width and height of the image that
represents the client display.
Update Interval. Select to specify how often the image in the Remote Control window
is updated (in milliseconds). The more frequently the display is updated, the more
bandwidth is required.
Only update foreground window. Select to refresh only the selected window in the
remote control session.
Set Remote Control Permissions
Deployment Solution provides multiple features for ensuring privacy and security when
a managed computer is remotely controlled. Before a managed computer can be
remotely controlled, the Remote Control preferences on the Deployment Agent for
Windows must be set to allow remote control access.
You can also lock the keyboard and mouse of the managed computer or set a prompt for
the user, asking for permission to initiate a remote session. This lets the user accept or
reject the request. In certain environments, such as a lab or classroom, using a prompt
to ask for permission might not be preferred.
To remotely set security options on each managed computer, use Change Agent Settings
from the console or open Properties on the Deployment Agent on the client computer
(you must access Admin properties).
1. After opening the Deployment Agent property page, select the Remote Control
tab.
2. Select Allow this computer to be remote controlled to provide access from the
Deployment Server Console.
Deployment Solution 130

3. (Optional) To lock the keyboard and mouse during a remote control session, select
the Enable keyboard and mouse driver option.
This option works only on Windows 2000, XP, 2003, 2008, and Vista.
Note
After selecting this option (either enabling or disabling the keyboard and mouse)
you must restart the managed computer. This can be done using a Power Control
operation. See Power Control on page 126.
4. If you want the user to be prompted before a remote control session begins, click
the User Prompts tab.
a. From the Choose the commands you would like to be prompted before
executing options, select the Remote Control commands option.
b. Specify the number of seconds you want the prompt to wait. Also, specify what
will happen after the prompt time is over. Click either Continue the operation
or Abort the operation.
5. Click OK.
Start Multiple Sessions
You can manage multiple computers using the Remote Control feature. However, the
more computers you include in the session, the larger the bandwidth over the network.
Open a separate Remote Control window for each managed computer. Right-click
each computer and select Remote Control. A new window appears for each
selected computer.
Open a Remote Control window for a group of managed computers. Right-click a
computer group icon and select Remote Control.
The Remote Control Options dialog appears with options to Control each client
separately in its own window or to Control all clients together. If you select to
control clients separately, individual windows appear for each computer. If you
select to control clients together, you are asked to select a master computer.
The Master Computer is the computer that appears in the Remote Control window,
but all operations performed from the Master Computers console also run on the
other computers in the group. All computers in the group should be similar in
configuration to work properly.
Note
If you are controlling multiple computers in a single window, you can send a file only
between the console and the master client. If you want to send a file to multiple
clients at the same time, use the Copy File to feature. See Copy File to on
page 184.
To end a Remote Control session, click Control > Close Window.
Remote Desktop Connection
Remote Desktop connection is available for many Windows operating systems including
Windows Vista and 2008 Server.
Deployment Solution 131

To remotely connect to a computer
1. Open the Deployment Console and right-click the Vista computer you want to
remotely connect.
2. Click Remote Desktop. The remote desktop window for the computer appears.
The remote desktop connection is established to the Vista computer.
To remotely connect to multiple computers using the Remote Desktop
option
1. Open the Deployment Console and right-click the computer you want to remotely
connect.
2. Click Remote Desktop. The remote desktop window for the computer appears.
The remote desktop connection is established to the computer.
To remotely connect to multiple computers
1. Open the Deployment Console and right-click the computers you want to remotely
connect.
2. Click Remote Control. The Remote Control Options dialog appears.
3. Select Control each client separately in its own window to remote control each
computer separately.
or
Select Control all clients together, in the same window, using the following
master to remote control the selected computers together and select the master
computer.
4. Click OK.
The remote control connection is established for the computers.
Additional Remote Control Programs
You can manually add access to additional remote control programs to the Remote
Control menu in the Deployment Console.
To add a program, open the RemoteControlTools.ini located at the root of your
Deployment Share and follow the instructions provided in the file.
Execute
Send a command from the Deployment Console as if you were entering a command
from the command-line prompt on the client computer.
1. Type a command you would like executed on the selected remote computer(s), or
select from a list of previously-run commands. Example: Type regedit to open the
registry on the computer.

Execute a command to a client computer by right-clicking a computer icon
in the Computers pane and selecting Execute, clicking Operations >
Execute from the menu, or clicking this icon in the toolbar.
Deployment Solution 132

2. To run the command as another user on the managed computer, click User and
enter the user name and password.
User Account
Use this dialog to run a script using another local user account. You can log in with
another user name and password with rights to run an execute command.
Run with default security credentials. This option runs with the current user
credentials. This is the default option.
Run with the following credentials. Click this option to log on with another user
name and password.
See also Remote Operations Using Deployment Solution on page 122.
Chat
You can communicate with managed computers using the Chat text messaging system.
From the Deployment Server Console, select an individual computer or a group of
computers to open an individual chat session with each logged-in user.
1. Open a chat session. The Chat with <computer name> window appears,
identifying the computer you are sending messages to.
2. Type a message in the lower field.
3. Click Send or press Enter.
The exchange of text messages appears in the upper field.
See also Remote Operations Using Deployment Solution on page 122.
Prompt User for Properties
This feature lets an administrator prompt a user for computer location and user
information. The information supplied in this form appears in the Location properties in
the Computer Properties dialog. See Computer Properties on page 119.
To prompt a user for location properties
1. In the Computers pane of the Deployment Server Console, right-click a computer
and click Advanced > Prompt User for Properties. You can also select a
computer and click on the Prompt User for Properties icon in the toolbar or click
on Operations > Prompt User for Properties.
A dialog appears in the Deployment Server Console with a list of properties.
2. Select the properties to prompt the user. The properties selected in this dialog are
active on the property form sent to the user, letting the user enter information for
the selected properties.

Open text messaging with a user by right-clicking the computer icon in the
Computers pane and selecting Chat, or clicking this icon in the Remote
Control dialog. See Remote Control on page 127.
Deployment Solution 133

Note
All properties are selected by default; you must deselect the properties you dont
want to include when the client is prompted.
3. Click OK.
The properties form appears for the logged-on user of the computer, asking for
location properties.
When the user enters information and selects OK, the Location properties in the
Computer Properties field are updated for the selected computer. If the user
changes the computer name, the name in the Computers pane of the Deployment
Console also changes. These settings are stored directly to the Deployment
Database.
See also Chat on page 132 and Remote Operations Using Deployment Solution on
page 122.
Install Automation Partition
When the Deployment Server sends a deployment job to client computers, tasks within
the job can be assigned the default automation pre-boot environment, or one of DOS,
Linux, or WinPE. With an embedded (recommended) or hidden automation partition
installed on the client computers hard disk, deployment jobs can run automatically.
You can have multiple tasks within a deployment job, and each task can be assigned to
run in a different automation environment, depending on the task and end result you
want. The following are the automation tasks you can add to the deployment jobs.
Run script
Create disk image
Distribute disk image
Scripted OS install
During the Deployment Server installation, the Pre-boot Operating System page appears
for you to select a default pre-boot operating system, which is used by Boot Disk
Creator to create the configurations that boot client computers to automation. You can
Deployment Solution 134

install additional pre-boot operating system files through Boot Disk Creator. See Boot
Disk Creator Help.
If you are running PXE Servers, you do not need to install an automation partition on
each client computers hard disk. When the Deployment Server sends a deployment job,
PXE-enabled client computers search for a PXE Server to receive the boot menu options
and the boot menu files that are required to boot to automation. See Automation Pre-
boot Environment in the Deployment Server Reference Guide.
To install an automation partition
1. Right-click a computer and click Advanced > Install Automation Partition.
2. From the drop-down list, select the pre-boot operating system environment you
want to install.
3. Click OK.
The Automation Agent you selected installs as an embedded partition on the client
computers hard disk. After the installation completes, the client computer reboots
automatically. You can now run automation-specific deployment tasks on this
computer.
Change Agent Settings
This feature lets you modify most of the agent settings for a selected computer or
computer group. You can set properties for the Production Agent (Deployment Agent),
or for an Automation Agent.
To change agent settings
1. From the Computers pane, right-click a computer and select Change Agent
Settings.
2. Select either Production Agent or Automation Agent.
3. Edit the properties settings.
4. Click OK.
Deploying and Managing Servers
Deployment Solution provides additional features to remotely install, deploy and
manage network and Web servers. From the Deployment Server Console, you can
configure new server hardware, install operating systems and applications, and manage
servers throughout their life cycle. And because servers are mission-critical, you can set
up a system to quickly deploy new servers or automatically re-deploy servers that have
failed. Features like rules-based deployment, support for remote management cards,
and quick server restoration from a deployment history give you new tools to manage all
servers throughout your organization.
Deployment Solution 135

Manage Servers from the Console. The Deployment Server Console includes features
specifically designed for deploying and managing servers, such as enhanced task
logging and history tracking features to let you recall administrative actions and quickly
redeploy mission-critical servers.
Set Server-specific options. Servers are essential to any organization and require
special planning and management strategies. Deployment Server provides server-
specific features to automatically deploy new servers and maintain existing servers. See
Server Deployment Options on page 136.
Server Management Features
Deployment Server provides various features for deploying and managing servers.
These features are supported for client and handheld computers as well, but are
essential in deploying servers.
Server icons. The Deployment Console displays icons that identify servers across the
network. Like other computer icons in the console, server icons can be selected to view
server properties or assign specific jobs and management tasks
Run Scripted Installs. Execute scripted, unattended installs across the network for
both Microsoft Windows and Linux servers. Follow steps to create answer files and set
up operating system install files using a wizard. See Scripted OS Install on page 165.
Support for multiple network adapter cards. Because servers may require more
than one network interface card, Deployment Server provides property pages to access
and configure multiple network adapters remotely from the console. See TCP/IP
Configuration Settings on page 104.
Servers are identified in the Computer pane with distinctive server icons.
Like all managed computer icons, the icons change to identify the status
and state of the computer, such as user logged on or Server Waiting.
Note
Servers are recognized by their operating system (such as Windows 2000
Advanced Server, Windows Server 2003, 2008, or any Linux operating
system), multiple processors, and specific vendor server models.
Icon Description

The server is active and a user is logged on.

The server is disconnected from the console.

The server is in a waiting state.
Deployment Solution 136

Synchronized server date and time. Deployment Server automatically sets the
servers date and time after installing or imaging (as part of the configuration process).
Deployment Agents include an option to disable this feature (it is off by default).
Enhanced scripting capabilities. You can deploy multiple tasks per deployment job
and boot to DOS multiple times when configuring and deploying a clean server.
Deployment Server also lets you view and debug each step in the deployment script,
and track each job to provide a history of tasks for redeploying a server.
Server Deployment Options
Deployment Server includes features to automatically reconfigure and redeploy new
servers. If you are using Initial Deployment to automatically re-image new servers or
run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2)
run automatically for every server not identified as a managed computer in the
database. These contrasting settings are based on polices you define for managing
servers in your organization.
Example: If you rely on PXE to boot the new server and you want to deploy new servers
automatically without halting the process, you must change the default settings in the
PXE Configuration Utility. In contrast, if you want to ensure that the server waits before
being deployed (or waits a set time before proceeding) to avoid erroneous re-
deployment, you must set the options in the Advanced section of Initial Deployment.
Halt the Initial Deployment of Servers
When a server boots from a PXE server or from Automation (if the option is set),
Deployment Server recognizes it as a new computer and attempts to configure the
computer with sample jobs. See Sample Jobs in Deployment Solution on page 193.
Initial Deployment includes a feature to prohibit servers from being deployed
automatically.
1. Click Initial Deployment and select Properties.
2. Click the Advanced tab.
3. Select the Servers check box and click OK.
Initial Deployment does not run for any computer identified in the console as a server.
Change PXE Options for Initial Deployment
If installing a server using a PXE Server, the server attempts to install, but does not run
automatically using default settings. It waits until a boot option is selected from the
client computer. You can change the default setting in the PXE Configuration Utility to
allow Initial Deployment to run automatically and not wait for user intervention.
1. Click on Start > All Programs > Altiris > PXE Services > PXE Configuration
Utility.
2. Click the DS tab.
3. Select a pre-boot operating system from the Initial Deploy boot option drop-
down list.
4. Click Execute Immediately.
Initial Deployment runs automatically for every identified server.
5. Click Save.
Deployment Solution 137

6. Click OK.
Clear BootWorks Prompt for Remote Install
When you run a deployment job on a computer where the Deployment Agent is remotely
installed, a message appears stating that no BootWorks partition or PXE stamp is found.
The message remains open until the user clicks OK on the message dialog, which delays
executing the scheduled job as part of an automated redeployment process. To fix this
delay:
1. Select Tools > Options. The Program Options dialog appears.
2. Select the Agent Settings tab.
3. In the Automation Agent Settings section, select the Force new Automation agents
to take these settings check box and click Change Default Settings.
4. Click OK.
Following these steps, ensures that the BootWorks message does not appear and a job
runs smoothly when scheduled.
Managing Server Blades
Deployment Solution lets you manage high-density server blades with Rack/Enclosure/
Bay (R/E/B) hardware and properties. From the Deployment Console, you can deploy
and manage these space-efficient server blades using the physical view to assign jobs
to the Rack, Enclosure, or Bay level of the server cluster, or you can manage each server
blade directly from the logical view. See Bay on page 121 for properties and rules to
deploy Rack/Enclosure/Bay servers.
Using Deployment Solution, you can employ rip and replace technology that lets you
insert a new server blade and automatically configure and deploy it exactly like the
previously installed server blade, letting you replace any server that is down and get it
back on line quickly. Altiris provides fail-safe features to ensure that no server is
mistakenly overwritten and that all disk images, software, data, and patches are applied
to the new server from the history of jobs assigned to the previous server blade.
Managing New Server Blades
Deployment Solution lets you automatically deploy, configure and provision new server
blades using a variety of features, including Sample Jobs and Server Deployment Rules.
See Sample Jobs in Deployment Solution on page 193 and Server Deployment Rules on
page 121.
New Server Blades in Newly Identified Bays
When new blades are identified in a Bay that has not been used previously (if it has
been used previously, the Bay object is identified in the physical view), both the Initial
Deployment and Virtual Bays features can be set up to automatically run configuration
tasks and deployment jobs.
To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid
Deployment Pack installations of Deployment Solution.
Deployment Solution 138

Initial Deployment setup: Clear the Servers check box in the Advanced dialog.
If both new computer features are set up and a new server blade is installed in a Bay not
previously identified by the Deployment Server, the Create Virtual Bay feature executes
and Initial Deployment does not execute.
New Server Blades in Identified Bays
If a new HP server blade is installed in an identified Bay (one that already has a server
blade installed and is visible from the Deployment Console), both Sample Jobs in
Deployment Solution and Server Deployment Rules can be set up. However, when both
are set up, the Server Deployment Rules execute and Initial Deployment does not
execute.
Virtual Bays
Hewlett-Packard blade servers now have a Virtual Bay feature that lets you pre-assign
deployment jobs to the Rack, the Enclosure, or to a specific blade server in the Bay. Any
HP blade server can have predefined deployment jobs and configuration tasks
associated with it to execute automatically upon installation. (This feature requires that
the Hewlett-Packard Rapid Deployment Pack is installed.) The Virtual Rack/Enclosure/
Bay icons change from virtual icons to managed server icons in the Deployment Console
as live blade servers are inserted and identified by Deployment Solution.
Rack name. Enter or edit the name of the Rack.
Enclosure name. Enter or edit the name of the Enclosure.
Enclosure type. Select the type of HP server blade from the list.
Initial Job. Select an existing job to run when the pre-configured computer account is
associated with a new server blade.
Server Change rule. Select the Server Deployment Rules to run on the Bay when a
new server blade is installed. See Server Deployment Rules on page 121.
Note
If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if
another model of server blade with an enclosure containing fewer bays is connected
(such as the BLp-class with 8 bays), the excess virtual bays are truncated automatically.
Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with
additional bays (20), you must re-create the virtual bays in the enclosure (right-click the
enclosure name in the physical view and click New Virtual Bays).
See also Managing New Server Blades on page 137.
Hewlett-Packard Server Blades
Hewlett-Packard high-density blade servers can be deployed and managed from the
Deployment Console. The following HP server blades are supported:
HP Proliant BL e-Class HP Proliant BL p-class
Proliant BL 10e Proliant BL 20p
Proliant BL 10e G2 Proliant BL 20p G2
Proliant BL 40p
Deployment Solution 139

HP blade servers let you employ all features provided in the Deployment Console when
you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/
rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server
appears along with the assigned name for the Enclosure and Bay. These names are
collected from the SMBIOS of the server blade and appear in both the physical and
server views within the Computers pane of the Deployment Console.
For HP blade servers in the physical view, the Rack name can be a custom name in the
console, with all subordinate Enclosures and Bays also identified. Example:
<rackName>
<enclosureName>
<bayNumber>
See also Server Management Features on page 135 and Server Deployment Options on
page 136.
Dell Server Blades
Dell high-density blade servers can be deployed and managed from the Deployment
Console. All Dell Rack Servers are supported by Deployment Solution, but the server
blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The
following servers are supported:
For Dell blade servers in the physical view, the Rack name is always Dell. All
subordinate Enclosures and Bays are identified with custom names under the Dell rack
name. Example:
Dell
<enclosureName>
<bayName>
See also Server Management Features on page 135 and Server Deployment Options on
page 136.
Fujitsu-Siemens Server Blades
Fujitsu-Siemens high-density blade servers can be deployed and managed from the
Deployment Console. All Fujitsu-Siemens Rack Servers are supported by Deployment
Solution, but the server blades can also be managed from the physical view in the Rack/
Enclosure/Bay view. The following servers are supported:
For Fujitsu-Siemens blade servers in the physical view, the Rack name is always
Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom
names under the Fujitsu-Siemens rack name. Example:
Dell Rack Servers Dell Server Blades
All PowerEdge rack servers PowerEdge 1655MC
Fujitsu-Siemens Rack
Servers
Fujitsu-Siemens Server Blades
All Primergy rack servers Primergy BX300 blade servers
Deployment Solution 140

Fujitsu-Siemens
<enclosureName>
<bayName>
See also Server Management Features on page 135 and Server Deployment Options on
page 136.
Note
If you have Fujitsu-Siemens Server blades managed by the Deployment Server, ensure
that the SNMP service is running on the Deployment Server. Also, if the Deployment
Server is installed on a Windows 2003 server, ensure that the security is set correctly to
receive traps from remote computers. By default, Deployment Servers cannot receive
traps from remote computers.
IBM Server Blades
IBM high-density Blade Centers can be deployed and managed from the Deployment
Console. All IBM blade servers are supported by Deployment Solution, but the server
blades can also be managed from the physical view in the Rack/Enclosure/Bay view.
For IBM blade servers in the physical view, the Rack name is always IBM. All
subordinate Enclosures are identified with custom names under the IBM rack name and
Bays are identified by number. Example:
IBM
<enclosureName>
<baynumber>
See also Server Management Features on page 135 and Server Deployment Options on
page 136.
Find a Computer in the Database
This search filter lets you type a string and query specified database fields for specific
computer properties. You can search for user or computer names, licensing or location
information, or primary lookup keys: MAC address, serial number, asset number, or
UUID. This search filter queries property values appear in the Computer Properties
pages. See Computer Properties on page 119.

1. In the Search For field, type all or part of the computers property values you
would like to search for. This alpha-numeric string is compared with specified
database fields.

Click <CTRL> F or click Find Computer on the console toolbar to search
the Deployment Database for computers by property settings.
The search begins at the top of the computer list and highlights the
computer name in the Computers pane when a match is found. Press F3
to find the next computer that matches the search criteria until there are
no more results, or the end of the computer list is reached.
Deployment Solution 141

2. From the In Field drop-down list, select the field you want to search in the
Deployment Database.
Example: To find a computer by searching for its IP address, type the address in the
Search For field and select the IP Address from the In Field drop-down list.
The computer you are looking for appears highlighted in the Computers window in the
console.
Note
This search is not case-sensitive and allows wildcard searches using *.
See also Computer Filters and Job Conditions on page 81.
Using Lab Builder
Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a
classroom or lab environment.
You can set up jobs to:
Create Disk Image
Name BIOS name of the computer.
Computer
Name
Deployment Solution name of the computer.
MAC Address Example: 0080C6E983E8.
IP Address Example: 192.168.1.1.
ID Example: The computer ID. 5000001.
Serial Number Serial number installed in BIOS. A primary lookup key.
Asset Tag Asset number in BIOS. A primary lookup key.
UUID A primary lookup key.
Registered
User
Name entered when the operating system was installed.
Product Key Product Key for the operating system.
Logged On
User
Name of the user currently at the computer.
Physical Bay
Name
The actual bay number. Example: 7x.

Click Lab Builder on the console toolbar or click File > New > Lab Builder
to set up jobs specifically created for managing multiple computers in a lab
environment.
Deployment Solution 142

Deploy Lab
Restore Lab
Update Configuration
Upload Registries
Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs
under a folder (which you name) located under the Lab folder. All tasks in the jobs have
been assigned default paths and file names that let them use the same images and
configuration information, registry data, and so on. We recommend that you do not
change the file names and paths. If you change the default settings (example: changing
the image name), you must change them in all jobs where the image is used.
To use Lab Builder
1. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder.
2. Enter the name of the Lab Setup.
Note
The lab name must be unique because the program creates a default image file
name based on the name, and the image file name must be unique. The default
image name is synchronized in all lab jobs, so if you change the name later you
must change it in all the jobs that use the image.
3. (Optional) Enter a lab description to help you differentiate the lab from others and
click OK.
4. Identify an image in the Create Disk Image job. See Creating a Disk Image on
page 154.
5. Set computer names and addresses in the Update Configuration job.
The following information describes the default jobs. To run one of these jobs, simply
drag it to the computer or computer group you want it applied to.
Create Disk Image. This job uploads an image of a computer to the server and an
image name is created automatically based on the lab name. However, there is no actual
image in the job until you drag the image source computer to this job.
Deploy Lab. This job has three default tasks: Deploy image, Apply configuration
settings, and Back up registry files. The image that is uploaded using the Create Disk
Image job is deployed when you use this job. The configuration settings you specify in
the Update Configuration job are applied to the computers, and the computer registry
files are uploaded to the Deployment Server.
Restore Lab. This job restores the image and registry files to a computer where a lab
was previously deployed. You can quickly get a computer running again by restoring the
lab on that computer.
Update Configuration. This job lets you set unique configuration information (such as
computer names and network addresses) for client computers. When a lab is deployed,
each computer has an identical image, but not the same configuration settings. This
means you don't have to visit each computer to reset the IP addresses and other
settings when you deploy an image.
Upload Registries. This job backs up computer registry files to the Deployment Server.
Deployment Solution 143

Building and Scheduling Jobs
A job represents a collection of predefined or custom deployment tasks that are
scheduled and executed remotely on selected client computers. You can build jobs with
tasks to automatically create and deploy hard disk images, back up and distribute
software or personality settings, add printers, configure computer settings, and perform
all aspects of IT administration. Jobs can be run immediately for a specific computer, or
stored and scheduled for daily or long-term administrative duties on multiple computer
groups.
The New Job Wizard guides you through common deployment and management jobs. It
is an easy way to set up new users or migrate users to new computers, create and
distribute images of computers on the network, distribute software packages, restore
computers, and more. See New Job Wizard on page 144.
Jobs include one or more Deployment tasks. You build jobs by adding tasks to a job and
customizing the task for your specific needs. You can add tasks to capture and distribute
images, software packages, and personality settings. You can also write and run a script
task, or run scripted installs, configure settings, copy files and back up registry settings.
You can also modify existing jobs by adding, modifying, copy and pasting, or deleting
tasks to suit your requirements. See Deployment Tasks on page 152 and Building New
Jobs on page 148.
Set conditions on jobs to run only on computers with properties that match the criteria
you specify. You can build one job to run on different computer types for different
needs, and avoid mistakes by ensuring that the correct job runs on the correct managed
computer. See Setting Conditions for Task Sets on page 149.
Initial Deployment lets you run predefined jobs and configuration tasks on new
computers when they start up. You can automatically deploy new computers by imaging
and configuring TCP/IP, SIDs, and other network settings and installing basic software
packages. See Sample Jobs in Deployment Solution on page 193.
Sample jobs are installed with Deployment Solution and appear in the Samples folder
of the Jobs pane. You can run many sample jobs as they are, or you can set
environmental variables. See Sample Jobs in Deployment Solution on page 193.
Viewing Job Details
As jobs are assigned, scheduled and executed, it is helpful to know specific details about
their status and assignments. The Deployment Console provides job icons to show the
state and status of the job in the Details pane:

Job icons appear in the Jobs pane of the Deployment Console. To assign
and schedule a job in the Deployment Console, drag the job icon to selected
computer icons. Job status icons also appear in the Details pane of the
Deployment Console to indicate various deployment states. See Viewing Job
Details on page 143.
Deployment Solution 144

Job status icons that update the state of the job in running deployment tasks. These
icons are graphical symbols in the Deployment Console used to identify the status of
an assigned job.
.
A description of the job, if available. You can also use Add or Modify in the main
window to edit the description.
If a job defines error conditions when individual tasks run, the Status field displays
any errors incurred and the tasks that completed successfully.
Job Schedule details. This is the job's run time, beginning when the job started
and ending when it completed successfully.
The currently applied conditions appear in a list box with a Setup option to add
conditions to different task sets for different computer properties within a job.
Conditions specify characteristics that a computer must have before the job runs.
See Setting Conditions for Task Sets on page 149.
A list of tasks assigned to the job and task descriptions also appears. Change the
order of the task execution with the up and down arrows. Tasks are executed in the
order they are listed. See Deployment Tasks on page 152.
Features to add, modify, and delete tasks for each job.
A list of assigned computers and its deployment history.
To sort jobs or computer details, just point and click on the category in the Details
pane. Example: Click the Status column heading to organize and display the progress
status of the job.
See also Viewing Computer Details on page 96.
New Job Wizard
The New Job Wizard provides integrated features to build, assign, and schedule common
deployment jobs. It helps you build the most common jobs, and guides you through
additional steps to assign and schedule the jobs to selected computers. It lets you

A job is scheduled to run on a computer or computer group.

A job is in progress.

A job has executed successfully.

A job is associated with a computer or group of computers but is not
scheduled.
Indicates error conditions when individual tasks run.
Deployment Solution 145

quickly build image files and deploy new computers, distribute software packages,
migrate users, and more.
Note
When a software package or deployment job is scheduled to run on client computers,
the Altiris Client Service Message dialog appears, warning them that a job is about to
execute. If a user clicks Abort when the message appears, an event is logged to the
client's history so that Deployment Solution administrators know when users abort a
scheduled event.
1. Select a job option:
Create an image. This wizard guides you through the steps required to create an
image of a computers hard disk and schedule the job. See Creating a Disk Image on
page 154.
Deploy and configure computers. This wizard guides you through the steps
required to lay down a new disk image on a selected computer and install software
and personality settings. See Distributing a Disk Image on page 160.
Deploy software packages. This wizard guides you through steps required to
install software packages. You can set conditions, select packages, assign to
computers, and schedule the job. See Distributing Software on page 172.
Restore a computer. This wizard guides you through the steps required to restore
a computer to a known working state by re-imaging the hard drive and reinstalling
software packages, personality settings, and defining configuration values. This
option reschedules jobs saved in each managed computers history record, which
contains all deployment tasks previously processed. See Restoring a Computer from
its Deployment History on page 124.
Migrate computers. This wizard guides you through the steps required to migrate
the hard disk image, applications, and personality settings from a source computer
to a destination computer. You can perform one or more migration operations using
the provided options.
2. Give the job a unique name. You can type a name up to 64 characters.
3. Follow the steps in each wizard to create a job (some New Job wizards build multiple
jobs).
After creating a job, the job appears in the Jobs pane of the Deployment Console
with the deployment tasks listed in the Tasks list.
Note
You cannot define return codes when using the New Job Wizard. See Building New Jobs
on page 148 to build customized jobs and set up return codes.
See also Modifying Tasks in a Deployment Job on page 187.

Create a new job by clicking New Job Wizard on the Deployment
Console, clicking File > New > Job Wizard, or right-clicking in the Jobs
pane of the Deployment Console and selecting New Job Wizard. The
New Job Wizard appears to guide you through basic deployment jobs.
Deployment Solution 146

Migrating Computers
From the New Job Wizard, you can select Migrate computers to quickly distribute hard
disk images, software, and settings from a users current computer to a new computer.
You can image a new computers hard disk with a new operating system and install
software and personality settings. Or perform different levels of migration to distribute
only software or to simply capture and distribute personality settings to the new
computer.
Migrate one computer to another separate computer
Click this option to migrate a user from a source computer (old computer) to another
destination computer (new computer). Capture personality settings, distribute a new
hard disk image, distribute software and redistribute the saved personality settings from
the source computer to the new destination computer.
Click the option to migrate only personality settings to one or more computers. Also
select Prepare destination computer with a disk image to distribute a disk image to
the new computer and select Install software packages prior to applying the
personality on the destination computer to install software packages on the new
computer.
Note
This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job
(Distribute).
Job (Capture) includes a Capture Personality Settings task (see Capturing Personality
Settings on page 176) to capture the personality of the source computer and a Modify
Configuration task to rename the source computer to avoid naming conflicts (see
Modifying Configuration on page 179). The source computer is named computerName
(Old).
Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on
page 160) if selected, a Modify Configuration task to update settings to the destination
computer, and one or more Install Package tasks to update software (if selected) and
migrate personality settings. See Distributing Software on page 172.
Migrate the same computer to another operating system
Click this option to upgrade the operating system on a computer and reinstall
personality settings and software packages on the same computer. It creates jobs and
tasks to capture the personality settings, distribute a new disk image, distribute
software packages, and migrate the personality settings.
Click the option to deploy a disk image and migrate the personality settings to the
computer. (Optional) Select Install software packages prior to applying the
personality on the destination computer to install software packages on the
computer.
Note
This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job
(Distribute).
Job (Capture) includes a Capture Personality Settings task (see Capturing Personality
Settings on page 176) to capture the personality of the source computer.
Deployment Solution 147

Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on
page 160) and one or more Install Package tasks to update software, if selected (see
Distributing Software on page 172).
Simply capture the personality of the computers
Click this option to capture and save, but not distribute, the personality settings of the
selected computer(s). You can select a personality template and save Personality
Packages to the Deployment Share, letting you distribute these personality settings later
to new computers.
Note
This option creates a single job with a Capture Personality Settings task (see Capturing
Personality Settings on page 176).
See also New Job Wizard on page 144.
Selecting Computers in the New Job Wizard
The New Job Wizard provides steps to select and assign computers to the jobs created in
the wizard, rather than requiring you to create a job and assign it to computers when
building new jobs. The jobs created in the New Job Wizard appear in the Jobs pane, and
can be saved and assigned to other computers at a later time. You can also schedule
jobs for the specified computers in the wizard. See Building New Jobs on page 148 and
Scheduling Jobs on page 151.
Apply Computers to a Job
When deploying software in the New Job Wizard, you can select computers to assign the
Distribute Software task created in the wizard. (See Distributing Software on page 172.)
You can also select an option to simply store the job and use it at another time without
scheduling the job. Regardless of the scheduling option selected, the job appears in the
Jobs pane to use at another time.
New Computers. Open an Adding New Computers dialog to create new user
accounts to assign the job. See Adding New Computers on page 97.
See also Scheduling Jobs on page 151.
Associating Destination Computers
Use this dialog to associate source computers with destination computers when
migrating personality settings. Depending on the computers selected in the previous
Select Computers dialog, you can migrate personality settings captured from the
source computers to new destination computers.
Right-click a computer in the Source column to replace it with another source
computer. Right-click a computer in the Destination column to replace it with another
destination computer and assign it to a new source computer. To automatically assign
multiple computers, click Automatic to assign source computers with destination
computers using an alpha-numeric order. The associated computers share personality
settings after running the jobs.
See also Migrating Computers on page 146.
Deployment Solution 148

Setting up Conditions in the New Job Wizard
The New Job Wizard also provides steps to set up conditions, a step usually performed
independently for each job during its build phase. Setting conditions lets you run
selected tasks only on computers matching defined criteria. See Setting Conditions for
Task Sets on page 149.
Click Setup conditions for this set of tasks to open the Define Conditions dialog
from the New Job Wizard.
Install Software Packages
The New Job Wizard provides steps to install software packages to the selected
computers. You can install any type of software to the managed client computer,
including .MSIs, .RIPs, and personality packages. If the selected package is not an .RIP
or personality package, a message appears asking if you want to continue. See
Distributing Software on page 172 for additional information.
Summary of Options
After selecting the options in the New Job Wizard, you can view a summary of the job
names, assigned computers, conditions, and other selected choices. To change any
options, click Back to return to the previous dialog. Click Finish to complete the steps
in the wizard.
See also New Job Wizard on page 144 and Job Scheduling Wizard on page 149.
Building New Jobs
A job can be a single task to distribute software or change computer property settings,
or a series of tasks sequenced to migrate hard disk images, set post-installation TCP/IP
and SID values, and install software packages and personality settings.
1. Create a new job. Enter a unique name and description for the job. You can type a
name up to 64 characters.
A new job is added to the Jobs pane in the Deployment Console. You can group and
organize jobs, and access and apply them to computers or computer groups from an
index of prebuilt jobs.
2. (Optional) Set conditions to apply the job to specified computers meeting defined
criteria. Order multiple conditions to run jobs on computers that match the first
applicable condition. See Setting Conditions for Task Sets on page 149.
3. Click Add to open a list of deployment tasks to add to each job. See Deployment
Tasks on page 152.
4. Set task options using the provided wizards.

To create a new job, click this icon on the Deployment Console, or click
File > New > Job, or right-click in the Jobs pane of the Deployment
Console and select New Job. You can modify jobs by double-clicking the
job or right-clicking, and selecting Properties. Add tasks to each job by
clicking Add.
Deployment Solution 149

After you complete the steps to create a task, it is added to the Task list. Click Add
to add another task. Use the up and down arrows to change the order of execution
of the tasks in the Task list.
Tasks are executed in the order that they appear in the task list. Therefore, ensure
you do not run a task that overrides the previous tasks. Example: List Distribute
Disk Image above Distribute Software or Distribute Personality, letting the
hard disk be imaged before installing applications and settings.
5. (Optional) Set Return Codes. The last action in each task wizard lets you set return
codes for each deployment task. See Setting Up Return Codes on page 190.
6. After adding tasks, click OK.
7. To schedule the job, drag it to a computer or computer group. The Schedule Jobs
dialog appears. See Scheduling Jobs on page 151.
See also Importing and Exporting Jobs on page 189.
Job Scheduling Wizard
The Job Scheduling Wizard provides features to assign jobs to selected computers and
computer groups, and to schedule the jobs to run without using a mouse. This new
feature meets Section 508 requirements to improve disability access and enables
integration of voice activation software and other user interface features.
Select Job(s)
Select the jobs or groups of jobs to assign to computers or computer groups. Use the
SHIFT and CTRL keys to select multiple jobs or job folders. Click Next.
Select Computer(s) or Computer Groups
Select the computers or groups of computers to assign the jobs selected in the previous
dialog. Use the SHIFT and CTRL keys to select multiple computers or groups. Click Next.
New Computers. Click when adding new computers. See Adding New Computers on
page 97.
Setting Conditions for Task Sets
Setting conditions on a job lets you run selected tasks only on computers that match
defined criteria. As a result, you can create a single job with tasks defined for computers
with varying properties, including operating system types, network adapters,
processors, free drive space, and other computer properties. You can create task sets
for each job that apply only to the computers matching those conditions.
Note
The default condition (named default) has no parameters or values associated with it. If
this is the only condition that a job contains, the tasks associated with the default
condition will always work on all computers to which the job is assigned. A default
condition is like having no conditions.
In addition, if a task is associated with the default condition, the task always runs when
a computer does not meet any other conditions associated with this job.
Deployment Solution 150

1. Select a job from the Jobs pane of the Deployment Console. The Job Properties
dialog appears.
2. Click Setup next to the Condition field. A menu appears with options to create a
new condition, or to modify, delete, or reorder a condition.
3. To reorder conditions, click Order and reorder them using up or down. See Order
Condition Sets on page 150.
4. To create a new condition, click New in the menu. The Condition Settings dialog
appears. Enter a name up to 64 characters.
5. Click Add to open the Condition dialog. Specify the following conditions and click
OK:
From the Field drop-down list, select a data field heading. You can define
conditions based on common client features such as operating system, software
and hardware version, hard drive space, operating system language, RAM, and
other characteristics.
To set up custom conditions based on custom tokens, select User Defined
Tokens from the Field drop-down list.
From the Operation drop-down list, select a compare statement.
In the Value box, type a string to search for in the selected database field. You
can set conditions based on computer properties stored in fields in the
Deployment Database. Example: You can set a condition to match a particular
asset tag, Altiris agent version, or IP address. You can use wildcard characters
and AND/OR operators.
To set up custom conditions based on custom tokens, select User Defined
Tokens from the Field list.
The task set you create appears in the Task list for each condition. When you select a
new condition, the tasks for that condition appear.
Example: You can set Condition A to distribute the XPImage.img file to Windows XP
computers using a Deploy Image task. You can set Condition B to distribute the
W2KImage.img file to Windows 2000 computers using another Deploy Image task.
When the job is applied to a computer group, the conditions are evaluated for each
computer and the appropriate task runs on the appropriate computer.
Note
When using User Defined Tokens to set conditions for some client property values, you
may be required to use the decimal value instead of the hex value. Example: When
setting conditions based on the NICS table on the nic_device_id and nic_vendor_id
columns, you must use decimal values.
See also Deployment Tasks on page 152.
Order Condition Sets
By specifying and ordering different sets of conditions, you can determine when a task
executes based on defined computer properties. Each condition is processed in sequence
until the computer matches the condition defined within a set. If the computer does not
meet any of the defined conditions, it runs the default condition. Once a match is found,
the set of tasks for this condition set is processed.
See also Setting Conditions for Task Sets on page 149.
Deployment Solution 151

Scheduling Jobs
After a job is created and is assigned to multiple computers or computer groups, the
Schedule Job dialog appears, letting you schedule the job to one of the following
options: Do not schedule, Run this job immediately, Schedule this job. Jobs and
job folders selected from the Jobs pane of the Deployment Console are scheduled in the
order they are selected, even across multiple Deployment Servers.
To schedule a job
1. Drag a job to a computer or computer group. The Schedule Job dialog appears.
2. In the Schedule Job dialog, click the Job Schedule tab. The following options are
available:
Do not schedule. This option lets you assign jobs to computers but does not
run the job until you return to the Schedule Job dialog and set a run time.
Run this job immediately. This option lets you run the job immediately.
Schedule this job. This option lets you specify the date and time to run the
job.
Repeat this job every. This option lets you schedule this job to repeat after a
specified number of minutes, hours, days, or weeks.
Allow this job to be deferred for up to. This option lets you defer the job for
a specified number of minutes, hours, days, or weeks when the server is busy
executing other jobs, setting a lower priority for particular jobs. By default, all
jobs are deferred up to five minutes.
Schedule in batches of x computers at y minute intervals. This option lets
you schedule computers in batches to maximize efficiency.
3. Click the Computer(s) Selected tab. This is a list of computers on which the job is
scheduled to run, with their associated group and IP address.
4. Click the Job(s) Selected tab. The job name and folder located in the Jobs pane
appear. Use the up and down arrows to change the order of the scheduled jobs.
5. Click OK.
Note
The Schedule Job dialog is the same for Rescheduling Jobs, New Job Wizard, and Job
Scheduling Wizard.
To reschedule a job
1. From either the Computers or Jobs panes in the Deployment Console, select a job
or computer that has been previously scheduled.
A job icon appears in the Details pane, identifying the computers assigned or the
name of the job.
2. Select the job icon, click the scheduled computers in the Details pane, right-click
and click Reschedule.
If you select a computer icon, click the job icon in the Details pane, right-click and
click Reschedule. The Schedule Jobs dialog appears.
3. To immediately start a scheduled job that has not yet run, right-click the job icon
and select Start Now.
Deployment Solution 152

4. To stop a repeating job, right-click the job in the Details pane and click
Discontinue Repeat. At this point you need to schedule a new time to run the job
or click the Do not schedule option.
To remove computers from a scheduled job
You can complete this task by removing a job assigned to a computer or removing a
computer assigned to a job.
1. Click a job in the Jobs pane.
2. Click a computer in the Details view and press Delete or right click the job(s) and
select Delete.
To remove tasks from a job
You can remove tasks assigned to a job by double-clicking the job and opening the Job
Properties dialog. (Edit features also open in the Details view of the Deployment
Console when you select the job from the Jobs pane).
1. Select one of the assigned tasks in the Task list.
2. Click Delete.
To remove scheduled jobs from a computer
1. Click the computer.
2. Select the scheduled job in the Details pane, and press Delete or right click the
job(s) and select Delete. To remove multiple jobs, hold down the SHIFT or CTRL
key while you select the job(s), press Delete or right-click the job(s) and select
Delete.
The icon for a scheduled job is yellow.
To run a job immediately from the Resources view
If you have a batch file, image file, .RIP, .MSI, or executable file assigned to a job or
stored in the Deployment Share, these files and packages appear in the Resources
view (see Shortcuts and Resources View on page 73). You can drag these files and
packages from the Resources view to a computer or computer group to automatically
create and run a job (or you can drag computers to a file or package in the Resources
view). A job is created automatically for each assigned package in the Systems Jobs >
Drag-n-Drop folder.
See also Building New Jobs on page 148 and Modifying Tasks in a Deployment Job on
page 187.
Deployment Tasks
A task is an action of a job. Jobs are built with tasks. Each task runs according to its
order in the task list contained in a job. You can resize the task pane by dragging the
bottom pane (horizontal bar) that separates the task list and the scheduled computer
list of the Deployment Console. This lets you view a greater number of tasks in a
deployment job without using the scroll bar to navigate up and down.
The Add menu of the Deployment Console includes the following tasks:
Deployment Solution 153

Create Disk Image. Create a disk image from a reference computer and save the
image file (.IMG or .EXE files) for later distribution. See Creating a Disk Image on
page 154.
Distribute Disk Image. Distribute previously created disk images (.IMG or .EXE files)
or create a disk image from a reference computer on the network and simultaneously
distribute it (.IMG or .EXE) to other managed computers on the network. See
Distributing a Disk Image on page 160.
Scripted OS Install. Run scripted (unattended) installs using answer files to install
computers remotely over the network. See Scripted OS Install on page 165.
Distribute Software. Distribute .RIPs, .MSI files, scripts, personality settings, and
other package files to computers or groups. See Distributing Software on page 172.
Manage SVS Layer. Instantly activate, deactivate or reset layers and completely avoid
conflicts between applications, without altering the base Windows application. See
Managing the SVS Layer on page 175.
Capture Personality. Capture the personality settings of a selected computer on the
network using the PC Transplant software. PC Transplant ships as a part of Deployment
Server. See Capturing Personality Settings on page 176.
Distribute Personality. Send a Personality Package to computer or groups. This task
identifies valid Altiris packages and assign passwords and command-line options to
Personality Packages. See Distributing Personality Settings on page 178.
Modify Configuration. Modify the IP address, computer and user name, domains and
Active Directory organizational units, and other network information and computer
properties. See Modifying Configuration on page 179.
Back up Registry. Copy the registry files of selected computers and save the registry
file settings to a selected directory. See Backing up and Restoring Registry Files on
page 180.
Restore Registry. Copy the registry file settings to a managed computer.
Get Inventory. This lets you gather inventory information from client computers to
ensure that the Deployment Database is updated with the latest computer properties.
See Get Inventory on page 166.
Run Script. Create custom commands using scripts to perform jobs outside the bounds
of the preconfigured tasks. Use the Run Script dialog to select or define a script file to
run on specified computers or groups. See Run Script on page 167.
Copy File to. Copy a file from the Deployment Share or another source computer to a
destination computer. See Copy File to on page 170.
Power Control. Perform power control options to restart, shutdown, power off, and log
off. See Power Control on page 172.
Wait. Use the Wait dialog to retain a computer in automation mode after a task is
performed. See Wait on page 172.
Tasks are listed for each job in the Task list. Each task runs according to its order in the
list. You can change the order using the up and down arrow keys.
Supported Live Task Types
The following is the list of the live tasks supported for the x64, IA64, and SPARC
platforms.
Deployment Solution 154

Creating a Disk Image
This task creates an image of a computers hard disk. You can save the disk image as an
.IMG, .EXE, .WIM, .DMG, or .GHO file.
Task x64 IA64 SPARC
Restore Computer Yes Yes Yes
History Yes Yes Yes
Configure Yes Yes Yes
Quick Disk Image Yes Yes Yes
Power Control: Wake Up Yes Yes Yes
Power Control: Restart Yes Yes Yes
Power Control: Shutdown Yes Yes Yes
Power Control: Log off Yes Yes No
Remote Control Yes No No
Execute Yes Yes Yes
Copy File Yes Yes Yes
Chat No No No
Advanced: Clear Computer Status Yes Yes Yes
Advanced: Prompt User for Properties Yes Yes No
Advanced: Reset Connection Yes Yes Yes
Advanced: Install Automation Partition Yes
Advanced: Get Inventory Yes Yes Yes
Advanced: Reject Connection Yes Yes Yes
Advanced: Uninstall Windows Agent Yes Yes No
Advanced: Install BIS Certificate No No Yes
Advanced: Remove BIS Certificate No No Yes
Advanced: Apply Regular License Yes Yes Yes
New Job Wizard Yes Yes Yes
New Group Yes Yes Yes
New Computer Yes Yes Yes
Rename Yes Yes Yes
Delete Yes Yes Yes
Change Agent Setting Yes Yes Yes
Permissions Yes Yes Yes
Job Scheduling Wizard Yes Yes Yes
Deployment Solution 155


Note
To create an image of a computer, you must boot to DOS, Linux, or WinPE. This requires
that you set up a PXE Server or install an automation partition.
To create a disk image
1. In the Jobs pane in the Deployment Console, select a job.
2. In the Details pane, click Add and select Create Disk Image.
3. In the Create Disk Image dialog, select an imaging tool from the drop-down list.
You can select RapiDeploy (Text mode), RapiDeploy (Graphics mode), RapiDeploy
(Linux mode), ImageX, Mac Image or Ghost.
RDeploy Options
RDeployT is the default imaging executable. This facilitates the imaging of thin client
computers. The following are the RapiDeploy options for imaging:
Graphical Mode (RDeploy). Select this option to run the RDeploy in a GUI mode.
Text Mode (RDeployT). Select this option to run the RDeploy in a text mode.
Linux (RDeploy). Select this option to run the RDeploy in Linux mode.
You can select the ImageX or Mac Image option for imaging. If you select ImageX,
the image is created as a .WIM file. If you select Mac Image, the image is created as
a .DMG file. For information on creating a Mac Image, see Creating a Mac Image on
page 157.
You can also select the Ghost option for imaging. If you select Ghost, the image is
created as a .GHO file. For information on creating a Ghost Image, see Creating a
Ghost Image on page 158.
Important
Linux (RDeploy) and Ghost options are available only when the ImageTools.ini file is
stored in the eXpress folder.
4. Enter additional parameters in the Additional Parameters field.
You can add command-line options specifically for the RapiDeploy program to run
imaging tasks. See Command-line Switches in the Deployment and Migration Guide.
5. Enter a path and file name to store the disk image file. You can store image files to
access later when a managed computer is assigned a job that includes the image
file.
The default file name extension is .IMG. Saving image files with an .EXE extension
converts them into self-extracting executable files (the run-time version of
RapiDeploy is added in the file). You can also save ImageX files with a .WIM

Create an image file by using the New Job Wizard or adding the task when
building new jobs. You can distribute the disk image file using the
Distribute a Disk Image task. This task will run Altiris RDeploy.exe from
the console to capture and migrate hard disk images. See New Job Wizard
on page 144, Building New Jobs on page 148, and Distributing a Disk
Image on page 160.
Deployment Solution 156

extension, a Mac image with a .DMG extension, and a Ghost image with a .GHO
extension.
6. Select Disable image path validation if you want to store the image file outside
of the Deployment Share file structure. If you do not select this option and do not
specify a Deployment Share path, a warning message appears, reminding you to
configure your automation process to use the path indicated in the Name field. You
can still save your image to a location outside of the Deployment Share file structure
even when you do not select this option. This option only eliminates the warning
message. You can use this option to store images locally on the managed
computer's hard drive or to an additional server used to store images.
When storing images locally on the managed computer's hard drive, ensure that
you enter the path relative to the managed computer (Example: C:\myimage.img).
When you store an image locally on a managed computer instead of a file server,
you save server disk space and reduce network traffic.
Prerequisite: To store images locally on the managed computers hard drive, you
must have a hidden automation partition installed on the managed computer's hard
disk with the required disk space to hold the images you want to store.
Caution
When imaging computers where images are stored on the managed computers
hidden automation partition, use the option to remove the automation partition only
when you want to clear all images from the computer.
7. Select Prepare using Sysprep to use Sysprep to prepare the system for imaging.
8. From the Operating System drop-down list, select the operating system or Add
new to open the OS Product Key dialog and select the OS Information.
9. Click Advanced Settings. This opens the Sysprep advanced settings dialog. See
Advanced Sysprep Settings for Creating a Disk Image on page 159.
10. (Optional) Select the Do not boot to Production option to create an image of the
hard disk while booted to Automation without first booting to Windows to save
network settings (TCP/IP settings, SID, computer name, and so on). If you select
this option, these network settings are not reapplied to the computer after the
imaging task, resulting in network conflicts when the computer starts.
11. From the Automation pre-boot environment (DOS/WinPE/Linux) drop-down
list, select the required pre-boot environment to perform the Create Disk Image
task in the selected pre-boot environment. By default, the Default Automation
(Auto-select) type is selected.
Note
ImageX requires a WinPE x86 pre-boot environment.
12. (Optional) To select Media Spanning and additional options, click Advanced. See
Create Disk Image Advanced on page 159.
13. Click OK (if you are using the New Job Wizard) or click Next.
14. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
15. Click Finish. The task appears in the Task list for the job. The disk image is created
when you run this task.
Deployment Solution 157

Tip
If an imaging job fails on a managed computer, the Deployment Agent
Configuration page appears on the client computer. This page displays a prompt to
confirm whether the user wants to configure the client computer or restore the
original settings. On the client computers screen, select Cancel > Restore
Original Settings.
See also Deployment Tasks on page 152.
Creating a Mac Image
You can create a Mac Image using the Create Disk Image task.
To create a Mac Image
1. In the Create Disk Image dialog, select Mac Image (*.dmg) from the Imaging
Tool drop-down list.
2. Provide the disk number in the Additional Parameters field using the following
format:
-d[disk#]
By default, all partitions of disk 1 are imaged. To image a different disk, provide the
disk number in the Additional Parameters field using the same format.
3. Enter the path and file name to store the disk image.
Caution
The captured disk image must be stored on an AppleTalk Filing Protocol (AFP) share.
4. Select Disable image path validation if you want to store the image file outside of
the Deployment Share file structure. If you do not select this option and do not
specify a Deployment Share path, a warning message appears, reminding you to
configure your automation process to use the path indicated in the Name field. You
can still save your image to a location outside of the Deployment Share file structure
even when you do not select this option. This option only eliminates the warning
message. You can use this option to store images locally on the managed
computer's hard drive or to an additional server used to store images.
When storing images locally on the managed computer's hard drive, ensure that you
enter the path relative to the managed computer (Example: C:\myimage.img).
When you store an image locally on a managed computer instead of a file server,
you save server disk space and reduce network traffic.
Prerequisite: To store images locally on the managed computers hard drive, you
must have a hidden automation partition installed on the managed computer's hard
disk with the required disk space to hold the images you want to store.
Caution
When imaging computers where images are stored on the managed computers
hidden automation partition, use the option to remove the automation partition only
when you want to clear all images from the computer.
5. (Optional) Select the Do not boot to Production option if you do not want the
computer to boot to Production before creating the image.
Deployment Solution 158

6. From the Automation pre-boot environment (DOS/WinPE/Linux) drop-down
list, select the required pre-boot environment to perform the Create Disk Image
task in the selected pre-boot environment. By default, the Default Automation
(Auto-select) type is selected.
Note
ImageX requires a WinPE x86 pre-boot environment.
7. Specify the share using the following format:
//server/sharepoint/path/filename.dmg
If no credentials for this server are provided in the automation configuration, the
guest account is used by default.
8. Provide the account credentials as part of the path using the following format:
//username:password@server/sharepoint/path/filename.dmg
9. Click Next. The Return Codes dialog appears.
10. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
11. Click Finish. The task appears in the Task list for the job. The Mac image is created
when you run this task.
Note
The Sysprep settings option is disabled if you select Mac Image as the Imaging Tool.
The Automation pre-boot Environment for Mac Image is the Default Automation
when capturing Mac images. This option uses the PXE functionality of the operating
system of the specified server. For more information on configuring PXE, see the PXE
Configuration Utility Help.
Creating a Ghost Image
Symantec Ghost Solution Suite is a corporate imaging and deployment solution. It
also provides operating system migration, software distribution, computer personality
migration, hardware and software inventory, and secure system retirement.
You can create a Ghost Image using the Create Disk Image task.
Important
To use the Ghost Solution for creating a disk image, you have to store the ghost.exe and
ImageTools.ini files in the Program Files\Altiris\eXpress\Deployment Server directory.
To create a Ghost Image
1. In the Create Disk Image dialog, select Ghost Image (.gho) from the Imaging
Tool drop-down list.
2. Add additional parameters in the Additional Parameters field.
3. Enter the path and file name to store the disk image.
4. (Optional) To disable the validation of the image path, select the Disable image
path validation check box. This is useful if the image is stored locally, or if you are
retrieving the image from a remote server.
5. To use Microsoft Sysprep, select the Prepare using Sysprep check box and specify
the operating system and product key.
Deployment Solution 159

6. From the Automation pre-boot environment (DOS/WinPE/Linux) drop-down
list, select the required pre-boot environment to create the disk in the selected pre-
boot environment.
By default, the Default Automation (Auto-select) type is selected.
7. Click Next.
The Return Codes dialog appears.
8. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
9. Click Finish.
The task appears in the Task list for the job. The Ghost image is created when you
run this task.
Advanced Sysprep Settings for Creating a Disk
Image
You can use the Sysprep Advanced Settings dialog to specify Sysprep mass storage
device support. By default, the Enable mass storage device support using built-in
drivers (For Windows XP and 2003 only) option is selected.
Disable mass storage device support. When this option is selected, the Sysprep.inf
file contains the section [Sysprep] with the key value pair as
Bui l dMassSt or ageSect i on = No.
Enable mass storage device support using built-in drivers. When this option is
selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as
Bui l dMassSt or ageSect i on = Yes.
Enable mass storage device support using following: When this option is selected,
the Sysprep.inf file contains the section [SysprepMassStorage] and is appended by
contents of the file mentioned in the Mass storage section file field. You can also copy
the drivers directory mentioned in the Mass storage drivers field.
Command-line switches. You can add command-line options.
Advanced Sysprep Settings for Creating a Disk
Image in Windows Vista
You can use the Sysprep advanced settings dialog to specify the settings for any
Windows Vista operating system. If you select Windows Vista as the operating system
under Sysprep settings on the Create Disk Image dialog and click Advanced
Settings, the Sysprep advanced settings dialog for Windows Vista appears. This
dialog lets you select Plug-n-Play (PnP) drivers options, as well as Sysprep options, such
as command-line options.
Create Disk Image Advanced
Media Spanning
Maximum file size. The maximum file size supported is 2 GB. To save an image larger
than 2 GB, the Deployment Server automatically breaks it into separate files regardless
of your storage capacity. From the Maximum file size drop-down list, select a media
type.
Deployment Solution 160

Specify ___ MB. If the preferred type is not on the list, select Other (specify) and
enter the required file size in the Specify ___ MB field.
Additional Options
Compression. Compressing an image is a trade-off between size and speed.
Uncompressed images are faster to create, but use more disk space.
Select Optimize for Size to compress the image to the smallest file size. Select
Optimize for Speed to create a larger compressed image file with a faster imaging
time. The default setting is Optimize for Speed.
Note
Configuration restoration after imaging a compressed drive is not supported for this
release.
Description. (Optional) Enter an image description to help identify the image and click
OK.
Distributing a Disk Image
Distribute an RDeploy, ImageX, Mac, or Ghost image file to managed computers to lay
down a previously created hard disk image.
Note
If you deploy a Windows image over a Linux computer or a Linux image over a
Windows computer, you must change the path of the Deployment Agent for the
Windows log file.
To distribute a disk image
1. Open the New Job Wizard and select Deploy and configure computers and click
Next. The Job conditions page appears. (See Setting up Conditions in the New Job
Wizard on page 148.) Click Next.
or
In the Jobs pane in the Deployment Console, select a job. In the Details pane, click
Add and select Distribute Disk Image.
2. In the Disk Image Source page, click Select a disk image file to select a stored
image file. This lets you set down a new image file from a previously imaged
computer. Enter the name of an existing image file.
If you do not want the Deployment Server to validate the selected path, select
Disable image path validation. This is useful if the image is stored locally, or
if you are retrieving the image from a remote server.

Distribute a hard disk image using the New Job Wizard or adding the
Distribute Disk Image task when building new jobs. You can create the disk
image file using the Create a Disk Image task. See New Job Wizard on
page 144, Building New Jobs on page 148, and Creating a Disk Image on
page 154.
Deployment Solution 161

3. Click Select a computer on the network to image a source computer on the
network. Enter the name and location of the source computer to both create an
image and distribute the newly created image file.
This option saves an image of a selected computers hard disk in its current state
each time the job runs. You can schedule the job to image a specified computer
every time it runs, which updates the image each time.
Select the Save the disk image as a file while distributing option to save
the newly created image file. If you use a reference computer as the image
source, you can also choose to save the image as a file for later use. Enter or
browse to the location where you want to store the file.
4. Select Prepared using Sysprep to use Sysprep to prepare the system for imaging.
5. From the Operating System drop-down list, select the operating system.
Note
Click Add New to open the OS Product Key dialog and select the OS Information.
6. From the Product Key drop-down list, select the product key.
7. Click Advanced Settings to open the Sysprep Advanced Settings dialog. See
Advanced Sysprep Settings for Distributing a Disk Image on page 163.
8. Enter the required Additional Parameters.
9. Select Automatically perform configuration task after completing this
imaging task to restart the computer and push the configuration settings to the
imaged computer.
Note
If you clear this option, a warning appears, confirming that you want to remove the
configuration step after the image is deployed. As a result, the imaged computer
may not reconnect to the network.
10. (Optional) Select the Boot to production to complete configuration task.
11. From the Automation pre-boot environment (DOS/WinPE/ Linux) drop-down
list, select the required pre-boot environment to perform the Distribute Disk
Image task. By default, the Default Automation (Auto-select) type is selected.
12. (Optional) Click Advanced to resize partitions and set additional options. See
Distribute Disk Image-Resizing on page 163. Click OK.
13. Click Next.
14. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
15. Click Finish. The task appears in the Task list for the job. The disk image is
distributed when you run this task.
See also Deployment Tasks on page 152.
Distributing a Mac Image
You can deploy a Mac Image using the Distribute Disk Image task.
To deploy a Mac Image
1. Select the Select a disk image file option.
Deployment Solution 162

2. In the Name field, provide the path to the Mac (.DMG) image stored on an
AppleTalk Filing Protocol (AFP) share by using the following format:
//server/sharepoint/path/filename.dmg
If no credentials for this server are provided in the automation configuration, the
guest account is used by default.
3. Provide the credentials as part of the path using the following format:
//username:password@server/sharepoint/path/filename.dmg
4. Select Automatically perform configuration task after completing this
imaging task to run the configuration task after the imaging task is complete.
5. Click Next. The Return Codes dialog appears.
6. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
7. Click Finish. The task appears in the Task list for the job. The Mac image is
deployed when you run this task.
Note
The Image is stored locally on the client and the Sysprep settings options are
disabled when you select a Mac image. The Select a computer on the network
feature is not supported when using Mac Imaging. The Automation pre-boot
Environment for Mac Image is Default Automation when deploying Mac images. This
option uses the PXE functionality of the operating system of the specified server. For
more information on configuring PXE, see the PXE Configuration Utility Help.
Distributing a Ghost Image
You can distribute a Ghost (.GHO) image using the Distribute Disk Image task.
To distribute a Ghost image
1. On the Distribute Disk Image dialog, select the Select a disk image file option.
2. Browse and select a .GHO image.
If you do not want the Deployment Server to validate a selected path, select
Disable image path validation. This is useful if the image is stored locally, or if
you are retrieving the image from a remote server.
3. To use Sysprep to distribute the image, select Prepared using Sysprep.
4. From the Operating System drop-down list, select the operating system.
Note
Click Add New. From the Sysprep Settings dialog, select the operating system
information.
5. From the Product Key drop-down list, select the product key.
6. Add any additional parameters in the Additional Parameters field.
7. To restart the computer and push the configuration settings to the imaged
computer, select Automatically perform configuration tasks after completing
this imaging task.
8. From the Automation pre-boot environment drop-down list, select the required
pre-boot environment to perform the Distribute Disk Image task.
Deployment Solution 163

By default, the Default Automation (Auto-select) type is selected.
9. Click Next.
10. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
11. Click Finish.
The task appears in the Task list for the job. The Ghost image is deployed when you
run this task.
Advanced Sysprep Settings for Distributing a Disk
Image
You can generate the Sysprep.inf file for the Distribute Disk Image task, depending
on the option selected in the Advanced Sysprep Settings dialog.
Use default answer file. When this option is selected, the Deployment Server
generates the Sysprep.inf file depending on the data present in the database.
Use the following answer file. When this option is selected, the Deployment Server
picks up the contents of the file mentioned in the Sysprep answer file field and prepares
the Sysprep.inf file from it.
Advanced Sysprep Settings for Distributing a Disk
Image in Windows Vista
You can use the Sysprep advanced settings dialog to specify the settings for any
Windows Vista operating system. If you select Windows Vista as the operating system
under Sysprep settings on the Distribute Disk Image dialog and click Advanced
Settings, the Sysprep advanced settings dialog for Windows Vista appears. This
dialog lets you select Sysprep answer file options.
Distribute Disk Image-Resizing
By default, whenever you deploy an image, you have the option to resize the partition to
take advantage of the available disk space. Drive Size gives you information about the
size of the image, so you can determine if you need to change partition sizes. Minimum
indicates the amount of space the image will use on the target computers. Original
indicates the image source disk size.
Fixed Size. Select this option and enter the desired partition size.
Percentage. Select this option and enter the percentage of free space you want the
partition to occupy.
Min. View the minimum size of the partition.
Max. View the maximum size of the partition.
Note
FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although
they can be resized smaller than the minimum value). HP partitions remain a fixed size.
Distribute Disk Image-Additional Options
This option lets you specify operations for existing Automation Agents and OEM disk
partitions. The options are as follows: leave the partition as it is, remove, or replace the
Deployment Solution 164

existing partitions. If the image file does not contain any information for an automation
or OEM partition, the default option is to leave the clients existing Automation or OEM
partition as it is.
RDeploy Options:
Graphical Mode[RDeploy]. Click this option to choose RDeploy as the imaging
executable.
Text Mode[RDeployT]. Click this option to choose RDeployT as the imaging
executable. Text Mode or RDeployT is the default choice.
Automation Partition:
Leave the client's existing Automation partition as it is. If the image file contains
no automation partition information, by default, this option is selected. The automation
partition remains unchanged when distributing disk images.
Delete the client's Automation partition [-nobw]. Select this option to delete the
existing Automation partition from client computers.
Replace the client's existing BW partition from image file [-forcebw]. Select this
option to replace the existing automation partition on the client computer with the
automation partition from the image file.
OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM
partition information, by default, this option is selected. The OEM partition remains
unchanged when distributing disk images.
Delete the client's OEM partition [-nooem]. Select this option to delete the existing
OEM partition from client computers.
Replace the client's existing OEM partition from image file [-forceoem]. Select
this option to replace the existing OEM partitions on the client computer with the OEM
partition from the image file.
Additional Command line switches. You can add command-line options specifically
for the RapiDeploy program that runs imaging tasks.
Note
The checkdisk command-line option should not be used from a Deployment Console.
The post-configuration task fails after an image restore.
See also Deployment Tasks on page 152.
Imaging Computers from USB Disk on Key (DOK)
Devices (JumpDrives)
Deployment Solution supports imaging clients from bootable USB Disk on Key (DOK)
devices.
To image computers from USB Disk on Key Devices
1. Format the USB DOK using HPs USB Disk Storage Format tool as FAT and make it a
DOS startup disk.
Deployment Solution 165

2. In Boot Disk Creator, create a new automation boot disk while creating a new
configuration.
3. Select Bootable disk-Removable disk to install on the USB Disk on Key.
4. Copy HIMEM.SYS to the device.
Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment Server\RDeploy\DOS
directory to the device.
5. Copy the <Filename>.img file to the device.
6. Create an Autoexec.bat with the script and command-line option, r depl oyt - md -
f c: \ I MAGE. i mg - d2
Note
The -d2 switch is the most important part of the script, as it specifies the flash drive.
7. Create a Config.sys with the following:
DEVI CE=C: \ HI MEM. SYS
swi t ches = / f
DOS=HI GH, UMB
SHELL=command. com/ p / E: 1024
BUFFERS=20
FI LES=20
STACKS=0, 0
FCBS=1, 0
LASTDRI VE=Z
8. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and
images correctly.
Scripted OS Install
The Scripted OS Install task performs remote, automated, and unattended operating
system installations over the network using answer files to input configuration and
installation-specific values. Scripted installs let you deploy server and client computers
across the network from installation files and perform post-installation configuration
tasks. You can run scripted installs for Windows or Linux computers.
Note
Scripted Install requires either an automation boot disk or a PXE Server. Using
embedded automations causes the selected image (DOS, Linux, WinPE) to load and halt.
It does not let the scripted install run.
When running a Scripted OS Install task, you can identify the type of operating system
to install for supported languages, run the scripted install, and update with service pack
installations. This task provides easy-to-use features to create an answer file for each
scripted installation.
Deployment Solution 166

Scripted installs are flexible in performing post-configuring tasks, but much slower and
bandwidth-intensive. Complete network and Web server installation and configuration
tasks benefit most from scripted installs.
Windows. Use complete unattended install features to copy Windows operating system
source files quickly to the Deployment Share and easily create an answer file.
Configured operating system install sets can be reused to build and run scripted install
jobs as needed. See Scripted Install for Windows on page 166.
Linux. Run scripted install jobs to remotely install different versions of Linux. You can
customize sample scripted install jobs installed with the Deployment Server system and
create a kickstart answer file to remotely run a scripted install. See Scripted Install for
Linux on page 172.
Scripted Install for Windows
1. After selecting Add > Scripted OS Install, select the Windows option and click
Next.
2. Select the type of Windows operating system to install and the preferred language.
See Select Operating System Version and Language on page 167. Select the
required pre-boot environment from the Automation - PXE or BootWorks
environments (DOS/WinPE/Linux) Automation pre-boot environment
(DOS/WinPE/Linux) drop-down list to perform the Distribute Disk Image task in
the selected pre-boot environment. The option reported by the PXE Manager is the
default pre-boot environment option. By default, the Default Automation (Auto-
select) type is selected. Click Next.
3. From the Select or add new OS source files drop-down list, select the operating
system source files already copied to your Deployment Share. See Installation
Source Files on page 168.
Click Add New from the list to set up the new operating system installation files.
See Operating System-Source Files on page 168.
Click OK after entering a unique name and the path to the operating system
installation source files. The source files will be copied to the Deploy folder in the
Deployment Share directory. The first source files added are given a generic name
of WinOS001, with additional operating system source folders named as WinOS002,
WinOS003 and so on. Service Pack source files are also stored as WinSP00x.img
files.
This process could take a few minutes. Because the installation source files are
copied over to the Deployment Share, when running subsequent scripted installs
you do not need to add new source files for this version of Windows. They can be
selected from the list of installation source files. See Installation Source Files on
page 168.
Note
When importing Scripted Install jobs, you must edit the job files to point to the
installation source files on the new Deployment Server system. This requires you to
run the Scripted Install for Windows wizard and modify the path and name of the
folder for the Installation Source Files for the exported jobs. This is required for both
the main installation and the service pack installation files. See also Scripted Install
for Windows on page 166, Installation Source Files on page 168, and Importing and
Exporting Jobs on page 189.
Deployment Solution 167

4. After the source files are copied, select the newly created operating system source
name from the Installation Source Files list. Click Next.
5. In the Partition and Format Disk page, click Select a DOS disk image to
distribute a DOS disk image (default), or click Continue without distributing
DOS image to partition and format the hard disk of the destination computer using
custom scripts or setup utilities. Click Advanced to set partition size, delete hidden
partitions or set RapiDeploy command-line parameters. Click Next. See Operating
System-Source Files on page 168.
Note
Before running a scripted install, you must install DOS. However, DOS is not
required if you are using your own scripts or utilities to partition and format the
client computer.
6. Import an answer file to the Deployment Database. See Import an Answer File on
page 169. Click Next.
7. Create the Answer file. See Answer File Setup on page 169. Click Next.
8. Set command-line options for cmdlines.txt files and for the WINNT installation
program. See Command-line Switches for Scripted Install on page 170. Click Next.
9. View and modify the Deployment Agent for Windows configuration file from the
dialog. See Deployment Agent Settings for Scripted Install on page 171. Click Next.
10. View the summary of the selected options. See Scripted Install Summary on
page 171. Click Next.
11. Set up return codes for the Scripted Install task. See Setting Up Return Codes on
page 190. Click Finish. The task appears in the Task list for the job.
See also Scripted OS Install on page 165.
Select Operating System Version and Language
Identify the operating system version to run in a scripted install. The selected version
and language must correspond to your Windows installation files.
We support multiple languages for the following Deployment Solution utilities:
Boot Disk Creator
Image Explorer
PXE Configuration Utility
Remote Client Installer
Control Panel Applet
DS Info
PW Util (Password utility)
Switch Management
Select the operating system version. Select the Windows operating system you want
to install from the list. Click Template if you want to install another version or language
of a Windows operating system not provided in the list.
Select the operating system language. Select the language version of the operating
system to install. The language must correspond to the operating system source files. If
Deployment Solution 168

you selected the Template option, only the Multilingual language option can be selected
(this is a generic language option).
Automation (Pre-boot Environment). Select the required pre-boot environment
from the Automation (Pre-boot Environment) drop-down list. The option reported by the
PXE Manager is the default pre-boot environment option.
List of supported multiple languages:
German
French
Spanish
Japanese
Simplified Chinese
See also Scripted Install for Windows on page 166.
Installation Source Files
If you copied installation files to the Deployment Share for previous scripted installs, the
name of this install source configuration appears in the list box for each operating
system type and language. To create new source configuration sets for additional
operating system installs, select Add new from the drop-down list.
Select or add new operating system source files. Select the assigned name for
each operating system source configuration in the list, or select Add new from the list
to create a new install task. Previous scripted install jobs will create a WinOS00x.img file
in the Deploy directory of the Deployment Share.
The Operating System-Source Files dialog lets you identify the version of Windows
install files and enter the path to the files (on the CD or other medium).
Select or add new service pack source files. Run service pack updates immediately
after installing the operating system during the scripted install process. Previous
scripted install jobs will create a WinSP00x.img file.
See also Scripted Install for Windows on page 166.
Operating System-Source Files
Name the operating system source configuration, specify the path, and automatically
copy Windows installation files to the Deployment Share.
Enter a unique name for the operating system source files. Enter a name for the
operating system source configuration files to assign an alias to associate with the install
files for a specific operating system version and language.
Enter path to operating system source files. Enter the path to the I386 folder on
the CD where the Windows installation programs and support files are stored. Example:
Browse to the CD drive and select I386\WINNT.exe. Click Open.
The Windows operating system identified previously in the Installation Source Files
dialog must match the source files selected here. If the name and language of the
operating system does not match the installation files, you receive an error.
Click OK and the files will copy from the source CD (or other volume) to the Deployment
Server\Deploy directory in the Deployment Share. This process will take a few minutes.
Deployment Solution 169

Enter a short description. (Optional) Enter a description of the Windows operating
system source configuration. Example: W2K Advanced Server SP3 English.
See also Scripted Install for Windows on page 166.
Partition and Format Disk
Select a DOS disk image to distribute to the client computers before starting the
Windows scripted install. A DOS image is provided in the Images directory in the
Deployment Share (default path in the Name field).
Select a DOS disk image. Click this option to distribute a DOS image from the
Deployment Share. The Deployment Server system includes a DR DOS image file that is
selected by default. You can create your own MS DOS image from your Windows 98 CD
and build a job.
Advanced. Select advanced options to set the size of the partitions, or to remove
hidden partitions and add command-line options. See Create Disk Image Advanced on
page 159 and Distribute Disk Image-Resizing on page 163.
Continue without distributing DOS image. Click this option to not install a DOS
image from Deployment Server. Skip this step if you are installing DOS using custom
procedures for your environment.
See also Scripted Install for Windows on page 166.
Import an Answer File
Reference a previously created answer file for a Windows scripted install. You can also
view a summary of the operating system source configuration.
Import existing unattend.txt. Select to import a previously created answer file to the
Deployment Database. The values for the answer file are imported from the delimited
text file and appear in the Answer File Setup dialog.
Path of the unattend.txt. Enter a path and select an answer file with any name. The
answer file is imported to the database, edited in the console (if required), and
distributed as an unattend.txt file to the client computer.
See also Scripted Install for Windows on page 166.
Answer File Setup
Use the tabs in this dialog to enter values to create an answer file for a scripted install.
These values are stored in the Deployment Database. An answer file is generated from
the database (unattend.txt) and distributed to each managed computer when the job
runs.
In the Answer File Setup dialog, select a value (a row) in the table. A list appears in
the Values column to change values for each entry. You can add new variables to each
section by selecting the bottom row named Add new Variable. To add a new section to
the answer file, click the right arrow until the Add new Section tab appears (the last
tab on the right).
The required answer file values are selected automatically in the dialog with a gray
check mark (you cannot clear these variables). Optional but selected values have a
green check mark. Other optional values are cleared. Select these optional values if you
want to add them to the answer file when it is generated.
Deployment Solution 170

The various tabs in the Answer File Setup dialog correspond to the general answer file
sections. See the Microsoft Windows Unattended Setup Guide for specific values for an
unattended setup file.
See also Scripted Install for Windows on page 166.
Add a New Section
Use this dialog to add new variable sections to the answer file.
Enter a name for the section. If you add a section, this name appears in the new tab
in the Answer File setup dialog.
Enter a description. Enter comments to describe the new section.
See the Microsoft Windows Unattended Setup Guide for your specific operating system
values for an unattended setup file.
See also Scripted Install for Windows on page 166.
Delete a Section
To delete a new section that you added, right-click the section and select Delete
selected Section.
Add a New Variable
Use the New Variable for Section Unattended dialog to add new variables to the
answer file. This variable appears as a row in the Answer File Setup dialog.
Name of the variable. Select a variable name.
Type of the new variable. Select a variable data type. The Default value of the
variable and Displayed value of the variable fields are enabled depending on the
variable type selected.
Default value of the variable. Enter values for a list, text, password, IP address, or
variable only types.
Displayed value of the variable. Enter an alias for list item types to appear instead of
the real variable value.
Description. Enter comments to describe the new variable. It appears in the
Description column of the Answer File Setup dialog.
See also Scripted Install for Windows on page 166.
Command-line Switches for Scripted Install
Use the Scripted OS install commands dialog to enter Windows commands that are
executed from the cmdlines.txt file. You can also add scripted install command-line
options.
Switches. Add or edit switch commands to this line for the install program for the
scripted install.
Additional commands in the cmdlines.txt file. Enter additional Windows scripted
install commands in this dialog. The commands execute in the order they are listed. The
provided command installs the Deployment Agent for Windows during the Install
Deployment Solution 171

Component phase of the installation. You can view and edit Deployment Agent settings
in the next dialog.
See also Scripted Install for Windows on page 166.
Deployment Agent Settings for Scripted Install
View or edit Deployment Agent for Windows settings in this dialog. You can change
agent settings using this text-edit dialog. See Deployment Agent Settings on page 110
for a list of the Deployment Agent properties.
See also Scripted Install for Windows on page 166.
Scripted Install Summary
View a summary of the selected options for the scripted install. Click Back to change
any of these settings or click Finish to complete the Scripted Install task. Click Next to
set up return codes. See Setting Up Return Codes on page 190.
See also Scripted Install for Windows on page 166.
Scripted Install for Windows Vista and 2008 Server
The Scripted OS install for Windows Vista and Windows 2008 Server provides a wizard
to help set up Vista and Windows 2008 Server installation files and run sample jobs.
Follow the steps in the wizard to identify the type of scripted install as Vista or Windows
2008 Server. You can gather all the files for Vista or Windows 2008 Server for the job,
but the server does not build any answer file. Instead, you are asked for the location of
the answer file. Also, a sample answer file is provided.
To perform a Scripted Install for Windows Vista and 2008 Server
1. On the Scripted Operating System Installation page of the Scripted OS Install
dialog, select the following options:
Windows Vista or Windows 2008 Server as the operating system
Operating system language
Automation pre-boot environment
Note
Deployment Solution 6.9 supports only WinPE environment.
Click Next.
2. From the Select or add new OS source files drop-down list on the Installation
Source Files page of the Scripted OS Install dialog, select Vista or Windows 2008
Server.
3. (Optional) You can select the required option from the Select or add new service
pack source files drop-down list. Click Next.
4. Select the Select a DOS disk image\Diskpart tool option on the Partition and
Format Disk page of the Scripted OS Install dialog to partition and format the
disk. Click Next.
Deployment Solution 172

Note
You can select the Continue without selecting DOS image\Diskpart Tool
option to partition and format the hard disk using your own scripts and setup
utilities.
5. On the Scripted Operating System Installation page of the Scripted OS Install
dialog, browse to select the path of the unattended .XML file.
6. On the Scripted OS Install Commands page of the Scripted OS Install dialog,
set the command-line options for the cmdlines.txt files and enter the Additional
commands in the cmdlines.txt file. (See Command-line Switches for Scripted
Install on page 170.) Click Finish. The job
Note
If you want to use the sample answer files (Vista_unattend.xml and
Longhorn_unattend.xml) provided by default in the Deploy folder of the Deployment
Share, you must enter the product key (for the version you want to install) before
you schedule the job. (See OS Product Key dialog on page 84.) If you do not select
the product key, the job fails.
Scripted Install for Linux
The Scripted OS install for Linux provides a wizard to help set up Linux installation files
and run Sample jobs. Follow steps in the wizard to identify the type of scripted install
and locate the answer files. You can also modify and run Sample deployment jobs to
remotely run a scripted install on Linux servers and workstations.
Directory. Browse to or enter the path and name of the Linux answer file (Kickstart
file).
Command-line. Enter the command-line options.
Automation pre-boot environment (DOS/WinPE/Linux). Select the required pre-
boot environment from the drop-down list to perform the Backup and Restore task in the
selected pre-boot environment. By default, the Default Automation (Auto-select) type is
selected.
See also Scripted OS Install on page 165 and Scripted Install for Windows on page 166.
Scripted Install Summary
View a summary of the selected options for the scripted install. Click Back to change
any of these settings or click Finish to complete the Scripted Install task.
Distributing Software
Send .MSI Packages, .CAB, .EXE, and other package files to selected computers or
computer groups, including EBS, and .RPM files for Linux computers. This task identifies
valid Altiris packages and assigns passwords and command-line options.

Distribute software packages to managed computers using the New Job
Wizard or adding the Distribute Software task when building new jobs.
See New Job Wizard on page 130 and Building New Jobs on page 134.
Deployment Solution 173

1. Enter the name and location of the package to distribute in the Name field.
Note
Information about the package appears in the Description field for valid packages.
If no description appears, the file is not an .RIP or a Personality Package.
2. For .RIPs, if you set the password option when you created the .RIP, you must
enter the password for the package to run.
3. Select Run in quiet mode to install the package without requiring user interaction.
4. Specify the users to associate with the .RIP or the Personality Package.
Select Apply to all users to run the package for all users with accounts on the
computer.
If you want to send the package to a managed computer with multiple users
and to install it for certain users with a unique password, clear the Apply to all
users box.
Example: To install an .RIP for a specific user account on a computer, add values
to the Additional command-line switches field:
- cu: J Doe; TMaya; Domai n\ BLee
Note
The command-line switches are specific to any package you are distributing that
supports command-line options, such as .MSI and Personality Packages. For a
complete list of command-line options, see the Wise MSI Product Guide and the
Altiris PC Transplant Pro Product Guide.
5. If distributing an install package or other types of packages with associated support
files, you can select Copy all directory files to install all peer files in the directory.
Select Copy subdirectories to distribute peer files in the directory and all files in
associated subdirectories.
Note
Some clients may have software installed on the client computer that, for protection
against harmful software, only lets software programs on a list of "well-known"
executables to run. Therefore, whenever the system administrator wanted to install
a patch on client computers, he or she would have to update the well-known-
executables list on all the client computers, which could be a lot of work.
To save the work of updating that list, or of manually renaming distribution
packages, the RenameDistPkg feature was added. Now, the system administrator
may update the well-known-executable list once with a filename of their choice. The
well-known filename may be entered into the Windows registry of the Deployment
Server computer (the computer running axengine.exe) as the Value data of a string
value named RenameDistPkg under the
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options key. If the
RenameDistPkg registry entry is set, Deployment Server renames the installation
files that are copied to the client computers.
This feature only affects files that are temporarily copied to the client computer as
part of a Distribute Software task. The file that is to be executed only during the
installation, sometimes referred to as the package, is the file that is renamed, not
the files that are actually installed to various locations on the target computer.
Deployment Solution 174

If the Copy all directory files option is enabled, only the main (installable) file is
renamed.
6. Click Advanced to specify how files are distributed to the managed computer. You
can copy through the Deployment Server, or copy directly from the file source and
then run, or run directly from the file source. See Distribute Software Advanced on
page 174. Click Next.
7. Provide additional command-line options for distributing software.
8. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
9. Click Finish. The task appears in the Task list for the job. The software is distributed
when you run this task.
Notes
When an .RIP or Personality Package is executed through Deployment Server, the quiet
mode command-line option is applied. This means the user cannot interact with the user
interface on the managed computer.
If the Personality Package is configured to run only if a particular user is logged in and
only if the user has an account on the managed computer, the package runs the next
time that user logs in. If the user does not have an account, the package aborts and
sends an error back to the console through the Deployment Agent. If the package is not
run through the Deployment Server, a message appears on the managed computer and
the user is prompted to abort or continue.
See also Modifying Tasks in a Deployment Job on page 187.
Distribute Software Advanced
Copy files using Deployment Server then execute. Select this option to distribute
packages through the Deployment Server to the managed computer, requiring two file
copy transactions if the Deployment Share is on another file server. This option is run for
Simple installs and is the default option.
Copy directly from file source then execute. Select this option to copy packages
directly from the Deployment Share if this data store is located on another server (a
Custom install). It copies the file and runs it, avoiding running through the Deployment
Server and reducing processor output.
Execute directly from file source. Select this option to run files remotely from the
Deployment Share or another selected file server.
File source access and credentials. Enter the user name and password for the client
computer and the Deployment Share. Both must have the same user name and
password (this is not an issue if both are on the same domain).
Note
Windows 98 computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. We recommend that you use
the Copy files using Deployment Server option for these types of computers or plan
a proper security strategy for direct copying.
Deployment Solution 175

Managing the SVS Layer
The Manage SVS Layer task lets you instantly activate, deactivate, or reset SVS layers.
This task helps in avoiding conflicts between applications, without altering the base
Windows application. You can reduce the testing time for applications, as you can install
different versions of an application on the layers at the same time, and activate or
deactivate the layers as required. For more information on SVS Help, refer to Software
Virtualization Solution on page 79.
Note
This task runs only on Windows computers.
1. After creating a job, click Add > Manage SVS Layer.
2. Enter the .VSA file name in the Layer name drop-down list, or browse and select a
.VSA file. You can also enter a .VSA file path in the Layer name drop-down list. The
Deployment Console checks if the path entered is correct. If it finds that the file
path is correct and it is a valid .VSA file, it replaces the path name with the layer
name in the .VSA file.
Note
The console displays a list of the previously selected layers in the Layer name
drop-down list. This makes it easier for you to select a layer from the list, instead of
browsing or typing the .VSA file name again.
3. Select Import Package to import the selected layer and apply the actions present
in the Action drop-down list. The actions are:
4. Click Advanced to copy files using the Deployment Server or copy files directly
from the file source. See Import Package Advanced on page 176.
5. Select Manage Layer to manage the selected layer using actions present in the
Action drop-down list. The actions are:
Manage the SVS Layer using the New Job Wizard or adding the Manage
SVS Layer task when building new jobs. See New Job Wizard on page 144
and Building New Jobs on page 148.
Action Name Description
(none) Only import package.
Activate Import package and immediately activate it.
Activate on
startup
Import package and activate it on startup.
Activate and
Activate on
startup
Import package, and immediately activate it and activate it
whenever the computer starts up.
Deployment Solution 176

6. Select User defined action to enter a command line.
7. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
Note
SVS clients have an automatic 120-day license. To purchase a permanent license, please
visit the Altiris Sales Web site (www.altiris.com/sales.aspx).
Import Package Advanced
Copy files using Deployment Server. Select this option to copy files using the
Deployment Server.
Copy directly from file source. Select this option to copy files directly from their
source. If you select this option, you must enter the following File source logon
details:
User name. Enter the user name.
Password. Enter the password.
Confirm Password. Enter the password again.
Click OK.
Capturing Personality Settings
The Capture Personality task lets you save personal display and user interface settings
defined in the operating system for each user. You can create a Personality Package that
Action Name Description
Activate Activate layer.
Activate on
startup
Activate layer on startup.
Activate and
Activate on
startup
Activate layer and activate it whenever the computer starts up.
Deactivate Deactivate layer.
Deactivate on
startup
Deactivate layer on startup.
Deactivate and
Deactivate on
startup
Deactivate layer and deactivate it on startup.
Delete Delete layer.
Reset Reset layer.
Reset and
Activate
Reset and activate layer.
Reset and
Deactivate
Reset and deactivate layer.
Deployment Solution 177

you can save and distribute when migrating users. This task runs Altiris PC Transplant
from the console to capture and distribute settings.
1. After creating a job, click Add > Capture Personality.
2. Enter the name of a personality template file, or browse and select a template. A
default personality template is included in the PCT folder of the Deployment Share
(DEFAULT.PBT). Enter the name of the folder where you want to store the package.
The personality template lets you define the settings, files, and options to be
captured during run time. Click Template Builder to open a wizard to build a
custom template.
3. In User account and folder login, enter the login credentials for the managed
computer from which the personality settings are captured, and the file server
where the Personality Package is stored.
4. In Package login, enter a password for the Personality Package. This is a run-time
password that is required when the Personality Package runs on the destination
computer.
5. Click Advanced to specify additional features.
6. Set the Advanced options and click OK. Click Next. See Capture Personality
Advanced Options on page 177.
7. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
8. Click Finish. You have now created a Capture Personality task, which appears in the
Task list. You must schedule this task to capture a personality setting and save it as
a PCT file in the selected location (most often in the PCT folder on the Deployment
Server shared directory on the Deployment Share). See Distributing Personality
Settings on page 178.
Notes
To capture a personality on a Windows 98 computer, ensure that all users have
Write access to the Deployment Server share (by default at C: Program
Files\Altiris\eXpress\Deployment Server in a Simple install). Also, ensure that
the User account and folder login fields are blank. A user must also be
logged on at the client computer to capture the client profiles. An error is
returned if you attempt to capture personality settings on Windows 9x
computers that are not authenticated.
Set the conditions on the job for either Windows 98 or Windows 2000, XP, 2003,
2008 and Vista computers to ensure that the appropriate Capture Personality
task runs on the appropriate computers.
Capture Personality Advanced Options
Domain users. Select this option to capture personality settings for all domain users on
the computer.

Capture personality settings using the New Job Wizard or adding the
Capturing Personality task when building new jobs. See New Job Wizard
on page 144 and Building New Jobs on page 148. Also see Distributing
Personality Settings on page 178 to migrate settings to another user.
Deployment Solution 178

Local Users. Select this option to capture personality settings for all local users on the
computer.
Custom. Specify users or groups to capture personality settings. Select the Custom
check box and enter the Users or Groups you want to capture personality settings.
Also, instead of specifying names, you can also select users who have been either
created or accessed in the specified number of days.
Additional command-line switches. You can add command-line options specifically
for the PC Transplant program that migrates personality settings. See the Altiris PC
Transplant Reference Guide in the docs folder of the Deployment Share.
Distributing Personality Settings
The Distribute Personality task lets you save personal display and user interface settings
defined in the operating system for each user. You can distribute Personality Packages
to migrate personality settings. This task runs Altiris PC Transplant from the console to
capture and distribute settings.
1. In the Name field, enter the file name and location of the PCT file.
Note
The information about the Personality Package appears in the Description field for
valid Personality Packages (PCT files). If no description appears, the file is not a
valid package.
If you use a token, such as %COMPNAME%, in this field, and you proceed with the
job, when you apply the job to a Windows XP computer, the user must enter input
before the job completes. Altiris recommends you enter a valid Personality Package
name and use the Additional command-line switches fields for token values.
See the Altiris PC Transplant Reference Guide for a complete list of valid command-
line options.
2. In the Password field, type the password set for the PCT file when created.
3. Select Run in quiet mode to install the package without displaying the PC
Transplant screens.
4. Specify the users to associate with the Personality Package.
Select Apply to all users to run the package for all users with accounts on the
specified computer.
If you want to send the package to a managed computer with multiple users
and to install it for certain users with a unique password, clear the Apply to all
users box.
Example: To install a Personality Package for specific user accounts on a
computer, add values to the Additional command-line switches field.
Example:
- user : J Doe; TMaya; BLee

Distribute personality settings using the New Job Wizard or adding the
Distribute Personality task when building new jobs. See New Job Wizard
on page 144 and Building New Jobs on page 148. See also Capturing
Personality Settings on page 176 to create a Personality Package.
Deployment Solution 179

Note
The command-line options are specifically for Personality Packages. For a
complete list of command-line options, see the Altiris PC Transplant Reference
Guide.
5. (Optional) Click Advanced to specify how to copy Personality Packages to the
managed computer. You can copy through Deployment Server and then run, or copy
directly from the file source and then run, or run directly from the file source. See
Distribute Personality Advanced on page 179. Click OK.
6. Click Next.
7. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
8. Click Finish. The task appears in the Task list for the job. The personality is
distributed when you run this task.
For more information about capturing a computer's personality settings, see the Altiris
PC Transplant Help.
See also Distributing Software on page 172 and Modifying Tasks in a Deployment Job on
page 187.
Distribute Personality Advanced
Copy files using Deployment Server then execute. Select this option to distribute
software packages through the Deployment Server to the managed computer, requiring
two file copy transactions if the Deployment Share is on another file server. Use this
option for Simple Installs to take advantage of security rights defined by Deployment
Server. This is the default option.
Copy directly from file source then execute. Select this option to copy packages
directly from the Deployment Share, sending only one copy across the network. It
copies the file and runs it and avoids running through the Deployment Server and
diminishing processor output. Because the Deployment Agent doesn't recognize shared
rights and is not guaranteed to have a mapped drive to the data source, you must
identify a user name and password for the data share computer from the target
computer. This option also requires a full UNC path name in the Source Path field in the
Copy File dialog.
Execute directly from file source. Select this option to run files remotely from the
Deployment Share or another selected file server.
File source access and credentials. Enter the user name and password for the client
computer and the Deployment Share. Both must have the same user name and
password (this is not an issue if both exist in the same domain).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property
settings using the Modify Configuration dialog. The Deployment Agent updates the
property settings and restarts the computer for changes to take effect.
1. After creating a job, double-click the job, and click Add > Modify Configuration.
2. Select the Reboot after Configuration check box to restart client computer after
the configuration changes are complete. By default, the check box for Reboot after
Configuration is selected.
Deployment Solution 180

3. Enter or edit the property settings in the Configuration dialog. Click the category
icons in the left pane to set additional values for each property setting group. See
Computer Configuration Properties on page 101.
4. Click Next.
5. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
6. Click Finish. The task appears in the Task list for the job. The configuration is
modified when you run this task.
See also Modifying Tasks in a Deployment Job on page 187.
Backing up and Restoring Registry Files
Note
This feature has been deprecated and removed from the product in a later release.
Copy registry files of selected computers using the Back Up Registry task and save the
registry file settings to a selected directory. You can also create a Restore Registry
task to copy the registry settings to a managed computer.
1. Enter the directory path to back up or restore registry files.
2. The Computers with registry files in this directory field displays the names of the
computers whose registry files will be captured in this directory.
3. Select the required pre-boot environment from the Automation pre-boot
environment (DOS/WinPE/Linux) drop-down list to perform the Backup and
Restore task in the selected pre-boot environment. The Default Automation (Auto-
select) type is selected.
4. Click Advanced if Windows was installed on client computers in a directory other
than the default. Enter the correct path to the root of the Windows directory.
Select Include registry information for all users to back up registry keys for
all user accounts.
Note
If you clear this check box, only the Administrator and Guest user accounts are
backed up or restored.
5. Click Next.
6. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
7. Click Finish. The task appears in the Task list for the job.
See also Modifying Tasks in a Deployment Job on page 187.

Copy registry settings by adding the Back Up Registry task when building
new jobs. Restore registry settings by adding the Restore Registry task.
See Building New Jobs on page 134.
Deployment Solution 181

Get Inventory
Use this task to gather inventory from an individual computer or a group of client
computers. This ensures that the Deployment Database is updated with the latest
computer properties information. You can view the history of the Get Inventory task in
the Computers History pane. See Viewing a Computers History on page 125.
Click Add and select Get Inventory from the list. The Get Inventory task
appears in the list.
Run Script
Select an existing script or write a new script file to run on selected managed client
computers.
1. If you have a script file defined, select Run the script from file and browse to
select the file. To read or edit the script file, click Modify.
Note
To run scripts that call an executable, use the start command.
Example: Enter start C:\windows\notepad.exe to open the Notepad application on
the client computer.
2. To create a new script, click Run this script. Enter the script in the provided field,
or click Import and select a script file to import. After you import the script, you
can modify it in the provided field.
3. Specify the operating system to run the script. You can choose Windows, DOS,
Linux, or Mac OS X. Click Next.
4. Set Script Information. See Script Information on page 182. Click Next.
5. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
6. Click Finish. The task appears in the Task list for the job. The script runs when you
run this task.
Notes
When a computer is in an automation mode using a DOS configuration, it does not
detect DOS partitions. To run a script using the DOS Automation Agent, use FIRM
(File-system Independent Resource Manager) commands. FIRM can only copy and
delete files; it cannot run a code on a drive.
The Deployment Server assumes a return code of zero (0) as a successful script
execution. Some programs return a code of one (1) to denote a successful script
execution. If a program returns a one (1), you see an error message at the
Deployment Console even though the script ran correctly. To modify the return
codes, you can edit the script file to return a code that the console interprets
correctly.

Run script files on client computers by adding the New Script task when
building new jobs. See Script Information on page 182 to identify how the
script appears, script security, and an option for server-side execution of
the script. See also Building New Jobs on page 148.
Deployment Solution 182

See also Modifying Tasks in a Deployment Job on page 187.
Script Information
Script Run Location
Select one of the following options to run the script:
On the client computer. This option runs the script on the managed computer
to which you assign the job.
Locally on the Deployment Server. This option runs a server-side script on
the Deployment Server of the managed computer. In most cases you can create
a server-side script task that runs in context with other tasks. Example: You can
add a task to image a computer and add a task to execute a server-side script
to post the imaging return codes to a log file stored on the Deployment Server
computer.
Use the -id option for running scripts on Deployment Server when using the
WLogEvent and LogEvent utilities. See Using LogEvent and WLogEvent in
Scripts on page 183.
Note
You cannot use this feature to run scripts that require user intervention. The
script runs on the Deployment Server of the managed computer, but is not
visible. Example: If you run a DOS command locally on the Deployment Server,
the Command Prompt window does not open on the Deployment Server
computer when the script runs.
When running the script on the Deployment Server, it runs specifically for the
assigned managed computer. Example: If you create a job with a script to run
locally on the Deployment Server and assign the job to 500 computers, the
script runs on the Deployment Server 500 times.
Client Run Environment
Select the environment for your client computer. You can run the script either in
production mode or in automation mode.
Production - Client-installed OS (Windows/Linux/Mac OS X)
Security Context. You can specify one of the following security options for running
the scripts:
Default (local system account). Use the network security account established
to administrate all managed computers.
Specific user. If you have selected to run the task on the local Deployment
Server, you are required to enter an administrator user name and password for
that Deployment Server account. (In most cases Deployment Server does not
have the Deployment Agent installed, prohibiting it from using a network
security account.)
Script Window. From the drop-down list, select how you want the script window to
appear: minimized, normal, maximized, or hidden.
Note
This option is available only for Windows environment.
Script Options - (Windows/Linux/Mac OS X)
Deployment Solution 183

Additional command-line switches. Enter commands to execute when the
script runs in Windows, Linux, or Mac OS X.
Automation pre-boot environment (DOS/WinPE/Linux/Mac OS X). Select
this option to run the script in an automation environment. Select a pre-boot
automation environment from the drop-down list.
If you select Linux as the operating system type, the Locally on the Deployment
Server option is disabled and only the Additional command-line switches under the
Production Client installed OS (Windows/Linux/Mac OS X) is enabled.
If you select DOS as the operating system type, the Locally on the Deployment
Server and the Production - Client-installed OS (Windows/Linux/Mac OS X)
options are disabled.
Example Script
The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful
completion. The following is an example of the file that is modified to return a code of 0
(which is the success code recognized by the Altiris Console and utilities). You can make
similar changes to your script files as needed.
CONVERT /FS:NTFS
if ERRORLEVEL 1 goto success
goto failure
:success
set ERRORLEVEL = 0
goto end
:failure
echo Failed
set ERRORLEVEL = 1
goto end
:end
Using LogEvent and WLogEvent in Scripts
The logging features, LogEvent and WLogEvent, accommodate detailed logging to help
debug complex scripts. These utilities include the following features:
Logging is stored in the database instead of a log file.
A DOS-based tool can be called from any script file to log status and error codes.
The console displays and works with the new status messages.
LogEvent posts status sends messages to the Deployment Console, letting you view the
status of the script. It is a light-weight reporting tool that can log both status strings and
status codes to the history file and the console.
LogEvent Use the LogEvent utility for DOS and Linux scripts.
WLogEvent Use the WLogEvent utility for Windows scripts.
The LogEvent and WLogEvent utilities are command-line driven only there is no user
interface. Use both utilities with the following switches.
Deployment Solution 184

LOGEVENT -c:code -id:%ID% -l:level -ss:message
code is any number for a return code level.
id is used for server-side scripting only. For server-side scripts you must add the -
i d: %I D%switch.
See the Locally on the Deployment Server option in Script Information to select a
server-side script. See Script Information on page 182.
level is the severity level. The following levels are used:
1 = Information message
2 =Warning message
3 = Critical failure message. Only this level can be used to set up a return code. See
Setting Up Return Codes on page 190. The response does not execute for a return code
unless a level 3 is specified when using the LogEvent and WLogEvent command in a
script.
message is the status string. If spaces exist in the message, the string must be
contained in quotes. Specifying a severity level of 3 causes the script job to fail.
Example Scripts
REM Boot wor k unl oad
Set I mageName=F: \ I mages\ XPI nt el . i mg
r depl oy - mu - f %I mageName%- p1
logevent -l:1 -ss:Created %ImageName.
REM Execut e WLogEvent . exe f r omCMD scr i pt
REM Thi s scr i pt r equi r es WLogevent . exe t o r esi de on t he cl i ent
REM i n t he t emp di r ect or y
. \ WLogevent . exe - c: 0 - l : 1 - ss: Runni ng Di r on %NAME%"
di r
. \ WLogevent . exe - c: 0 - l : 1 - ss: Fi ni shed wi t h t he DI R command on
%NAME%"
Copy File to
Copy all types of files to managed computers. You can send selected files or directories
to a computer or computer group.

Send files to client computers by adding the Copy File to task when
building new jobs. Use the Copy File to operation (see Remote Operations
Using Deployment Solution on page 122) to copy files quickly from
Computers pane in the console. See Building New Jobs on page 148.
Deployment Solution 185

1. Select either the Copy File or Copy Directory option. When you select the Copy
Directory option, select Copy Subdirectories to copy all subdirectories.
2. Enter the directory path and name of the file or directory. The Source path defaults
to the Deployment Share, but you can enter or browse to a file or directory.
To copy files or directories through the Deployment Server from the Deployment
Share, you can enter a relative path in this field. To copy files or directories directly
from the Deployment Share to the managed computer, you must enter the full UNC
path name. See Copy File to Advanced on page 185.
Note
When entering the source path for copying files through the Deployment Server,
you can only access the shared directories through an established user account.
Specifically, you can only use UNC paths when you have sufficient authentication
rights established.
3. Select the Allow to run in automation check box to run this task in automation
mode.
Note
This option is only applicable for Linux and WinPE automation.
4. Type the destination path. The Destination path field automatically enters a
sample path, but you can enter the directory path you require. If the destination
path does not exist on the destination computer, it is created.
5. Click Advanced to specify additional features to copy files through the Deployment
Server or directly from a file server. See Copy File to Advanced on page 185. Click
Next.
6. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
7. Click Finish. The task appears in the Task list for the job. The file is sent to the
specified location when you run this task.
See also Modifying Tasks in a Deployment Job on page 187.
Using Location Variables
Location variables are being added to the Deployment Server for the Copy Files feature,
letting you enter a token variable instead of requiring a complete location path when
copying files to a managed computer (a client computer running the Deployment
Agent). The current variables include:
Temp. Enter Temp in the Destination path to set the Temp directory (identified in the
system path) for the managed computer. Example: Instead of entering
C:\windows\temp\setup.exe in the Destination path, enter temp:setup.exe.
Copy File to Advanced
Select options to copy files directly from the Deployment Share. This option is for files
stored on another network server in a distributed Deployment Server installation.
Copy files using Deployment Server. This option distributes software packages
through the Deployment Server to the managed computer, requiring two file copy
transactions if the Deployment Share is on another file server. Use this option for Simple
installs to take advantage of security rights defined by the Deployment Server. You can
Deployment Solution 186

use a relative path name entered in the Source Path field in the Copy Files dialog. This
is the default option.
Copy directly from file source. Click this option to copy packages directly from the
Deployment Share, sending only one copy across the network. It copies the file directly
to avoid running through the Deployment Server and diminishes processor output.
Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to
have a mapped drive to the data source, you need to identify a user name and password
for the data share computer from the target computer. This option also requires a full
UNC path name in the Source Path field in the Copy File dialog.
File Source logon. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an
issue if both exist in the same domain).
Note
Windows 98 computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. We recommend that you use
the Copy files using Deployment Server option for these types of computers or plan
a proper security strategy for direct copying.
Power Control
Start the computer using Wake on LAN or run standard power control options to restart
the computer, shut down, or log off the current user.
1. Create a job.
2. Click Add > Power Control.
3. Select an option: Restart, Shut down (if available), Log off, or Wake up (send
Wake-On-LAN).
4. Select Force application to close without a message, if required. Click Next.
5. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.
6. Click Finish. The task appears in the Task list for the job.
Wait
Use the Wait task to boot a computer in the automation mode and wait for user
interaction.
1. Create a job.
2. Click Add > Wait.
The Wait dialog appears.
3. Select the appropriate pre-boot environment from the drop-down list. Click Next.
4. (Optional) Set Return Codes. See Setting Up Return Codes on page 190.

Wake up, shut down, or log off client computers by adding the Power
Control task when building new jobs. See Building New Jobs on page 148.
Deployment Solution 187

5. Click Finish. The task appears in the Task list for the job.
Modifying Tasks in a Deployment Job
You can build jobs by adding or modifying deployment tasks. You can modify the tasks in
a job that is already scheduled on any computer. The job will run the modified tasks
according to the previously set schedule.
To add a task to a job immediately
If the task (image, batch file, executable, and so on) is saved in the product directory, it
appears on your Resources list in the Shortcuts pane. Simply drag it to an existing job
to add it.
To add a task to a job
1. In the Jobs pane, double-click the job you want to modify.
2. Click Add and select another task from the menu.
3. Follow the basic instructions on each dialog provided for each task. Select the type
of task you want to add and follow the directions.
4. After finishing task configuration, a new task appears in the Jobs list.
5. Change the order of the tasks using the up and down arrows. The tasks run in the
order listed.
To copy and paste a task
Use the steps below to copy and paste tasks within the same job, or from one job to
another. You can use CTRL+C and CTRL+V to copy and paste tasks.
1. In the Jobs pane, click the job that contains the task you want to copy.
2. In the Details pane, right-click the task, and select Copy. (To copy multiple tasks,
press the CTRL key and select the desired tasks. The tasks that are highlighted are
copied when you select Copy.)
3. In the Jobs pane, click the destination Job where you want to paste the task.
4. Right-click in the Details pane and select Paste. The tasks appear at the bottom of
the task list, and use the condition settings of the current job.
5. Change the order of the task using the up and down arrows. The tasks run in the
order listed.
To modify a task in a job
1. In the Jobs pane, double-click the job you want to modify.
2. Select the desired task from the list.
3. Click Modify and follow the directions to make the required changes. Click OK.
To remove a task from a job
1. In the Jobs pane, double-click the job you want to modify.
2. Select the task you want to remove from the task list. Click Delete.
3. Click OK.
Deployment Solution 188

To copy and paste tasks
Use the steps below to copy and paste tasks within the same job or from one job to
another. You can also use CTRL+C and CTRL+V to copy and paste tasks.
1. In the Jobs pane, click the job that contains the task you want to copy.
2. In the Details pane, right-click the task and select Copy. (To copy multiple tasks,
press the CTRL key and select the desired tasks. The tasks that are highlighted are
copied when you select Copy.)
3. In the Jobs pane, click the destination Job where you want to paste the task.
4. Right-click in the Details pane and select Paste. The tasks appear at the bottom of
the task list and use the current condition settings of the destination job.
5. Change the order of the tasks using the up and down arrows. The tasks execute in
the order listed.
To add a new task to an existing task list
1. Select a job from the Jobs pane.
2. Click on one of the tasks within the job and add a new task. The new task is inserted
above the task you highlighted, and all other jobs shift down by one position.
3. Use the up and down arrows to change the order of the tasks within the job.
Modifying Multiple Modify Configuration Tasks
If you have scheduled multiple Modifying Configuration tasks to a computer group, you
can double-click Modify Configuration in the task list of the Details pane to modify
each computers configuration settings independently.
In the Jobs pane, click the job with a Modify Configuration task. Double-click the Modify
Configuration task.
A message appears. Click YES to modify configuration settings individually for each
scheduled computer. Click NO to modify the Modify Configuration task when the job
is scheduled again (the current job sends modified configuration files already
created).
If you click YES, a Modify Job Wizard appears with a list of each managed computer
scheduled to change configuration settings. Select one or more computers and click
Next.
1. In the Computer Configuration Properties property page, modify the settings. Click
Next. See Computer Configuration Properties on page 101.
2. Set Return Codes. See Setting Up Return Codes on page 190.
3. Click Finish.
Creating New Script Files
You can create script files and directly schedule the script file to run scripts on any
computer or computer groups.
To create new script files
1. Go to View > Shortcuts View.
Deployment Solution 189

2. Click Resources in the Shortcuts view to move the focus to the Resources view.
3. Go to File > New > Script File.
Note
The Script File option is activated only if the focus is on the Resources view.
A script file is created by default at the root of the resources. The default file name
is Batch.bat.
4. Right-click the Batch.bat file, and select Modify.
Note
You can rename the batch file by right-clicking the file and selecting Rename.
5. Type the script in the open file, and save it.
6. Drag the Batch.bat file to a computer or computer group where you want to
schedule the job.
7. Specify the scheduling options, and click OK. See Scheduling Jobs on page 151.
Copy and Paste Jobs and Job Folders
Jobs or job folders (including their subfolders) can be copied to any other job folder in
the left pane of the Jobs pane of the Deployment Console. A Job folder can only be
copied to a root level folder, which has a limit of 30 subfolders, and cannot be copied to
a child level folder.
If you copy a job or folder with the same name as the destination job or folder, the
copied job or folder is automatically named Copy of <job or folder name>. This feature
can only be performed by administrators or users who have permissions to create jobs
or job folders.
To copy jobs and job folders
1. In the Jobs pane, right-click a job or job folder you want to copy, and click Copy.
2. In the Jobs pane, right-click the destination job folder and click Paste.
Importing and Exporting Jobs
Jobs can be exported to back up the Deployment Server data or to share jobs between
Deployment Server installations.
To import jobs
1. Right-click in the Job pane, and select Import
or
Click File > Import/Export > Import Jobs.
2. Browse to or enter the path and name of an existing import file (a .BIN file).
3. Select Import to Job Folder to import the jobs to an existing folder in the Jobs
pane. If you have a folder already selected, it appears in the edit field.
Deployment Solution 190

4. Select Overwrite existing Jobs and Folders with the same name to replace
identical jobs and folders.
5. Select Delete existing Jobs in folder to overwrite and replace all jobs in the
selected Jobs folder. Click OK to import the job(s).
To export jobs
1. Right-click the job or Jobs folder you want to export and select Export.
or
Click File > Import/Export > Export Jobs.
2. Select the destination folder and enter a file name.
3. Click Export subfolders to export all folders subordinate to the selected job folder.
4. Click OK.
Setting Up Return Codes
When you create a task in a job, you can define a response to specific return codes
generated from that task after it runs. You can determine the response if the task runs
successfully or if the task fails. You can also set up custom return codes generated from
scripts or batch files that are unique to your environment or deployment system.
Note
Return code handling cannot be set up for jobs created in the New Job Wizard.
When creating a task, the Return Codes page appears so you can set a response if the
task was successful or to determine a default response if the task failed. Because
Deployment Server returns a 0 (zero) if the task runs successfully, any other return
code value denotes some type of failure in running the task. As a result, in the Success
field you can select an action if the return code is 0 (zero), or select an action in the
Default field if the return code is not a 0 (zero).
Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task
returns as successful, it runs the action specified in the Success field. If it is not
successful, it determines if the return code has been assigned a custom code value. If
the return code is defined as a custom code, the selected action for that custom code
runs. If no custom code is assigned to the return code, the action set in the default runs.
Note
If you are using LogEvent and WlogEvent in Scripts, you can generate return codes only
when the level 3 message is specified. Specifying a severity level 3 causes the script job
to fail and lets you respond using this return code feature.
Return Code Actions
For both successful tasks (in the Success field) and failed tasks (in the Default field),
you can specify the following actions:
Stop. This action stops the job after the task runs. Subsequent tasks do not run.
Continue. This action lets the subsequent tasks in the job continue after the task runs.
Select a job. This action lets you select existing jobs to run after the task completes.
Deployment Solution 191

These actions also apply to custom return codes designed specifically for your system.
Custom Return Codes
In the Other return codes field, you can view custom return codes set specifically for
your system. You can add return codes by clicking Add below the Other return codes
field, or by clicking Master Return Code.
Type a custom code in the Code field, select a response action from the Response list,
select the result from the Result list to specify the interpretation of this return code as
Success or Failure, and provide a message in the Status field.
These custom codes can respond to any return codes set up in scripts or batch files in
the Run Scripts task, or these custom codes can respond to system return codes thrown
from the Deployment Server or external codes generated when distributing applications,
personality settings, or disk images. Any task can have custom codes that respond to
different return code values.
Master Return Code List. This is a list of all the return codes existing in the
Deployment Database. You can add, modify, and delete the codes and their values so
that setting codes for other tasks is easier.
Add. This lets you add a new custom return code for the task. You can also add the
return code to the Master Return Codes list.
Modify. This lets you modify the return codes listed in the Other return codes field.
The changes you make do not update the Master Return Codes list.
Delete. This lets you delete return codes listed in the Other return codes field, but not
from the Master Return Codes list.
To set up Master Return Codes
The Master Return Code List dialog lets you:
Add, modify, and remove return codes in the master list.
Select return codes for the current job from the drop-down list.
To add Master Return Codes
1. Select a job from the Jobs pane.
2. Click Add in the right pane to add a task. Select the task. The task dialog appears.
Note
You can add Master Return Codes for all tasks except Get Inventory.
3. Click Next until the Return Codes page appears.
4. Click Master Return Codes. The Master Return Code List dialog appears.
5. Click Add. The Add Return Code dialog appears.
6. Enter the return code in the Code field and click OK. The code is added to the
master list.
To modify Master Return Codes
1. Click Modify. The Modify Return Code dialog appears.
2. Enter data in the Response, Result, and Status fields and click OK. The code is
modified.
Deployment Solution 192

To delete Master Return Codes
1. Select the code you want to delete and click Delete. A warning message appears to
confirm the deletion.
2. Click Yes. The selected return code is deleted from the Master list.
Note
The OK and Cancel options in the Master Return Code List dialog apply to the return
codes selected. If no return codes are selected, or none exist in the list, OK is disabled.
Click OK on the Master Return Code List dialog to add the selected return codes to
the current job.
To set up return codes
To set up return codes, you need to determine how to respond to the Deployment
Server success return code (zero) in the Success field, how to respond to a failure
return code (a non-zero) in the Default field, and how to respond to a custom or
externally generated return code defined in the Other return codes field.
The following example describes how to set up a simple process to deal with custom and
system return codes, and how to interpret the status of user-defined return codes:
1. In the Success drop-down list on the Return Codes page, keep the default value
Continue. This lets the job continue running additional tasks in the job after
successfully completing this task.
2. Click Add to add custom return codes. The Add Return Code dialog appears.
3. In the Code field, enter a value of 10 (ten).
4. Click the Response drop-down arrow and select Continue from the list.
5. Click the Result drop-down arrow and select Success from the list. Even if the
return code was not zero, which is success by default, the task is considered a
success as per the users choice.
6. Enter a description for the return code in the Status field. This is the message that
appears when the task within a selected job runs.
7. Select the Add to Master return code list check box to add the custom code to
the master return code list. The code is listed in both the Other return codes and
Master Return Codes lists. This is useful if you want to use the return code again.
Click OK.
8. If the code you added already exists, a message dialog displays the return code and
asks if you want to replace it. Click Yes to replace the return code, and click No to
return to the Add Return Code dialog.
9. Select the Select a job option from the Default drop-down list to select a job to
run when a default condition is reached. The Select a Job dialog appears, letting
you select an existing job that runs if the task returns a failed system return code
(non-zero) or a return code not defined as a custom return code.
Note
The status of the tasks executed in a job also appears in the history of a computer.
Deployment Solution 193

Sample Jobs in Deployment Solution
Sample jobs are installed with each Deployment Server system, letting you quickly
modify or add parameters, or to run the sample jobs as they are. During installation,
jobs are automatically imported from the samples.bin file to the Deployment Server
system where they can be viewed in the Samples folder in the Jobs area of the
Deployment Console. Click each job and identify its features in the Description field of
the Details pane.
Jobs in each folder marked with an asterisk (*) require input parameters or other minor
modifications added before running on your system. These modifications let you add
parameters to the job, such as user name and password or other required data for the
job to be functional. Jobs requiring input parameters or customizing do not function
properly if you do not edit the job with the information specific to your environment.
All files without an asterisk (*) can be used to perform the identified functions without
modification. However, if the job conditions are not met or are not consistent with the
computer type, you may get an error. Example: If the Repair Office XP job runs on a
computer without MSOffice XP, you get an error when running the job.
Note
When upgrading versions of Deployment Solution, we recommend that you copy and
rename modified sample jobs to avoid overwriting by new sample jobs.
Initial Deployment
Initial Deployment is a default job designed to help in the process of setting up
computers that do not exist in the Deployment Database. Initial Deployment lets you
define how computers are initially set up after being identified by the Deployment
Server.
You can define various computer configuration sets and deployment jobs for the user
during startup, letting the user select the computer settings and hard disk images,
software, and personality settings for their specific needs and environment. New
computers appear in the New Computers group in the Computers pane of the
Deployment Console.
Notes
Initial Deployment is ideal for small-scale deployments, from 1 to 10 computers. We
do not recommend this feature for large deployments -- from 10 to 100 computers -
- or mass deployments -- from 100 to 5000 computers. We also do not recommend
this feature where you use virtual computers, customized jobs, and the computer
import feature.
Although Initial Deployment is commonly used on computers that support PXE, you
can also configure a boot disk to run Initial Deployment. In this case, the image you
deploy must include automation pre-boot environment so that post imaging tasks

To access Initial Deployment, double-click Initial Deployment from the
Jobs pane or right-click Initial Deployment and click Properties. The
Properties of Initial Deployment dialog appears.
Deployment Solution 194

can run successfully. Installing an Automation Partition on the client computers
hard disk ensures that future imaging deployment jobs run successfully.
Note
To completely deploy and configure a computer using Initial Deployment, you must
define at least one Configuration and one Job.
Initial Deployment consists of a dialog with the following tabs with separate features to
deploy new computers:
Configurations
Jobs
Advanced
Configurations
Click the Configurations tab on the Initial Deployment dialog to configure different
sets of computer properties. Each configuration set is presented to the user as a menu.
The user can select the configuration set designed for their environment. Compare the
Configurations tab with the Jobs tab. See Jobs on page 195.
Note
If you do not create any configuration sets, the deployment process automatically sets
TCP/IP information to use DHCP and names the computer to match the computers asset
tag, serial number or MAC address -- in that order, depending on what is available.
1. Double-click Initial Deployment in the Jobs pane drop-down list. The Properties
of Initial Deployment dialog appears.
2. Click the Configurations tab.
3. Click Add. A configuration set appears in the Configurations menu field. The
Configuration page of the New Job Wizard appears.
4. Enter values to set computer and network properties for new computers. See
Modifying Configuration on page 179 for a list of property categories.
5. Click Add again to configure another set of property settings. You can add multiple
configuration sets for the user to select from a menu after connecting to
Deployment Server. You can modify, rename, or delete a selected configuration set.
6. After setting the properties, click Apply.
7. From the Default Menu choice drop-down list, select a configuration set as the
default.
8. Click the Timeout after ___ seconds and proceed check box and specify the
time after which you want to run the default job.
9. Click OK, or click the Jobs tab to define a task.
Advanced Configuration
Click Advanced on the Configurations tab to open the Advanced Configuration
dialog. This dialog lets you set advanced configuration settings for client computers and
provides different options for processing jobs for client computers.
Deployment Solution 195

Select Process this job as each client becomes active. This job is processed
only when clients become active.
Select Process this job in batch mode. This job is processed for a batch of clients
for the Minimum clients specified and after the specified Timeout in minutes.
Select Hold all clients until this time. You can specify the Start time for this
job, which runs for all clients at the specified time.
Click OK.
Jobs
Click the Jobs tab on the Initial Deployment dialog to add existing jobs or create new
jobs to run on the new computer. The jobs you add or build using this dialog are listed in
a menu and presented to the user during startup. The user can select the deployment
jobs to image the computer and install applications and personality settings. Compare
the Jobs tab with the Configurations tab. (See Configurations on page 194.) The
conditions on the jobs are limited to the data that can be accessed at the DOS level
(Example: Serial number, manufacturing number, NIC information, manufacturing
name).
1. Click Initial Deployment in the Jobs pane drop-down list. The Properties of
Initial Deployment dialog appears.
2. Click the Jobs tab.
3. Click New to build a new job. The Select a job dialog appears. See Building New
Jobs on page 148. Select a folder in which you want to create the job. Click OK. The
Job Properties dialog appears.
4. Click Add Existing to add an existing job.
5. From the Default menu choice drop-down list, select a job as the default.
6. Click the Timeout after ___ seconds and proceed check box and specify the
time after which you want to run the default job. The default setting is 60 seconds.
7. Click OK, or click the Advanced tab to stop servers or workstations from running
configuration task sets and jobs automatically.
See also Sample Jobs in Deployment Solution on page 193.
Advanced
Click the Advanced tab to set options to stop Initial Deployment from automatically
running the default configuration task sets and jobs. This avoids accidental re-imaging
or overwriting of data and applications for either workstations, such as desktop, laptop,
handheld computers, or servers, such as Web and network servers identified by
Deployment Server.
When a computer not yet identified by the Deployment Database is first detected, it is
placed in the New Computers group and an Initial Deployment configuration set and job
is run. However, in many cases you do not want Web or network servers to be
automatically re-imaged without confirmation from IT personnel.
Select Servers to stop servers from automatically running Initial Deployment
configuration jobs. Servers are identified as the managed computers running
multiple processors or identified as a specific server model from specific
manufacturers. Example: Both an HP Proliant computer and a Dell computer with
Deployment Solution 196

multiple processors are identified as servers. Identifying a computer as a server by
the operating system cannot be accomplished for new computers until the server
operating system has been installed.
Select Workstations/Clients to force desktop, laptop, and handheld computers to
stop before automatically running Initial Deployment.
Deployment Solution 197

Part IV
Best Practices
This section provides details on many of the management tasks available in Altiris
Deployment Solution software.
Deployment Solution 198

Chapter 11
Securing Deployment Solution
To effectively manage computers, Altiris Deployment Solution software requires
access beyond the files and database owned by the application. Example: Deployment
Solution requires rights to install software on managed computers and rights to join
computers to a domain during configuration.
The broad range of tasks performed by Deployment Solution enables simplified
management but also introduces a greater need for strong security policies.
This guide walks you through the phases of security planning, including setting access
rights, database security, and securing communications.
This guide is divided into the following parts:
Part 1: Deployment Server Accounts
To run the Deployment services, perform domain tasks, and provide automation access
to the Deployment Share, we recommend creating separate accounts with minimal
privileges to perform each of these tasks. This minimizes security risks while still
allowing Deployment Solution to manage computers.
We recommend creating the following accounts:
Deployment Server
Accounts
Contains instructions to set up the accounts you use to
run Deployment Server services, join domains, and
connect to the Deployment Share in automation.
Administrator Accounts
and Role and Scope-
based security
These security policies control administrator access to
computers, jobs, and settings within the Deployment
Console.
Database Security Provides the information you need to secure and control
database access.
Securing
Communication
Explains how to secure communication between your
Deployment Server and Agent.
Appendix A: Agent
Installation Rights
Explains the privileges needed to rollout the Deployment
Agent.
Appendix B: Managing
Task Passwords
Explains how to manage the passwords associated with
specific tasks.
Appendix C: Managing
Key-based
Authentication
Contains information on backing up authentication keys
and enabling server redirection when using key-based
authentication.
Account Description
Service The main account used to run the Deployment services,
manage the database, and mange the Deployment Share.
Deployment Solution 199
Securing Deployment Solution

These accounts should not be part of any group, and should not posses interactive login
privileges.
The following sections outline each Deployment Server account:
Service Account (page 199)
Domain Join Accounts (page 200)
Deployment Share Read/Write Account (page 200)
Service Account
This account executes the Deployment Server software and manages the Deployment
Database. This is the account provided when you install Deployment Solution:
If your Deployment Database, Server, and Share are on the same computer, create a
local account or optionally use the local system account.
If your Deployment Database or Share is on a different computer than your Deployment
Server, create a domain-level account, or create local accounts with the same
credentials on each computer hosting a Deployment Solution component.
This account requires the following rights:
Domain Join Used to join computers to a domain during configuration.
Deployment Share
Read/Write
Provides access to the Deployment Share in the
automation environment.
Rights Description
Services This account executes the following services:
Altiris Deployment Server Console Manager
Altiris Deployment Server Data Manager
Altiris Deployment Server DB Management
Altiris eXpress Server
Altiris PXE Manager
If this account is provided during installation, these
services are already configured with the proper
credentials. If not, this can be changed using the Services
applet.
Account Description
Deployment Solution 200
Securing Deployment Solution

Domain Join Accounts
These accounts provide the privileges required to join computers to a domain during
configuration. You need a separate account for each domain in which you manage
computers.
Grant the rights recommended in the following table:
After these accounts are created in Active Directory, complete the following procedure to
add them using the Deployment Console.
To add domain join accounts
1. In the Deployment Console, click Tools > Options > Domain Accounts.
2. Provide the accounts you created:
Deployment Share Read/Write Account
This account provides read/write access to the Deployment Share. This account is used
to access files in the automation environment, and optionally in some tasks if it is more
File System This account requires full control of your Deployment
Share, and does not require administrative privileges on
the computer hosting your Deployment Share.
Database This account requires the db_owner role on your
Deployment Database. See Part 3: Database Security
(page 203) for more information.
Rights Description
Domain Grant privileges to add computer to domain.
Rights Description
Deployment Solution 201
Securing Deployment Solution

efficient to access the Deployment Share directly rather than accessing it through the
Deployment Server.
Grant the rights recommended in the following table:
This account is provided when creating boot configuration using Boot Disk Creator:
Part 2: Deployment Administrator Accounts
Deployment administrators are the people who perform day-to-day work in Deployment
Solution. These accounts are tied to people, have interactive login, and usually have
additional rights across your network.
You should select a group of administrators to grant full administrator rights and
determine how to grant rights and privileges to other administrators as necessary. We
recommend creating groups in Active Directory to manage these rights, adding and
removing accounts from these groups as necessary.
Note
Each Deployment administrator needs to be granted public access to your Deployment
Database. See Rights Required for Deployment Administrators (page 205).
Role and Scope Based Security
Role and Scope-based security controls who has access to what in the Deployment
Console.
Rights Description
File System Grant read/write privileges to your Deployment Share.
Deployment Solution 202
Securing Deployment Solution

One major advantage of the Deployment Solution security model is that administrators
do not need to be granted explicit rights on any managed computers. All access is
filtered through the integrated role-and-scope based security in the Deployment
Console.
Example: if you grant an administrator rights to install software on a managed computer
in the Deployment Console, it does not allow him to log in to that computer and install
software. All actions must go through the Deployment Console.
Implementing a strong policy to manage the access granted to your Deployment
administrators protects managed computers from unauthorized access.
Deployment Console Security
By default, the Deployment Console can be used on your Deployment Server by any
user who possesses rights to log in and run applications. This works well in situations
where you already have policies in place to control server access, and you have a group
of administrators who will have full access to deployment functionality.
If you want to provide more granular access to configuration options, jobs, and
computers, you can enable security.
To enable security
You must add at least one user or group to enable security.
1. In the Deployment Console, click Tools > Security.
2. Add a new user or group. We recommend clicking AD Import and importing Active
Directory groups, as this simplifies rights management. The first user or group
added is granted administrator rights. Each additional user or group after the first
are granted no rights and must be assigned rights explicitly.
3. Security is automatically enabled after a user or group is added.
Additional users or groups can be added using this same method.
Manage By Exception
The Deployment Solution role and scope-based security model uses the concept of
managing by exception. To manage permissions, you make an assignment at a
container level that applies to most of the members of the container and you manually
add exceptions where needed.
We recommend planning administrator, computer, and job groups so that all permission
assignments can be made at the group level.
Rights and Permissions
The Deployment Console separates privileges into two categories:
Rights Provide access to console settings, database connections,
domain accounts, and other options. Typically, you restrict
most rights to one or more main administrators.
Permissions Controls access to jobs and managed computers. These
permissions are usually distributed across all
administrators who perform work in Deployment Solution.
Deployment Solution 203
Securing Deployment Solution

Grant Rights to Administrators
1. In the Deployment Console, click Tools > Security.
2. Select a user or Group and click Rights.
3. Enable the rights you want granted.
Grant Permissions to Administrators
1. Right click a Computer, Computer Group, or Job and select Permissions.
2. Select a user or group and enable or disable the permissions you want granted.
Permission Rules
Permissions received through different sources may conflict with each other. The
following permission rules determine which permissions are enforced:
Permissions cannot be used to deny the user with administrator console rights
access to use any console objects or features.
User permissions take precedence over Group permissions.
Deny overrides Allow. When a user is associated with multiple groups, one group
could be allowed a permission at a particular level while the other group is denied
the same permission. In this scenario, the permission to deny the privilege is
enforced.
Permissions do not flow down an object tree. Instead, the object in question looks in
the current location and up the tree for the first permission it can find and uses the
same.
If a console user does not have permissions to run all tasks the job contains, the
user is not allowed to run the job.
Part 3: Database Security
Securing your Deployment Database is tied directly to securing the account you use to
connect to the database.
Deployment Server requires only one account to have non-public access to the database
(the Service Account (page 199)). This account should be secured by a central
Deployment or domain administrator.
If you follow this process outlined in this document to create accounts and separate
privileges, you can greatly reduce the risk of your database being compromised.
Example
Your domain or central Deployment administrator creates a new domain-level account
with no interactive login, file system ownership of a single folder (Deployment Share),
and ownership of the Deployment Database. The password is provided to run the
Deployment Solution services and is stored securely.
No additional Deployment administrators need this password, and an intruder would
need to compromise a higher level administrator account in order to access these
credentials.
Deployment Solution 204
Securing Deployment Solution

Required Database Rights
This section contains a list of the database rights that need to be granted to use
Deployment Solution, and covers:
Rights Required to Install (page 204)
Rights Required for the Services Account (page 205)
Rights Required for Deployment Administrators (page 205)
Rights Required to Install
To create the Deployment Database during the Deployment Solution installation, you
need to grant the System Administrators database role to the administrator installing
Deployment Solution. These rights can be revoked after the installation completes.
1. Open Enterprise Manager and connect to your SQL Server.
2. Browse to Security > Logins:
3. Select the Administrator account you are using to install Deployment Solution. If it
does not exist, add it.
4. Click the Server Roles tab, and enable System Administrators:
5. Click OK and verify that the role was added.
Deployment Solution 205
Securing Deployment Solution

Rights Required for the Services Account
The account used to run your Deployment Services needs to have database owner
rights:
1. Open Enterprise Manager and connect to your SQL Server.
2. Browse to Security > Logins:
3. Double-click the account you are using to run the Deployment services. If the login
is not listed, add it.
4. Click the Database Access tab, select the eXpress database, and enable the
db_owner role:
5. Click OK and verify that the change was successful.
Rights Required for Deployment Administrators
Each Administrator with console access must be granted public rights to your
Deployment Database. The best way to do this is by assigning public access to the
Active Directory groups containing your Deployment administrators.
Deployment Solution 206
Securing Deployment Solution

This prevents you from manually granting this access to individual administrators as
they are added or removed from Deployment management responsibilities.
1. Open Enterprise Manager and connect to your SQL Server.
2. Browse to Security > Logins.
3. Add each user or group that will manage computers using Deployment Solution.
4. For each user or group, on the Database Access tab, grant the public role for the
eXpress database:
Part 4: Securing Communication
This section contains guidelines to secure Deployment Solution communication between
the Deployment Server and Deployment Agent, and discusses the following:
Deployment Agent Authentication (page 206)
Additional Agent Security (page 208)
Keyboard Locks in Automation (page 208)
Deployment Agent Authentication
We recommend providing a Deployment Server hostname rather than using multicast,
and implementing key-based authentication if additional security is needed. Key-based
authentication prevents agents from connection to un-trusted Deployment Servers if
hostname resolution is somehow compromised.
Key Authentication
Key authentication is enabled on the Server Connection agent configuration page. After
you enable this option, you are prompted to provide the server.key file containing the
server public key for your trusted Deployment Server. This key is located on your
Deployment Share. After enabling this option the Agent connects only to the trusted
Deployment Server.
Deployment Solution 207
Securing Deployment Solution

To enable server connection security
1. In the Deployment Console, right-click a computer or group and select Change
Agent Settings > Production Agent.
2. Select Connect directly to this Deployment Server and provide the hostname.
3. Select to Enable key based authentication to Deployment Server and provide the
path to your server.key file on your Deployment Share:
Deployment Solution 208
Securing Deployment Solution

Additional Agent Security
The Security tab on the Agent Settings screen provides additional security options,
including the ability to encrypt communication and password protecting admin settings
on the managed computer:
Keyboard Locks in Automation
Lock the keyboard whenever possible in automation. This prevents the session from
being broken manually on the managed computer. If you set up your account according
to the instructions in this document, this risk is greatly reduced as the account you are
using has only read/write access to the Deployment Share. However, if you are using an
account with broad network privileges this could potentially introduce a large security
risk.
Deployment Solution 209
Securing Deployment Solution

To lock the keyboard, enable the lock option when creating boot configurations in Boot
Disk Creator:
Appendix A: Remote Agent Installer Rights
To initially install the agent on managed computers using the Remote Agent Installer,
you need an account with Local User rights. You only need access to this account when
performing the one-time agent installation, so either use your domain administrator, a
domain account with local user rights, or any other account with local rights. After the
agent is deployed, you no longer need access to this account.
To determine whether you have sufficient rights, browse to:
\ \ host name\ admi n$
Replacing hostname with the name of the computer where you want to install the
Deployment Agent. If you can access this share you have sufficient rights.
Appendix B: Managing Task Passwords
When a task executes, it remembers information about the administrator who executed
it as part of the history. Next time the job executes, these credentials are used.
If the password for the account used to execute the job changes, you need to update the
jobs for a specific account:
1. In the Deployment Console, click Tools > Options.
2. Select the Task Password Tab.
3. Provide the username and old and new passwords for the administrator who
executed the task.
Deployment Solution 210
Securing Deployment Solution

4. Click Update.
Appendix C: Managing Key-Based Agent
Authentication
Key authentication is configured and ready to be enabled after installation. This
appendix contains information on backing up your authentication keys and enabling
redirection to another Deployment Server.
Backing up the Server Private Key
During installation, a private key is generated on the Deployment Server and stored in
the registry at the following location:
HKLM\ Sof t war e\ Al t i r i s\ Al t i r i s
eXpr ess\ Opt i ons\ Secur i t y\ Ser ver Secur i t y
This security key should be backed up to a secure location in case this Deployment
Server needs to be re-installed. If you re-install without this key, each agent using key
authentication needs to be updated to use the newly generated server.key file.
The public key is located on your Deployment Share and should be backed up as well.
Enabling Key-based Authentication with Redirection
If your Deployment Server is set up to redirect Agents to another Deployment Server,
you need to import the server.key from each additional Deployment Server to the server
which clients initially connect.
1. In the Deployment Configuration tool, select Options > Authentication.
2. Copy the public key file from each additional Deployment Server and use the Add
Key to add each server to the list.
Deployment Solution 211

Chapter 12
Migrating Application Data and User Settings
To perform migration, Deployment Solution uses an integrated technology called Altiris
PC Transplant. A complete guide to PC transplant can be viewed by launching the PC
Transplant Editor (Deployment Console > Tools > PC Transplant Editor).
Deployment Solution 212

Chapter 13
Capturing and Deploying Disk Images
What is a Disk Image?
A disk image is a file containing the complete contents and structure of a hard drive, or
one or more of the partitions on the hard drive.
This file can be used to restore the structure and contents of the imaged hard drive.
Imaging in Deployment Solution
Deployment Solution provides several tools to simplify the imaging process, including
tools to perform hardware independent imaging using sysprep.
Tokens
Database tokens are used throughout the imaging process. When you schedule an
imaging job using the sample imaging job (Jobs > Samples > Imaging > Create Disk
Image), the image is stored as %COMPNAME%.img, and the image description contains
the name of the operating system.
File Systems
RapiDeploy, the imaging engine used by Deployment Solution, understands the Windows
file system and captures just the data. So, an image of an 80 GB hard drive only
requires as much space as the data on the disk.
How Imaging Works
1. Computer boots to automation.
2. The rapideploy executable creates the disk image and transfers it to a remote location
or reads the disk image and restores the target partition or hard drive.
File Systems
Hard disks are imaged differently depending on the file system that is used. The source
disk or partition is not changed.
FAT, NTFS, EXT2, and EXT3. Imaging is file-based. RapiDeploy copies real data file by
file, resulting in a clean, defragmented image that can be resized and restored to a disk
of a different size.
Other File Formats. For other file systems, the disk is read sector by sector regardless
of which sectors are in use. The image mirrors the contents of the disk. These formats
are not resizable.
Partitions
When you create an image, you can image a partition, a group of partitions, or an entire
hard disk. Any partition on a hard disk can be imaged.
Deployment Solution 213
Capturing and Deploying Disk Images

When a computer receives an image, you can select which partitions to download. The
default setting is to restore all partitions, which would overwrite any existing partitions.
To keep an existing partition, you can specify which partitions to download and which to
ignore. You can also use command-line switches to keep existing partitions.
Partition slots on the target computer will be, by default, the same as the image source
PC. A partition occupying slot 3 in the image file will be by default in slot 3 on the target
computer.
By default, the following partition types will not be overwritten:
Automation partitions
OEM system partitions
The default behavior can be overridden.
Partition Size
When you are restoring an image to a computer, the destination hard disk may be a
different size than the disk imaged. If there are multiple partitions, the partition size
percentage of the Client PCs will, by default, be the same as the image source.
Example:
If you image a 100 GB hard disk where 40% (40 GB) of the disk is a Windows XP
partition and 60% (60 GB) is a data partition, a Client PC with a 200 Gigabyte disk will
use the same percentages. The size of the Windows XP partition will be 80 GB and the
data partition will be 120 GB.
RapiDeploy also offers a partition resize feature that allows you to manually resize the
partitions to a size you specify.
Spanning Media
The maximum size for a single image file is 2 GB. Images which exceed this amount are
automatically split into multiple files.
Example:
If you named your image file basepc.img, and the image is split into four files, the
following files are created:
basepc.img
basepc.002
basepc.003
basepc.004
You can set the split image file size to be between 1-2040 MB.
Multicasting
How Multicasting Works
The Master PC manages the multicast session. The multicast transmission is
synchronized by the Master PC, so it will only go as fast as the slowest computer in the
Deployment Solution 214
Capturing and Deploying Disk Images

group. If a single computer fails, it will drop out of the session and the session will
continue.
The Master PC can multicast images to Client PCs in the following three ways:
While the Master PC downloads an image from a file server and manages the
simultaneous imaging of the Client PCs
While the Master PC creates an image on a file server and manages the
simultaneous imaging of the Client PCs
While using its own hard disk as the source and sending the contents to Client PCs
HTTP Imaging
When capturing or deploying an image, you have the option of providing a URL as the
path to an image file. This is non-typical interaction, and requires some configuration on
your Web server.
Your Web server needs the following:
Unlimited keep alives enabled.
Upload access if you want to upload images
In Apache 2, enable unlimited MaxKeepAliveRequests in your httpd.conf file. You also
need to obtain and install mod_put module to enable image uploading.
In IIS, consult your documentation for information on enabling keep alives and uploads.
Basic authentication is supported, Windows digest authentication is not supported. You
might also need to specify a file type of application/octet-stream for your images to
prevent errors.
Capturing Images
See Creating a Disk Image on page 154.
Deploying Images
Distributing a Disk Image on page 160.
Post-Imaging Configuration
Because images contain a generic operating system, you will probably want to set up
unique configurations such as operating system license, networking, TCP/IP, and user
account settings on each computer that receives an image. This section briefly describes
the options that are available in the Post-Imaging Configuration wizard page.
Important
To use this feature, you must ensure that the Deployment Agent is installed on the
computer you will create the image from. After a computer has received an image, the
Deployment Agent applies the configurations you set, and reboots the computer so the
changes take effect.
Deployment Solution 215
Capturing and Deploying Disk Images

Managing Images
You can view and make changes to RapiDeploy image files (*.img) using the Altiris
ImageExplorer. For more information, see Altiris ImageExplorer on page 311.
Deployment Solution 216

ImageX Imaging
Deployment Solution provides native support for imaging computers using ImageX.
Obtaining and Installing ImageX
Before using ImageX, you must download and install the Microsoft Windows Automated
Installation (WAIK) toolkit. This is available as part of the Business Desktop Deployment
(BDD) Workbench.
After installation, copy the following directory:
C: \ Pr ogr amFi l es\ Wi ndows AI K\ Tool s
to the WAIK directory on your Deployment Share. After copying, the WAIK directory will
contain a Tools subdirectory.
WinPE must be used in automation for for all ImageX jobs.
Capturing and Distributing ImageX Images
As ImageX is a 3rd party tool, limited support is provided in the imaging wizard. To
access the full functionality of ImageX, customize the ImageX Imaging sample jobs
for your environment.
When using the Create Disk Image task, the following restrictions apply:
Only the C drive is imaged.
The default capture mode is fast.
When using the Distribute Disk Image task, the following restrictions apply:
The target disk is formatted before the image is deployed. If there is a problem with
the deployed image, the computer might be left in an unusable state.
See the release notes for additional information.
Deployment Solution 217

Chapter 14
Mac Imaging
Deployment Solution supports native imaging of Mac PowerPC and Intel-based
computers. Using an OS X Server to provide the boot image, Deployment Solution can
capture and deploy images to most Mac computers.
Requirements:
A Mac computer to provide the source for the automation image. Instructions for
creating this image are contained in Creating an Automation Image (page 217).
OS X Server. Instructions for enabling NetBoot to provide the boot image are
contained in Configuring the NetBoot Service (page 219).
Use of OS X is subject to the Apple license agreements, see your operating system
documentation for information.
Process Overview
The following provides a basic overview of the Mac imaging configuration process:
1. Create an automation image. This image is a standard OS X operating system with
the Deployment Agent installed and configured for automation.
2. Enable NetBoot. This is an OS X Server feature that enables network booting similar
to PXE Server.
3. Add your automation image as the default NetBoot image.
When an imaging job is assigned to a Mac computer, the Mac agent in the production
operating system shuts the computer down and instructs it to restart and contact your
NetBoot server.
When the NetBoot server is contacted, the automation image is loaded, and then the
Deployment Agent inside this image starts and contacts your Deployment Server.
The computer then receives any automation jobs assigned.
Creating an Automation Image
The automation operating system is a basic OS X image with the Deployment Agent
installed. To create an automation image, complete the following procedures:
Step 1: Configure a Source Computer (page 217)
Step 3: Image the Source Computer (page 219)
Step 1: Configure a Source Computer
In this step, a basic OS X system is prepared to provide the source for your automation
boot image.
If your source computer is running OS X 10.5, you must update to 10.5.2 or later.
Deployment Solution 218
Mac Imaging

1. Perform a fresh installation of OS X on the source computer. Optionally, you can
create an additional volume on an existing computer to store this operating system.
2. Start the operating system you installed in the previous step, and then log in using
the Administrator account you created during installation.
3. Change any settings that might require user interaction. For example:
Enable automatic login (System Preferences > Accounts).
Disable the Sleep option (System Preferences > Energy Saver).
Disable software updates (System Preferences > Software Update).
4. In network options select Using DHCP.
5. Verify Apple Remote Desktop 2.2 is installed by browsing to / Syst em/ Li br ar y/
Cor eSer vi ces/ Remot eManagement . If this folder is not present, download and
install from apple.com/support/downloads/appleremotedesktop22client.html.
6. Install the Altiris Agent. For instructions see Installing The Mac Deployment Agent
(page 259).
7. After the installation completes, open / et c/ al t i r i s/ depl oyment / agent -
i nst al l . conf in a text editor and change the following:
expor t OS_TOOLBOX=dar wi n
To:
expor t OS_TOOLBOX=automation
To edit this file, you can run sudo vi /etc/altiris/deployment/agent-
install.conf and select shift+i to insert the text. When finished, type :wq to exit
and save changes.
8. Re-install the Deployment Agent.
Continue to Step 2: Provide Credentials to Access Images (page 218).
Step 2: Provide Credentials to Access Images
Complete the following procedure to store the credentials required to access the OS X
Servers hosting images. Credentials can also be provided directly in imaging tasks in the
Deployment Console.
1. From the source computer you are configuring, connect to the Deployment Share by
selecting Finder and then selecting Go > Connect to Server. Provide the server
and share name, for example, smb: / / ser ver _i p/ expr ess, replacing server_ip
with the IP address of the Deployment Server. When prompted, provide credentials
in the format domain\user.
2. Browse to the TechSup/ Maci nt osh folder.
3. Extract and run the program contained in AddCredentialstoKeyChain, providing
the username, password, and hostname for each server hosting images.
This computer is ready to be imaged. In Step 3: Image the Source Computer
(page 219), we use the imaging utility, hdiutil, to capture and store an image of this
computer.
Deployment Solution 219
Mac Imaging

Step 3: Image the Source Computer
1. From the source computer, connect to the OS X Server selected to host the NetBoot
service and mount a NetBoot share. Connect by selecting Finder and then selecting
Go > Connect to Server, providing a path similar to the following:
af p: / / ser ver _i p/ Net Boot SP0
Replacing server_ip with the IP address of your server. If using a different share,
replace NetBootSP0 with the share you are using.
2. From the terminal on the source computer, run the following command to capture
and store the disk image:
hdi ut i l cr eat e - sr cf ol der / / Vol umes/ Net Boot SP0/ Syst emRO. dmg
3. Convert the existing read-only image to read-write using the following command:
hdi ut i l conver t / Vol umes/ Net Boot SP0/ Syst emRO. dmg - f or mat UDRW-
o / Vol umes/ Net Boot SP0/ Syst em. dmg
When this operation completes, you can delete SystemRO.dmg.
4. Add an additional 1 GB padding to the image using the following command:
hdi ut i l r esi ze - si ze newsize / Vol umes/ Net Boot SP0/ Syst em. dmg
Replacing newsize with the current size of your image plus 1 GB.
If necessary, you can determine the current image size using a command similar to:
l s - al h / Vol umes/ Net Boot SP0/ Syst em. dmg
You are now ready to configure the NetBoot service.
Configuring the NetBoot Service
NetBoot is a service which runs on OS X Server to provide Mac computers with an
automation operating system. To configure the NetBoot service complete the following
procedures:
Step 1: Configure the NetBoot Image (page 219)
Step 2: Start the NetBoot Service (page 220)
Step 1: Configure the NetBoot Image
Complete the procedure for the version of OS X Server you are using to host the
NetBoot service:
10.5 (page 219)
10.4 or Previous (page 220)
10.5
1. On the OS X Server hosting the NetBoot service, double-click / Li br ar y/ Net Boot /
Net Boot SP0/ Syst em. dmg to mount the image you captured in the previous step.
2. Run the System Image Utility (Applications > Server > System Image Utility).
3. In the left pane, select the image you mounted in step 1.
4. In the right pane, select NetBoot Image then click Continue.
Deployment Solution 220
Mac Imaging

5. Provide Automation as the image name, then click Create.
6. When the creation completes, provide Automation as the folder name and save it to
the / Li br ar y/ Net Boot / NeBoot SP0 folder. If that location is unavailable, save
the folder to a different location and then copy it to the correct location after the
operation completes.
7. Your NetBoot server should now have a folder at / Li br ar y/ Net Boot /
Net Boot SP0/ Aut omat i on. nbi containing the following:
You are now ready to start the NetBoot service.
10.4 or Previous
1. On your NetBoot server, double-click / Vol umes/ Net Boot SP0/ Syst em. dmg to
mount the captured image as a volume.
2. Run the System Image utility (Applications > Server > Network (OS 10.3) or
System (OS 10.4) Image Utility).
3. In the upper pane, select New Boot.
4. Provide Automation as the image name.
5. Provide an image ID.
Example:
1300
6. Leave the default NFS option selected.
7. On the Contents tab, select disk image, then browse to the image file volume you
mounted in step 1.
8. Click Create.
9. Provide Automation as the folder name and save it to the / Li br ar y/ Net Boot /
Net Boot SP0 folder. If that location is unavailable, save the folder to a different
location and then copy it to the correct location after the operation completes.
Your NetBoot server should now have a folder at / Li br ar y/ Net Boot / Net Boot SP0/
Aut omat i on. nbi containing the following:
System.dmg
booter
mach.macosx (10.3 only)
mach.macosx.mkext
NBImageInfo.plist
You are now ready to start the NetBoot service.
Step 2: Start the NetBoot Service
1. On the OS X Server hosting the NetBoot service, open the Server Admin utility.
2. Expand the services on the localhost.
3. Select the NetBoot service.
Deployment Solution 221
Mac Imaging

4. On the General tab, select the volume containing your images.
5. On the Images tab, select the Automation image and:
Enable the image.
Enable the diskless option.
Select it as default.
The NetBoot service also requires the AFP and DHCP services to be started. This is done
automatically on 10.5. On 10.4, you might need to manually start the AFP service and
the DHCP service.
On 10.4, after starting the DHCP service, it is not necessary to click enable. Running the
service but not enabling any adapters prevents your NetBoot server from responding to
DHCP requests on your network, but allows your NetBoot server to provide IP address
when booting clients.
NetBoot is now configured.
Deployment Solution 222

Symantec Ghost Imaging
Important
Deployment Solution does not include the Ghost executable or a license to use
Symantec Ghost. You must provide a copy of the ghost.exe and/or ghost32.exe imaging
executable to enable this support.
Customers currently using Ghost imaging solutions have the option of copying the Ghost
executable to the Deployment Server to enable Ghost imaging from the Create Disk
Image and Distribute Disk Image tasks.
To add support for Symantec Ghost
1. On the Deployment Share, create a folder called ghost. Copy ghost.exe (for DOS
support) and/or ghost32.exe (for WinPE support) to this folder.
Symantec Ghost is now available for selection in the Create Disk Image and Distribute
Disk Image tasks. A configuration file called ImageTools.ini, located in the root of your
Deployment Share, contains settings you can change to customize the behavior of
Ghost. For example, the default command-line in DOS is:
Cr eat eI mageCommandLi ne=-
cl one, MODE=cr eat e, SRC=1, DST=%I MAGE_FI LENAME%- sur e
This setting and others can be customized by modifying ImageTools.ini.
Deployment Solution 223

Chapter 15
Software Packaging
Deployment Solution includes the robust Wise Packager for Altiris Deployment Solution.
This article presents an overview of the Wise Packager, including a walk-through of the
software capture and distribution process. Information for users migrating from
RapidInstall to the Wise tools is provided as well.
Why Use Software Packaging?
Installing and managing software is a major part of successful computer management.
Often, a software package you require does not provide options for remote or
automated installation, and might require additional configuration after installation.
These situations can require you to manually install and configure software, or include a
large number of programs in your standard images which can require frequent updates.
The Wise Packager repackages and customizes your existing installations to create
consistent, flexible software installation packages. These packages use the Windows
Installer format (MSI), which provides many benefits over traditional installations. This
format is explained in Appendix B: Windows Installer Format Explained (page 225).
Other reasons you might want to repackage include:
Supporting corporate standards by customizing the way applications are installed.
Creating silent installations or limit the options available to end users.
Creating transforms for the repackaged installations.
Changing the source paths in the installation to UNC paths.
Building complex launch conditions using Windows Installer runtime properties that
test aspects of the destination computer.
These software packages can be as simple as a single file copy or a registry change, all
the way up to a pre-configured, silent installation of a complete application.
Overview of the Software Packaging Process
The software packaging process uses the tools that compromise the Wise Packager:
Wise SetupCapture, and Wise MSI Editor.
Wise SetupCapture records changes made to a computer by an installation program,
bundles these changes into a Windows Installer package (.MSI). Wise MSI Editor lets
you customize and create MSI installation programs.
To repackage software, you use Wise SetupCapture to create a snapshot of the files and
settings on a computer execute an existing installation. SetupCapture records the
changes made by the installation and compares these changes to the initial snapshot.
Any changes detected are added to an installation package.
You can use Wise MSI Editor to customize the installation.
Deployment Solution 224
Software Packaging

The following sections provide additional details on this process:
Setting up a Reference Computer
To host the capture process, we recommend setting up a computer with just the basic
operating system and no additional software. This helps prevent situations where the
necessary changes are not captured due to pre-existing software or other conflicts.
The capture process is not resource intensive, so any recent desktop computer should
work fine as the reference computer.
Accessing Wise SetupCapture
After the operating system is installed, you need to provide the reference computer
access to Wise Setup Capture. This tool does not need to be installed; in fact, it can be
executed directly from the Deployment Share.
The easiest way is to first install AClient and use the Create Wise Packager Shortcuts
sample job to add shortcuts to execute the software from the Deployment Share.
(Shortcuts are placed at Start > All Programs > Altiris > Deployment Solution.)
You could also copy the Wise Packager folder from your Deployment Share to the
reference computer, or create the shortcut manually (use the sample job as a starting
point).
After you have a way to execute Wise Setup Capture on the reference computer,
continue to the next section, Capturing a Software Package (page 224).
Capturing a Software Package
What Can I Capture?
Depending on the complexity of the installation, certain programs are better candidates
for repackaging than others. Installations that perform simple file copies and registry
changes, such as WinZip, Adobe Reader, and others, are simple to repackage.
As the complexity of the installation increases, additional customization is often
required. Client/server applications, and applications that make API calls (such as
antivirus software) can be very difficult to repackage. Fortunately, many of these
applications already provide their own tools for automated and remote installations.
Installations already using the MSI format should not be repackaged because remote
installation and other advanced features are already supported. Making modifications to
Step Description
Setting up a Reference
Computer (page 224)
This computer hosts the capture process.
Capturing a Software
Package (page 224)
Using Wise Setup Capture to capture changes to the
reference computer.
Customizing a Software
Package (page 225)
Adding and removing files, registry settings, and other
installation options.
Distributing a Software
Package (page 225)
Getting your package to the right managed computers.
Deployment Solution 225
Software Packaging

vendor-supplied MSIs is not recommended since it could introduce incompatibilities with
future updates.
Hardware drivers, operating systems and updates should not be captured, due to their
complexity and Windows File Protection.
The Capture Process
Before you begin, review the guidelines in Appendix C: SetupCapture Guidelines
(page 228).
Copy the installation programs you want to repackage to the reference computer or to
an accessible share and launch Wise SetupCapture. (If you added shortcuts, Start > All
Programs > Altiris > Deployment Solution > Wise SetupCapture. Ensure you run it on
the reference computer, not the server.)
After providing a name, select options for this capture. The default options should work
fine, though if you want to capture file and registry deletions you need to select these
options. Complete details on these options are in the Wise
Packager\Help\WisePackager.chm help file on your Deployment Share.
The remaining on-screen prompts guide you through performing an initial scan,
capturing changes, and completing the process.
After this process completes, review the captured changes and add stand-alone files and
registry settings in the next section, Customizing a Software Package (page 225).
Customizing a Software Package
Open the Wise MSI Editor and open the MSI you captured. (If you added shortcuts, Start
> All Programs > Altiris > Deployment Solution > Wise MSI Editor.)
Complete details on using Wise MSI Editor are in the Wise
Packager\Help\WisePackager.chm help file on your Deployment Share.
At a minimum, you should review and update the properties on the Installation Expert
pages.
Distributing a Software Package
After you have created a software package, use the powerful automation tools provided
by Deployment Solution or Software Delivery Solution to distribute this package to
managed computers.
Appendix A: Migrating From RapidInstall
We recommend migrating from RapidInstall to the Wise Packager to leverage the
benefits of the MSI format, including self-healing, automatic uninstall and rollback.
To convert existing RIP packages to MSI format, use the RiptoMSI.exe migration utility.
This utility is in the RInstall folder on your Deployment Share.
Appendix B: Windows Installer Format Explained
To create a streamlined process for installing and managing applications, Microsoft
developed the Windows Installer service. It consists of the following:
Deployment Solution 226
Software Packaging

A set of guidelines.
An Application Programming Interface (API).
A runtime service that makes application installation and management part of
Windows services.
Windows Installer is not a installation authoring tool, but rather an installation engine
and rule set.
The Windows Installer engine resides on the destination computer as part of the
operating system. Instead of an installation executable (such as setup.exe), the
Windows Installer executable (msiexec.exe) reads the installation database (.MSI)
which contains instructions and installation files. The .MSI uses highly structured,
uniform data tables. There is 100% accountability of where each file installs and a
thorough log of which files belong to which applications, so individual files are restored
to repair damaged applications.
Each table contains different installation information such as Class, Components,
Features, Files, Execution Sequence, and Registry. Logic built into the Windows Installer
engine prompts for a reboot, checks disk space, and follows file-version-replacement
rules. When opening an .MSI, msiexec.exe reads the database and builds a transaction
list that it follows to complete the installation. If the installation fails, Windows Installer
performs a rollback, which returns the computer to its previous state.
Advantages of Windows Installer
Before Windows Installer, every software application had its own setup executable file
(usually setup.exe or install.exe). Although many software manufacturers used common
installation tools like Wise Installation System, others used highly proprietary
installation technologies. This made the users experience inconsistent from one
installation to the next, and the operating system had to contend with redundant code in
different applications. Applications could not be administered after installation, except to
rerun the setup program.
Windows Installer implements a single built-in execution engine and replaces the
installation executable with a database file (.MSI). The database stores the applications
program files and setup instructions and can readily access this information if the
application requires maintenance.
Using Windows Installer results in a solid, robust installation that reduces the total cost
of ownership and enables compliance with the Microsoft rules for software installation.
Because Windows Installer is part of the operating system, it provides benefits that are
unavailable in traditional installation technology.
Deployment Solution 227
Software Packaging

Windows Installer
Benefits
Description
Self-healing With self-healing (also called automatic repair and self-
repair), the application repairs missing components.
When an application starts, Windows Installer checks a
list of key files and registry entries. If it detects any
problems, Windows Installer repairs the application using
a cached database that contains key paths to application
components.
Publishing Applications appear in the Add/Remove Programs applet
and can be installed to the destination computer by the
user.
Rollback When the installation fails, the installation reverts to the
previously installed state. This prevents having an
incomplete or broken application.
Advertisement Also called install-on-demand, advertised features do not
install but appear installed to the user. When the user
selects an advertised feature, the installation occurs.
Componentization Components group resources together so they move as a
unit, which gives you more control during installation.
Standardization Applies rules to installed application files that look at a
files version and its shared .DLLs to prevent conflicts
between applications.
Version Rules Decides whether to install a file to a directory by looking
at a files date, language, version, and the modified date
on a non-versioned file.
Reference Counting Tracks which applications have installed every file and
registry key on the computer on the component level, so
the Windows Installer service always knows exactly what
is needed for an application to run, and what is no longer
used during uninstall.
Customization Transforms customize an .MSI to a particular user groups
needs.
Elevated Privileges Runs an installation using administrative rights. This
invokes the systems security rights, restricts data and
commands, and enforces rules when running the
installation. Msiexec.exe and the Windows Installer
service approve the elevated privileges request.
Assignment Assigns advertised or installed applications to a users
profile so when the user logs in, these applications appear
on the destination computer.
Open Architecture Lets you choose from a variety of authoring software and
allows you to customize previously created installations.
Total Cost of Ownership Windows Installer makes installations easier to install,
maintain, and support.
Deployment Solution 228
Software Packaging

Appendix C: SetupCapture Guidelines
Run SetupCapture on a clean reference computer.
Do not run SetupCapture from the Deployment Solution Console; run it on a client
computer.
During a capture, SetupCapture attempts to convert computer- and user-specific
data in the registry to generic data that will work on any computer. It does this by
searching for standard paths (example: C:\Winnt) and replacing them with Windows
Installer properties (example: [WindowsFolder]).
Part of this process includes searching for the computer name and currently logged-
on user name. To make the search for computer and user names as accurate as
possible, ensure the computer name and user name on the capture computer are
set to unique names 4 or more characters in length. Avoid having the user name or
computer name set to any common file or folder names. An example of a unique
user name is: repackage-1-user.
Before you run SetupCapture, exit all other applications, including background
services or applications. (Example: Norton AntiVirus.)
During SetupCapture, changes to an .INI file are recorded as changes to an .INI file
only if the .INI file follows standard .INI file format. Otherwise, the changes are
recorded as a file change.
Do not capture an .MSI-based installation. Instead, open the .MSI directly in Wise
MSI Editor. To customize it for specific workgroups, create a transform.
SetupCapture does not monitor any internal logic within the installation and it does
not replicate the user interface of the original installation.
SetupCapture creates a separate feature for each .EXE that's installed that has a
shortcut. Isolating .EXE components into features results in more efficient repairs,
because if there is a problem with a component, only the problem component and
the .EXE are reinstalled instead of the entire feature containing the problem
component.
To capture an uninstall, you must mark Include files deleted during capture and
Include registry keys deleted during capture in SetupCapture Configuration General
Settings. In Wise MSI Editor, deleted items are located in the RemoveFile and
RemoveRegistry tables in Setup Editor > Tables tab.
Dynamic Source List Provides sources for the MSI to repair from and enable
advertising. Multiple possible locations for the MSI
package are listed, ensuring access even between
different networks.
Group Policy and
Security
Sets privileges to control the user and application rights,
and provides a more secure environment.
User Policy Defines a users privileges.
System Policy Lets you set policies on a per-computer basis, which lets
you run an entire installation in elevated privileges and
define only those rights users have while an installation
runs.
Windows Installer
Benefits
Description
Deployment Solution 229
Software Packaging

Registry keys that define an environment variable are converted to an environment
variable in the repackaged installation.
Deployment Solution 230

Chapter 16
Deploying Scripts
Altiris Deployment Solution provides a number of pre-defined tasks you can combine to
create complex management jobs.
When you need to perform a management task that isnt covered effectively by the
predefined tasks, DS provides an environment to pre-process, deliver, and execute
VBScripts, batch files, and shell scrips. These scripts have access to the full processing
capability of the operating system command processor, as well as several additional
features provided by Deployment Server:
Access to your eXpress share and any other network resources available in the
production or automation environment.
Intelligent access to values stored in your DS database. DS retrieves values based
on the computer currently running the script, so a single script can provide unique
values for 1000s of computers.
Firm, logevent, and other Altiris tools.
The following diagram illustrates how scripts are processed by DS. Each step of this
process is discussed in greater detail in this section:
When creating a script, you target it for the automation or production environment, and
specify the operating system for the script. When a scripting task runs, the server pre-
processes the script for database tokens, delivers and executes the script, returns any
error messages generated by the script.
Deployment Solution 231
Deploying Scripts

Using the flexibility of tokens and the processing power of the command processor of
your OS, you can develop and deploy scripts ranging from a simple file search to a full
system customization.
This chapter discusses how to effectively create and deploy scripts in your DS
environment.
Writing a Script
Scripts can be deployed to the DOS, WinPE, and Linux automation environment, or to
the Windows or Linux production environment. Unlike other tasks, the scripts you write
vary greatly depending on the target environment and OS.
The core of each script you write uses the functionality provided by the command
processor of your OS. There are utilities and commands for each environment to
perform a broad range of management tasks.
One of the biggest advantages to deploying scripts using DS is that a script is processed
independently for each computer. Database values specific to each computer can be
retrieved using the same token in your script, saving you from polling the computer and
executing a database query before you can perform a task. The same %COMPNAME%
token can provide a unique value for each computer that runs this script.
When a script is processed, DS first parses each script for two things: tokens, and
predefined server scripting commands. Tokens are replaced, additional action might be
taken based on the commands found before the script is delivered to the target.
The predefined server scripting commands are keywords defined for replacing tokens in
other files, running vbscripts, performing scripted installs, unloading BootWorks, and a
special deployment command for Blade servers. These additional keywords are
discussed in the Server Scripting Commands section.
Server Scripting Commands
DS provides several predefined commands you can use when deploying scripts. These
commands are processed before a script is deployed to a client. Each of these scripting
commands must be marked by the correct comment flag to prevent them from being
processed by the OS:
The following table contains the comment flags for each scripting environment:
Comment Flags
Flag Location Used
REM Batch files.
REM [ ser ver command]
# Linux shell scripts.
# [ ser ver command]
Visual Basic scripts.
[ ser ver command]
Deployment Solution 232
Deploying Scripts

The following table contains the predefined server scripting commands:
Retrieving Database Values Using Tokens
Any tokens contained in a script are replaced automatically. A server command is also
provided to replace tokens in other files, called ReplaceTokens.
Example: to deploy a custom sysprep.inf file to several computers, the ReplaceTokens
command could be contained in a script to replace tokens in sysprep.inf, this file could
be copied with the correct database values to the production drive of the computer.
A script to perform this task might look similar to the following:
REM Repl aceTokens . \ t emp\ syspr ep. i nf . \ t emp\ %COMPNAME%. t xt
Fi r mCopy f : \ t emp\ %COMPNAME%. t xt PROD: \ syspr ep. i nf
When replacing tokens, the server creates a temporary file in the \tmp folder, named
machinename with the same extension as the original script. This file contains a copy of
the script with all token replacements made by the server, and is a valuable tool for
troubleshooting.
Server Scripting Commands
Command Description
Boot Wor ks
Unl oad
Unloads BootWorks to provide additional memory for complex scripts.
BootWorks is unloaded automatically when you specify ScriptedInstall.
Boot Wor ks Unl oad
Repl aceTokens Tokens are replaced automatically in your scripts. This command
replaces tokens in additional files, such as those used when
configuring a computer. Source represents the source file containing
the tokens you want replace, and destination represents the output
file after tokens are replaced.
Repl aceTokens [ sour ce] [ dest i nat i on]
Scr i pt edI nst al l Indicates that this script is launching a scripted install. 394k of free
memory is required for the Windows scripted install to run. BootWorks
is automatically unloaded for scripted installs.
Scr i pt edI nst al l
Depl oyment
St ar t
When using blade servers, this option places a note in the history to
mark a starting point.
If a redeployment is later executed on this computer, the computer is
restored from the deployment start mark in the history.
Depl oyment St ar t
vbscr i pt Indicates that this script contains vbscript. If this appears anywhere in
your script, the entire script is executed as a vbscript (you cannot
execute batch commands and vbs commands in the same script).
The comment flag is always used with the vbscript server command
when writing Visual Basic scripts to ensure that it is ignored by the VB
processor.
vbscr i pt
Deployment Solution 233
Deploying Scripts

After replacing tokens in the script itself, the server processes the next command in this
script: ReplaceTokens. Since the token replacement process already replaced the
compname token, the ReplaceTokens command works as expected and creates a unique
system.inf file for each computer, containing values unique to that computer.
The script is delivered to the client, and the Firm utility finds the correct file on the
eXpress share to copy to the production drive. A similar process can be used to deploy
configuration files to Linux computers, as a large number of Linux configuration files are
text-based.
If you perform Linux configuration often, you might want to set up an additional
database containing common configuration values you can retrieve using tokens.
Running Scripts on the Server
Scripts can optionally execute on the server on behalf of the client. This is very
important to understand, because token replacement and other commands are based on
the client assigned the job, not the server.
Example: consider the script we reviewed in the previous section:
REM Repl aceTokens . \ t emp\ syspr ep. i nf . \ t emp\ %COMPNAME%. t xt
Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf
If we marked this script to execute on the server, the initial token replacement still
contains the name of the computer targeted by the scripting task. However, the
command in the second line fails because the server looks for the paths specified by
Firm on the server, not the client.
This is valuable when you want to retrieve tokens specific to a number of computers, but
the script can execute successfully on the server. This can relieve network traffic and
prevent interruptions on managed computers.
However, when a script runs server-side, the script is executed separately for each
computer assigned to the task. A task assigned to 500 computers causes any server-
side scripts in the task to execute 500 times on the server. If you have processor
intensive commands, you might want to avoid server-side execution to prevent
disruptions on your server, or perform the task during off-hours.
Also, when running scripts server-side, avoid commands that require interaction. The DS
service does not have interaction with the desktop, so there is no way to provide even
simple feedback in scripts that run server-side.
Reporting Errors
One of the biggest challenges when running scripts is implementing effective error
reporting and feedback.
In DS, every task has the ability to handle error codes returned from a job, and take
action based on this code. By default, a scripting task returns a 0 for success, and a 1 if
the script fails to execute. This might be sufficient for a simple script, but scripts can
often execute successfully yet still fail to perform the intended tasks.
Additionally, if you create a batch file with three commands, the status reported on
completion is the status of the final command in the script. The first two commands
might return errors, but if the final command is successful you receive a status of
success.
Deployment Solution 234
Deploying Scripts

To provide additional feedback when running scripts, Altiris provides an error logging
utility, called logevent, for DOS, Windows, and Linux.
This utility lets you send error, warning, and informational messages back to your server
from within scripts, and job execution can be stopped based on the messages you
return.
When executing scripts, it is important to note that DS cannot stop script execution
directly; DS delivers the script and returns the execution status, but the operating
sytem handles the actual execution. DS does not automatically stop script processing
when an error is encountered, you must provide that logic in your script.
Usage: LOGEVENT [ - c: #] [ - l : #] [ - ss: Msg] [ - n: Pr og]
DOS/CMD Error Handling
In the DOS automation environment, the logevent utility is called LOGEVENT, and is
available on your eXpress share. Since this is the default directory in the automation
environment, LOGEVENT can be executed directly in your scripts.
In the Windows production environment, the logevent utility is called WLogevent.exe. In
order to use WLogevent.exe, you must make the executable available to the Windows
client, either by providing it with an image, a software deployment, or by simply copying
the file directly before your script executes.
On DOS, events are queued until the script completes and they are returned to the
server. The Windows and Linux utilities return messages as soon as they are
encountered.
The following script uses GOTO commands to control how a script is processed based on
the outcome of executed commands, and uses logevent to return the script status:
@ECHO OFF
REM Cal l r equest NewHar dwar e. exe. Thi s f ai l s and r et ur ns an er r or .
r equest NewHar dwar e. exe
I F ERRORLEVEL 2 GOTO TWO
I F ERRORLEVEL 1 GOTO ONE
GOTO END
: TWO
Logevent
Parameter Description
[-c:#] A ReturnCode between -32768 and +32767. Default = 0
[-l:#] Additional indicator of type of message.Where # = 0-3; 0 = Unknown, 1
= Information, 2 = Warning,
[-ss:Msg] Any string enclosed in double quotes. Default = "No Message"
[-n:Prog] Name of the program that was executed. Default = "User Defined"
Deployment Solution 235
Deploying Scripts

LOGEVENT - c: 2 - l : 3 - ss: Bad command or f i l e not f ound.
GOTO END
: ONE
LOGEVENT - c: 1 - l : 1 - ss: Er r or 1.
: END
Visual Basic Error Handling
By including the ' vbscript server command in a script deployed to a Windows or DOS
environment, DS executes the script using Visual Basic.
Visual Basic has a powerful, integrated method to handle errors. In these scripts, use
WLogevent.exe to report script status to the server after you have used the built-in
mechanisms to retrieve errors.
The following script contains an example of error handling in Visual Basic script:
On Er r or Resume Next
Set WSHShel l = Wscr i pt . Cr eat eObj ect ( " Wscr i pt . shel l ")
' l ook on t he l ocal comput er
st r Comput er = " . "
Set obj WMI Ser vi ce = Get Obj ect ( " wi nmgmt s: \ \ " & st r Comput er &
" \ r oot \ ci mv2" )
Er r Num= Er r . Number
I f Er r Num= 0 Then
Set col Net Car ds = obj WMI Ser vi ce. ExecQuer y _
( " Sel ect * Fr omWi n32_Net wor kAdapt er Conf i gur at i on Wher e
I PEnabl ed = Tr ue" )
' cycl e t hr ough al l of t he ni cs
For Each obj Net Car d i n col Net Car ds
' i f i t i s t he ni c we ar e l ooki ng f or change t he dns
For Each obj Addr ess i n obj Net Car d. I PAddr ess
I f obj Addr ess = " %NI C1I PADDR%" Then
' Set up t he ar r ay of DNS ent r i es f or t he NI C
ar r DNSSer ver s = Ar r ay( " 172. 17. 0. 202" , " 172. 17. 0. 201" )
obj Net Car d. Set DNSSer ver Sear chOr der ( ar r DNSSer ver s)
WSHShel l . Run " . \ WLogevent . exe - c: 0 - l : 1 - ss: " " Changi ng DNS
f or NI C1" " " , 1, t r ue
Deployment Solution 236
Deploying Scripts

End I f
Next
Next
El se
WSHShel l . Run " . \ WLogevent . exe - c: " & Er r Num& " - l : 3 -
ss: " "Er r or : " & _ Er r . Descr i pt i on & " " "" , 1, t r ue
Er r . Cl ear
End I f
Linux Shell Error Handling
The logevent command is provided in the Linux agent, so any Linux computer with the
agent installed has local access to logevent.
Similar to Visual Basic script, Linux provides a powerful method to track error values.
When running scripts on Linux, use logevent to report the status to the server after you
have used the built-in mechanisms to retrieve errors.
The following script contains an example of error handling on Linux:
#! / bi n/ sh
expor t PATH=$PATH: / opt / al t i r i s/ depl oyment / adl agent / bi n
gr ep f oo f oo. t xt
ERRVAL = $?
i f [ $ERRVAL - ne 0 ] ; t hen
l ogevent - c: $ERRVAL - l : 3 - ss: er r or execut i ng gr ep"
f i ;
Deployment Solution 237

Chapter 17
Creating an Image Distribution Framework
Why Use an Image Distribution Framework?
In distributed networks, your ability to effectively manage computers is often limited by
the speed of your network link to remote locations. In Deployment Solution, computer
imaging can often require file transfers in excess of several gigabytes, even when
multicasting. This can cause centralized management to become a major bottleneck,
limiting your ability to manage computers at these remote locations.
The following diagram outlines a typical network topology that can benefit by
implementing an image distribution framework. It consists of a distributed network with
several remote locations and subnets connected using routers over permanent, reliable-
but-slow WAN links:
Typically, managed computers at remote locations would be required to access image
files often over several gigabytes over this LAN link.
Implementing an image distribution framework enables you to replicate your images to
a local image store for use during imaging tasks.
Deployment Solution 238
Creating an Image Distribution Framework

PXE Redirection
PXE solves this problem by enabling you to redirect a shared PXE configuration to a
configuration on a local PXE server. This lets you assign a job across multiple locations,
and have computers at each location boot using a local PXE server with configuration
specific to this location. Within this configuration, you can map local file shares
containing disk images.
Important:
If PXE is available, we recommend using up PXE redirection instead of following the
process outlined in this document.
What if I Am Not Using PXE?
If you are not using PXE, Deployment Solution provides a set of tools to let computers
automatically retrieve the correct image file locally. Using these tools is described in this
document.
Tools
The tools referenced in this document, such as getsrv.bat and server.lst, are available on
your Deployment share in the TechSup\DOS\getsrv folder.
Creating a Distribution Framework
The following provides a basic outline of an image distribution framework:
Each subnet has a file server to host a local image store.
All managed computers, regardless of location, connect to the local image store to
retrieve images. This eliminates downloading an image over the WAN link before an
imaging operation.
The location of each managed computer is determined automatically based on IP
address using a custom utility. Using this method, the same distribute image task
can be used to image one or more computers regardless of location.
Complete the following tasks to implement an image distribution framework:
Step One: Set Up Local Image Stores (page 238)
Step Two: Replicate Images (page 239)
Step Three: Configure the Server Lookup Utility (page 239)
Step Four: Create a Boot Disk Creator Configuration (page 240)
Step Five: Distribute an Image (page 241)
Step One: Set Up Local Image Stores
A local image store should be set up on a file share at each remote location. Each share
hosting an image store should have the same name and folder structure. In other
words, the path to your images must be identical with the exception of the server name.
To control access to these shares, we recommend creating a domain-level account with
read/write access to each share, or alternately, a local account with the same username
Deployment Solution 239
Creating an Image Distribution Framework

and password on each server. This account should not possess group membership,
interactive login privileges, or any additional rights.
This account is specified when creating the boot configuration in Boot Disk Creator, and
the username and password must be the same for each share.
Step Two: Replicate Images
Before an image can be used, it must be replicated to the image store file share at each
location. There are a number of file replication solutions available, and most companies
already have a process in place for replicating data between remote sites.
Before attempting an imaging job, ensure the necessary image files have been
replicated to the local image store.
Step Three: Configure the Server Lookup Utility
To simplify the process of accessing images at remote locations, a tool called getsrv.exe
was developed to retrieve the IP address of each managed computer and compare it to
a lookup file to find the local image store.
Create a Configuration
Open getsrv.bat in a text editor. This batch file calls getsrv.exe to populate the server
name variable.
Getsrv.bat should look similar to the following:
copy F: \ ser ver . l st c: \ t ool s\ ser ver . l st
C: \ t ool s\ get sr v. exe / s c: \ t ool s\ ser ver . l st / v SERVERNAME > c: \ t ool s\ sr venv. bat
cal l C: \ t ool s\ sr venv. bat
This example copies the server lookup file, server.lst, from the Deployment Share to the
automation drive. Getsrv.exe is called with these parameters set correctly.
To use this example in your environment, place your server lookup file in a tools folder
on your deployment share and name it server.lst. If you are using PXE, change the drive
references from C: to A:, since PXE uses a virtual boot floppy represented by A:.
This modified file is added to your boot configuration in a later section.
Create a Server Lookup File
Each server in the lookup file consists of two entries: the IP address/subnet entry and
the corresponding server name.
The IP address and subnet are separated by a slash ( / ), and the corresponding server
name is separated by a comma (,).
For example:
172. 16. 0. 0/ 255. 255. 0. 0, SERVER1
192. 168. 1. 0/ 255. 255. 255. 0, SERVER 2
192. 168. 2. 0/ 255. 255. 255. 0, SERVER 3
Create entries in this file for each IP segment to which you might deploy images.
Deployment Solution 240
Creating an Image Distribution Framework

GetSRV.EXE Parameter Descriptions
The following table contains descriptions of the getsrv.exe parameters:
Step Four: Create a Boot Disk Creator Configuration
After you have configured getsrv.bat, you need to create and modify a boot
configuration. This configuration is used to boot managed computers to the automation
environment for imaging.
1. In Boot Disk Creator, create a new boot configuration using your selected
automation boot method and environment.
2. Create a drive mapping for your image share, using the %SERVERNAME% variable
rather than an actual servername. (The name of this environment variable is
specified using the /v flag of getsrv.exe. We recommend using SERVERNAME). This
drive mapping should look similar to the following:
\ \ %SERVERNAME%\ [ shar e]
Replace [share] with the share name of your local image stores.
3. Managed computers must be able to resolve the name of the central Deployment
Server. If using DOS automation, NetBIOS is used to resolve names, so we
recommend adding your Deployment Server to the lmhosts file. We also recommend
adding the name and IP address of each server hosting an image store.
4. After the wizard completes, within the configuration, create a folder named Tools
and copy the following files:
getsrv.exe
getsrv.bat
Parameter Description
/s [filename] File containing the list of servers hosting local image
stores. This file is typically placed in the deployment
share. See Create a Server Lookup File (page 239).
/v [variablename] Environment variable containing the selected server. This
token is used when creating the boot configuration, and is
set to SERVERNAME in these examples.
Deployment Solution 241
Creating an Image Distribution Framework

Modify Mapdrv.bat to call Getsrv.bat
Mapdrv.bat is called to map drives in the automation environment. This file is modified
to call the getsrv.bat file you modified in a previous step. After this executes, the server
name variable is available to map the drive to your local image store.
1. Launch Boot Disk Creator.
2. Expand the configuration you created in the previous section.
3. Modify mapdrv.bat to add the following line after the first line of the file:
cal l c: \ t ool s\ get sr v. bat
The completed file should look similar to the following:
net use F: \ \ [ your _ds_ser ver name] \ eXpr ess / yes
cal l \ t ool s\ get sr v. bat
net use [ dr i ve] : \ \ %SERVERNAME%\ [ shar e] / yes
Deploy the Boot Configuration
This configuration is now ready to be deployed using PXE, installed to an automation
partition, or copied to boot media. Computers must boot this configuration when
performing imaging tasks.
Step Five: Distribute an Image
You are now ready to test your configuration by deploying an image. Use the standard
deploy image task in the Deployment Console, keeping in mind the following:
Images must be replicated before the task executes.
The path to the image file specified in the Deploy Image task should be based on
the image store drive you mapped when creating your boot configuration. Example:
if you selected G and mapped \\%SERVERNAME%\ds_images, and your images are
located in the root folder of that share, the path is G:\imagename.img.
The server lookup file must be accessible.
Deployment Solution 242

Chapter 18
Deploying and Managing Servers
Deployment Solution provides additional features to remotely install, deploy and
manage network and web servers. From the Deployment Server Console, you can
configure new server hardware, install operating systems and applications, and manage
servers throughout their life cycle. And because servers are mission-critical, you can set
up a system to quickly deploy new servers or automatically re-deploy servers that have
failed. Features like rules-based deployment, support for remote management cards,
and quick server restoration from a deployment history give you new tools to manage all
servers throughout your organization.
Manage Servers from the Console. The Deployment Server Console includes features
specifically designed for deploying and managing servers, such as enhanced task
logging and history tracking features to let you recall administrative actions and quickly
redeploy mission-critical servers. See Server Management Features on page 242.
Set Server-specific options. Servers are essential to any organization and require
special planning and management strategies. Deployment Server provides server-
specific features to automatically deploy new servers and maintain existing servers. See
Server Deployment Options on page 243.
Server Management Features
Deployment Server provides various features for deploying and managing servers.
These features are supported for client and handheld computers as well, but are
essential in deploying servers.

Servers are identified in the Computer pane with distinctive server icons. Like all
managed computer icons, the icons change to identify the status and state of the
computer, such as user logged on or Server Waiting.
Note
Servers are recognized by their operating system (such as Windows 2000
Advanced Server, Windows Server 2003, or any Linux OS), multiple processors,
and specific vendor server models.
Deployment Solution 243
Deploying and Managing Servers

Server icons. The Deployment consoles display icons to identify servers across the
network. Like other computer icons in the console, server icons can be selected to view
server properties or assign specific jobs and management tasks
Run Scripted Installs. Execute scripted, unattended installs across the network for
both Microsoft Windows and Linux servers. Follow steps to create answer files and set up
the operating system install files using a wizard. See Scripted OS Install on page 165.
Support for multiple network adapter cards. Because servers may require more
than one network interface card, Deployment Server provides property pages to access
and configure multiple network adapters remotely from the console. See TCP/IP
Configuration Settings on page 104.
Synchronized server date and time. Deployment Server automatically sets the
servers date and time after installing or imaging (as part of the configuration process).
Deployment Agents include an option to disable this feature (it is off by default).
Enhanced scripting capabilities. You can deploy multiple tasks per deployment job
and boot to DOS multiple times when configuring and deploying a clean server.
Deployment Server also lets you view and debug each step in the deployment script,
and track each job to provide a history of tasks for redeploying a server.
Server Deployment Options
Deployment Server includes features to automatically reconfigure and redeploy new
servers. If you are using Initial Deployment to automatically re-image new servers or
run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2)
run automatically for every server not identified as a managed computer in the
database. These contrasting settings are based on polices you define for managing
servers in your organization.
Example: if you rely on PXE to boot the new server and you want to deploy new servers
automatically without halting the process, you must change the default settings in the
PXE Configuration Utility. In contrast, if you want to ensure that the server waits before
being deployed (or waits a set time before proceeding) to avoid erroneous re-
deployment, you need to set the options in the Advanced section of Initial Deployment.
Halt the Initial Deployment of Servers
When a server boots from the PXE server or from BootDisk (if the option is set),
Deployment Server recognizes it as a new computer and will attempt to configure the
Icon Description

Indicates a server is active and a user is logged on.

Indicates a server is disconnected from the console.

Indicates a server is in a waiting state.
Deployment Solution 244
Deploying and Managing Servers

computer with Sample Jobs in Deployment Solution. Initial Deployment includes a
feature to prohibit servers from being deployed automatically.
1. Click Initial Deployment and select Properties.
2. Click the Advanced tab.
3. Click the Servers check box and click OK.
Initial Deployment will not run for any computer identified in the console as a server.
Change PXE Options for Initial Deployment
If installing a server using a PXE Server, the server will attempt to install but will not run
automatically using default settings. It will wait until a boot option is selected from the
client computer. You can change the default setting in the PXE Configuration Utility to
allow Initial Deployment to run automatically and not sit at the prompt.
1. Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility.
2. Click Altiris BootWorks (Initial Deployment). Click Edit.
3. Select Execute Immediately.
Initial Deployment will run automatically for every identified server.
4. Click OK.
Clear BootWorks Prompt for Remote Install
When you run a deployment job on a computer where the Deployment Agent has been
remotely installed, a message will appear stating that no BootWorks partition or PXE
stamp is found. The message will stay open until the user clicks OK on the message
dialog, which delays executing the scheduled job as part of an automated redeployment
process. To fix this delay:
1. Select Tools > Options.The Altiris Program Options dialog appears.
2. Select the Agent Settings tab.
3. Select Change Default Settings.
4. Select the BootWorks tab.
5. In the lower section, select Never prompt me from the list.
6. Click OK.
Following these steps will assure that the BootWorks message will not come up and
things will move forward when a job is scheduled.
Managing Server Blades
Deployment Solution allows you to manage high-density server blades with Rack/
Enclosure/Bay (R/E/B) hardware and properties. From the Deployment Console you can
deploy and manage these space-efficient server blades using the physical view to
assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage
each server blade directly from the logical view. See Bay on page 121 for properties
and rules to deploy Rack/Enclosure/Bay servers.
Deployment Solution 245
Deploying and Managing Servers

Using Deployment Solution, you can employ rip and replace technology that allows
you to insert a new server blade and automatically configure and deploy it exactly like
the previously installed server blade, allowing you to replace any downed server and get
it back on line quickly. Altiris provides fail-safe features to ensure that no server is
mistakenly overwritten and ensures that all disk images, software, data, and patches
are applied to the new server from the history of jobs assigned to the previous server
blade.
Managing New Server Blades
Deployment Solution allows you to automatically deploy, configure and provision new
server blades using a variety of features, including Sample Jobs in Deployment Solution,
Virtual Bays, and Server Deployment Rules.
New Server Blades in Newly Identified Bays
When new blades are identified in a Bay that has not been used previously (if it has
been used previously, the Bay object will be identified in the physical view), both the
Sample Jobs in Deployment Solution and Virtual Bays features can be set up to
automatically run configuration tasks and deployment jobs.
To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid
Deployment Pack installations of Deployment Solution.
Initial Deployment set up: Clear the Servers check box in the Advanced dialog.
If both new computer features are set up and a new server blade is installed in a Bay not
previously identified by the Deployment Server, the Create Virtual Bay feature will
execute and Initial Deployment will not execute.
New Server Blades in Identified Bays
If a new HP server blade is installed in an identified Bay (one that has already had a
server blade installed and is visible from the Deployment Console), both Sample Jobs in
Deployment Solution and Server Deployment Rules can be set up. However, when both
are set up, the Server Deployment Rules execute and Initial Deployment does not
execute.
Hewlett-Packard Server Blades
Hewlett-Packard high-density blade servers can be deployed and managed from the
Deployment console. The following HP server blades are supported:
HP blade servers allow you to employ all features provided in the Deployment Console
when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/
servers/rdp), including the Virtual Blade Server feature. The name of each Rack for an
HP Server is displayed along with the assigned name for the Enclosure and Bay. These
names are collected from the SMBIOS of the server blade and displayed in both the
physical and server views within the Computers pane of the Deployment console.
HP Proliant BL e-Class HP Proliant BL p-class
Proliant BL 10e Proliant BL 20p
Proliant BL 10e G2 Proliant BL 20p G2
Proliant BL 40p
Deployment Solution 246
Deploying and Managing Servers

For HP blade servers in the physical view the Rack name can be a custom name in the
console, with all subordinate Enclosures and Bays also identified. Example:
<rackName>
<enclosureName>
<bayNumber>
See also Server Management Features on page 242 and Server Deployment Options on
page 243.
Virtual Bays
Blade servers now have a Virtual Bay feature that allows you to pre-assign deployment
jobs to the rack, the enclosure, or to a specific server blade in the bay. Any blade server
can have predefined deployment jobs and configuration tasks associated with it to
execute automatically upon installation. The Virtual Rack/Enclosure/Bay icons will
change from virtual icons to managed server icons in the Deployment console as live
blade servers are inserted and identified by Deployment Solution.
Rack name. Enter or edit the name of the Rack.
Enclosure name. Enter or edit the name of the Enclosure.
Enclosure type. Select the type of HP server blade from the list.
Initial Job. Select an existing job to run when the virtual computer is associated with a
new server blade.
Server Change rule. Select the Server Deployment Rules to run on the Bay when a
new server blade is installed.
Note
If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if
another model of server blade with an enclosure containing fewer bays is connected
(such as the BLp-class with 8 bays), the excess virtual bays will be truncated
automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an
enclosure with additional bays (20), you will need to recreate the virtual bays in the
enclosure (right-click the enclosure name in the physical view and click New Virtual
Bays).
See also Managing New Server Blades on page 245.
Dell Server Blades
Dell high-density blade servers can be deployed and managed from the Deployment
console. All Dell Rack Servers are supported by Deployment Solution, but the server
blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The
following servers are supported:
For Dell blade servers in the physical view, the Rack name will always be Dell. All
subordinate Enclosures and Bays are identified with custom names under the Dell rack
name. Example:
Dell Rack Servers Dell Server Blades
All PowerEdge rack servers PowerEdge 1655MC
Deployment Solution 247
Deploying and Managing Servers

Dell
<enclosureName>
<bayName>
See also Server Management Features on page 242 and Server Deployment Options on
page 243.
Fujitsu-Siemens Server Blades
Fujitsu-Siemens high-density blade servers can be deployed and managed from the
Deployment console. All Fujitsu-Siemens Rack Servers are supported by Deployment
Solution, but the server blades can also be managed from the physical view in the Rack/
Enclosure/Bay view. The following servers are supported:
For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be
Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom
names under the Fujitsu-Siemens rack name. Example:
Fujitsu-Siemens
<enclosureName>
<bayName>
See also Server Management Features on page 242 and Server Deployment Options on
page 243.
IBM Server Blades
IBM high-density Blade Centers can be deployed and managed from the Deployment
console. All IBM blade servers are supported by Deployment Solution, but the server
blades can also be managed from the physical view in the Rack/Enclosure/Bay view.
For IBM blade servers in the physical view, the Rack name will always be IBM. All
subordinate Enclosures are identified with custom names under the IBM rack name and
Bays are identified by number. Example:
IBM
<enclosureName>
<baynumber>
See also Server Management Features on page 242 and Server Deployment Options on
page 243.
Fujitsu-Siemens Rack
Servers
Fujitsu-Siemens Server Blades
All Primergy rack servers Primergy BX300 blade servers
Deployment Solution 248

Part V
Operating System and Platform Reference
This section contains operating system and platform-specific information you need to
consider when managing computers.
Deployment Solution 249

Chapter 19
64-bit Platforms
Deployment Solution has been designed to make managing different platforms as
seemless as possible. This section walks you through the enhancements added to
support 64-bit, and includes tips to more effectively manage these computers.
64-bit Job Conditions and Filters
Functionality has been added to let you set conditions and filters based on the computer
architecture. These conditions and filters let you set up your jobs to make decisions
based on the architecture so you dont have to re-organize your tree around
architecture.
Example: when distributing software, you can have 32- and 64-bit comptuters in the
same group and use conditions to ensure each receives a different version.
64-bit PXE Boot Images & Configurations
Deployment Server 6.8 uses the same process to create automation boot configurations
as Deployment Server 6.5. There are two differences for 64-bit:
When you create a PXE boot configuration (example: an item on the PXE boot
screen), you select the architectures you want to include when you create the
configuration. When a managed computer boots this configuration, PXE
automatically detects the architecture and sends the correct boot image. If you
attempt to boot an x64 computer without an x64 boot image, it will use the x86
version. An Itanium will attempt to boot only an Itanium boot image.
When you create an automation partition or boot disk from a Boot Disk Creator
configuration, you are asked which architecture you want to use. Boot Disk Creator
automatically gathers the correct files for that architecture.
Adding Files to a Boot Disk Creator Configuration for 64-bit
For the most part, Boot Disk Creator configurations are independent of architecture.
However, if you manually add executables to a configuration which supports multiple
processor types, you need to ensure you provide a version of the file for each
architecture you have included.
Example: if you have x86 and x64 versions of the Linux preboot environment selected
for a configuration, and you add an executable, Boot Disk Creator checks the file header
to see which architectures the executable supports. If not all architectures you have
installed are supported by the file you added, this screen appears prompting you to add
additional files or ignore the warning.
Deployment Solution 250

Linux and Unix Systems
Altiris Deployment Solution has several tools to effectively manage Linux and Unix
computers, including:
A native Linux and Unix agent, called ADLAgent, in the Linux production and
automation environments.
Fedora Linux automation environment
Support for deploying KickStart scripted installs
Native imaging support for ext 2 and 3 filesystems
Native imaging support for LVM
This section contains considerations you must be aware of when managing Linux and
Unix systems, and contains the following topics:
ADLAgent
ADLAgent is the client software which provides connectivity to Deployment Server from
Linux, Unix, and Solaris.
Installing and Configuring ADLAgent
For basic instructions on installing ADLAgent, see Installing Deployment Agent on Linux
on page 351. Installing ADLAgent on your Linux and Unix computers involves copying
the necessary binaries to the client and running the installation script. You can configure
the agent using the configuration script, modifying the configuration file directly, or by
modifying the configuration directly in the Deployment Console.
If you need to install ADLAgent on multiple computers, you can copy the installation files
to an NFS or other share on your network, use standard remote access tools to run the
installer. This might involve using ssh to log in remotely, or adding a line to a standard
script. You might also modify the ADLAgent configuration file once and copy it to each
computer.
Distributing Software
The software distribution task now supports a number of Linux and Unix file types. When
using this task with these formats, the file is copied to the system, extracted, The
configure script is executed (./configure) and the make install command is executed.
A large number of software packages can be installed using this process. If you have
software which requires configuration beyond this, or if you are using a package
management system, use a file copy task along with a shell script to install the software.
Imaging Linux and Unix Filesystems
RapiDeploy provides native imaging support for EXT2 and EXT3 file systems. Other file
systems can be imaged, but you need to use the -raw switch.
Deployment Solution 251
Linux and Unix Systems

Linux Bootloaders
There are a few considerations you must use to preserve the functionality of Linux
bootloaders. First, if your bootloader is located on a reiserfs partition, you must use the
-raw switch when imaging this partition to preserve the structure.
Second, if you are using an automation partition, your MBR is modified to boot this
partition. If you install a new version of a bootloader, your MBR is modified and you
might not be able to access your automation partition.
If this occurs, you can reinstall the automation partition. To prevent this, do not update
any software which modifies your MBR without uninstalling the automation partition
first. The automation partition can be reinstalled after the software update.
Deployment Solution 252

Chapter 20
Managing Thin Clients
Thin clients are a low cost, low maintenance solution for organizations that want to
perform tasks or access programs such as: Web browsing, Java-based applications and
terminal emulation, or line of business (LOB) applications. Example: users can range
from receptionists and data entry workers to users accessing systems from kiosk
locations commonly found in call centers or health care environments. Thin clients
provide users a reliable server-based environment without the complexity or
maintenance of a PC.
Thin clients connect to any current or legacy network and can be managed from a
centralized location. Thin clients do not contain any moving parts and data is stored in
RAM, which increases their manageability, security, and reliability.
Thin client operating systems
The Deployment Agent is the Production Agent and can be installed to thin clients
running Windows XP Embedded from the Deployment Console. However, if you have thin
clients running either CE. NET, or the proprietary version of Linux from HP or Neoware,
you cannot remote install (push) the Deployment Agent from the Deployment Console.
Rather, you must install the Deployment Agent on the thin clients (pull) directly. See
Thin Client Operating Systems (page 253).
Production versus Automation Agent
Deployment Solution requires that a Production Agent be installed to each thin client you
want to manage from the Deployment Console. Thin client computers come pre-installed
with the Deployment Agent so when they are added to a Deployment Server system,
communications between the server and client are established right away. The client
computers MAC and IP addresses are added to the Deployment database, which lets
you begin managing the device. See Installing Deployment Solution Agents (page 345),
Deployment Agents (page 109).
The Automation Agent boots thin clients to automation mode so they can run
deployment jobs, such as run script, create and distribute disk images, and more. Altiris
recommends using a PXE Server to boot thin clients to automation, instead of installing
an embedded automation partition. See Automation Agent Settings (page 379).
Supported Deployment Solution Functionality
Deployment Solution supports full functionality for thin client running XPe and Linux.
However the there is limited functionality for thin clients running CE .NET. The following
is a list of the supported functions for thin clients running CE .NET.
Modify Computer Configuration (the computer name and TCP/IP Setting only)
Distribute software (.CAB and .EXE files)
Execute and run scripts (DOS and WIN batch files) *no VBS support
Copy files and directories
Create disk images
Deployment Solution 253
Managing Thin Clients

Distribute disk images
Remote Control clients (24 bit color depth only. No chat or send file features)
Power Control (restart/shutdown/wake up jobs)
Set computer properties
Create conditions to run jobs and filter computers
Modify client properties via Windows and Linux agent settings
Supported Thin Client Manufacturers
Currently, Altiris supports Fujitsu-Siemens, HP, and Neoware thin clients.
Thin Client Operating Systems
Thin clients come pre-installed with an operating system and the Altiris Deployment
Agent. This lets you easily add new devices to the network and establish
communications with the Deployment Server. See Windows XP Embedded (XPe)
(page 253), Windows CE .NET (page 256), and Linux (page 256).
Windows XP Embedded (XPe)
Microsoft Windows XP Embedded (XPe) is a powerful, rapid, and reliable operating
system that runs on PC architecture hardware with x86 processors. Windows XP
Embedded is a componentized technology based on the Windows XP Professional
operating system, with full Win32 Application Program Interface (API) capabilities.
Manufacturer Model
Fujitsu-Siemens Futro B, S, and C series thin clients running the Windows
XP Embedded operating system. Currently, Deployment
Solution does not support Futro thin clients running Linux.
Futro S series thin clients come pre-installed with the
Deployment Agent and a license for Deployment Solution.
However, the Futro B series requires that you install the
Deployment Agent before obtaining a Deployment Solution
license from Altiris. See Managing Licenses (page 353)or
the Altiris Getting Started Guide for more information.
HP HP t5000 thin client series, which includes the t5300,
t5500, and t5700 clients. Thin clients come pre-installed
with Windows XP Embedded, Windows CE .NET, or Linux,
depending on the model of the device. All HP thin clients
come pre-installed with the Deployment Agent.
Neoware CapioOne G150 and Eon E100 series thin client models.
The thin clients come pre-installed with Windows XP
Embedded, CE. Net 4.2 or 5.0, or NeoLinux. All Neoware
thin clients come pre-installed with the Deployment Agent,
but if your device is missing the agent, contact Neoware for
a Snap-In.
Deployment Solution 254
Managing Thin Clients

Because application developers can choose from over 10,000 individual feature
components, the image footprint is smaller and can boot basic images as small as 8MB.
The Deployment Agent used for computers running 2003\XP\2000 is the same agent
that is installed on thin clients running the Windows XP Embedded operating system.
There are no limitations when installing the Deployment Agent to thin clients from the
Deployment Console. However, you must turn off The Enhanced Write Filter on the thin
client before installing the Deployment Agent, so that the agent will be saved to the
clients memory.
See also: Installing Deployment Solution Agents (page 345)and Deployment Agents
(page 109).
The Enhanced Write Filter
The Enhanced Write Filter (EWF) is a unique feature of the Windows XP Embedded
operating system that protects data from being written to the Hard Disk (RAM) storage
area on a thin client. With EWF enabled, any data writes will be redirected to an
alternate storage area called an overlay. The data stored in the overlay gives users the
appearance that files, programs, or any other data installed to the thin client, will be
permanently saved. However, all data written to the overlay storage area will be deleted
when the thin client reboots. The Enhanced Write Filter is an IT managing feature that
helps control the data stored on a thin clients hard drive.
Some of the tasks Deployment Solution tasks that are impacted by the Enhanced Write
Filter are certain deployment jobs, and installing the Deployment Agent for Windows.
Other tasks such as, creating and distributing images, and modifying the configuration
(computer name or IP address) already have scripts to handle EWF. These jobs disable
EWF first, run other scripts or tasks, and re-enable EWF as the last step of the
deployment job. This ensures that data written to thin clients during the deployment job
will not be lost when clients reboots.
Example: from the Deployment Console in the Jobs pane, located in Samples >
Windows XP Embedded, is a job called Create Disk Image. The script reads as
follow:
Notice that the first line item disables the Enhanced Write Filter, and the second line item
checks to verify that EWF is disabled. The Create Image task creates a copy of the thin
clients image and stores it in the Images folder on the Deployment Share. When the
image task completes, the Enhanced Write Filter is re-enabled, and the thin client
reboots. Because this script handles EWF automatically, thin clients can be managed
from the Deployment Console without concern that data tasks will not be saved to
managed thin clients.
When creating your own Deployment jobs, use the Samples in the Job pane of the
Deployment Console to help you create your own scripts to handle EWF automatically. If
Deployment Solution 255
Managing Thin Clients

EWF is not disabled and enabled properly, after you run a Deployment job, the next time
a thin client reboots, data will be lost.
See also: Building and Scheduling Jobs (page 143), Deployment Agents (page 109).
Using the EWFMGR Utility
HP and Fujitsu-Siemens thin clients can enable or disable the Enhanced Write Filter,
using a Windows XP Embedded utility named ewfmgr.exe, which is stored in the
C:\Windows\System32 folder.
Although there are many switches that can be used with this utility; however, you
typically will only use the following three or four.
Note
Neoware thin clients use a different method of enabling and disabling the Enhanced
Write Filter. See the Sample Jobs folder in the Jobs pane in the Deployment Console for
examples, or contact Neoware.
The following are a few examples of how to use the ewfmgr.exe program.
Switch Description
-all Performs a specified command (such
as disable or enable) on all protected
volumes. The default command is to
display protected volume information.
-disable Disables the overlay on the specified
protected volume.
-enable Enables the write filter so that data
written to the protected media is
cached in
the overlays. The current overlay level
becomes 1 as soon as EWF is started,
and a
new overlay is created at level 1.
-commitanddisable Commits all current level data in the
overlay to the protected volume and
disables the overlay.
Deployment Solution 256
Managing Thin Clients

Although the enhanced Write Filter manager can be run from a thin client, it is more
efficient to include it as part of your Deployment Job.
Windows CE .NET
Microsoft Windows CE .NET is designed for a broad range of intelligent hardware devices
that require a small-sized operating system, and usually run disconnected from other
computers. Window CE .NET can run on multiple processors, supports Win32 Application
Program Interface (API), and runs in Realtime right out of the box. Application
developers can choose from a wide range of modules and components, creating small
image footprints booting the basic image from 350KB.
Deployment Solution lets you mange thin clients running Windows CE .NET from a
centralized location, but the Deployment Agent for Windows CE .NET must be installed
on each device. Many of the thin clients supported by Deployment Solution come pre-
installed with the Deployment Agent and can be managed after they are connected to
the network. However, due to limitations of the Deployment Console, you cannot push
the Deployment Agent for CE .NET to thin clients running the Windows CE .NET
operating system. Rather, you must run the Deployment Agent installation from the thin
client directly.
Linux
HP and Fujitsu-Siemens distribute their own proprietary versions of Linux for thin clients
supported by Altiris. Contact the manufacturer for more information.
Licensing Thin Clients
HP and Fujitsu-Siemens thin clients do not require a license, but Neoware thin clients
must purchase a standard license. See Managing Licenses (page 353).
Example Description
ewfmgr -all This displays the current Enhanced
Write
Filter settings.
ewfmgr c: -disable This disables the Enhanced Write Filter
on the C: volume.
ewfmgr c: -enable This enables the Enhanced Write Filter
on the C: volume.
Deployment Solution 257

Windows Vista
Deployment Solution 6.8 introduced a new Deployment Agent, called DAgent, to support
windows Vista. DAgent is used to:
Install software
Execute scripts
Gather inventory and system configuration
Integrate Windows Remote Desktop into the Deployment Console
Install the Deployment Agent on Vista
The DAgent installation program is contained in the Agents\AClient folder on the
Deployment Share. To install, launch the installation MSI on the computer using an
admininstrator account, and complete the prompts.
To install the client-side, graphical, DAgent Configuration Utility (this utility is similar to
the client-side configuration GUI installed with AClient), select the Dagent Config
option. The graphical configuration utility is not installed by default.
Silent Installation
To perform a silent installation, use a command similar to the following:
DAgent . msi / qn TCPaddr = 172. 19. 17. 180 t cppor t =402
To remotely install combine the above instructions for a silent installation with a login
script or group policy object. To view additional options, run the DAgent.msi using the /
? switch from the command-line.
UnInstallation
Use the Add/Remove Programs Control Panel applet, or perform a silent removal using a
command similar to the following:
msi exec. exe / x C: \ DAgent \ DAgent . msi / qui et
Start and Stop the DAgent Services
The DAgent Configuration Utility provides a Service Control tab to let you quickly start,
stop, and restart the DAgent services.
Vista Software Distribution
Due to increased security in Vista, software must meet the following criteria before it
can be distributed using Deployment Solution:
The software you are distributing must be Vista compliant.
The installation is set to run as completely silent.
Deployment Solution 258
Windows Vista

No user input is required by the installation prcess.
If the package requires additional files, the "copy all directory files" and/or "copy all
subdirectories" options are selected to provide these files.
If you are attempting an installation from a remote location or UNC path, only one
setup executable is required to complete the installation.
In the Distribute Software Task, you have left the advanced option on the default
selection, "Copy files using Deployment Server then Execute," or you have provided
appropriate domain credentials to perform a remote installation.
See the release notes for additional information.
Vista Run Script Tasks
Due to increased restrictions placed on services in Vista, scripts executed by
Deployment Solution cannot display anything to the user. Scripts requiring user
interaction, including pause statements, will not execute correctly.
Vista Imaging
RDeploy fully supports imaging Vista computers similar to other Windows operating
systems. Additionally, support is provided for the WIM format using ImageX. See
ImageX Imaging (page 216).
Deployment Solution 259

Mac Deployment Agent
Installing The Mac Deployment Agent
1. Connect to the Deployment Share using Finder > Go > Network > domain >
Express, replacing domain with the domain containing your Deployment Server.
2. Browse to the Agent s/ ADLAgent folder.
3. Extract and run the program contained in altiris-adlagent-x-darwin.zip.
4. Complete the prompts, providing the IP address of your Deployment Server and the
IP address of your NetBoot Server.
When the installation completes the computer appears in the Deployment Console.
Removing the Mac Deployment Agent
An uninstall script is contained in the / opt / al t i r i s/ depl oyment / adl agent / bi n
folder. Before executing this script you must make it executable using chmod.
1. Start Terminal and enter: cd / opt / al t i r i s/ depl oyment adl agent / bi n
2. Enter: sudo chmod +x uni nst al l . app
3. Enter: sudo . / uni nst al l . app
Deployment Solution 260

Part VI
Reference: Deployment Solution Help Files
This section contains the help files that are launched from the Deployment Console, Web
Console, and other Deployment Solution utilities.
Translated versions of these help files are available in the product.
Deployment Solution 261

Deployment Server Configuration Utility
The Altiris Deployment Server Configuration Utility provides general configuration
preferences for the Deployment Server. You can use the Deployment Server
Configuration Utility to:
Set up an account for the Deployment Server. See Service Logon Account on
page 262.
Stop, start, and restart the Deployment Server.
View server activity and statistics.
Map drives to file servers in your Deployment Server system (if you have images
stored in more than one place). See Drive Mappings Option on page 263.
Set the communications protocol (multicast or TCP) and set the imaging multicast
threshold. See Transport Option on page 265.
Filter connections from the Deployment Server by IP addresses or network adapter
interface. See Connections Option on page 267.
Set debug and log file options. See Debug Option on page 268.
From the main view of the Altiris Deployment Server Configuration Utility, you can view
the Deployment Server activity and statistics, start and stop the Deployment Server,
access Deployment Server configuration options, and more. The following are the fields
and tabs on the Altiris Deployment Server Configuration Utility page:
Log in to the Deployment Server you want to manage. Open the Deployment
Server Configuration Utility by clicking Start > All Programs > Altiris >
Deployment Server > Configuration. The Altiris Deployment Server
Configuration dialog appears.
Item Description
Server
activity and
statistics
Lists the number of Deployment Server sessions (client computers)
and Deployment Server Consoles currently running on the network.
Start Starts the Deployment Server on the local computer.
Stop Stops the Deployment Server on the local computer.
Restart Restarts the Deployment Server on the local computer.
Altiris Deployment Server Configuration Utility 262

Service Logon Account
You can use the Service Logon Account dialog to set up the user account for the
Deployment Server.
To specify or change the Deployment Server service account
1. From the Control Panel of the Deployment Server computer, open the Altiris
Deployment Server Configuration Utility.
2. Click Account.
3. Choose whether you want to use the LocalSystem account or a user-defined
account. If you choose a user-defined account, you must enter the user name and
password.
Account Opens the Service Logon Account dialog, which lets you specify
the logon account used by the Deployment Server service.
The LocalSystem account requires a simple installation that runs
Deployment Server services on the local computer, prohibiting
access to network shares or components.
If you select the Use the LocalSystem account option, you can
click the Allow service to interact with desktop check box to
place an icon in your system tray. This icon lets you quickly shut
down the Deployment Server services or to view server statistics
(just as you can do from the Manage > Services and Applications >
Services > Altiris eXpress Server service).
The default setting is to provide a user name and password during
installation. You can select the Use the following account and
password option to install the service on different computers and to
access components across the network.
Options Opens the Altiris Deployment Server Options dialog, which lets
you specify Deployment Server options, such as General, Drive
Mappings, Connections, and so on.
Item Description
Use the LocalSystem
account
Specifies that the Deployment Server service should
use the LocalSystem account. See Account on
page 262. You can use this option if your Deployment
Server directory is located on the same computer as
the Deployment Server and if you don't need to
access any other file servers.
Use the following account
and password
Specifies that a user-defined account should be used
by the Deployment Server service. If you select this
this option, you must supply the appropriate user
name and password. The account must have
Administrator rights on the Deployment Server
computer. You must use this option if your
Deployment Server directory is located on a server
other than the Deployment Server.
Altiris Deployment Server Configuration Utility 263

4. Click OK.
5. In the Service Logon Account dialog, select an account option.
General Options
Update Inventory on active computers. Inventory provides software and hardware
information about a client computer. You can update inventory on active computers at
specified intervals. The Deployment Agent or any other agent sends the inventory when
it connects to the server for the first time. It also updates the inventory according to a
specified schedule. Click Schedule to schedule an updated inventory.
Update active client connections. Due to network glitches, the console may show the
inactive client computers as active. The Deployment Server sends a CACK (Client
Acknowledgement) request to the client computers. Specify the time (in seconds) for
which the Deployment Server will wait for a response from the client computer. If the
Deployment Server does not receive a response from the client within that specified
time, it terminates the connection. Click Schedule to schedule the update of the active
client connections.
Reset inactive client connections. Due to network glitches, the console may show
the active client computers as inactive. If this option is selected, inactive client
connections are reset according to a specified schedule. Click Schedule to schedule the
resetting of the inactive client connections.
Encrypt communication between IIS and Data Manager. Select this option to
encrypt all communication between IIS and the Data Manager.
Send Wake-On-LAN to inactive computers when scheduling. Select this option to
send a Wake-On-LAN request to the client computer. You can retry sending this request
using the Retry every _______ minutes option.
Drive Mappings Option
The Drive Mappings tab is used to add, modify, and remove drive mappings used by
the Deployment Server. Any drive mappings used to reference files need to be
duplicated here.
Example: If you create a job that distributes software packages from a drive on another
file server using a mapped G drive, you need to create a G drive mapping on the
Deployment Server using this dialog.
Item Description
Letter and
UNC Path
Displays the drive mappings with the mapped drive letters and the
corresponding UNC paths.
Add Opens the Map Drive dialog, which lets you create a drive mapping.
Drive Letter. From the drop-down list, select the drive letter to
which the drive is mapped.
UNC path. Enter or browse to the UNC path to which the mapped
drive points.
Modify Opens the Map Drive dialog, which lets you edit the drive letter or
UNC path of the selected drive mapping.
Altiris Deployment Server Configuration Utility 264

To create a drive mapping
1. Open the Altiris Deployment Server Configuration Utility from the Control
Panel of the Deployment Server computer.
2. Click Options and click the Drive Mappings tab.
3. Click Add.
4. Specify the Drive Letter and UNC Path.
5. Click OK.
6. Click Yes to restart the service.
To edit a drive mapping
1. Open the Altiris Deployment Server Configuration Utility from the Control
Panel of the Deployment Server computer.
2. Click Options and click the Drive Mappings tab.
3. Select the drive mapping you want to edit and click Edit.
4. Modify the Drive Letter and UNC Path as required.
5. Click OK.
6. Click Yes to restart the service.
To remove a drive mapping
1. Open the Altiris Deployment Server Configuration Utility in the Control Panel
of the Deployment Server computer.
2. Click Options and click the Drive Mappings tab.
3. Select the drive mapping you want to remove and click Remove.
4. Click Yes to confirm the deletion. Click OK.
5. Click Yes to restart the service.
Remove Removes the selected drive mapping.
Data store
path
Specifies the path to stored packages and files and other
Deployment Solution functions (such as license verification). The
default path is C:\Program files\Altiris\express\Deployment Server.
Note
Do not use this setting to change the path to the Client Access Point.
Modifying this setting does not automatically let you use a shared
directory other than the express share. To change the Client Access
Point shared directory, run a Custom install to establish another
location for the Client Access Point.
Altiris Deployment Server Configuration Utility 265

Transport Option
The Transport tab lets you specify settings for the Deployment Server transport
protocols.
To specify the Deployment Server transport
1. Open the Altiris Deployment Server Configuration Utility from the Control
Panel of the Deployment Server computer.
2. Click Options, and click the Transport tab.
3. Do one of the following, depending on the transport you want to use:
If you want to use multicast, do not select the Disable multicast support
check box.
If you want to use TCP, select Disable multicast support and supply the
Multicast Address, Multicast Port, Multicast TTL, and TCP Port.
4. Click OK.
Item Description
Disable multicast
support (clients
must connect using
TCP)
Disables multicast support, which means that client
computers must connect to the Deployment Server using
TCP.
Multicast Address This is used only if multicast is not disabled.
Multicast Port This port is used only if multicast is not disabled.
Multicast TTL Specifies the number of "hops" or hubs that the client
computer can go through to multicast. This is used only if
multicast is enabled.
TCP Port This port is used whether multicast is enabled or disabled.
Use Default Click to use the default communication protocol options.
Automatically
update clients
Automatically updates the Altiris Client for Windows on
managed computers if there is a difference (older or newer)
between the client computer available in the Deployment
Server directory and the managed client computer.
Note
If any agent is upgraded to Deployment Solution 6.9, this
agent does not downgrade automatically if it connects to a
Deployment Server of an earlier version. To downgrade any
agent, install the older version of the agent manually.
Allow encrypted
sessions
Allows encrypted sessions between the Deployment Agent
and the Deployment Server. If the Deployment Agent data
encryption is turned on, you must also turn on the
Deployment Server option to pass encrypted data between
the client computer and the server.
Altiris Deployment Server Configuration Utility 266

Disk Imaging Option
The Disk Imaging tab lets you specify the number of client computers for image
multicasting and the maximum bandwidth to use during disk image multicasting.
Note
When multicasting a disk image using the PXE Server, the boot disk on the PXE Server
cannot be configured with an Intel Universal NIC driver (also known as an UNDI driver).
The multicasting feature is disabled for multicasting because of continued data
corruption problems inherent with the Intel Universal NIC driver. This unreliability
results in random files being corrupted in the image file, a problem that may appear
immediately or go undetected until you access the files later. As a result, if the
computers being imaged are booting to PXE boot files configured with an Intel universal
driver, multicasting is disabled and all computers are imaged using direct connections.
To set when multicasting is used
1. Open the Altiris Deployment Server Configuration Utility from the Control
Panel of the Deployment Server computer.
2. Click Options and click the Disk Imaging tab.
3. Select one of the following, depending on when you want to use multicasting:
If you do not want to use multicasting, select the Use disk image multicast
threshold of n clients check box and set n to 0.
If you want to use multicasting whenever there is more than one client
computer, do NOT select the Use disk image multicast threshold of n
clients check box.
If you want to use multicasting only when there are more than a specific
number of client computers, select the Use disk image multicast threshold
of n clients check box and set n to the number of client computers.
Item Description
Use disk image
multicast threshold
of n clients
Specifies the number of client computers that must be
involved in a job before image multicasting is used. If the
number of client computers is less than or equal to the
number specified, multicasting is not used. Set this value to
0 to disable multicasting. If this option is not selected,
multicasting is used whenever there are two or more client
computers. When multicasting is not used, all client
computers become master computers and read from the
image server independently. You can use this option if your
client computers can read an image file from the server
faster than trying to coordinate master computers and
client computers.
Limit each disk
image multicast to n
Mbps
Limits the bandwidth used in a multicasting session to a
user-defined number of Mbps. This option prevents the
multicasting operation from using all available bandwidth on
a network, so other network traffic can take place at a
reasonable rate.
Altiris Deployment Server Configuration Utility 267

4. Click OK.
To set the maximum bandwidth used during multicasting
1. Open the Deployment Server Configuration Utility in the Control Panel of the
Deployment Server computer.
2. Click Options and click the Disk Imaging tab.
3. Select the Limit each disk image multicast to n Mbps check box and set n to the
maximum bandwidth you want a multicasting operation to use.
4. Click OK.
Authentication Option
The Authentication tab lets you authenticate to an existing SQL Server database, to
the NetWare Server as a file access point, and to the Deployment Server.
To access and authenticate to a specified Microsoft SQL Server
database
1. In the Database Authentication section, select the Use SQL Server account
authentication check box.
2. Enter the user name for the specified database.
3. Enter the password.
To access and authenticate to a Novell NetWare Server
1. In the NetWare Server Authentication section, enter the user name for the
selected server.
2. Enter the password.
To access and authenticate to the Deployment Server
1. In the DS Authentication section, click Add Key to add a security key for the
server you want to connect to.
2. Click Delete Key to delete the security key for a Deployment Server.
3. Click Export Key to export and save the security key for your Deployment Server to
a file.
Connections Option
The Connections tab lets you allow or reject connections from the Deployment Agents
based on the IP subnet, IP address, and local interfaces.
Define Subnets
Select the Allow/reject agents based on their IP subnet check box and click
Define Subnets. The TCP/IP Subnet Filters dialog appears. You can add, modify, or
remove a Network Address and the corresponding Subnet Mask. You can also specify
whether to allow or reject only these subnets to connect.
Altiris Deployment Server Configuration Utility 268

Define IP Addresses
Select the Allow/reject agents based on their IP address check box and click
Define IP Addresses. The TCP/IP Connection Filters dialog appears. You can add,
modify or remove a Start IP address and the corresponding End IP address. You can
also specify whether to allow or reject only these IPs to connect.
Define Interfaces
Select the Allow/reject agents based on local interfaces check box and click
Define Interfaces. The TCP/IP Interface Filters dialog appears. You can specify
whether to allow or reject only these interfaces to connect. The default option is to
reject only the selected interfaces. A list of network adapter cards is displayed. Select
from the list of network adapter cards to allow or reject when connecting to the
Deployment Server.
Debug Option
The Debug tab lets you set debug options for the Deployment Server and
communication between managed computers.
Engine Debug Logging. Select this check box to set the name and location of the
logging report and the logging level for Deployment Server. The Engine Debug Log is a
single report that captures debug information for Altiris support personnel.
Log File Name: Set the path and name for the log text file. The default name is
axengine.log in the Deployment Server shared directory.
Max File Size: Set the size of the text file by entering the maximum file size
allowed in KB.
Logging Level: Specify the logging level. This number can be from 1 to 9, where 9
is the deepest logging level and 1 is the most cursory logging level. You can contact
Altiris support for information on the required logging level.
Log Agent Communication with Engine. Select this check box to set the directory
path and name to log error messages between managed computers and the Deployment
Server.
Log Directory. Set the path of the folder to collect the client error messages. Each
managed computer has its own log file in this directory named <the computer ID of
the managed computer>.log.
Max File Size. Set the size of each log file by entering the maximum file size
allowed in KB.
Deployment Solution 269

Introduction to Altiris Boot Disk Creator
Altiris Boot Disk Creator (BDC) creates and configures the boot images used to start
computers in the pre-boot automation environment. These images leverage WinPE,
Linux, and DOS operating systems and include native Deployment Agents to run
assigned tasks.
The Deployment Solution automation tasks include the following:
Run Script
Create Disk Image
Distribute Disk Image
Scripted OS Install
Backup Registry
Restore Registry
Before creating configurations, you must first install the pre-boot operating system files
for the types of pre-boot configurations that you want to create. See Install Pre-boot
Operating System Files on page 284.
After you have installed the pre-boot operating systems see Create Boot Disk on
page 279.
Boot Configuration Creation Process
The New Configuration Wizard is the main process of Boot Disk Creator. This is how
you select the type of pre-boot environment configuration that you want to create, along
with other settings, such as the type of network adapter, network server information,
TCP/IP information, and so on.
After the wizard completes, the Create Boot Disk Wizard automatically appears. This
is the production process of Boot Disk Creator that lets you select the boot disk creation
method to implement the configuration you created. You can create floppy boot disks to
use for DOS configurations since Linux and WinPE system files are too large to fit on a
floppy. Network and automation boot disks can create ISO images, which you can save
to bootable CDs using your own third-party CD-burning software; or you can select a
flash drive from the Bootable drive drop-down list. You can also create a Windows
Installation package to run in a Windows production environment, which installs an
embedded (recommended) or hidden automation partition on the client computers hard
drive. See Automation Partitions, Network and Automation Boot Disks on page 279.
If you create an Automation boot disk, the Automation Agent is added to the
configuration so that when you boot client computers, they try to connect to the
Deployment Server. If you select Network boot disk, client computers boot to the
network server you specified in the New Configuration Wizard, displaying only a users
prompt. See New Configuration Wizard on page 271.
You can also access Boot Disk Creator from the PXE Configuration Utility, so that you
can create boot menu options using the New Configuration Wizard. You can also create
boot configurations directly from Boot Disk Creator and import the boot images into the
PXE Configuration Utility. The PXE Configuration Import feature lets you import images
Deployment Solution 270

created by Boot Disk Creator or any other third-party imaging software, but you cannot
edit the boot images after importing them. See PXE Configuration Utility Help.
To help you manage the configurations you create, Boot Disk Creator uses colors to
inform you about the type of pre-boot configuration you are editing. The colors on the
display change when you select a configuration from Configurations in the left pane of
the utility. The colors indicate the following:
Black: No configuration is selected or there are no configurations to select.
Blue: DOS configuration.
Green: Linux configuration.
Red: WinPE configuration.
See Edit Configuration on page 277.
The Boot Disk Creator Utility is easy to use because each process guides you through
the settings and options that you can select to create pre-boot environment
configurations to help manage automation tasks used by the Deployment Server.

Toolbar Description
The icons on the Boot Disk Creator toolbar help you navigate easily between the tasks
that you want to perform. The options are:
To start the Boot Disk Creator tool, open the Deployment Console and click
this icon on the toolbar, or click Tools > Boot Disk Creator.
Icons Description
New Configuration Wizard: Creates new configurations that are used
when booting client computers to automation or a network prompt. See
New Configuration Wizard on page 271.
Create an Automation Install Package: Creates an installation
program that installs an embedded automation partition. See Create
Automation Partition Install Package on page 280.
Remove Automation Partition: Creates an installation program that
can be assigned to a computer to remove an automation partition. See
Remove Automation Partition on page 283.
Create Automation Boot Disk: Creates automation boot disks to
manually boot client computers to automation. See Create Automation
Boot Disk on page 281.
Create Network Boot Disk: Creates network boot disks to manually
boot client computers to a specified network server. See Create Network
Boot Disk on page 282.
Deployment Solution 271

New Configuration Wizard
You can create multiple configurations to support varying types of computer
environments. Before you begin, you must install the pre-boot operating system files
that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating
System Files on page 284.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux,
or WinPE. The description field is optional, but helps you know what the configuration
contains, such as the file server type, NIC drivers, and any additional files you want to
add.
Field Definitions
Name: The configuration name you enter appears in Configurations in the left pane
after the wizard completes.
Description: Enter a description for the configuration. (Example: Enter the type of
computer, operating system, network adapter, and any other characteristics that help
you identify this particular configuration.) After the Create Configuration and Create
Boot Disk wizards complete, if you select the configuration from the left pane, the
description that you enter for this field appears at the top of the right pane.
Pre-boot Operating System for this Configuration: Boot Disk Creator supports
DOS, Linux, and WinPE operating systems. You can use these operating systems to
create pre-boot environments. Select the pre-boot operating system and click Install
Pre-boot Operating System Files to install the pre-boot operating system files. See
Install Pre-boot Operating System Files on page 284.
File Server Type (DOS)
The Deployment Share stores image files, packages, and data files. By default, the
Deployment Share is installed to the Deployment Server, but you can install it on
another server, depending on whether you select Simple or Custom Deployment
Solution installation.
Field Definitions
Microsoft Windows: Select this option to store images on a Microsoft server by using
TCP/IP network communications (recommended). However, if you use IPX to
communicate with a Microsoft server, select the IPX check box at the bottom of the
page.
Create multi-network adapter configuration: Select this option to add multiple
network adapter drivers to a single PXE boot file configuration. This feature lets you
build configuration files to boot multiple computers that contain different types of
network adapter cards. See Multi-Network Adapter Configurations on page 272.
To start the New Configuration Wizard, click this icon on the toolbar of the
Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Deployment Solution 272

Novell NetWare (VLM): Select this option to store images on a NetWare server with
VLM client computers by using IPX network communications.
Novell NetWare (Client32): Select this option to store images on a NetWare server
with 32-bit client computers.
Use IPX to communicate with Netware: Select this check box if IPX is the network
protocol for the Novel NetWare (Client32) server.
Multi-Network Adapter Configurations
If you are creating a DOS configuration, when you select Multi-NIC configurations, a list
of supported drivers appears. You can select Multi-NIC drivers to be included in the
configuration by pressing Shift+Click or Ctrl+Click. After a client computer boots
using a multi-network adapter configuration, Boot Disk Creator applies the driver that
matches the first network adapter card that it detects.
Example: If you are going to use the multi-network adapter configuration for several
different client computers, this option can save you time and effort in booting different
computers. However, if a client computer has 2 NIC cards and you use the multi-
network adapter configuration to boot the computer, the first NIC card is detected and
can potentially be the wrong network adapter to use to connect to the Deployment
Server.
Advanced Features
The network adapters you select must support DOS, Linux, or WinPE so that client
computers can connect to a network or Deployment Server, depending on whether you
create automation partitions, or network or automation boot disks. The Have Disk
button lets you install network adapter drivers from a disk, CD, or network folder. The
Internet button lets you connect to an Altiris-supported Web site to download and
install network adapter drivers. The Advanced button lets you further define network
adapters and their drivers. See Have Disk on page 273, Internet on page 273, and
Advanced on page 273.
Multiple Network Adapters Load Order
This option is only for DOS and WinPE configurations. This lets you specify the order in
which the physical network adapters are detected when the client computer boots.
Example: If most client computers have a Broadcom Ethernet adapter, but some
computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and
Down to move the Broadcom Ethernet adapter to the top of the list.
See Network Adapters on page 272.
Network Adapters
The drivers listed in the Network Adapters window vary depending on the type of
configuration you create. You can install pre-boot operating system files for DOS, Linux,
or WinPE. See Install Pre-boot Operating System Files on page 284.
After installing the pre-boot operating system files for WinPE, the Windows NIC drivers
that are available to create a WinPE configuration appear and are automatically added to
the new configuration. If you select Auto-detect all network adapters, WinPE
determines the network adapter driver to use.
Deployment Solution 273

Note
This option is available only for WinPE, and is selected by default.
Select a driver from the network adapter drivers list. You must create a new
configuration for each type of network adapter that is installed on the client computers,
unless you want to create a Multi-NIC configuration. See Multi-Network Adapter
Configurations on page 272. If you want to add or change adapter settings (such as I/O
Memory, IRQ, and PCMCIA for DOS configurations), click Advanced. See Advanced on
page 273.
If the network adapter you want does not appear in the list, click Have Disk, Internet,
or Advanced (if they are available for the type of configuration you are creating) to add
additional drivers. See Have Disk on page 273, Internet on page 273, and Advanced on
page 273.
Field Definition
Auto-detect all network adapters: Select this for WinPE to auto-detect the type of
adapter in a client computer when the boot image runs.
Have Disk
You can add network adapter drivers by using any disk media or by navigating to a
folder. You can download network adapters from the manufacturers Web site and save
to a folder or a disk to install later. New network adapters come with a floppy disk or CD
to install the appropriate drivers.
Internet
Altiris supports many manufacturer network adapters as well as a Web site for you to
download the latest NIC drivers. From the Network Adapters page, click Internet to
launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/.
Download the driver you want and unzip the files to a folder on the hard drive. Click Add
Driver and the driver you download is added to the Network Adapters list.
Advanced
This option lets you add or change settings for network adapter cards so that they work
correctly when using DOS configurations.
Note
This option is available only when you create a DOS configuration.
Click Advanced on the Network Adapters page. Refer to the following properties and
values:
Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this
line in the config.sys file.
Advanced settings (protocol.ini): Add parameters to the NIC section of the
protocol.ini file.
Memory (protocol.ini): Add parameters to the network setup section of the
protocol.ini file.
Deployment Solution 274

IRQ (protocol.ini): Add parameters to the network setup section of the
protocol.ini file.
Novell VLM clients
Emm386 memory (config.sys): Append memory address information to this
line in the config.sys file.
Advanced settings (config.sys): Add parameters to the NIC section of the
net.cfg file.
Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this
line in the config.sys file.
Advanced settings (driver command line): Add driver command-line
entries to the landrv.bat file.
TCP/IP Protocol Settings
This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the
default protocol when client computers boot to automation on a Windows network. If
you use the IPX protocol, Deployment Server uses its own IP stack to work on IPX
networks.
Field Definitions
Obtain an IP address from a DHCP server: Select this option if you want client
computers to obtain an IP address from a DHCP server.
Use a static IP address: Select this option if you want to assign a specific IP address
to a client computer that is using this configuration. Enter an IP address, Subnet
mask, and Default gateway. You can also enter a Primary WINS server address and
a Secondary WINS server address if you need to resolve IP addresses and naming
conventions. You must create a configuration for each client computer so that the IP
address is not the same for all computers.
Altiris Deployment Server Communication
This option lets you set communication properties for the Deployment Server. The
Deployment Server IP address and Port fields are critical because they define the
way client computers establish communications with the Deployment Server.
Example: The TCP port on the Deployment Server is set to 402 and the Port field in the
Boot Disk configuration is set to 502. These settings prevent client computers from
communicating with the Deployment Server because the port numbers do not match. To
establish communications between client computers and the Deployment Server,
change the Port field in the Boot Disk configuration to 402.
Note
The settings on this page are used only if you create an automation boot image where
the Automation Agent needs to know how to find the Deployment Server. If you want to
create a network boot disk, you can ignore this page by clicking Next because none of
the properties are used to create a network boot image.
Deployment Solution 275

To set the TCP port on the Deployment Server
1. From the Deployment Server, click Start > Control Panel > Altiris Deployment
Server > Options > Transport tab.
You can also click Start > All Programs > Altiris > Deployment Solution >
Configuration > Options > Transport tab. This opens the Altiris Deployment
Server transport settings page.
2. Enter the TCP Port number.
3. Click OK.
The following options are available on the Altiris Deployment Server
Communication page:
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option
to use TCP/IP multicasting to find the Deployment Server. When client computers boot
to automation using this configuration, a multicast packet is broadcast across the
network to find where the Deployment Server is located.
Multicast IP address: Enter a multicast IP address for client computers to
send a broadcast packet across the network to find the Deployment Server.
Port: This option defines which port client computers can use to communicate
with the Deployment Server Engine, which manages the Deployment Database,
sends job commands to the Deployment Agent, and more.
Server name: When you select Use TCP/IP multicasting to find the Altiris
Deployment Server, a multicast packet is broadcast to the server you specify.
If you leave this field blank, the client computer connects to the first server that
responds to the multicast packet.
Use TCP/IP to connect to the Altiris Deployment Server: Select this option to
connect to a specific Deployment Server. You must select this option if your network
adapter or network does not support multicasting. See your network adapter
documentation, call the manufacturer, or consult with your IT department for
information.
Server IP address: Enter the IP address of the Deployment Server to access
information stored in the Deployment Share. If you are using the Intel Universal
NIC driver (UNDI), the IP address is required.
Port: This option defines the port that the client computers can use to
communicate with the Deployment Server Engine, which manages the
Deployment Database, sends job commands to the Deployment Agent, and
more.
Automation Agent Location
Remote: Select this option to run the most recent automation agent located on
the remote server share.
Local: Select this option to run the automation agent that currently exists in
the local pre-boot environment.
Lock Keyboard: Select this option for additional security. This prevents someone on
the remote computer from ending the automation session and possibly accessing your
network.
Deployment Solution 276

Network Connection
This option lets you define the way the client computers connect to the Deployment
Share or a file server that stores image files.
Windows
Workgroup: Enter the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click
Advanced to enter a NetWare context for the server and select a Frame type if it is
different from the default value of 802.2.
User name: Enter the authorized user name that you set up while creating the
Deployment Share directory. If you did not assign a user name and password while
creating the Deployment Share or file server, leave this and the password fields blank.
Password: Enter the password for the user name.
Confirm password: Enter the password for the user name to confirm that you entered
the password correctly in the Password field.
Network Drive Mappings and Mount Points
This option lets you set up drive mappings (for DOS and WinPE) or mount points (for
Linux) so that when client computers boot to automation or a network prompt, they
connect to the appropriate server. You can create multiple drive mappings or mount
points. However, if you are creating a DOS configuration, the first mapped drive you
specify must connect to the Deployment Share.
Field Definitions
Manually create drive mappings: Select this option if you want to include the drive
mappings in the autoexec.bat file when client computers boot to automation.
Drive: By default, the mapped drive that appears is F: \\<Deployment Share
server>\eXpress. Select a different drive letter from the drop-down list if F: is already
in use.
Path: Enter the path for the Deployment Share. The path you enter maps to the drive
letter you selected in the Drive field. You can also click Browse to navigate to the
Deployment Share if you are unsure of the directory path or if the image files are stored
on a file server.
Example:
Windows users: \\server\share
NetWare users: server\volume:directory
Linux users: //server/mount point
Create an entry in the LMHOSTS file for the Deployment server file store (other
entries must be added manually): Select this option if your network does not
support NetBIOS name resolution for IP addresses. Enter a Server name and IP
address so that client computers can find the Deployment Share where the image files
are stored.
Deployment Solution 277

Use NetWare login scripts to create drive mappings: Select this option if you use
NetWare and you want login scripts to create the drive mappings.
WinPE Boot Option Settings
Select the boot model and optional components to include with this configuration.
Typically, you can use the default boot model unless you are experiencing driver
detection problems. If you plan on executing VB scripts, running HTML applications, or
connecting to an SQL Server database using ActiveX, select the necessary components.
Optional Components
This wizard page is available only when you select WinPE. By default, the optional
components to be included with this configuration are selected.
Enable WinPE Firewall: By default, this check box is not selected. Selecting this
option enables the WinPE Firewall, which interferes with multicast imaging.
Configuration Summary
This page lets you review all the options you selected throughout the New
Configuration Wizard. If you want to modify a setting, click Back to re-select the
option. When you click Finish, the Create Boot Disk wizard appears for the next
process to begin. See Automation Partitions, Network and Automation Boot Disks on
page 279 and Edit Configuration on page 277.
If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit
Configuration page appears. See Edit Configuration on page 277.
Edit Configuration
This is the main Boot Disk Creator page that appears when you start the utility. If you
are using Boot Disk Creator from within the PXE Configuration Utility, this page appears
at the end of the New Configuration Wizard.
This feature lets you modify configurations that are already created. When you select a
file or folder from the left pane, the corresponding configuration information appears in
the right pane. The display color changes to help you know the type of configuration you
selected to view, edit, or delete. The colors displayed are:
Black: You have not selected or created any configurations.
Blue: The configuration you selected or created is based on the DOS pre-boot
environment.
Green: The configuration you selected or created is based on the Linux pre-
boot environment.
Red: The configuration you selected or created is based on the WinPE pre-boot
environment.
To change configuration settings, right-click a configuration folder and select Edit
Configuration, and click Back until you find the page for the options you want to
change. You can also make text edits to files (selected from the left pane) in the right
pane.
Deployment Solution 278

You can edit all other files within a configuration as needed. However, after you edit a
configuration, Boot Disk Creator rewrites certain files within the configuration so that
drive mappings and mount points are always updated. The following files are rewritten
after editing configurations:
DOS - mapdrv.bat, unmapdrv.bat
Linux - mounts.local
WinPE - mapdrv.bat
See New Configuration Wizard on page 271 and Install Pre-boot Operating System Files
on page 284.
Additional Files
Boot Disk Creator lets you add additional files to folders that apply either to a specific
configuration or to all configurations of the same type of pre-boot operating system.
However, any files you add to the global <OS> additional files folders are written to
the boot image before the specific configuration files. If a file in the <OS> additional
files folder has the same name as a file in a specific configuration folder, it is
overwritten.
Example: If a file named 5684_Drivers resides in the DOS additional files folder, and a
file with the same name, 5684_Drivers, exists in a specific configuration folder; when
the files are written to a boot image, the file in the configuration folder overwrites the
file in the DOS additional files folder. This may cause unexpected results. If you edit text
files in a <OS> additional files folder, yet the specific configuration file is the one that
is written to the boot image, the result is not as you expected.
Add files to all configuration
When you install a pre-boot operating system, a new folder is added to the bottom of
the left pane on the main page of Boot Disk Creator. If you install pre-boot operating
system files and the <OS> additional files folders do not appear, press F5 to refresh
Boot Disk Creator. The following folders appear:
DOS additional files
Linux additional files
WinPE additional files
Boot Disk Creator copies the files from the <OS> additional files folders to all
corresponding operating system configurations and adds these files to the boot images.
These folders are considered global, since they can affect configurations of the same
type.
Example: You can use the Windows Copy and Paste command to add tracert.exe to the
WinPE additional files folder. Each WinPE configuration you create adds the files in the
WinPE additional files folder to the boot image.
Add files to a specific configuration
If you want to add files to a specific configuration only and do not want to use the global
feature of the <OS> additional files folders, do the following:
1. Right-click a configuration in the left pane and select New > Folder. A new
subfolder is created in the left pane.
2. Enter a name for the folder so that you know these are added files.
3. To add files to the <OS> additional files folder, do one of the following methods:
Deployment Solution 279

Copy files from a network folder and paste them into the configuration folder.
Right-click a configuration and select Add File. A browser dialog appears to
navigate to the file you want to add.
Right-click a configuration and select File > Text file. A new empty text file is
added to the left pane. Enter a name for the file and write text as needed in the
left pane.
Create PXE Boot Image Files (PXE)
This option is used for Boot Disk Creator configurations created from within the PXE
Configuration Utility. PXE Servers download boot image files to client computers;
therefore, after you select all the properties for a New Configuration, Boot Disk Creator
must know the type of image file to create.
Field Definitions
Automation PXE image: The automation agent for the type of pre-boot operating
system configuration you create is added to the settings you select throughout the New
Configuration Wizard.
Network PXE image: The configuration you create does not contain an automation
agent. When client computers boot with this image file, they are mapped to a network
server and are at a users prompt.
Creating PXE image: This is a progress page to display the automation boot disk
creation process. The process does the following: Copying files to production area,
Inserting files into the file system, Creating PXE files, and so on.
PXE Boot Image Creation Complete
This page informs you that the PXE boot image file creation is complete. When you click
Finish, the New Shared Menu Option page appears, displaying the location of the
PXE boot image files on the PXE Server.
Automation Partitions, Network and Automation
Boot Disks
After you create a New Configuration, the Create Boot Disk dialog appears. This
process lets you select and create the method of booting a client computer to the
automation environment. If you install an automation partition on a client computers
hard disk, deployment jobs can run automatically. However, you can create bootable
media to manually boot client computers to automation, and run deployment jobs as
needed. See Create Boot Disk on page 279 and New Configuration Wizard on page 271.
Create Boot Disk
This dialog lets you create 3 different types of bootable media: an automation partition
install package, automation boot disks, or network boot disks. Each type of bootable
media guides you through a wizard to gather specific information required for the type
of media you want to create.
The number of steps that appear at the top of the Create Boot Disk dialog vary
depending on:
Deployment Solution 280

Where you open the Create Boot Disk dialog from
The type of media you selected to create
The pre-boot environment you specified in the configuration you created
However, based on your selections, Boot Disk Creator shows the appropriate dialog
pages when creating bootable media.
Example: If you right-click a configuration in the left pane and select Install
automation partition, the number of dialog pages differ from the number when you
select Create an automation partition install package from this page. Both options
give the same result even though the dialog steps are different.
Close this dialog and return to the editor: Select this option to close the Create Boot
Disk dialog without creating an automation boot disk, installer package, or network boot
disk. You can select any of these options from the Boot Disk Creator toolbar or from the
File menu.
Create an automation partition install package: Select this option to create an
automation install package that installs an embedded automation partition to any client
computer on the network. See Create Automation Partition Install Package on page 280.
Create an automation boot disk: Select this option to create automation boot disks
so you can manually boot a client computer to automation. See Create Automation Boot
Disk on page 281.
Create a network boot disk: Select this option to create network boot disks so you
can manually boot a client computer to a network server. See Create Network Boot Disk
on page 282.
Create Automation Partition Install Package
This feature lets you create an automation installation setup package that installs an
embedded automation partition on a client computer when it runs. The installer package
runs in a production environment even though the New Configuration is based on the
different pre-boot operating system.
Example: You can create a DOS configuration, but select to install the automation
partition using an installation setup package that runs in a Windows production
environment.
Field Definitions
DOS bootable disk: Select this option to install the automation partition using a DOS
bootable disk.
Linux bootable disk: Select this option to install the automation partition using a Linux
bootable disk.
Windows setup package: Select this option to install the automation partition using
an installation setup package that runs in a Windows production environment.
Windows CE .NET setup package: Select this option to install the automation
partition using an installation setup package that runs in a Windows CE .NET production
environment.
Installer processor type: Select x64 to specify a 64-bit processor or x86 to specify a
32-bit processor.
Client computer processing type: Select x64 or x86 from the drop-down list.
Deployment Solution 281

Create an embedded ___ automation partition (recommended): Select this option
to install an embedded DOS, Linux, or WinPE partition to a client computers hard disk.
Create a hidden ___ automation partition (for partitions greater than 50 MB):
Select this option to install a hidden DOS, Linux, or WinPE automation partition.
Partition size in MB: The default partition size value changes depending on the type of
operating system you selected. Example: If you are creating an automation partition for
a WinPE configuration, the partition size is 150-200 MB. However, the range of the
partition size for a DOS configuration is only 5-50 MB, and 34-44 MB for Linux.
Installer package file path: By default, installation packages are stored in the
Deployment Share bwpkgs folder. The name of the configuration you selected before
starting the Create Boot Disk process is the name of the setup package, unless you
define it otherwise. Click Browse to navigate to the folder where you want to store the
setup package.
Run silent install: Select this option to install the automation partition without user
input.
Install the Altiris Deployment Agent for Windows (Aclient): Select this option to
install the Deployment Agent on client computers in the production environment after
the automation partition is installed.
Advanced: If you selected to install the Deployment Agent (above), click this button to
set limited properties for the Deployment Agent. See Deployment Solution Help for more
information.
Creating automation partition installer: This is a progress page to display the
automation installation package process. The process does the following: Copying files
to production area, Creating the FRM files, Preparing install environment, Inserting into
the installer package, and so on.
The setup package is located at: After the automation partition installation package
is created, the Boot Disk Creation Complete page appears and confirms the location
of the installer package.
Create Automation Boot Disk
This feature lets you create automation boot disks to manually boot a client computer to
the automation environment, so that deployment jobs can run. Automation boot disks
give you greater flexibility because you can physically go to any client computer on the
network and boot to automation, so long as the client computer can connect to the
Deployment Server.
Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image.
ISO CD Image File Path: Enter the path or browse to the folder where ISO images are
stored. You must use third-party software to burn the ISO image to a CD.
Bootable disk: Select this option to create a boot disk that can be used at client
computers to manually boot to automation or manually install an automation partition.
Click the drop-down arrow to select bootable media from the list. All the listed drives
display the physical drive number instead of the logical drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it does not appear in
the Bootable disk drop-down list, you can click this button to rescan the physical drives
that are attached to the server. A list of available drives is updated in the drop-down list.
Deployment Solution 282

Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-
down list, but you cannot find it even after clicking Rescan drives, it is possible that the
flash drive you are using appears in Windows as fixed instead of removable. Select this
option to view all drives attached to the server.
Format disk (recommended): By default, this option is selected.
Client computer processor type: Select the processor type from the drop-down list.
Creating automation boot disk: This is a progress page to display the automation
boot disk creation process. The process does the following: Copying files to production
area, Inserting files into the file system, Creating the ISO CD image file, and so on.
The CD image is located at: After the CD image is created, the Boot Disk Creation
Complete page appears and confirms the location of the CD image.
Create Network Boot Disk
This feature lets you create a network boot disk that you can use at any client computer
on the network. The properties, which you defined when creating the New
Configuration, map a drive to a specified server when a client computer uses a
network boot disk. You have access to the network servers system to execute and
manipulate files manually.
Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image.
ISO CD image file path: Enter the path to the folder that stores ISO images. You must
use third-party software to burn the ISO image to a CD.
Bootable disk: Select this option to create a boot disk that can be used at client
computers to manually boot to a network server. Select bootable media from the drop-
down list. All the listed drives display the physical drive number instead of the logical
drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it does not appear in
the Bootable disk drop-down list, you can click this button to rescan the physical drives
that are attached to the server. The list of available drives is updated in the drop-down
list.
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-
down list, but cannot find it even after clicking Rescan drives, it is possible that the
flash drive you are using appears in Windows as fixed instead of removable. Select this
option to view all drives attached to the server.
Format disk (recommended): By default, this option is selected.
Client computer processor type: Select the processor type from the drop-down list.
Creating network boot disk: This is a progress page to display the network boot disk
creation process. The process does the following: Copying files to production area,
Inserting files into the file system, Creating the ISO CD image file, and so on.
The CD image is located at: After the CD image is created, the Boot Disk Creation
Complete page appears and confirms the location of the CD image.
Deployment Solution 283

Remove Automation Partition
This feature lets you remove an automation partition from a client computers hard disk.
You can create bootable CDs, flash drives, and floppy disks to use manually at the client
computers, or you can create a Windows uninstall package that can be distributed to a
client computer through a deployment job. You can also create a network boot disk,
connect to a specific server where the Windows uninstall package is stored, and run the
executable from the client computer.
Field Definitions
DOS bootable disk: Select this option to remove an automation partition using a
bootable DOS disk.
Linux bootable disk: Select this option to remove an automation partition using a
bootable Linux disk.
Windows setup package: Select this option to remove an automation partition using a
self-extracting setup package that runs in a Windows production environment.
Windows CE .NET setup package: Select this option to remove an automation
partition using a self-extracting setup package that runs in a Windows CE .NET
production environment.
Uninstaller processor type: From this drop-down list, select the processor type.
Bootable ISO CD Image: Select this option to create an ISO CD boot image that
removes the automation partition.
ISO CD image file path: Enter the path to the folder where ISO images are stored.
You must use third-party software to burn the ISO image to a CD.
Uninstaller package file path: Enter the path or browse to the folder where the
uninstaller package file is stored.
Run silent uninstall: Select this option to run the installer without user input.
Bootable disk: Select this option to create a boot disk that removes an automation
partition from a client computer. Select the bootable media from the drop-down list. All
the drives listed display the physical drive number instead of the logical drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it does not appear in
the Bootable disk drop-down list, you can click this button to rescan the physical drives
that are attached to the server. The list of available drives is updated in the drop-down
list.
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-
down list, but cannot find it even after clicking Rescan drives, it is possible that the
flash drive you are using appears in Windows as fixed instead of removable. Select this
option to view all drives attached to the server.
Format disk (recommended): By default, this option is selected.
Creating automation uninstaller: This is a progress page to display the automation
uninstaller creation process. The process does the following: Preparing uninstall
environment, Creating the ISO CD image file, and so on.
The CD image is located at: After the CD image is created, the Boot Disk Creation
Complete page appears and confirms the location of the CD image.
Deployment Solution 284

Missing Files for Processor Types
For the most part, Boot Disk Creator configurations are independent of architecture.
However, if you manually add executables to a configuration that supports multiple
processor types, you must provide a version of the file for each architecture you include.
Example: If you have selected x86 and x64 versions of the Linux pre-boot environment
for a configuration, and you add an executable, Boot Disk Creator checks the file header
to see which architectures the executable supports. If all the architectures you have
installed are not supported by the file you add, this screen appears, prompting you to
add additional files or ignore the warning.
Install Pre-boot Operating System Files
In Boot Disk Creator, you must install the pre-boot operating system files for at least
one pre-boot environment before you can create new configurations. Boot Disk Creator
uses these files when creating configurations and boot images. You can install all
supported pre-boot operating system files at the same time, or you can select to install
only the pre-boot environments that you want to use. You can install FreeDOS and MS-
DOS, but you must select the DOS version that you want to run since you cannot run
both versions at the same time.
Example: You can install the DOS and WinPE pre-boot operating system files to start
creating configurations to support your infrastructure, which currently does not require
Linux boot images. After working with Deployment Server and Boot Disk Creator, if you
decide you want to create Linux configurations and Linux boot images; you can open the
Install Pre-boot Operating System Files dialog at any time to install the Linux
system files, or of the other pre-boot operating system files.
When you install the pre-boot operating system files for DOS, Linux, or WinPE, a check
mark next to the operating system name indicates that the files are successfully
installed. The operating system version number appears (except for MS-DOS), and the
status changes to Installed. See DOS on page 285, Linux on page 285, or WinPE on
page 286.
If you acquire a newer version of DOS, Linux or WinPE, browse and specify the location
of the pre-boot files and click Next to install the new files. However, any existing
operating system files are deleted before the newer files are installed.
Example: If you installed WinPE, and Altiris supports a newer version that becomes
available, browse and specify the location of the pre-boot files and click Next to install
the new files. All existing WinPE files are deleted from the hard disk before the new files
are installed. If you experience any problems with the new version of WinPE, you must
install the older version to restore Boot Disk Creator functionality for WinPE.
To install pre-boot operating system files
On the Install Pre-boot Operating System Files dialog, select the pre-boot operating
system that you want to install and click Next. Boot Disk Creator searches for the files.
If Boot Disk Creator cannot locate the files, it displays a list of required and optional files
for the selected operating system.
Deployment Solution 285

DOS
You can install FreeDos, MS-DOS, or both. See FreeDOS on page 285 and MS-DOS on
page 285. However, you can only run one version of DOS at a time. See Set Default Pre-
boot Operating System on page 286.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm.
This file is currently provided on the Deployment Solution download page. See the
release notes for specific instructions on obtaining and installing the Linux preboot
operating system.
MS-DOS
Use an original Microsoft Windows 98 installation CD and copy the appropriate files to a
system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or
use the CD directly.
Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original
Microsoft Windows 98 installation CD.
Floppy Disk: Select to format a disk using the Format a: /s command. Copy the
required files listed below from an original Microsoft Windows 98 installation CD to the
floppy disk. Boot disk creator only installs DOS files from the A drive. If you select B-
Floppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the
A-Floppy Drive.
Folder: Select to copy the required files to a folder that can be accessed from within
Boot Disk Creator.
Boot Disk Creator requires the following MS-DOS files.
Note
The SMARTDRV.EXE file is required for all computers running a scripted install in
Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm.
This file is currently provided on the Deployment Solution download page. See the
release notes for specific instructions on obtaining and installing the Linux preboot
operating system.
Required Optional
HIMEM.SYS EDIT.COM
EMM386.EXE MEM.EXE
SMARTDRV.EXE ATTRIB.EXE
SYS.COM MODE.COM
XCOPY32.MOD FORMAT.COM
FDISK.EXE
Deployment Solution 286

WinPE
Altiris supports WinPE as a pre-boot environment for Boot Disk Creator. See the release
notes for the current list of supported WinPE versions and for specific installation
instructions.
Set Default Pre-boot Operating System
While creating an automation partition, from the Tools menu on the Boot Disk Creator
interface, you must select the pre-boot operating system that you want to set as the
default, such as FreeDOS or MS-DOS.
Deployment Solution 287

PXE Configuration Utility
Altiris PXE Configuration Utility integrates with Altiris Deployment Solution and lets
you manage all PXE Servers across the network. PXE Configuration has been completely
rewritten to give you more capability in working with Deployment Server, which
provides administrators greater flexibility when performing the following tasks:
Creating boot menu options
Installing BIS Certificates
Creating boot disks and network PXE images
Assigning pre-boot environments to tasks within deployment jobs
Setting properties to customize specific PXE Server
Setting the boot menu option order for client computers
PXE Server has also been added to Role Based Security to ensure that only the
authorized users can make changes to boot menu options.
If you select Deployment Solution Simple Install and Install PXE Server, both are
installed on the same server. If you select Custom Install and Install PXE Server,
you can choose to install Deployment Solution and PXE Server on separate servers. By
default, PXE Manager always installs on the Deployment Server. See the Deployment
Solution Product Guide.
PXE Manager
PXE Manager is a service that synchronizes Deployment Server and all PXE Servers that
are installed and configured across the network. It keeps track of all PXE Server boot
menu options and checks if they are Shared or Local. PXE Manager also gathers data
from all PXE Servers and stores the information in the PXE Manager.ini file. Whether you
are in Use Shared properties or select a server to Customize PXE Server (Shared
Configuration), the changes you make to the properties settings are saved to the PXE
Manager.ini file when you click Save. Then, when you close the PXE Configuration
Utility, PXE Manager creates and distributes the appropriate PXE.ini file for each PXE
Server on the network. See PXE Manager on page 308.
Shared or Local boot menu options
When you start the PXE Configuration Utility, you can select which properties you want
to set. The Use Shared properties option lets you create Shared boot menu options
that can be used by all PXE Servers on the network. When you select a specific PXE
Server from the File menu, you can select the Customize PXE Server: Shared
Configuration option that lets you change any of the shared properties for that specific
server. By default, PXE Configuration Utility always starts in the Use Shared
properties mode. See Boot Menu Tab on page 289.
The boot menu options you create appear as a menu list on client computers when you
perform a PXE boot operation. You can also change the order of the boot menu options
and select the default menu option. Previous users of PXE Server will notice that Initial
Deployment and ManagedPC are no longer boot menu options. You can still perform an
Initial Deployment, but now you can select DOS, Linux, or Microsoft Windows
Preinstallation Environment (WinPE) as the pre-boot automation environment. By
Deployment Solution 288

default, the pre-boot operating system selected during installation is set for Initial
Deployment. See DS Tab on page 305.
Boot Disk Creator and PXE Configuration
Boot Disk Creator is now integrated with the PXE Configuration Utility so that you can
keep track of the boot menu options you create, edit, and delete. When you select a
boot menu option to edit or delete using the Boot Disk Creator method, the Summary
page displays the MenuOption<number>, so you always know the boot menu option
you are working with. See Boot Menu Tab on page 289 and Edit Shared Menu Option on
page 292.
PXE Server provides three different methods for creating boot menu options:
New Configuration Wizard from Boot Disk Creator
Importing Direct from floppy
User supplied, which is for more advanced users.
A boot image is stored on the PXE Server for each boot menu option that you create. A
boot image consists of a file or set of files. When client computers perform a PXE boot, a
menu list appears for you to select a boot menu option. The PXE Server downloads the
boot image for the boot menu option you select. See New Shared Menu Option on
page 291.
Automation Tasks
Only Shared boot menu options can be assigned to a task in a deployment job. The
tasks that can run in automation are:
Run script
Create Disk Image
Distribute Disk Image
Scripted OS Install
Backup Registry
Restore Registry.
When a client computer performs a PXE boot, the Deployment Agent verifies if there is
work to complete. If so, the client computer boots to automation and performs the
deployment jobs that are assigned. Otherwise, by default, the Local Boot menu option
is selected.
Example: If a deployment job contains the Create Disk Image task, and the
Automation - PXE or Bootworks environment (DOS/WinPE/Linux) field is
assigned to DOS - Broadcom, when the client computer executes the task, it uses DOS
- Broadband as the automation environment. Additional tasks within the same job can
be assigned a different boot menu option, yet each task runs in the automation
environment you want. See the Deployment Solution Product Guide.
See also: Boot Menu Tab on page 289, PXE Server Tab on page 304, DS Tab on
page 305, MAC Filter Tab on page 306, Multicast Tab on page 307, Data Logs Tab on
page 309, and Remote PXE Installation on page 310.
To open PXE Configuration
Option 1:
Deployment Solution 289

From the Deployment Console, click the PXE Configuration icon on the toolbar. You
can also select Tools > PXE Configuration.
Option 2:
1. Select Start > All Programs > Altiris > PXE Services > PXE Configuration
Utility.
2. Click each tab to change the category in the PXE Server properties.
Boot Menu Tab
This tab lets you create, edit, and delete the boot menu options, change the boot menu
order, define the prompt for users, append the server name to the prompt, and set the
users time-out response. The PXE boot menu options can be local or shared, depending
on whether you select Use Shared properties or Customize PXE Server: Shared
Configuration.
When you manage all PXE Servers (Shared) across the network, Boot Menu Options
for PXE Server: Shared Configuration appears at the top of the page, above the list
of configurations. When you select a specific server (Local) from the File menu, Boot
Menu Option for PXE Server: Name of Server appears. This helps you identify the
mode you are working in.
By default, PXE Configuration Utility opens to the last saved action, which could be
either Shared Configuration or Custom PXE Server mode. The boot menu options
listed are for all PXE Servers, so the Scope is always Shared. The operating system field
indicates the type of pre-boot operating system files used to create the boot menu
option. If you select a PXE Server from the File menu, a window displays the boot menu
option for the selected PXE Server. The Scope field displays Shared, and any new boot
menu option you create displays Local. The operating system field is the same as in the
Shared mode. If an existing Deployment Solution job uses a boot menu item, Yes
appears in the In use by DS field.
The following colors are used to denote the automation operating system that is used by
each configuration:
Blue: DOS configuration
Green: Linux configuration
Red: WinPE configuration
Note
When an item is in use by the Deployment Server, you cannot delete the item from the
PXE Configuration Utility. To delete an item, you must disable the boot menu item from
the Deployment Solution job, and restart the PXE Configuration Utility. You can delete
the boot menu item when Yes does not appear in the In use by DS field.
To identify the boot menu items used in the jobs
1. Click a task in the job.
Example: Click Create Disk Image. The Create Disk Image dialog opens.
2. From the drop-down list, select the automation pre-boot environment such as DOS,
WinPE, or Linux.
If a PXE boot menu item is used by the job, it appears in the drop-down list.
Deployment Solution 290

You can perform these steps to check if the other boot menu items are used by the
other jobs.
View Section
When you are in the Shared Configuration mode, only the configurations you create for
all PXE Servers appear in the view section. When you are in Customize PXE Server
<server name> mode, both Shared and Local configurations appear. You cannot
create two configurations with the same name in the view section, regardless of the
mode.
Example: If you are in Customize PXE Server <server name> mode, you can view
both Shared and Local configurations. You can create a Local configuration named DOS
Clients because there are no other configurations with the same name. Now, change to
Shared Configuration mode and create a configuration named DOS Clients because
the Local configuration of the same name does not appear in the view section. When you
change back to Customize PXE Server <server name> mode, both DOS Clients
configurations appear in the view section. When client computers perform a PXE boot,
both configurations appear and users will not know which boot menu option to select.
Boot Menu Options for PXE Server: <Shared Configuration>
Name: This is the name of the PXE item that appears on client computers after a PXE
boot operation is performed.
Scope: Shared indicates that the configuration is available on multiple PXE Servers in
an environment where they are all serviced by a single Deployment Server. Local
indicates that the configuration was created for a specific PXE Server.
OS: The operating system that the configuration uses to boot on client computers.
Up and Down: Click these buttons to change the order of the boot options. The top boot
option is the default option that runs automatically if no other option is selected from the
PXE Server menu.
New: Click this option to open a dialog to add a new boot menu option. See New Shared
Menu Option on page 291.
Edit: Click this option to modify the properties of the boot menu options. See Edit
Shared Menu Option on page 292.
Delete: Click this option to delete the selected boot menu option from the list. You
cannot delete boot menu options if they are assigned to a task within a deployment job.
In the Deployment Console, open the appropriate deployment job, and delete the task
or change the Automation - PXE or Bootworks environment (DOS/WinPE/Linux)
field before you delete the boot menu option.
Boot Menu Properties
Use Shared properties: You can select this option to change the properties for a
Shared Configuration. You cannot change this selection on the other pages if you are
setting the properties for the Shared Configuration.
Customize PXE Server: Shared Configuration: This option is available when you
select a specific server from the File menu. You can also customize the properties for
the PXE Server you selected.
Prompt: This is the user prompt for the PXE boot menu list when it appears on client
computers. You can only change the text message, but not the <F8> command as it is
still required to perform a PXE boot option.
Deployment Solution 291

Append server name: Select this option to have the PXE Server name listed following
the prompt on client computers when the boot menu list appears. This helps users know
which PXE Server is servicing their client computer.
Timeout: This is the length of time the prompt appears before the boot process starts.
If you do not press the <F8> key within the timeout period, the default boot option
runs.
Save: Click this option to save all the changes you made to the PXE Manager.ini file.
When you close the PXE Configuration Utility, PXE Manager creates and sends PXE.ini
files to each PXE Server on the network. You can view the status of these updates on the
Status tab.
New Shared Menu Option
The PXE Configuration Utility lets you create up to 23 boot menu options that can be
selected from client computers. When a PXE-enabled client computer sends a request to
a PXE Server, the PXE Server downloads a boot menu list for you to select a boot option.
This dialog also integrates with Boot Disk Creator as it lets you create new automation
configurations from within the PXE Configuration Utility. However, all the configurations
you create from this dialog are meant for the PXE Servers and the client computers that
use PXE as their primary boot option.
Menu Item Properties
Name: This is the name of the PXE configuration that appears as a boot item when the
PXE menu downloads to client computers after a PXE boot operation is performed.
Allow as default PXE boot option: Select this option to move the configuration you
are creating to the top of the boot menu, so that it becomes the default boot option on
client computers. If you do not select this option, the Up button is active, so you can
move the configuration up the menu list. However, the Up button becomes inactive if
you try to move the configuration to the default boot position.
Pre-boot Image Properties
Operating System and Processor Options: Select the operating system and
processor type for the configuration you are creating and select the method you want to
use to create the configuration. If an operating system has an asterisk next to it, the
pre-boot operating system files must be installed before Boot Disk Creator starts the
New Configuration Wizard. See Install Pre-boot Operating System Files on page 8.
Add pre-boot: Click this button if you want to add pre-boot operating system files.
Image Creation Method
Boot Disk Creator: This option lets you start the New Configuration Wizard from Boot
Disk Creator. Any configurations you create or edit using this method are only for PXE
boot menu items. See New Configuration Wizard on page 295.
Direct from floppy: Select this option if you want the PXE Server to read a
configuration file from a floppy disk. See Import Boot Menu Options on page 292.
User supplied: This option is for advanced users. If you select this option, you must
select Other in the Operating System section. The Final Location on PXE Server
field shows the path where the new configuration is stored. The folder
MenuOption<Number> is created as a subfolder of MasterImages, but configuration
Deployment Solution 292

files are stored there only after advanced users manually add the configuration files. See
Import Boot Menu Options on page 292.
Create Boot Image: You must enter a descriptive name for the PXE configuration in
the Name field before this option is enabled. The New Configuration Wizard from Boot
Disk Creator starts unless you have not installed the pre-boot operating system files for
the type of configuration you want to create. If you need to install the pre-boot
operating system files, the Install Pre-boot Operating System Files dialog appears
before the New Configuration Wizard starts. See Install Pre-boot Operating System Files
on page 293 and New Configuration Wizard on page 295.
Import Boot Image: This option lets you import boot menu options that were created
using third-party imaging software or previous versions of Altiris PXE Server. See Import
Boot Menu Options on page 292.
Manual Boot Image: See Import Boot Menu Options on page 292.
Final Location on PXE Server: This field helps you to identify the PXE item you are
configuring. PXE configurations are stored in the default directory, which is C:\Program
Files\Altiris\eXpress\Deployment Server\PXE\Images\MenuOption<number>. The
MenuOption number increments each time you create a new configuration.
Edit Shared Menu Option
In the Shared Configuration mode, only the Shared configuration appears in the view
section on the Boot Menu tab. The Edit option is enabled when you select any of the
Shared boot menu options. However, if you are in Customize PXE Server: <server
name> mode, the Edit option is enabled when you select any Local boot menu options.
To edit Shared or Local boot menu options
1. Select a boot menu option from the view section on the Boot Menu page, and click
Edit.
2. If you selected Boot Disk Creator as the Image Creation Method, click Edit Boot
Image. The Edit Configuration page in the New Configuration Wizard only
displays the MenuOption<number> you selected from the Boot Menu page.
3. To make changes, right-click the MenuOption<number> and select Edit
Configuration, or click Edit on the Edit Configuration page until you find the
options you want to change.
See also: Edit Configurations on page 302 and Boot Menu Tab on page 289.
Import Boot Menu Options
This option lets you import boot menu options that were created using third-party
imaging software or previous versions of PXE Server.
Option 1:
1. From the New Shared Menu Option dialog, select Direct from floppy and click
Import Boot Image. The PXE Config Floppy Import Wizard appears.
Note
You must enter a name in the Name field to enable the Import Boot Image
button.
Deployment Solution 293

2. Insert a floppy disk. The path and name of the new MenuOption<number>
appears.
3. Click Next. A progress bar displays the PXE boot file image being read as it is
imported.
4. Click Finish.
Option 2:
1. From the New Shared Menu Option dialog, select User Supplied. Click Manual
Boot Image. The PXE Boot Files dialog appears.
2. Copy the PXE files you want in the MenuOption<number> folder. Click Browse to
select the folder containing the boot files that you want to copy.
3. Click OK.
Regenerate Boot Images
This lets you regenerate all the PXE configurations that are using the selected operating
system. If you make updates to the core automation operating system, such as
installing a new version of Linux, this lets you apply those updates without re-creating
the affected configurations.
Install Pre-boot Operating System Files
In Boot Disk Creator, you must install the pre-boot operating system files for at least
one pre-boot environment before you create new configurations. Boot Disk Creator uses
these files when creating configurations and boot images. You can install all supported
pre-boot operating system files at the same time, or you can install only those pre-boot
environments that you want to use. You can install FreeDOS and MS-DOS, but you must
select which DOS version you want to run since you cannot run both versions at the
same time.
Example: You can install the DOS and WinPE pre-boot operating system files to start
creating configurations to support your infrastructure, which currently does not need
Linux boot images. After working with Deployment Server and Boot Disk Creator, you
decide you want to create Linux configurations and Linux boot images. You can open the
Install Pre-boot Operating System Files dialog at any time to install the Linux
system files or the other pre-boot operating system files.
When you install the pre-boot operating system files for DOS, Linux, or WinPE, a
checkmark next to the operating system name indicates that the files are successfully
installed. See DOS on page 294, Linux on page 295, and WinPE on page 295. The
operating system version number appears (except for MS-DOS) and the status changes
to Installed.
If you acquire a newer version of DOS, Linux, or WinPE, browse and specify the location
of the pre-boot files and click Next to install the new files. However, all existing
operating system files are deleted before the newer files are installed.
Example: If you have installed WinPE, and Altiris supports a newer version that is
available, browse and specify the location of the pre-boot files and click Next to install
the new files. All existing WinPE files are deleted from the hard disk before the new files
are installed. If you experience any problems with the new version of WinPE, you must
install the older version to restore Boot Disk Creator functionality for WinPE.
Deployment Solution 294

To install pre-boot operating system files
Select the pre-boot operating system that you want to install and click Next.
DOS
You can install FreeDOS and MS-DOS or both. See FreeDOS on page 294 and MS-DOS
on page 294. However, you can only run one version of DOS at a time. See Set Default
Pre-boot Operating System on page 295.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file
can be downloaded from the Deployment Solution download site on altiris.com and
saved to any location on the network. When newer versions of FreeDOS become
available, an updated .FRM file is available online through Deployment Solution Hot
Fixes or Service Pack releases.
When you install a new version, use the Regenerate Boot Images option on the Boot
Menu tab to apply the new version to your existing configurations.
Note:
FreeDOS may not support newer motherboard chip-sets.
MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a
system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or
to a CD.
Use Microsoft Windows 98 installation CD: Select this option to install MS-DOS from
an original Microsoft Windows 98 installation CD.
Floppy Disk: Select to format a disk using the Format a: /s command. Copy the
required files listed below from an original Microsoft Windows 98 installation CD to the
floppy disk. Boot Disk Creator only installs DOS files from the A drive. If you select B-
Floppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the
A-Floppy Drive.
When you install a new version, use the Regenerate Boot Images option on the Boot
Menu tab to apply the new version to your existing configurations.
Folder: Select this option to copy the required files to a folder that can be accessed
from the Boot Disk Creator.
Boot Disk Creator requires the following MS-DOS files.
Required Optional
HIMEM.SYS EDIT.COM
EMM386.EXE MEM.EXE
SMARTDRV.EXE ATTRIB.EXE
SYS.COM MODE.COM
XCOPY32.MOD FORMAT.COM
FDISK.EXE
Deployment Solution 295

Note
The SMARTDRV.EXE file is required for all computers running a scripted install in
Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The
BDCgpl.frm file can be downloaded from the Deployment Solution download site on
altiris.com and saved to any location on the network. When newer versions of Linux
become available, an updated .FRM file is available online through Deployment Solution
Hot Fixes or Service Pack releases.
When you install a new version, use the Regenerate Boot Images option on the Boot
Menu tab to apply the new version to your existing configurations.
WinPE
Altiris supports WinPE as a pre-boot environment for Boot Disk Creator. When you install
WinPE, you must use one of the following:
Altiris WinPE installer
Microsoft WAIK DVD
Import installed WAIK
When you install a new version, use the Regenerate Boot Images option on the Boot
Menu tab to apply the new version to your existing configurations.
Set Default Pre-boot Operating System
While creating an automation partition, from the Tools menu on the Boot Disk Creator
interface, you must select the pre-boot operating system that you want to set as the
default, such as FreeDOS or MS-DOS.
New Configuration Wizard
You can create as many configurations as needed to support different types of computer
environments. Before you begin, you must install the pre-boot operating system files
that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating
System Files on page 293.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux,
or WinPE. You must enter a name for the configuration to enable the Pre-boot
Operating System for this Configuration fields. The description field is optional but
To start the New Configuration Wizard, click this icon on the toolbar of the
Boot Disk Creator tool and click Ctrl+N or click File > New
Configuration.
Deployment Solution 296

helps you to know what the configuration contains, such as the file server type, NIC
drivers, and any additional files you want to add.
Field Definitions
Name: The configuration name you enter appears in the Configurations pane after the
wizard is completed.
Description: Enter a description for the configuration. (Example: Enter the type of
computer, operating system, network adapter, and any other characteristics that can
help you identify this particular configuration.) After the Create Configuration and
Create Boot Disk wizards complete, if you select the configuration from the left pane,
the description you entered for this field appears at the top of the right pane.
Pre-boot Operating System for this Configuration: Boot Disk Creator supports
DOS, Linux, and WinPE operating systems to create pre-boot environments. Select the
pre-boot operating system and click the install pre-boot operating system files. See
Install Pre-boot Operating System Files on page 293.
File Server Type (DOS)
The Deployment Share stores image files, packages, and data files. By default, the
Deployment Share is installed on the Deployment Server, but you can install it on
another server, depending on whether you selected the Simple or Custom Deployment
Solution installation.
Field Definitions
Microsoft Windows: Select this option to store images on a Microsoft server using
TCP/IP network communications (recommended). However, if you use IPX to
communicate with a Microsoft server, select the IPX check box at the bottom of the
page.
Create multi-network adapter configuration: Select this option to add multiple
network adapter drivers to a single PXE boot file configuration. This feature lets you
build configuration files to boot multiple computers that contain different types of
network adapter cards. See Multi-Network Adapter Configurations on page 296.
Novell NetWare (VLM): Select this option to store images on a NetWare server with
VLM clients, using IPX network communications.
Novell NetWare (Client32): Select this option to store images on a NetWare server
with 32-bit clients.
Use IPX to communicate with Netware: Select this check box if IPX is the network
protocol for the Novel NetWare (Client32) server.
Multi-Network Adapter Configurations
If you are creating a DOS configuration, when you select Multi-NIC configurations, a
list of supported drivers appears. You can select Multi-NIC drivers to be included in the
configuration by pressing Shift-Click or Ctrl-Click. After a client computer boots using
a multi-network adapter configuration, Boot Disk Creator applies the driver that
matches the first network adapter card that it detects.
Example: If you are using the multi-network adapter configuration for several different
client computers, this option can save you time and effort in booting different
computers. However, if a client computer has 2 NIC cards and you use the multi-
Deployment Solution 297

network adapter configuration to boot the computer, the first NIC card is detected and
can potentially be the wrong network adapter required to connect to the Deployment
Server.
Advanced Features
The network adapters you select must support DOS, Linux, or WinPE so that client
computers can connect to a network or Deployment Server, depending on whether you
create automation partitions, or network or automation boot disks. The Have Disk
button lets you install network adapter drivers from a disk, CD, or network folder. See
Have Disk on page 298.
The Internet button lets you connect to an Altiris supported Web site to download and
install network adapter drivers. See Internet on page 298.
The Advanced button lets you further define network adapters and their drivers. See
Advanced on page 298.
Multiple Network Adapters Load Order
This option is for DOS and WinPE configurations only. This lets you specify the order in
which the physical network adapters are detected when the client computer boots.
Example: If most client computers have a Broadcom Ethernet adapter, but some
computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and
Down to move the Broadcom Ethernet adapter to the top of the list.
See Network Adapter on page 297.
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of
configuration you create. You can install pre-boot operating system files for DOS, Linux,
or Windows Preinstallation Environment (WinPE). See Install Pre-boot Operating System
Files on page 293.
Example: After installing the pre-boot operating system files for WinPE, the Windows
NIC drivers that are available to create a WinPE configuration appear, and are
automatically added to the new configuration. If you select Auto-detect network
adapter, WinPE determines which network adapter driver to use.
Select a driver from the network adapters driver list. You must create a new
configuration for each type of network adapter that is installed on client computers,
unless you want to create a Multi-NIC configuration. See Multi-Network Adapter
Configurations on page 296. If you want to add or change adapter settings (such as I/O
Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced on
page 298.
If the network adapter you want does not appear in the list, click Have Disk, Internet,
or Advanced to add additional drivers. See Have Disk on page 298, Internet on
page 298, and Advanced on page 298.
Field Definitions
Auto-detect network adapter: Select this option to let WinPE auto-detect the type of
adapter that is in the client computers when the boot image runs.
Deployment Solution 298

Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder.
You can download the Network adapters from the manufacturers Web site and save it to
a folder or a disk to install later. New network adapters come with a floppy disk or CD to
install the appropriate drivers.
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to
download the latest NIC drivers. From the Network Adapter page, click Internet to
launch the Web browser and use the ftp://support.altiris.com/support/NIC_drivers/ link.
Download the driver you want and unzip the files to a folder on the hard drive. Click Add
Driver to add the driver to the Network Adapters list.
Advanced
These options lets you add or change settings for the network adapter cards so they
work correctly when using DOS configurations. This option is not available when you
create a Linux or WinPE configuration. In the Network Adapter page, click Advanced.
Refer to the following properties and values:
Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this line
in the config.sys file.
Advanced settings (protocol.ini): Add parameters to the NIC section of the
protocol.ini file.
Memory (protocol.ini): Add parameters to the network setup section of the
protocol.ini file.
IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini
file.
Novell VLM clients
Emm386 memory (config.sys): Append memory address information to this line
in the config.sys file.
Advanced settings (config.sys): Add parameters to the NIC section of the
net.cfg file.
Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this line
in the config.sys file.
Advanced settings (driver command line): Add driver command-line entries to
the landrv.bat file.
TCP/IP Protocol Settings
This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the
default protocol when client computers boot to automation on a Windows network. If
you are using the IPX protocol, Deployment Server uses its own IP stack to work on IPX
networks.
Deployment Solution 299

Field Definitions
Obtain an IP address from a DHCP server: Select this option if you want client
computers to obtain an IP address from a DHCP server.
Use a static IP address: Select this option if you want to assign a specific IP address
to a client computer that is using this configuration. Enter an IP address, Subnet
mask, and Default gateway. You can also enter a Primary WINS server address and
a Secondary WINS server address if you want to resolve IP addresses and naming
conventions. You must create a configuration for each client computer, so that the IP
address is not the same for all computers.
Altiris Deployment Server Communication
This option lets you set communication properties for the Deployment Server. The
Deployment Server IP address, and Port fields are critical because they define how
client computers establish communications with the Deployment Server.
Example: The TCP port on the Deployment Server is set to 402 and the Port field in the
Boot Disk configuration is set to 502. These settings prevent client computers from
communicating with the Deployment Server because the port numbers do not match. To
establish communications between client computers and the Deployment Server,
change the Port field in the Boot Disk configuration to 402.
Note
The settings on this page are used only if you create an automation boot image where
the Automation Agent needs to know how to find the Deployment Server. If you intend
to create a network boot disk, you can ignore this page by clicking Next, as none of the
properties are used to create a network boot image].
To set the TCP port on the Deployment Server
1. From the Deployment Server, click Start > Control Panel > Altiris Deployment
Server > Options > Transport tab.
You can also click Start > All Programs > Altiris > Deployment Solution >
Configuration > Options > Transport tab.
This opens the Altiris Deployment Server transport settings page.
2. Enter the TCP port number.
3. Click OK.
The following options are available on the Altiris Deployment Server
Communication page:
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option
to use TCP/IP multicasting to find the Deployment Server. When client computers boot
to automation using this configuration, a multicast packet is broadcast across the
network to find where the Deployment Server location is located.
Multicast IP address: Enter a multicast IP address for client computers to send a
broadcast packet across the network to find the Deployment Server.
Port: This option defines the port that the client computers will use to communicate
with the Deployment Server Engine, which manages the Deployment Database,
sends job commands to the Deployment Agent, and more.
Deployment Solution 300

Server name: When you select Use TCP/IP multicasting to find the Altiris
Deployment Server, a multicast packet is broadcast to the server you specify. If
you leave this field blank, the client computer connects to the first server that
responds to the multicast packet.
Use TCP/IP to connect to the Altiris Deployment Server: Select this option to
connect to a specific Deployment Server. You must select this option if your network
adapter or network does not support multicasting. See your network adapter
documentation, call the manufacturer, or consult with your IT department for
information.
Server IP address: Enter the IP address of the Deployment Server to access
information stored in the Deployment Share. If you are using the Intel Universal NIC
driver (UNDI), the IP address is required.
Port: This option defines the port that the client computers will use to communicate
with the Deployment Server Engine, which manages the Deployment Database,
sends job commands to the Deployment Agent, and more.
Automation Agent Location
Remote: Select this option to run the most recent automation agent located on the
remote server share.
Local: Select this option to run the automation agent that currently exists in the local
pre-boot environment.
Lock Keyboard: Select this option for additional security. This prevents someone on
the remote computer from ending the automation session and possibly accessing your
network.
Network Connection
This option lets you define the way the client computers connect to the Deployment
Share or a file server that stores image files.
Windows
Workgroup: Enter the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click
Advanced to enter a NetWare context for the server and select a Frame type if it is
different from the default value of 802.2.
User name: Enter the authorized user name that was set up while creating the
Deployment Share directory. If you did not assign a User name and Password when
the Deployment Share or file server was created, leave these fields blank.
Password: Enter the password for the user name.
Confirm password: Enter the password for the user name to confirm that you entered
the correct password in the Password field.
Network Drive Mappings and Mount Points
This option lets you set up drive mappings (for DOS and WinPE) or mount points (for
Linux) so that when client computers boot to automation or a network prompt, they
connect to the appropriate server. You can create multiple drive mappings or mount
Deployment Solution 301

points. However, if you are creating a DOS configuration, the first mapped drive you
specify must connect to the Deployment Share.
Field Definitions
Manually create drive mappings: Select this option if you want to include the drive
mappings in the autoexec.bat file when client computers boot to automation.
Drive: By default, the mapped drive that appears is F: \\<Deployment Share
server>\eXpress. Select a different drive letter from the drop-down list if F: is already
in use.
Path: Enter the path for the Deployment Share. The path you enter maps to the drive
letter you selected in the Drive field. You can also click Browse to navigate to the
Deployment Share if you are unsure of the directory path or if the image files are stored
on a file server.
Example:
Windows users: \\server\share
NetWare users: server\volume:directory
Linux users: //server/mount point
Create an entry in the LMHOSTS file for the Deployment Server file store (other
entries must be added manually): Select this option if your network does not support
NetBIOS name resolution for IP addresses. Enter a Server name and IP address so
that client computers can find the Deployment Share where the image files are stored.
Use NetWare login scripts to create drive mappings: Select this option if you use
NetWare and you want login scripts to create the drive mappings.
Optional Components
This page lets you add additional components to the boot image, such as WSH (Windows
Scripting Host), WMI (Windows Management Instrumentation), and so on. You can
select the optional components that you want to include in the WinPE boot image.
This wizard page is available only when you select WinPE. By default, the optional
components to be included with this configuration are selected.
Enable WinPE Firewall: By default, this check box is not selected. Selecting this
option enables the WinPE Firewall, which interferes with multicast imaging.
Configuration Summary
This page lets you review all the options you selected throughout the New
Configuration Wizard. If you want to modify a setting, click Back to re-select the
option. When you click Finish, the Create Boot Disk Wizard appears for the next
process to begin.
If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit
Configuration page appears. See Edit Configurations on page 302.
Deployment Solution 302

Edit Configurations
This is the main Boot Disk Creator page that appears when you start the utility. If you
are using Boot Disk Creator from within the PXE Configuration Utility, this page appears
at the end of the New Configuration Wizard.
This feature lets you modify configurations that are already created. As you select files
and folders from the left pane, the configuration information appears in the right pane.
The display color changes to help you know the type of configuration you selected to
view, edit, or delete. The colors displayed are:
Black: You have not selected or created any configurations.
Blue: The configuration you selected or created is based on the DOS pre-boot
environment.
Green: The configuration you selected or created is based on the Linux pre-boot
environment.
Red: The configuration you selected or created is based on the WinPE pre-boot
environment.
To change the configuration settings, right-click a configuration folder and select Edit
Configuration and click Edit until you find the page for the options you want to
change. You can also make text edits to files (selected from the left pane) in the right
pane.
You can edit all other configuration files as needed. If the PXE Configuration Utility is
launched and exited without any changes, no updates are made to the PXE Server.
However, after you edit a configuration, Boot Disk Creator rewrites certain files within
the configuration so that drive mappings and mount points are always updated. The
following files are rewritten after editing configurations:
DOS - mapdrv.bat, unmapdrv.bat
Linux - mounts.local
WinPE - mapdrv.bat
The edited configuration settings are saved to the PXE Manager database. The PXE
Server is updated in the background. Click the PXE Status Screen tab to view the
updated status of the PXE Server.
See also: New Configuration Wizard on page 295 and Install Pre-boot Operating
System Files on page 293.
Additional Files
Boot Disk Creator lets you add additional files to folders that either apply to a specific
configuration or to all configurations that are of the same type of pre-boot operating
system. However, any files that you add to the global <OS> additional files folders
are written to the boot image before the specific configuration files. If a file in the <OS>
additional files folder has the same name as a file in a specific configuration folder, it
is overwritten.
Example: If a file named 5684_Drivers resides in the DOS additional files folder, and the
same file, 5684_Drivers, exists in a specific configuration folder; when the files are
written to a boot image, the file in the configuration folder overwrites the file in the DOS
additional files folder. This may cause unexpected results. If you edit text files in a
<OS> additional files folder, yet the specific configuration file is the one that is
written to the boot image, the result is not as you expected.
Deployment Solution 303

Add files to all configuration
When you install a pre-boot operating system, a new folder is added to the bottom of
the left pane on the main page of the Boot Disk Creator. If you install pre-boot operating
system files and the <OS> additional files folders do not appear, press F5 to refresh
the Boot Disk Creator page. The folders that appear are as follows:
DOS additional files
Linux additional files
WinPE additional files
Boot Disk Creator copies the files from the <OS> additional files folders to all the
corresponding operating system configurations and adds these files to the boot images.
These folders are considered global because they can affect configurations of the same
type.
Example: Using the Windows Copy and Paste command, you can add tracert.exe to the
WinPE additional files folder. Each WinPE configuration you create adds the files in the
WinPE additional files folder to the boot image.
Add files to a specific configuration
If you want to add files to a specific configuration only and do not want to use the global
feature of the <OS> additional files folders, do the following:
1. Right-click a configuration in the left pane and select New > Folder. A new
subfolder is created in the left pane.
2. Enter a name for the folder so that you know they are the added files.
3. To add files to the <OS> additional files folder, do one of the following methods:
Copy the files from a network folder and paste them into the configuration
folder.
Right-click a configuration and select Add File. A browser dialog appears to
navigate to the file you want to add.
Right-click a configuration and select File > Text file. A new empty text file is
added to the left pane. Enter a name for the file and write text as needed in the
left pane.
Create PXE Boot Image Files (PXE)
This option is used for Boot Disk Creator configurations created from within the PXE
Configuration Utility. Because the PXE Servers download the boot image files to client
computers, after you select all the properties for a New Configuration, Boot Disk Creator
must know the type of image file to create.
Field Definitions
Automation PXE image: The automation agent for the type of pre-boot operating
system configuration that you created is added to the settings you selected throughout
the New Configuration Wizard.
Network PXE image: The configuration you created does not contain an automation
agent. When client computers boot with this image file, they are mapped to a network
server and are at a users prompt. (This option is not available in Shared Configuration
mode.)
Deployment Solution 304

PXE Boot Image Creation Complete
This page lets you know when the PXE boot image file is completed. When you click
Finish, the New Shared Menu Option page appears, displaying the location of the
PXE boot image files on the PXE Server.
PXE Server Tab
This lets you set response times for the PXE Servers and specifies how the DHCP Server
will be discovered. By default, PXE Servers inherit the shared properties from the
Shared Configurations mode. Client computers use the information defined on this page
to locate the PXE Server that provides their services.
PXE Server properties
PXE Server IP address: By default, the IP address for both Shared Configuration and
Customize PXE Server modes are displayed. If, for some reason, you need to change the
IP address on a PXE Server, enter the same IP address in this field.
Enter the IP address for the specific PXE Server you selected from the File menu. When
client computers perform a PXE boot, the IP address helps them communicate with the
PXE Server.
Use Shared properties: This is selected when you set the properties for a Shared
Configuration. You cannot change this selection on the other pages if you set the
properties for the Shared Configuration.
Customize PXE Server: Shared Configuration: This option is available when you
select a specific server from the File menu. You can also customize the properties for
the PXE Server you selected.
Response Time: This lets you set the PXE Server response time when the client
computers request a PXE boot.
Example: If you have three PXE Servers, you can set the first PXE Server to Short
delayed response (1/2 second), the second to Immediate response, and the third
to a Delayed response of your choice. This helps control which PXE Servers will
respond to the client computers when they perform a PXE boot. In this example, the
second PXE Server would respond to client computers before the first server.
PXE Server image update: This lets you control options for how updated PXE boot
images are distributed to the PXE servers. Limit bandwidth throttles the amount of
network bandwidth consumed by the transfer, but might result in your images taking
longer to update.
DHCP Server discovery:
Auto detect Microsoft DHCP Server and configure for PXE: Select this
option for a PXE Server to auto-detect the ports used for DHCP when
Deployment Server and the PXE Server are installed to the same server.
Third party DHCP Server installed on PXE server (Do NOT use DHCP
port): Select this option if you are not using a version of Microsoft DHCP
Server.
Deployment Solution 305

Note:
If Microsoft DHCP Server is installed on the PXE server, but is not active and
functioning, the PXE Server sets option 60. This can cause conflict with client
computers. Select the No DHCP Server installed on PXE Server (Use DHCP
port) instead.
No DHCP Server installed on PXE Server (Use DHCP port): Select this
option if DHCP is installed to a different server than the one where PXE Server is
installed. The PXE Server uses only one port for DHCP.
DS Tab
This tab lets you set properties so that all PXE Servers can communicate with the
Deployment Server. PXE Servers and the Deployment Server work together to perform
tasks, such as creating and distributing an image, scripted OS installs, and more. The
PXE Server must access the Deployment Server and the Deployment Database to
retrieve the information required to carry out these tasks on client computers.
The Deployment Server IP address, Engine Port, and Data Manager Port are
critical fields because they define how the PXE Server establishes communication with
the Deployment Server.
Example: The TCP port on the Deployment Server is set to 402 and the Engine port on
the PXE Server is set to 502. This would result in the PXE Server not communicating
with the Deployment Server because the port numbers do not match. To establish
communication between the two servers, change the Engine port field on the PXE
Server to 402.
To set the TCP port on the Deployment Server
1. From the Deployment Server, click Start > Control Panel > Altiris Deployment
Server > Options > Transport tab.
You can also click Start > All Programs > Altiris > Deployment Solution >
Configuration > Options > Transport tab.
This opens the Altiris Deployment Server transport settings page.
2. Enter the TCP port number.
3. Click OK.
Deployment Server properties
Deployment Server IP address: This is the IP address of the Deployment Server that
controls the PXE Servers. This value is automatically entered when Deployment Solution
is installed. However, because the Deployment Server IP address can change, you have
an option to edit this field.
Engine port: This option defines which port the PXE Servers use to communicate with
the Deployment Server Engine, which manages the Deployment Database, sends job
commands to the Deployment Agent, and more.
Data Manager port: This is the port that PXE Manager uses to communicate with the
Deployment Server.
Default boot option: This is the default boot menu item that Deployment Server uses
to execute jobs.
Deployment Solution 306

Disable Initial Deployment: By default, this option is enabled. Clear the check box if
you do not want to use Initial Deployment.
Initial Deploy boot option: The boot menu item that was set as the default pre-boot
operating system at install time is selected. If no boot menu items were created, the
first boot menu item (shared) is selected. Go to the Boot Menu tab and create a Shared
Configuration if there are no items in the list. See Boot Menu Tab on page 289.
When the boot menu appears on client computers, the default boot option you select for
Initial Deployment moves to the top of the boot menu, even if the boot option is not at
the top of the list on the Boot Menu Options for PXE Server: Shared Configuration
page.
Execute immediately: Select this option for Initial Deployment to run on new client
computers without any user interaction after a PXE boot. From the Deployment Console,
in the Initial Deployment Advanced Properties page, there is a default time-out
value of 5 minutes. If you select this option, PXE responds immediately, but Initial
Deployment still waits for 5 minutes before running.
Wait indefinitely: Select this option so that a user must press <F8> to start the Initial
deployment job.
Use default timeout: Select this option to use the time-out value set in the Initial
Deployment Advanced Properties page from the Deployment Console.
Timeout: Select this option to enter a time-out value. The boot menu appears on new
client computers for the length of time you set before booting to Initial Deployment.
MAC Filter Tab
This feature lets you control the service load of the PXE Servers by creating a list of MAC
addresses you want to be serviced by either a specific PXE Server or by all PXE Servers
associated to a Deployment Server. You can also select to not service the list of client
computers.
Example: If you had three PXE Servers that Deployment Server integrated with and you
were setting properties for a Shared Configuration, you could create a list of MAC
addresses, select Service listed addresses so that all three PXE Servers would
respond to the listed client computers. You could also create a list of MAC addresses for
a specific PXE Server configuration and select Do NOT service addresses so that the
PXE Server you selected would not download a boot menu to any of the client computers
listed. This lets you select the PXE Servers that provide services for specific client
computers across the network.
MAC addresses filter properties mode
Use Shared properties: Select this option when you set the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting
properties for the Shared Configuration.
Customize PXE Server: Shared Configuration: This option is available when you
select a specific server from the File menu. You can also customize the properties for
the PXE Server you selected.
Use MAC Address Filtering: Select this option to use MAC filtering. If you do not select
this check box, the entries in the MAC Address Patterns section are ignored.
Service listed addresses: Select this option if you want the PXE Server to service the
list of MAC addresses in the MAC Address Patterns section.
Deployment Solution 307

Do NOT service addresses: Select this option if you do not want the PXE Server to
service the list of MAC addresses in the MAC Address Patterns section.
MAC Address Patterns
MAC addresses are listed in this section. You can add, edit, or delete the addresses. You
can also import or export MAC address text files.
New: When you click this button, the Define MAC Addresses dialog appears, where
you can enter MAC addresses. See Define MAC Addresses on page 307.
Edit: When you click this button, the Define MAC Addresses dialog appears, where
you can modify addresses previously added to the MAC address list. See Define MAC
Addresses on page 307.
Delete: Select a MAC address from the list and click this button.
Import: This option lets you import comma-separated text file MAC address list. You
can create the import text file manually, or you can import a file that has previously
been exported from any PXE Server on your network. When the Windows navigation
dialog appears, go to the folder or disk drive where the text file is located and click OK.
Export: This option lets you export the MAC address list to a comma-separated text file.
You can use the export feature to save a large MAC address list and import the file to
another PXE Server or to the same PXE Server in case you need to uninstall and install
PXE Server. You can export all or a part of the list by selecting the MAC addresses. When
the Windows navigation dialog appears, go to the folder or disk drive where you want
to save the text file and click OK.
Define MAC Addresses
You can add or edit MAC addresses to the MAC address patterns section of the MAC
Filter tab. This determines whether PXE Servers will include or exclude the client
computers that are listed. See MAC Filter Tab on page 306.
Single address: Select this option and enter a single MAC address. This address
appears in the MAC Address Pattern section.
Address range: Select this option to enter a range of MAC addresses. Enter a MAC
address to start the range in the From box and a MAC address to end the range in the
To box.
Multicast Tab
This option lets you set properties for the way PXE Servers download the boot image to
client computers. PXE Servers communicate with client computers using the Multicast
Trivial File Transport Protocol (MTFTP) and support larger transport packets, which
reduces the time taken to download files.
The PXE Manager multicast properties section lets you set a Beginning Multicast
Address, the Number of Multicast Addresses Available, and the Maximum
Addresses Available to Single PXE Server.
A multicast address is automatically assigned to the files a PXE Server uses to download
the boot menu options to client computers. A PXE boot menu option consists of two files.
The MenuOption<number>.0 file is the boot menu, and the MenuOption<number>.1 file
is the additional file needed to execute the menu item you select.
Deployment Solution 308

Example: The PXE.ini file consists of information gathered by PXE Manager and includes
a section called MTFTP\Files. This section lists the MenuOption files and their assigned
multicast addresses.
[ MTFTPD\ FI LES]
BSt r ap\ x86pc\ BSt r ap. 0=224. 1. 1. 0
MenuOpt i on128\ x86pc\ MenuOpt i on128. 0=224. 1. 1. 1
MenuOpt i on128\ x86pc\ MenuOpt i on128. 0. cr - 1005309736=224. 1. 1. 2
MenuOpt i on128\ x86pc\ MenuOpt i on128. 1=224. 1. 1. 3
MenuOpt i on129\ x86pc\ MenuOpt i on129. 0=224. 1. 1. 4
MenuOpt i on129\ x86pc\ MenuOpt i on129. 0. cr - 1005309736=224. 1. 1. 5
MenuOpt i on129\ x86pc\ MenuOpt i on129. 1=224. 1. 1. 6
Notice that the multicast address increments by 1 for each file that is created when a
new PXE configuration is added and the boot image is created. These are the files that a
PXE Server downloads when you select a boot menu option from the menu list on a
client computer.
PXE Manager
PXE Manager creates a PXE Manager.ini file, which gathers data from all the PXE Servers
on the network. The PXE Manager.ini file creates and sends a PXE.ini file that is specific
to each PXE Server. Both PXE Manager.ini and PXE.ini files are used by the PXE Manager
service to synchronize the boot images across all PXE Servers and Deployment Servers
on the network.
Important
Do not edit the PXE Manager.ini or PXE.ini files. Once these files are edited, you can no
longer access the boot images stored on all PXE Servers, and the PXE Manager service
does not function properly. See PXE Manager in the Automation & Imaging section of
the Deployment Solution Product Guide.
TFTP/MTFTP properties
Use Shared properties: Select this option when you want to set the properties for a
Shared Configuration. Once you set the properties, you cannot change this selection on
the other pages.
Customize PXE Server: Shared Configuration: This option is available when you
select a specific server from the File menu. You can also customize the properties for
the PXE Server you selected.
Enable MTFTP: Clear this option if you do not want to use MTFTP to download the boot
menu from the PXE Server to client computers. If a PXE Server is going to service client
computers on the same subnet, you can select this option to communicate. If you
disable MTFTP, TFTP is used to communicate.
PXE-enabled client computers listen for broadcast messages sent by the PXE Server
through MTFTP. If a PXE Server is going to service client computers across subnets and
this option is enabled, the PXE Server tries to communicate with clients using MTFTP. If
the router is not configured to pass a multicast packet, an error message appears on
client computers, stating that MTFTP is unavailable. The PXE Server tries to connect to
client computers using TFTP.
Deployment Solution 309

Enable larger packets for TFTP/MTFTP: Select this option to increase the packet size
transport.
Packet Size: Enter the transport packet size if your infrastructure does not have the
capability of handling the default packet size of 768.
Do not allow IP fragmentation: Clear this option to use IP fragmentation. This is
helpful if you have a narrow bandwidth on the network and want to enable larger
packets for TFTP/MTFTP when downloading files from the PXE Server to client
computers. IP fragmentation lets larger packets break up into smaller packets during
transport. However, you must use a third-party application to reassemble the smaller
packets into the original packet size.
PXE Manager multicast properties
Beginning Multicast Address: Enter a multicast address between the range of
224.1.1.0 -- 225.255.255.255.
Number of Multicast Addresses Available: Enter the number of addresses available
for the PXE Server. Limit: 128,000.
Maximum Addresses Available to Single PXE Server: Enter the maximum
addresses available to a single PXE Server.
Data Logs Tab
This option lets you enable data logs to help you troubleshoot incidents on the PXE
Servers. You can enable log files to help isolate issues with the network traffic,
communication protocol, the PXE Server, and more. You can specify a filename for each
of the logs, and you can enter a directory path where you want to store the log files.
Each log file lets you select a log level, such as errors, warnings, information, debug, or
all. This is a valuable tool that should be used only for troubleshooting as it could impact
the network in a production environment due to the amount of data that is written to the
logs.
Data Log properties
Use Shared properties: Select this option when you set the properties for a Shared
Configuration. Once you set the properties, you cannot change this selection on the
other pages.
Customize PXE Server: Shared Configuration: This option is available when you
select a specific server from the File menu. You can also customize the properties for
the PXE Server you selected.
Log File Location: This is the folder where all log files are stored. If no directory path is
entered, log files are stored in the default Deployment Share folder of C:\Program
Files\Altiris\express\Deployment Server\PXE.
Log Files: The following log files are specific to PXE Servers and, if enabled, log the
information to the filename you specify and store it in the PXE folder on each PXE Server
across the network.
PXE Server Log
PXE MTFTP Log
Packet Parser Log
DS Traffic Log
Deployment Solution 310

Config Service Log
PXE Manager Log
Config Utility Log
The PXE Manager Log writes data to the filename you specify and stores it in the PXE
folder on the Deployment Server.
Level: Select the type of data you want to write in the log files. Each level in the list
includes more details to the log files of the previous level.
Filename: Enter a name for the log file you enabled if you do not want to use the
default name.
Status Tab
You can view the status of the PXE servers in your environment and track whether the
updates have been applied to the PXE server.
Remote PXE Installation
You can install a PXE Server to any remote location on your network using this feature.
However, all remote installations must be pushed from the Deployment Server.
Example: Your business home office is in Washington and you have two smaller offices
in Los Angeles and Australia. You can use the Remote PXE Installation Wizard to install a
PXE Server to both locations from the Deployment Server in Washington.
Note:
DHCP services are required on the network to make the PXE Server function correctly.
To install a remote PXE Server
1. Browse to the location where axInstall.exe is installed. The default location is
C:\DSSetup.
2. Run axInstall.exe.
3. Select Component Install, and click Install.
4. On the Software License Agreement page, click Yes to accept the licensing
agreement.
5. Enter or browse to the Deployment Share folder and click Next.
6. Select Install an additional PXE Server and click Next.
7. Select Yes, I want to install PXE Server on a remote computer.
8. Enter the Remote computer name or browse the network to select a remote PXE
Server.
9. Enter the PXE Server IP address.
10. Enter the PXE Server install path and click Next.
11. On the Gathering Information page, enter a User name and Password with
administrative rights on the remote computer. Click Next.
12. On the Installation Information page, click Install.
Deployment Solution 311

Altiris ImageExplorer
Altiris ImageExplorer provides features that let you view and edit image files. Image
files are created using the RapiDeploy utility, a tool used most commonly in Deployment
Solution to create and distribute hard disk image files. These are .IMG or .EXE files
containing a replication of the source computers hard disk.
Using ImageExplorer, you can modify an image fileadd or delete data files, folders and
applicationsbefore distributing and restoring its contents to a client computer. You can
view properties and perform operations, such as extracting and saving files to another
destination volume, or excluding files from being restored when distributing the image
file to a client computer. You can also print the contents of a folder or edit a file using its
associated application.
See also: Using ImageExplorer on page 315.
ImageExplorer Features
Add new files and folders
Command-line mode
Convert images
Create image indexes
Extract files and folders
Exclude (or include) volumes, folders, and files from being restored
Find files in an image
Open a file with its associated program and edit
Make self-extracting images
Print image tree structure of files, folders, and volumes
Replace files
Revert to original image file contents
Split images
View, add, or change the image description
View properties of files, folders, and volumes in an image
ImageExplorer User Interface
Click the ImageExplorer icon on the toolbar or select Tools >
ImageExplorer. This opens the ImgExpl.exe program located in the
Deployment Share.
You can open and edit image files in the native .IMG file type or image files
with packaged rdeploy.exe runtime versions in an .EXE file type.
Deployment Solution 312

ImageExplorer provides the following features to view, manage, and modify the volume,
folder, and file elements of an image file.

Feature Description Button Access
Add Files Adds a new file to the image file. See
Add New Files on page 317.
Add Files is available when you
right-click a volume, folder, or a file
in the left pane. When you right-click
a file and select Add Files, the new
file is added to the same folder.
Option 1: Ctrl+A
Option 2: Select
Edit > Add Files
Option 3: Right-
click an item and
select Add Files
Add Folder Adds a new folder to the image file.
Click any item to add a folder to the
container object.
Add Folder is available when you
right-click a volume, folder, or a file
in the left pane.
Option 1: Ctrl+D
Option 2: Select
Edit > Add
Folder
Option 3: Right-
click an item and
select Add
Folder
Convert
Image
Converts image files from file format
4 to the format most currently used
by RapiDeploy. See Convert an
Image on page 317.
Option 1: Ctrl+T
Option 2: Select
File > Convert
Image
Copy Copies a file or folder from one
location and lets you paste it to a
destination image file.
Note
Copying large amounts of data and
large numbers of files between image
files can take several minutes.
Option 1: Ctrl+C
Option 2: Select
Edit > Copy
Option 3: Right-
click an item and
select Copy
Create
Image
Index
Creates an image index to make the
process of restoring images easier.
See Create an Image Index on
page 318.
Option 1: Ctrl+I
Option 2: Select
File > Create
Image Index
Exclude Marks volumes, folders, and files not
to be included when deploying the
image file to client computers.
Note
You can also exclude a file by clicking
the check box next to the file in the
Details pane. The icon replaces
the check box.
Option 1: Delete
key
Option 2: Select
Edit > Exclude
Option 3: Right-
click a file and
select Exclude
Files
Deployment Solution 313

Extract Extracts a complete volume, folder
(with its sub-folders), or file from the
image file. You can select a
destination volume or directory to
save the folders or files. See Extract
a Folder on page 319.
Note
Extracting large amounts of data and
large numbers of files can take
several minutes.
Option 1: Ctrl+E
Option 2: Select
Edit > Extract
Option 3: Right-
click an item and
select Extract
Files
Find Search for files or folders within an
image file using specific names or
wildcard characters. You can use ? as
a variable for a single character or *
(asterisk) for multiple characters.
See Find Files and Folders on
page 319.
Option 1: Ctrl+F
Option 2: Select
Edit > Find
Option 3: Right-
click a container
object and select
Find
Include Lets you include volumes, folders,
and files, previously marked
Excluded, in the image file when
deploying the image file to a client
computer.
Note
You can also include a previously
excluded file by clicking the next
to the file in the Details pane. A
check box reappears.
Option 1: Insert
key
Option 2: Select
Edit > Include
Option 3: Right-
click an excluded
item and select
Include Files
Make Self-
Extracting
Creates a self-extracting file from an
existing image file. See Make Self-
Extracting Images on page 320.
Option 1: Ctrl+M
Option 2: Select
File > Make
Self-Extracting
Open File
(available for
files)
Opens a file using its associated
application, if the application exists
on the computer where
ImageExplorer is running.
Option 1: Double-
click the file
Option 2: Select
Edit > Open
Option 3: Right-
click the file and
select Open
Feature Description Button Access
Deployment Solution 314

Open File
with
Lets you open a file with a selected
program. If the file is already
associated with a program, you can
simply double-click to open. Use
Open file with to change the
program or select the default Quick
Open feature.
Note
Image files created with IBMaster 4.5
do not open. However, you can use
the Convert Image feature to convert
image files to the current RapiDeploy
file format. See Convert an Image on
page 317.
Option 1: Ctrl+W
Option 2: Double-
click the file (if
not associated)
Option 3: Select
Edit > Open
with
Option 4: Right-
click the file and
select Open with
Open Image
File
In Deployment Solution 6.9 or later,
you cannot open image files created
using IBMaster. You need an
ImageExplorer version prior to
Deployment Solution 6.9 to open
these image files. You need an
ImageExplorer version from
Deployment Solution 5.5 or earlier to
edit these image files.
Option 1: Ctrl+O
Option 2: Select
File > Open
Paste Places a copied file or folder from one
location to another.
Option 1: Ctrl+V
Option 2: Select
Edit > Paste
Option 3: Right-
click an item and
select Paste
Print Folders: Prints the folder structure.
Includes sub-folders and files with
their modification date, time, and
size.
Files: Prints the actual file. You must
have the associated application
program installed to print the file
(Example: Microsoft Word to print
.DOC files).
See Print Folder Contents on
page 322 and Print a File on
page 323.
Option 1: Ctrl+P
Option 2: Select
File > Print
Option 3: Right-
click an item and
select Print
Feature Description Button Access
Deployment Solution 315

Using ImageExplorer
With ImageExplorer running, from the program menu bar, select File > Open to open
the image file you want to view or modify.
Note
In Deployment Solution 5.6 or later, you cannot use ImageExplorer to modify image
files created using IBMaster. You need an ImageExplorer version from Deployment
Solution 5.5 or earlier.
See also: View Properties on page 315, Add New Files on page 317, and Extract a
Folder on page 319.
View Properties
After opening an image file with ImageExplorer, you can view basic information about
the image file and its elements by selecting the file or volume (partition) name and
clicking Properties. You can open the Properties page for an image file, volume, or file
by right-clicking and selecting Properties, clicking File > Properties, or pressing
Properties Provides general information about
the folder or file, such as size,
modification dates, and attributes.
Properties appear differently for
images, volumes, folders, or files.
See View Properties on page 315.
Option 1:
Alt+Enter
Option 2: Select
File >
Properties
Option 3: Right-
click an item and
select Properties
Replace
Files
(available for
files)
Provides a way to update a file in the
image with a file from another
source. Both files must have the
same name.
Option 1: Ctrl+L
Option 2: Select
Edit > Replace
Option 3: Right-
click a file and
select Replace
Files
Revert
(available for
files)
An undo feature for the Replace File
option. This reverts a previously
changed file to its original file.
Option 1: Ctrl+R
Option 2: Select
Edit > Revert
Option 3: Right-
click an item and
select Revert
Files
Split Image Splits an image file of one size to into
segments of another size. See
Convert an Image on page 317.
Option 1: Ctrl+S
Option 2: Select
File > Split
Image
Feature Description Button Access
Deployment Solution 316

Alt+Enter. Depending on the type of image element, a properties page opens with the
appropriate tabs.
General Properties for an Image File
This page displays the data for image files. After selecting Properties for a selected
image, click the General tab to view the image items and additional property data, such
as size, location, and attributes.
The Image properties page includes the name of the image file and its associated
image data. Example: The Size field displays the amount of space that the image
occupies on the hard drive of the source computer. The Size on disk field displays the
actual size of the compressed image file before it is deployed.
From this page, you can modify the password of the image file.
General Properties for a Volume
This page displays data for a volume. After selecting Properties for a selected folder in
an image file, click the General tab to view its property data, such as size, location, and
attributes.
General Properties for a Folder
This page displays data for a folder. After selecting Properties for a selected file in an
image, click the General tab to view its included files and additional property data, such
as size, location, and attributes.
General Properties for Files
This page displays data for files. After selecting Properties for a selected folder in an
image file, click the General tab to view its included files and additional property data,
such as size, location, and attributes.
Description Properties for an Image
This page displays the constituent volumes within the image file. It provides a count of
the volumes in the image and lists the name of each volume in the Volumes pane. If
the image file has Read-write access, you can modify the image description.
Open a File
To open a file in an image, double-click the file in the Details pane of the ImageExplorer
or right-click and select Open. The file opens with its associated program. If no
associated program is located, an Open with dialog appears, from which you can select
and associate a program for the file.
Note
You can also associate a file with a program by right-clicking the file and selecting the
Open with command.
The Quick open feature lets you select a default program to open files without
associated programs (Microsoft Notepad is the default program). You can change the
Deployment Solution 317

default program for the Quick Open feature by clicking View > Settings and editing the
Open with program box.
See also: Print a File on page 323 and Settings on page 324.
Open Split Image Files
If an image is too large or you are trying to meet size restrictions to store an image
(such as dividing image files to 600 MB segments to fit on multiple CDs), you can use
the features in RapiDeploy to split the image file into multiple files. When editing,
ImageExplorer keeps track of these split image files and prompts you to locate any
additional linked image files that are not stored in the same directory.
Find Missing Split Image Files
If multiple files from a split image are kept in different folders or on separate CDs, this
dialog appears to help you locate the missing split image files. Enter a path in the field
or browse to the missing files. ImageExplorer keeps track of all files in a split image and
prompts you for any missing split image files that are not located in the same folder.
Add New Files
1. Open ImageExplorer.
2. Select File > Open. Select an image file.
3. Click OK.
4. Right-click the preferred volume or folder in the image and select Add Files. The
Select the files to add dialog appears.
Option 1:
Locate a file and click Open. The new file appears in the Details pane.
Option 2:
Drag a file from Windows Explorer to the selected folder or volume in an image file
displayed in ImageExplorer, or copy and paste the file. If you have selected the
corresponding Settings option, a message appears that confirms your decision to
copy a file to the image file. See Paste & Drop operations in Settings on
page 324.
Note
You can access and edit text files by double-clicking the file in the Details pane of the
ImageExplorer dialog.
Convert an Image
The internal file format for images has changed from file format 4 in Deployment Server
5.5 and earlier, to file format 6 in Deployment Server 5.6 or later. File format 6 has
remained the same since its release, but minor changes have been made to improve the
overall format structure.
This feature lets you select any previously created image file and convert it to the
current file format that RapiDeploy uses today. If the file format changes in future
Deployment Solution 318

releases of Deployment Server, when you convert an image file, it will always be to the
most current file format.
When converting image files, be aware of the following:
If an old image has an image index (.IMX) file, a new image index file is created.
If an old image file is a self-extracting image, the embedded RapiDeploy code is
removed and the image is restored to an .IMG file. You do not receive a message
warning that the embedded self-extracting code was removed.
If an old image has a password, the newly created image file does not have a
password. However, the user receives a message indicating that the password has
been removed.
File conversions may vary in length of time because ImageExplorer reads each
segment in the image before converting it to the new image file. If you have large
files with many segments, this process takes longer.
Field Definitions
Image File to Convert: Select the image file you want to convert.
Current segment size: By default, the segment size for RapiDeploy images is 2 GB.
Current segment count: By default, the number of segments in the image file is
displayed.
New Output Image File: Select a folder and filename for the image file you want to
convert, based on the new segment size.
New segment size (MB): From the drop-down list, select a size for image segments.
The list of options includes default sizes for CDs, zip drives, and more. When a file
segment reaches this limit, a new segment is created until the entire image is
converted.
Estimated segment count: The estimated number of segments in the file you selected
to convert.
To convert an image file
1. Click File, and select Convert Image File.
2. In the Image File to Convert field, click Browse to navigate to a folder, and select
an image file to convert.
3. In the New Output Image File field, click Browse to navigate to a folder. Enter a
new filename for the converted image.
4. From the New segment size drop-down list, select a segment size.
5. Click OK.
Create an Image Index
This feature lets you create an index file for image files. When you copy the images to
CDs, the index file and the first segment of the image provide the file information to
RapiDeploy when restoring the image file.
Example: If you have an image with multiple segments, such as .IMG, .002, .003, and
.004, ImageExplorer creates a table of contents at the end of segment .004, which
identifies the file information for each segment of the image.
Deployment Solution 319

This feature creates a new index file named .IMX. As you copy the segments to CDs, you
can select .IMX and .IMG to be on the same CD. You can copy the other segments, .002,
.003, and .004, to additional CDs as needed. When you use the CDs to restore an
image, the first CD that contains the .IMG and .IMX files provides RapiDeploy the
information needed to restore the image. This makes restoring images easier because
you need not insert the first CD, the last CD, and the first CD again.
You can also index images while creating them by selecting the Make an image index
(.imx) file option in RapiDeploy. See the RapiDeploy Reference Guide.
Field Definitions
Image File to Index: Select the image file you want to index.
Output Folder for Index (optional): If you do not select a folder for the index output,
the .IMX file is created in the same folder as the image you selected to index.
To create an index image
1. Click File, and select Create Image Index.
2. In the Image File to Index field, browse to a folder and select an image file.
3. (Optional) In the Output Folder for Index (optional) field, browse to a folder for
the index file output.
4. Click OK.
Extract a Folder
Use this feature to save a folder or file from an image to an external destination folder.
To extract a folder
1. Open ImageExplorer.
2. Select File > Open Image. Select an image file and click Open.
3. Select a folder in the image, right-click, and select Extract Folder. The Extract
Folder dialog appears.
4. Select a folder on your local disk or on the network to place the extracted folder.
5. Click OK.
Note
Extracting large amounts of data and large numbers of files can take several minutes.
Find Files and Folders
This feature lets you search for files or folders in an image file. To search for a file or
folder, select the image file, volume name, or folder name from the left pane to set a
search domain.
Field Definitions
Find what: Enter a string or characters (alpha and numeric). You can use ? (the
question mark) as a variable for a single character, or use * (the asterisk) for multiple
characters.
Search in
Deployment Solution 320

You can select one of the following options to change the search domains and click Find.
Search all open images: Select this to search for a file or folder in the open images.
Search entire image: Select this to search for a file or folder in the entire image.
Search only in: Select this to search for a file or folder only in the selected file, volume,
or folder.
Include
Matching files: Select this check box to include matching files in the search results.
Matching folders: Select this check box to include matching folders in the search
results.
Sub-folders: You can also select this check box to include subfolders.
Filter: Click this option to open the Find Filter dialog. See Filter Results on page 320.
Files and folders that meet the specified search criteria are listed in the results field,
organized by File Name, Location, and so on.
Filter Results
This feature lets you open an advanced search for files and folders based on associated
system attributes (Read-only, Hidden, System, and so on) and ImageExplorer attributes
(Flags) (Excluded, Added, Replaced). See Find Files and Folders on page 319.
Field Definitions
Find what: Enter the string or characters to find files or folders based on system
attributes or ImageExplorer attributes of the files or folders. Select the Include
matching files check box to select files. Select the Include matching folders check
box to select folders. You can also select the Search sub-folders check box to include
sub-folders.
Note
To search in a specific directory, right-click that directory in the left pane and click Find
to open the Find dialog.
The following attributes use three-way check boxes with these features:
A solid checkmark indicates that the item must contain the attribute.
An empty box indicates that the item must not contain the attribute.
A dimmed checkmark indicates that the value is NULL and the item can either have
the value or not.
Attributes: These are the system attributes of the files assigned by the operating
system when the image was created.
Flags: These are the attributes assigned by ImageExplorer.
Defaults: Clicking this button applies the default settings.
Make Self-Extracting Images
This feature lets you create a self-extracting file for an existing image file so you can run
the executable at a client computer. This is helpful when you need to restore an image
Deployment Solution 321

to a computer that does not have access to the Deployment Server and RapiDeploy for
imaging through the network.
You can select image files created using RapiDeploy, which was used to create images
beginning with Deployment Server 5.6 or later. You cannot use this feature if you have
images created using Altiris IBMaster 4.5 or earlier. However, when you navigate to a
folder to select an image, all .IMG files appear. You can use the Convert an Image
feature to convert the image to the latest RapiDeploy file format. See Convert an Image
on page 317.
The self-extracting file comprises a valid image file and RapiDeploy, which is embedded
into the executable. You can copy the self-extracting file to a folder or removable media
and manually run it on any computer, or you can create a deployment job on the
Deployment Server and distribute the self-extracting file to multiple computers.
When new versions of RapiDeploy become available through Deployment Server
upgrades, you can re-create any self-extracting file by re-running Make Self-
Extracting Image. The latest version of RapiDeploy replaces the image files
embedded RapiDeploy code.
The time required for this process may vary because ImageExplorer reads only the .IMG
segment. A 2 GB file takes more time than a 700 MB .IMG segment.
RapiDeploy and only the first segment of the image file (.IMG) are combined to create
the executable that restores images. However, all other segments that make up the
entire image, including the index (.IMX), are required when restoring an image.
See also: Create an Image Index on page 318.
Field Definitions
Current self-extractor type: The image file you selected is of this operating system
type.
Keep original image file: Select this check box for ImageExplorer to make a self-
extracting image file without affecting the original image file.
Note
If you clear this check box and the Make Self-extracting Image process fails, the
original image file may be damaged or corrupted, and you can no longer use the original
image file to create a self-extracting file.
Image file size: The size of the current selected image.
Remove existing self-extractor: Select this option to remove the .EXE code from a
self-extracting image. The image file returns to its original state with an .IMG file
extension.
Note
This option is available only if the image file has a self-extracting code.
DOS: This mode uses the RapiDeploy graphical user interface to display the image files
progress while it is running.
Windows: This mode uses the RapiDeploy graphical user interface to display the image
files progress while it is running.
Linux: This mode uses the RapiDeploy graphical user interface to display the image
files progress while it is running.
Deployment Solution 322

Processor architecture: These options are available only when you select the
corresponding self-extractor type.
UI mode: You can select GUI mode or Text mode.
To create a self-extracting image file
1. Click File, and select Make Self-Extracting Image.
2. Enter or browse to the location of the image file.
3. Clear Keep original image file if you want to make the original image file a self-
extracting image file.
4. Select Remove existing self-extractor type. See Field Definitions on page 321.
5. Click OK. The self-extracting file is created in the same directory as the original
image file. If the Not enough free space dialog appears, see Not Enough Free
Space on page 322.
Not Enough Free Space
This indicates that the image file you selected to make into a self-extracting file cannot
be created because there is not enough free disk space. The Not enough free space
dialog lets you select an alternate location to create the self-extracting file. Enter a
directory path or click Browse to navigate to a location with more disk space. Click OK.
ImageX Sample Scripts
These are sample scripts that let Deployment Solution run ImageX imaging jobs from
the Deployment Console. These sample scripts include documentation that helps you
specify the name and location of the .WIM files.
You can use ImageX to capture several different images into a single .WIM file. You can
open the sample job and specify the location of the .WIM file with the correct passwords
and network locations. You can run the job from the server, which launches the ImageX
utility and captures an image of the target computer.
Print Folder Contents
You can print a list of the files and sub-folders within an image file, a volume (partition),
or a folder. Depending on the options you select, you can print a report that includes the
constituent files and subfolders and includes fields with the modified date, time, size,
and other attributes for each file.
When printing the contents of an image file, volume, or folder, click OK to view a Print
Preview of the report file. See Print Preview on page 323.
Field Definitions
Title: Enter a title for the report page.
What to print
Just this folder: Select this option to print only the files in the selected image, volume,
or folder. This will not print the subfolders.
This folder and all sub-folders: Select this option to print the files in the image,
volume, or folder and all the subfolders and files.
Deployment Solution 323

Print < . > and < .. > entries: Select this option to print an entry in each folder
identified as < . > (a dot notation) and < .. >. Attributes and date/time properties will
be saved for this hidden folder in the image file.
Print Excluded items: Select this option to print the files previously marked as
Excluded.
Fields to Print
Include modified date / time: Select this option to print the date and time when the
file or folder is modified.
Include size: Select this option to print the size of the file.
Include attributes and flags: Select this option to print the system attributes (Read-
only, System, Hidden, System, and Compressed) and the flags (Added, Excluded,
Replaced).
Include file numbers: Select this option to print the file number associated with each
file.
See also: Print a File on page 323.
Print Preview
View an online display of the print report for image files, volumes, or folders. The name
of the report appears at the top of the page. A table is displayed with the details that
you selected in the Print Folder Contents dialog. See Print Folder Contents on
page 322.
Field Definitions
Lines: Displays the number of lines in the report.
Print: Click to print the report.
Save: Click to save the report to a text file.
Print a File
From the ImageExplorer interface, you can select and print an actual file using its
associated program. If your file is not associated with a program, you can associate it by
selecting from a provided list of installed programs on the computer. You can also
attempt a Quick Print to open the file using a standard program, such as Microsoft
Notepad.
Field Definitions
Quick print: Click this button to run a default program to open and print the selected
file. The default program is Microsoft Notepad. You can change the default program to
print files using the Print with program field in the Settings dialog. See Settings on
page 324.
See also: Print Folder Contents on page 322 and Open a File on page 316.
Set a Password on an Image File
Right-click an image file and select Properties. In the Flags section, select Has
Password. The Set Image Password dialog appears.
Deployment Solution 324

Field Definitions
Current password: Enter the current password.
New password: Enter the new password.
Confirm password: Enter the new password again to confirm.
Settings
Click View > Settings to set the preferences for ImageExplorer. The Settings dialog
appears, from which you can set options to confirm specific operations using message
boxes in the user interface, for displaying items or excluding items, or for selecting
default programs when using the Quick print or Quick open options. See Print a File
on page 323 and Open a File on page 316.
Action Confirmation Prompts
Open Read-only: Select this option to present a confirmation prompt to the user when
opening a file in a Read-only state. As a result, no changes are saved.
Example: If you open an image file created in RapiDeploy 4.5 or earlier, it is Read-only
and any operation performed cannot be saved. When you open this file, a confirmation
box appears, reminding you that the file cannot be saved.
File overwrite: Select this option to present a confirmation prompt to the user when
extracting a file from an image file and overwriting an existing file on a destination
drive.
File revert: Select this option to present a confirmation prompt when executing a File
revert operation, which returns the image file to its original file structure and content
after replacing files.
Paste and Drop: Select this option to present a confirmation prompt to the user when
dragging a file to a new folder in an image file, when using the copy and paste operation
to move files to another folder, or when using the Add New Files command. See Add
New Files on page 317.
Exclude: Select this option to present a confirmation prompt to the user when assigning
the Exclude option to a file (to not distribute the selected file as part of the image). This
message appears when you click the check box on the file or folder or when you select
the Exclude operation.
Folder overwrite: Select this option to present a confirmation prompt to the user when
extracting a folder from an image file and overwriting an existing folder on a destination
drive.
General Settings
Show Excluded items: Select this option to view the files marked as Excluded in the
image. You can see the files after you refresh the screen.
Show file numbers: Select this option to view the associated file numbers in the
image. In NTFS, the files are numbered automatically. In FAT, EXT2, EXT3, and other
file systems, the files are numbered by RapiDeploy when creating the image file.
Keep Help on top: Select this option to keep the help file open on top of the
ImageExplorer user interface. This lets you view the help with the program rather than
allowing it to be sent behind the ImageExplorer user interface.
Extract Excluded items: Select this option to extract the excluded files and folders
from the image file to a destination folder. This setting lets you include all files
Deployment Solution 325

previously marked as Excluded to be saved to an external destination folder when
running the Extract command.
Color Excluded items: Select this option to mark with red text the files and folders
excluded from the image. See Exclude on page 312.
Color Added items: Select this option to mark with blue text the files and folders
added to the image. See Add Files on page 312 and Add Folder on page 312.
Color Replaced items: Select this option to mark with magenta text the files and
folders replaced to the image. See Replace Files on page 315.
Default Programs to Open and Print Files
These settings are the default settings for the Quick Open and Quick Print options
that appear with the Open with and Open features. This option lets you associate files
to a common program, such as Microsoft Notepad.
Open with program: This option lets you set the default program to run with a
selected file. The default program is Microsoft Notepad. See Open a File on page 316.
Print with program: This option lets you set the default program to print a selected
file. The default program is Microsoft Notepad. See Find Files and Folders on page 319.
Split an Image
This feature lets you select an image file to split (rewrite) into a new image file based on
the segment size you select. While the Convert an Image feature changes the file
format of an image to the current format used by RapiDeploy, the Split Image feature
maintains the format of the original image but changes the size of its segments. See
Convert an Image on page 317.
Example: If you want to split a 2 GB image file so that it fits on CDs, you can select 650
MB or 700 MB as the new segment size. The result will be one image file with multiple
segments. You can copy the segments to CDs and use them to restore the image file at
client computers.
When splitting image files, be aware of the following:
If the old image is an old format image (IBMaster 4.5 or earlier), the image cannot
be split, but it is converted instead. If this occurs, a message appears, confirming if
you want to proceed. If you proceed, all the principles of Convert an Image apply.
If the old image has an image index (.IMX) file, a new image index file is created.
If an old image file is a self-extracting image, the embedded RapiDeploy code
remains, and the new image contains the same version of RapiDeploy as when it
was originally created. However, if the image is an old format image (IBMaster 4.5
or earlier), the image cannot be split, but is converted instead. If you proceed, the
self-extracting code is removed.
If an old image has a password, the new image file has the same password.
However, if the old image is an old format image (IBMaster 4.5 or earlier), the
image cannot be split, but it is converted instead. If you proceed, the password is
removed.
Field Definitions
Image File to Split: This option lets you enter or browse to the image file you want to
split.
Deployment Solution 326

Current segment size: By default, the segment size for RapiDeploy images is 2 GB.
Current segment count: By default, the number of segments in the image file is
displayed.
New Output Image File: This option lets you enter or browse to a folder and filename
for the image file you want to split.
New segment size (MB): This option lets you select a size for image segments from
the drop-down list. The list of options includes default sizes for CDs, zip drives, and
more. When a file segment reaches this limit, a new segment is created until the entire
image is split.
Estimated segment count: By default, this field displays the estimated number of
segments in the file you selected to split, based on the new segment size.
To split an image file
1. Click File, and select Split Image File.
2. In the Image File to Split field, click Browse to navigate to a folder, and select an
image file to split.
3. In the New Output Image File field, click Browse to navigate to a folder. Enter a
new filename for the image.
4. From the New segment size drop-down list, select a segment size.
5. Click OK.
Command-Line Switches
This feature lets you create Deployment Server Run Scripts or batch jobs to help you
manage images using command-line options. At the end of some switches, select
options are listed to indicate that the additional commands are allowed.
To access the online command-line options
1. From the Windows environment, select Start > Run.
2. In the Open field, enter the command CMD.
3. Enter C:\Program Files\Altiris\eXpress\Deployment Server\ (default
installation path).
4. Enter imgexpl /? to view the command-line switches page.
Command
line
Description
Parameters Image files to open or operate on (can be repeated), such as
w2k.img and xp.img.
Deployment Solution 327

Examples:
Open a W2k.img that requires the password develop.
Switches -register: Register file types in the Windows Registry.
-unregister: Unregister file types in the Windows Registry.
-add <src*> <dst>: Add a file or folder to an image. Accepts the
<-overwrite> option. You can use wildcards when entering the
source (src).
-extract <src> <dst>: Extract a file, folder, or volume from an
image. Accepts the <-overwrite> and <-size> options.
-convert <dst>: Convert an old format image to the current
image format used by RapiDeploy. Accepts the <-overwrite> and
<-size> options.
-split <dst>: Split an image into new size file segments. Accepts
<-overwrite> and <-size> options.
* Indicates wildcards can be used; accepted options are noted at
the end in ().
Options -lang <lang code>: *Specify the language code for the user
interface.
-silent: *Do not display confirmations or errors.
-password <pwd>: *Passwords for image files being opened.
-overwrite: When in silent mode, do not confirm actions.
-size <size in MB>: Size of the new image segments in MB.
* Indicates the options that can be used with any command.
Process exit
codes
0 Success.
-2 Internal error initializing application.
2 Command line syntax error.
4 Error registering or unregistering file types.
6 Operation cancelled by the user.
8 Attempted to write to a Read-only image.
10 Invalid password.
12 Error performing an operation.
14 The Image file was not found or an error occurred opening an
image.
16 The source was not found, or an error occurred opening the
source.
18 The destination was not found or an error occurred opening the
destination.
Command
line
Description
Deployment Solution 328

C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop
Open two image files that have different passwords, develop and sales.
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop f:\xp.img -password sales
Add all *.txt files in e:\to the temp folder of the volume in slot 1 of w2k.img.
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop -add e:\*.txt 1:\temp
Extract kernel.dll from the Windows folder of the volume sys in w2k.img to
e:\dump.
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop -extract sys:\windows\kernel.dll e:\dump)
Convert the old format image file, w2k.img, to the new image, new2k.img, in 650
MB segments.
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -convert
f:\new2k.img -size 650
Deployment Solution 329

Installing Deployment Server
Deployment Server is a flexible, scalable computer deployment and management
system that can be installed and configured on a single computer, or installed across
several computers to distribute processing for large enterprise environments. You can
run a Simple install to position all Deployment Server Components on a single
computer (most frequently used), or plan and perform a Custom install to distribute
installation of components across separate computers in the site. See Deployment
Server Components on page 329. The Deployment Web Console can be installed as part
of the Deployment Server installation on any computer running Microsoft IIS.
After installing Deployment Server components, you can remotely install Deployment
Agents on all types of computer resources across your organization: laptops and
handhelds, LAN and Web servers, network switches, and so on. Windows computers,
Linux computers, and handhelds can be managed as a unified environment, with each
client communicating through its own Deployment agent to update inventory data and
react to Deployment Server commands and deployment tasks.
Select one of the following methods for installing a Deployment Server system:
Simple Install for Deployment Server
Custom Install for Deployment Server
Thin Client Install for Deployment Server
Component Install for Deployment Server
To install Deployment Agents on the client computer, see Installing Deployment Solution
Agents on page 345.
Note
You can also install the Deployment Server components remotely from the Altiris
Console.
Deployment Server Components
The Deployment Server system includes the following components:
Deployment Console
Deployment Server
Deployment Database
Deployment Share
Altiris PXE Server
DHCP Server (not an Altiris product)
Deployment Web Console
Installing Deployment Solution Agents
Sysprep
Deployment Solution 330

You can install all these components on the same computer or distribute them across
multiple computers, depending on the environment.
Deployment Console
The Deployment Console is the Win32 user interface for Deployment Solution. You can
install this Windows console on computers across the network to view and manage
resources from different locations. In addition, from this console, you can access the
Deployment Database on other Deployment Server systems to manage sites across the
enterprise. See Deployment Database on page 331 and Connecting to Another
Deployment Server on page 93.
Deployment Console communicates with the Deployment Database and Deployment
Server services. In a Simple Install for Deployment Server, the Deployment Console is
installed on the same computer similar to all other components. In a Custom Install for
Deployment Server, you must ensure that a connection is available to these computers
and security rights are set. You must have administrative rights on any computer
running the Deployment Console. See Simple Install for Deployment Server on page 335
and Custom Install for Deployment Server on page 338.
See also: Deployment Web Console on page 333, Managing from the Deployment
Console on page 70, and Deployment Server Components on page 329.
Deployment Server
Deployment Server controls the flow of the work and information between the managed
computers and the other Deployment Server components (Deployment Console,
Deployment Database, and the Deployment Share). Managed computers connect and
communicate with the Deployment Server to register inventory and configuration
information and to run deployment and management tasks. The computer and
deployment data for each managed computer is stored in the Deployment Database.
Note
To view, start, or stop Deployment Server, go to the Altiris Server services in your
Windows Manager.
Managed computers require access to the Deployment Server at all times, requiring that
you have administrative rights on the computer running the Deployment Server.


Create a user account to run the Deployment Server. The service runs as
a logged-on user, not as a system account. You must create this account
on all Deployment Server computers. The account must have full rights
to the Deployment Share. The account must have a non-expiring
password. See Deployment Share on page 332.

Assign a static IP address to the Deployment Server computer. Other
components cannot connect to the Deployment Server if you use DHCP
and dynamically change the IP address.

To install the Deployment Server on a remote computer, the default
administration shares must be present. Restore any shares that have
been removed before you install the Deployment Server.
Deployment Solution 331

Note
It is easier to create an administrative account using the same name and password on
all computers than to use the existing name and password of each account.
Most packages (.RIP, Personality Packages, and .MSI files) pass through the
Deployment Server. Therefore, if you store these files on the Deployment Server, the
deployment of these packages is faster. Image files, however, are sent directly from the
Deployment Share to the client computer when you run an imaging task.
See also Deployment Server Components on page 329.
Deployment Database
You can install the Deployment Database on Microsoft SQL Server 2000 or Microsoft
Desktop Engine (MSDE) 2000. See Deployment Server System Requirements on
page 334.
Note
In Deployment Solution 6.0 and later, if you have already set up multiple instances of
the Microsoft SQL Server, you can identify a specific instance using this format:
<database instance>\express. Example: If you have a clustered Microsoft SQL Server
named SQLClusterSvr to manage multiple Deployment Solution systems on different
network segments, you can enter the name SQLClusterSvr\salesSegment or
SQLClusterSvr\marketingSegment during the Deployment Server setup, depending on
the previously established database instance. This feature is supported in the silent
install .INI file and the GUI install executable.
The database maintains the following information about the managed computers:
Hardware. RAM, asset tag, and serial numbers
General Information. Computer name and MAC address
Configuration. TCP/IP, Microsoft networking, and user information
Applications. The installed applications and information about these applications, such
as the name of the application, publisher, and product ID
Services. Installed Windows services
Devices. Installed Windows devices, such as network adapter, keyboard, and monitors
Location information. Contact name, phone, e-mail, department, mail stop, and site
The Deployment Server Database also contains jobs and other data used to manage
your computers.
Note
You can install a single Deployment Database in each Deployment Server systemyou
cannot have two databases storing data for a single computer. If the computer you are
installing the database on has an existing Microsoft SQL Server, the Deployment
Database is added to that instance of the database engine.
Support for Multiple Database Instances
In Deployment Solution 6.0 and later, you can identify a named instance of the Microsoft
SQL Server when installing Deployment Solution. You can now identify other named
Deployment Solution 332

instances of Microsoft SQL Servers instead of accessing only the default instance. This
feature lets you identify and run multiple databases from one clustered Microsoft SQL
Server to manage multiple sites or network segments. This feature is supported in the
silent install .INI file and the GUI install executable. See Custom Install for Deployment
Server on page 338. The 6.9 release of Deployment Solution also supports a different
name for the Deployment Database instead of the default name, eXpress.
See also Deployment Server Components on page 329.
Deployment Share
The Deployment Share is a file server or shared directory where Altiris program files and
packages are stored. The Deployment Share can be a shared directory (default Simple
install in Program Files\ Altiris\eXpress\Deployment Server) or another file server (in the
Custom install, you can assign a Microsoft Windows or Novell NetWare file server).
Deployment Share is where you store image files, registry files, .MSI packages,
Personality Packages, script files, and more. When you are deploying or managing a
computer, the Deployment Server stores and retrieves these packages from the
Deployment Share as needed.
Note
You can install only one Deployment Share for each Deployment Server system.
However, if the Deployment Share's hard drive gets full, other computers can be used as
additional backup storage points. In some cases, other systems emulating a Microsoft or
NetWare environment can be used as the Deployment Share.
Note for NetWare users: If you have a problem using the Novell NetWare server as a
Deployment Share, install the Novell Client instead of the Microsoft NetWare Client.
See also Deployment Server Components on page 329.
Altiris PXE Server
The PXE Server provides service to client computers on a subnet. When the Deployment
Server sends a deployment job, the client computer receives a request to boot to
automation and the PXE-enabled computers connect to the first PXE Server that they
discover, which communicates with the Deployment Server and the client computers.
You can install a PXE Server on a Microsoft Server 2003, Windows 2000 Server,
Advanced Server. The PXE Server also functions on the same protocols as a standard
DHCP Server, so you can place the PXE Server wherever you would place a DHCP

If you want to install Deployment Solution on a remote file server (not
the computer where you are running the install program), create a
share (or give Read/Write rights for NetWare) on the file server where
you want to install the Deployment Server. This share must allow access
to all other components, including managed computers and the user
account that runs the Deployment Server.
You must create this share before you begin installing. If you are
not installing on a remote computer, you can select the option to create
the share during the installation.
Deployment Solution 333

server. You can also install as many PXE Servers as required in your system, but you
must also install a DHCP Server.
The PXE Server sends a boot menu option list to the client when the computer performs
a PXE boot. The deployment job, which contains at least one automation task, uses the
default automation environment or the environment specified by a user who has the
permission to create a deployment job. Use the boot menu option to request the PXE
Server for the boot menu files and download the boot menu files from the PXE Server to
the client computers RAM storage. The client computer always boots according to the
request and reply communications taking place between the Deployment and PXE
Servers.
Altiris supports DOS, Linux, and Windows PreInstallation Environment (WinPE) as pre-
boot environments. These options let you create a single job, but may contain multiple
automation tasks. The default automation environment (the first pre-boot operating
system files installed during the Deployment Solution installation) is used for Initial
Deployment, unless you specify otherwise.
Using a PXE Server to boot client computers to automation saves you from having to
install an automation partition on each client computers hard disk, or from manually
starting computers using Altiris-supported bootable media. See Boot Disk Creator Help.
See also Pre-boot Operating System (Simple) on page 361, Install Automation Partition
on page 133, and PXE Configuration Utility Help.
DHCP Server
The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/
IP addresses to the client computers. This server is not an Altiris product, but is required
if you want to use the PXE Server.
We recommend that you use DHCP to manage the TCP/IP address in your network,
whether you use PXE or not. This greatly reduces the amount of time required to set up
and manage your computers.
See also Deployment Server Components on page 329.
Deployment Web Console
The Deployment Web Console remotely manages a Deployment Server installation from
a Web browser. It deploys and manages Windows and Linux computers (both client and
server editions) in real time with many of the features that are present in the
Deployment Console. See Deployment Console on page 330.
You can install the Deployment Web Console on any computer running the Microsoft IIS
Server, such as a computer running Deployment Server, Notification Server, or a
remote computer running only Microsoft IIS.
Note
If Microsoft IIS is running, the Deployment Web Console is installed automatically during
the Windows installation.
Note
The DS Installer does not detect the version of MDAC that is installed. The Deployment
Web Console requires MDAC version 2.71 or later to install. If the version of MDAC is
earlier than 2.71, the Web console displays a Target of Invocation error.
Deployment Solution 334

See also Deployment Console on page 330 and Deployment Server Components on
page 329.
Deployment Server System Requirements
The following are the system requirements for Deployment Server components and the
network environment.
Network
TCP/IP is used for communication between all Deployment Server components. If
you have a NetWare file server for your Deployment Share, IPX can also be used to
communicate with this component.
For Windows 2000 systems, you must set up Active Directory with the Permissions
compatible with pre-Windows 2000 option. If you select the Permissions
compatible only with Windows 2000 servers option, the Deployment Server
cannot manage domain accounts for you.
If you are using Windows 2000 only permissions, change them to the pre-2000
option from the Windows Start menu. Open a DOS prompt to add the group
Everyone by typing the following:
net l ocal gr oup Pr e- Wi ndows 2000 Compat i bl e Access Ever yone /
add
Restart all domain controllers for the change to take effect.
Deployment Server
RAM: 256 MB
Disk Space: 200 MB
Component Hardware Software
All components require Pentium III processors
Deployment
Server
RAM: 256 MB
Disk Space: 200 MB
Windows 2000 Server and
Advanced Server
Windows Server 2003 (SP1)
Deployment
Console
RAM: 128 MB
Disk Space: 3.5 MB
Windows 2000 Professional,
Server and Advanced Server
Windows XP Professional
Windows Server 2003 (SP1)
Altiris PXE
Server
Memory: 128 MB
Disk Space: 25 MB (for
boot files)
DHCP server (must be on the
network, but does not have to be
on the same computer as a PXE
Server)
Windows 2000 Server or Advanced
Server
Windows Server 2003 (SP1)
Deployment Solution 335

Deployment Agents
The Deployment Agent requirements are similar to the target operating system. The
Deployment Agent requires around 5 MB disk space.
See the following sections for additional information:
Installing the Deployment Agent on page 347
Installing Deployment Agent on Linux on page 351
Installing the Automation Agent on page 352
Managing Licenses on page 353
Simple Install for Deployment Server
The Simple Install option places all the Deployment Server Components Deployment
Server, Deployment Console, Deployment Share, and Deployment Database on the
same computer. (See Deployment Server Components on page 329.) You can install the
Deployment Server with a Microsoft Desktop Engine (MSDE) by using the Simple Install.
You can install the Deployment Web Console during a Simple Install (and during a silent
install) if the Microsoft IIS services and .NET frameworks are running on the selected
computer.
You can download the Altiris Deployment Solution from the Altiris product CD or from
www.altiris.com.
Deployment
Database
Memory: 128 MB
Disk Space: 55 MB (for
program files), plus space
for data.
(Microsoft SQL Server
TM
2000
(SP3) or MSDE 2000 (SP3)
Deployment
Share
(File server for
storage)
Memory: 128 MB
Disk Space: 100 MB for
Deployment Server program
files plus space for storing
files (image, boot, .RIP, and
so on)
Windows 2000 Server or Advanced
Server
Windows Server 2003 (SP1)
NetWare (File server only. Cannot
be used for any other
components).
Deployment
Web Console
Memory: 128 MB Windows 2000 Professional,
Server or Advanced Server
Windows XP Professional
Windows Server 2003 (SP1)
MS IIS 5.5
MDAC 2.71 or later.
Component Hardware Software
Deployment Solution 336

Note
Simple installation works only with a default Microsoft SQL 2000, SQL 2005, or MSDE
install.
To run a Simple Install
1. Start the server and log on using the administrator account you created for the
Deployment Server. See Deployment Server System Requirements on page 334.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Select the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application
immediately.
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
Click Extract Only to only extract the application and execute the application later.
You must run the axInstall.exe file to start the installation.
5. Select the Simple Install option from the installation types listed in the
Deployment Server Install Configuration dialog.
6. (Optional) Select the Include PXE Server option to install the PXE Server. (See
Altiris PXE Server on page 332.) Click Install.
7. Click Yes on the Software License Agreement page.
8. Enter the following information on the Deployment Share Information page:
a. In the File Server path field, enter or browse to the path to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.)
b. Select the Create Deployment Share option to create a Deployment Share on
the computer. The Deployment Share lets you store files on the computer and
run Deployment Server system applications. See Deployment Share on
page 332.
c. Select one of the following options to configure the licensing information:

AltirisDeploymentSolutionWin_(version) installs all Windows
components of Deployment Solution. Using the Simple Install
option, you can install MSDE 2000 on a local computer if a
database is not already installed.
Deployment Solution 337

If you do not have a license file, select the Free 7 day license option. The
installation continues and lets you use a free evaluation license file.
Select the Upgrade using existing license option to upgrade the
installation using an existing license.
Select the License File option and browse to locate a license file (.LIC file).
This is the activation key you receive when you register your Altiris software.
See the Altiris Getting Started Guide for further licensing information.
Note
You do not need to apply a license key to activate the HP Thin Client t5000
Series. This managed client computer automatically receives a non-expiring
license when connected to the console.
d. You must enter an administrator user name and password for the Deployment
Server. This account must already exist on the Deployment Share and the
Deployment Server. By default, the name you are currently logged on as
appears. If you use a domain account, enter the domain and the user name
(Example: Domain1\administrator). See Deployment Server on page 330.
Note:
If a previous installation of the Deployment Database is detected, an axinstall
prompt appears, asking whether you want to preserve or overwrite the existing
database. Click Yes to preserve the data in your Deployment Database.
Click Next. The Pre-boot Operating System page appears.
9. Select a default pre-boot operating system from any one of the options, such as
FreeDos, MS-DOS, Linux, WinPE, or None. Browse to locate the FIRM file (for
FreeDos and Linux operating systems) or the operating system files (for MS-DOS
and WinPE). Click Next. The Installation Information page appears, displaying
the components that you selected to install.
10. Click Install to install the listed components, or click Back to modify the settings
before starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears after the
installation completes.
Note
If you are upgrading your installation, the message Do you want to replace the
share? appears. Click Yes and continue. If you click No, a message appears,
stating that the share is already in use and you need to manually set the share to
point to the correct directory. Click OK.
11. (Optional) You can select one of the following options to install agents.
Enable Microsoft Sysprep Support. Select this option to enable Microsoft
Sysprep support and click Next. You must specify the location of the Microsoft
Sysprep files.
Remotely install Deployment Agent (Windows 2000 or later only).
Select this option if you want to push the Deployment Agent to computers
running Windows 2000, XP, Windows Server 2003 and 2008, and Vista
operating systems.
Install add-ons to provision server hardware. Select this option to install
the add-ons for Dell computers.
Deployment Solution 338

Note
This option is enabled on Dell computers only when add-ons are present in the
oeminstall-addons section of the oeminstall.ini file, which is located in the
eXpress directory.
12. Click Finish.
You have successfully completed a Simple Install for a Deployment Server system. Click
the Deployment Console icon on your desktop to view all the computer resources
running Deployment Agents configured for your Deployment Server.
Note
Antivirus applications can delete service .EXE files or can disable services.
Example: When you run the Deployment Server Win32 Console, the Unable to connect
to the Altiris Deployment Server DS Management Server. Please ensure this service is
started and running currently. error appears. This occurs because the service files are
deleted by the antivirus application during scanning. To resolve this issue, disable the
antivirus software and reinstall the Deployment Server.
See Custom Install for Deployment Server on page 338.
Custom Install for Deployment Server
The Custom Install option lets you distribute all the Deployment Server Components
Deployment Server, Deployment Console, Deployment Share, and Deployment
Database on different computers. (See Deployment Server Components on
page 329.) You can install Deployment Server with a Microsoft Data Engine (MSDE) or
install it on an existing SQL Server.
You can download the Altiris Deployment Solution either from the Altiris product CD or
from www.altiris.com.
To run a Custom Install
1. Start the server and log on as the administrator account you created for the
Deployment Server. See Deployment Server System Requirements on page 334.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Click the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application
immediately.

AltirisDeploymentSolutionWin_(version) installs all Windows
components of Deployment Solution. Select the Custom install
option to add new components or to install Deployment Solution
on an existing database.
Deployment Solution 339

The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
(Optional) Click Extract Only to only extract the application and execute the
application later. You must run the axInstall.exe file to start the installation.
5. Select the Custom Install option from the installation types listed in the
Deployment Server Install Configuration dialog if any of the following
conditions exist:
You are using the NetWare file server as a Deployment Share.
You are managing many computers and require a distributed architecture to
meet bandwidth restrictions and other design requirements.
6. Click Install. Click Yes on the Software License Agreement page.
7. Enter the following information on the Deployment Share Information page:
a. In the File Server path field, enter or browse to the path to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.)
b. Select the Create Deployment Share option to create a Deployment Share on
the computer. The Deployment Share lets you store files on the computer and
run Deployment Server system applications. The Deployment Share can exist
on a Microsoft Windows server or Novell NetWare server.
Note
You can only create the share if it is on a Microsoft Windows Server; the Novell
share should already be set up. See Deployment Share on page 332.
c. Select one of the following options to configure the licensing information:
If you do not have a license file, select the Free 7 day license option. The
installation continues and lets you use a free evaluation license file.
Select the Upgrade using existing license option to upgrade the
installation using an existing license.
Select the License File option and browse to locate a license file (.LIC file).
This is the activation key you receive when you register your Altiris software.
See the Altiris Getting Started Guide for further licensing information. Click
Next.
Note
You do not need to apply a license key to activate the HP Thin Client t5000
Series. This managed client computer automatically receives a non-expiring
license when connected to the console.
8. Enter the following information on the Deployment Server Information page:
a. Select the computer where you want to install the Deployment Server. You can
install the Deployment Server on the local computer or on a remote computer.
The IP address and the port information for the selected computer are displayed
by default.
Deployment Solution 340

b. Enter the path where you want to install the Deployment Server.
c. You must enter an administrator user name and password for the Deployment
Server. This account must already exist on the Deployment Share and the
Deployment Server. By default, the name you are currently logged on as
appears. If you use a domain account, enter the domain and the user name
(Example: Domain1\administrator). (See Deployment Server on page 330.)
Click Next.
9. Enter the Deployment Database information and click Next.
Specify the Microsoft SQL Server Instance where you want to install the
database. See Deployment Database on page 331.
Note
If you have already set up multiple instances of the Microsoft SQL Server, you
can identify a specific database instance in this field using the format: <SQL
Server Name>\<database instance>.
Depending upon the selection of the SQL Server instance, the default port at
which the selected instance is listening appears in the SQL Port Number field.
You can edit the port number if you have manually entered the SQL Server
name or if the port number does not appear automatically due to some firewall
restriction.
You can enter a name other than eXpress in the Database Name field.
10. Select the type of Deployment Database authentication to be used. You must enter
the user name and password if you want to use SQL Server authentication.
Note
You cannot use the remote SQL database with NT authentication on a remote
computer if you do not have administrative rights on the computer.
Click Next. The Pre-boot Operating Systems page appears.
Note:
If a previous installation of the Deployment Database is detected, an axinstall
prompt appears, asking whether you want to preserve or overwrite the existing
database. Click Yes to preserve the data in your Deployment Database.
11. Select a default pre-boot operating system from any one of the options, such as
FreeDos, MS-DOS, Linux, or WinPE. Browse to locate the FIRM file (for FreeDos and
Linux operating systems) or enter the path for the operating system files (for MS-
DOS and WinPE). Click Next.
Note
If you are using a free evaluation license, you cannot use the WinPE Add-On
Packages.
12. Enter the PXE Server information. (See Altiris PXE Server on page 332.) Select the
pre-boot operating system to use as the default PXE boot menu item. You can select
DOS, Linux, or WinPE. If you want to use the previously installed pre-boot operating
system, select the Keep current default option. Click Next.
13. Specify how you want to connect your managed computer to the Deployment
Server by selecting one of the following options.
Deployment Solution 341

Select the Connect directly to Deployment Server option and enter the
Deployment Server IP address and port.
Select the Discover Deployment Server using TCP/IP multicast option and
provide the Server name.
Note
If you leave the Server name field blank, the Deployment Agent connects to
the first Deployment Server that responds. Click Next.
14. Enter the Deployment Console information. You can install the Deployment Console
on the local computer or on a remote computer. Click Next.
15. Enter the Deployment Web Console information. You can install the Deployment
Web Console on the local computer or on a remote computer. This computer must
be running Microsoft IIS .NET framework. Specify the path where you want to install
the Deployment Web Console and also valid user credentials. Click Next. See
Deployment Web Console Information on page 364.
Note
This option is disabled if Microsoft IIS is not detected.
The Installation Information page appears, displaying the components that you
selected to install.
16. Click Install to install the listed components or click Back to modify the settings
before starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears after the
installation completes.
Note
If you are upgrading your installation, the message Do you want to replace the
share? appears. Click Yes and continue. If you click No, a message appears stating
that the share is already in use and you must manually set the share to point to the
correct directory. Click OK.
17. (Optional) You can select one of the following options to install agents on the
managed computers.
Enable Microsoft Sysprep Support. Select this option to enable Microsoft
Sysprep support and click Next. You must specify the location of the Microsoft
Sysprep files.
Remotely Install Deployment Agent (Windows 2000 or later only).
Select this option if you want to push the Deployment Agent to Windows
computers directly after the installation. This can be done any time by selecting
Tools > Remote Agent Installer.
Install add-ons to provision server hardware. Select this option to install
OEM add-ons for servers.
Note
This option is enabled only when add-ons are present in the oeminstall-addons
section of the oeminstall.ini file, which is located in the eXpress directory.
18. Click Finish.
Deployment Solution 342

You have successfully completed a Custom Install for a Deployment Server system.
Click the Deployment Console icon on your desktop to view all the computer resources
running Deployment Agents configured for your Deployment Server.
See Simple Install for Deployment Server on page 335.
Thin Client Install for Deployment Server
The Thin Client Install option lets you install the Thin Client view of the Deployment
Console on your computer. You can install Deployment Server with a Microsoft Data
Engine (MSDE) or install it on an existing SQL Server. You need not provide a license file
for the Thin Client installation.
To run a Thin Client Install
1. Start the server and log on using the administrator account you created for the
Deployment Server. See Deployment Server System Requirements on page 334.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Select the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application
immediately.
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
Click Extract Only to only extract the application and execute the application later.
You must run the axInstall.exe file to start the installation.
5. Select the Thin Client Install option from the installation types listed in the
Deployment Server Install Configuration dialog.
6. (Optional) Select the Include PXE Server option to install the PXE Server. (See
Altiris PXE Server on page 332.) Click Install.
7. Click Yes on the Software License Agreement page.
8. Enter the following information on the Deployment Share Information page:
a. In the File Server path field, enter or browse to the path to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.
b. Select the Create Deployment Share option to create a Deployment Share on
the computer. The Deployment Share lets you store files on the computer and
run Deployment Server system applications. See Deployment Share on
page 332.
c. You must enter an administrator user name and password for the Deployment
Server system. This account must already exist on the Deployment Share and
Deployment Solution 343

the Deployment Server. By default, the name you are currently logged on as
appears. If you use a domain account, enter the domain and the user name
(Example: Domain1\administrator). See Deployment Server on page 330.
If a previous installation of the Deployment Database is detected, an axinstall
prompt appears, asking whether you want to preserve or overwrite the existing
database. Click Yes to preserve the data in your Deployment Database.
Click Next. The Pre-boot Operating System page appears.
9. Select a default pre-boot operating system from any one of the options, such as
FreeDos, MS-DOS, Linux, WinPE, or None. Browse to locate the FIRM file (for
FreeDos and Linux operating systems) or enter the path for the operating system
files (for MS-DOS and WinPE). Click Next. The Installation Information page
appears, displaying the components that you selected to install.
10. Click Install to install the listed components, or click Back to modify the settings
before starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears after the
installation completes.
Note
If you are upgrading your installation, the message Do you want to replace the
share? appears. Click Yes and continue. If you click No, a message appears,
stating that the share is already in use and you must manually set the share to point
to the correct directory. Click OK.
11. (Optional) You can select one of the following options to install agents.
Enable Microsoft Sysprep Support. Select this option to enable Microsoft
Sysprep support and click Next. You must specify the location of the Microsoft
Sysprep files.
Remotely install Deployment Agent (Windows 2000 or later only).
Select this option if you want to push the Deployment Agent to computers
running Windows 2000, XP, Windows Server 2003 and 2008, and Vista
operating systems.
Install add-ons to provision server hardware. Select this option to install
OEM add-ons for servers.
Note
This option is enabled only when add-ons are present in the oeminstall-addons
section of the oeminstall.ini file, which is located in the eXpress directory.
12. Click Finish.
You have successfully completed a Thin Client install for a Deployment Server system.
Click the Deployment Console icon on your desktop to view all the computer resources
running Deployment Agents configured for your Deployment Server.
Note
Antivirus applications can delete service .EXE files or can disable services.
Example: When you run the Deployment Server Win32 Console, the Unable to connect
to the Altiris Deployment Server DS Management Server. Please ensure this service is
started and running currently. error appears. This occurs because the service files are
Deployment Solution 344

deleted by the antivirus application during scanning. To resolve this issue, disable the
antivirus software and reinstall the Deployment Server.
Component Install for Deployment Server
The Component Install option lets you add selected Deployment Server Components
Deployment Console, Deployment Web Console, PXE Server, and Deployment Agents
to the existing Deployment Share. You can also add Microsoft Sysprep files. See
Deployment Server Components on page 329.
To run a Component install
1. Start the server and log on using the administrator account you created for the
Deployment Server. See Deployment Server System Requirements on page 334.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Select the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application
immediately.
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
(Optional) Click Extract Only to only extract the application and execute the
application later. You must run the axInstall.exe file to start the installation.
5. Select the Component Install option from the installation types listed in the
Deployment Server Install Configuration dialog and click Install.
6. Click Yes on the Software License Agreement page.
7. Enter a path for the Deployment Share and click Next.
8. Select the components you want to install and click Next.
Install an additional Deployment Console. Select this option to install
another Deployment Console (a Windows executable) on another computer.
You can add as many Deployment Consoles as required to manage from
multiple consoles across your system, but you can install only one at a time.
The Deployment Console Information dialog appears.
Install an additional Deployment Web Console. Select this option to install
an additional Deployment Web Console on the local computer. You can install
the Web console only on computers running Windows 2000 or later and
Microsoft IIS. See Deployment Web Console Information on page 364. The
Deployment Web Console Information dialog appears.
Deployment Solution 345

Install an additional Altiris PXE Server. Select this option to add additional
PXE Servers across a network segment to handle boot requests for large
environments. The PXE Server Information dialog appears.
Master PXE Server. When you add another PXE Server, the PXE Server that
you initially installed is designated as the Master PXE Server. The Master PXE
Server works concurrently with any additional PXE Server to handle boot
requests across the network segment, but it also allocates additional blocks of
IP addresses to other PXE Servers in the system.
For all the available options for installing PXE Server, see Altiris PXE Server
Install on page 363.
Install additional Deployment Agents. Select this option to install additional
Deployment Agents on client computers, setting up managed computers in the
Deployment Server system. The Remote Agent Install dialog appears. Enter
common administrator credentials for all client computers. See Enter
administrator account information on page 347.
Add Microsoft Sysprep files. Select this option to install the Microsoft
Sysprep files, if you did not install them earlier. The Sysprep dialog appears.
See Sysprep on page 364.
9. Select the computer where you want to install the selected components and click
Next. The Installation Information page appears.
Note
If you select the On a remote computer option, you must browse and select the
remote computer.
10. Click Install to install the listed components or click Back to modify settings before
starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears, specifying that
the installation was successful.
11. Select the Install add-ons to provision server hardware option to install the
add-ons for Dell computers. Click Finish.
Note
This option is enabled on Dell computers only when add-ons are present in the
oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress
directory. This is the only option available on the Installation Information
Summary page when you select Component Install.
You have successfully completed a Component Install for a Deployment Server
system. Click the Deployment Console icon on your desktop to view all the
computer resources running Deployment Agents configured for your Deployment
Server.
Installing Deployment Solution Agents
Each client computer requires the Deployment Agent to run as the Production Agent on
a local hard disk, which communicates with the Deployment Server and registers in the
Deployment Database. For Windows and Linux client computers, Deployment Solution
lets you push agent software to a client computer from a Deployment Console, or you
can pull the Deployment agent to the client computer from the Deployment Web
Console (or pull it from the Deployment Share).
Deployment Solution 346

You can install an embedded (recommended) or hidden automation partition, which
contains an Automation Agent that establishes communications with the Deployment
Server to run the deployment jobs that are assigned to the client computer. See Install
Automation Partition on page 133. You can also easily install the Deployment Agents for
handhelds from the console using prebuilt jobs.
Deployment Agent. Install a Production Agent to a Windows desktop, notebook, or
server computer. You can also install this agent on any supported Linux workstation
or server. See Installing the Deployment Agent on page 347.
Deployment Agent on Linux. Install on any supported Linux workstation or
server. See Installing Deployment Agent on Linux on page 351.
Automation Agent. Install on any Windows desktop, notebook, or server
computer. See Installing the Automation Agent on page 352.
Installing Deployment Agent for Pocket PC. Install on handheld computers
running the Pocket PC operating system. See Managing Licenses on page 353.
Deployment Agent on XP, 2003, Vista (Business) and 2008 Server. Install
the Deployment Agent on the selected Windows XP, Server 2003, Vista (Business),
and Server 2008 computers.
Client Connectivity and Network Adapters
Altiris supports all standard network adapter cards and includes many drivers with the
installation of Deployment Solution. However, sometimes outdated drivers (including
default drivers that come with the hardware) cause problems when clients are in
automation mode. To avoid these problems, you should check the manufacturers Web
site for your network adapter to ensure you use their latest driver in your pre-boot
operating system configuration file.
Some common client problems that can be solved by updating drivers are:
Locking when loading drivers or failing to connect to the server
Locking when imaging (downloading, uploading, or multicasting)
Microsoft Client Drivers
The Boot Disk Creator is set up to work with drivers that follow a certain standard.
Because not all NIC drivers follow that standard, you may have to move the files to a
different location. Ensure that the following files are in the same directory:
The DOS driver for your card (drivername.dos)
The sample protocol.ini that comes with your driver (protocol.ini)
The OEM setup file that specifies the DOS driver (oemsetup.inf )
Example: The OEM setup file may contain lines similar to the following:
[ net car d]
NGRPCI =NETGEAR FA310TX Fast Et her net PCI
Adapt er , 0, ndi s, et her net , r eal , NGRPCI , NGRPCI _NI F
[ NGRPCI ] ( Thi s header must be t he si xt h i t eml i st ed i n t he l i ne
above)
Devi ce=NGRPCI . DOS ( I f t hi s l i ne i s mi ssi ng, add i t . The synt ax i s
devi ce=dr i ver name. )
Deployment Solution 347

If there is no protocol.ini file, create a text file that contains the following command:
Dr i ver Name=dr i ver name
Novell Client Drivers
The Boot Disk Creator performs the following functions:
Searches all subdirectories for a directory that contains *.ins, *.com, and net.cfg
files. (These files must be in the same directory.) The .INS file is opened to get
information about the network card.
Searches the file for a line starting with a carat (^). This line must have at least two
values listed, separated by a comma. The two values needed are the description of
the card (value1) and the .com driver file name (value2).
Installing the Deployment Agent
For client computers running a Windows operating system, Deployment Solution lets
you install agent software using the Remote Agent Installer to push the agent to a
client computer from a Deployment Console. (See Remote Agent Installer on page 347.)
Or, you can pull the Deployment agent to the client computer by accessing the
Windows share or downloading the install package from the Deployment Web Console.
You must have administrative rights to the client computers and File and Print Sharing
must be enabled to install the agent software.
Remote Agent Installer
Windows XP
To install, each XP computer must have:
An Administrator account with a password. This account must be able to browse
\ \ host name\ admi n$ on the selected computer.
Disabled simple file sharing. This option can be disabled in Windows Explorer by
selecting Tools > Folder Options > View tab and clearing the Use simple file
sharing check box in the Advanced settings section.
File and printer sharing must be enabled in the Windows Firewall.
Windows 2003, Vista, and 2008 Servers
You must disable the Firewall and UAC options from the Control Panel to install the agent
successfully on Vista and 2008 Server.
Enter administrator account information
Enter common administrator credentials for all client computers, or keep the default
credentials to be prompted for each client computer.

Click Remote Agent Installer on the Deployment Console toolbar, or
click Tool > Remote Agent Installer to open the utility program. You
can also download aclient.exe from the network share or Deployment
Web Console to install a Deployment agent.
Deployment Solution 348

Let me specify a username and password for each machine as its installed.
Prompts for an administrative user name password for each computer in the remote
install list. This is the default option.
Use this username and password for all clients. Enter credentials for an
administrator account that has rights to all the client computers that you add to the
remote install list.
Specify install directory
Enter a location to install the Deployment Agent.
Install directory. Enter the path to install the Deployment Agent on the client
computer.
Enable this agent to use SIDgen and/or Microsoft Sysprep. If you plan to use
SIDgen or Sysprep to configure this computer the required files can be copied when the
agent is installed.
Click Change Settings to set the Deployment Agent settings. For more information, see
Deployment Agent Settings on page 110.
Automatically Add to a Group
You can select one of the following options to automatically add new computers to the
group that you specify.
Add client(s) to default group. Adds new computers to the All Computers group.
Add client(s) to a specific group. Adds new computers to another group. Use back
slashes to separate subgroups.
Select Computers on the Network
Identify client computers on the network and add them to a list of computers to
remotely install the Deployment Agent.
Add. Select the computers by the name in the list, or enter a computer name or IP
address.
Computer Name. Enter the name of a computer on the network or its IP address.
Properties. Select a computer and view the agent install settings. You can also change
SID and Agent settings from the Agent Properties dialog.
Import. Import new computers from a file.
This file has the following parameters: - c: [ comput er ] u: [ user name]
p: [ passwor d] i : [ i nput f i l e] . The parameters must be entered in this order.
The password parameter is not required if the administrator account does not have one
assigned. If you are using the default settings, you do not need to specify an input
filename. Each computer entry must be on a separate line.
Export. You can export the listed computers into an export file to use later. The default
extension is *.RCI. Remote Agent Installer first looks for an RCI file extension, but any
DOS text file can be used.
When the computers appear in the installer list and the properties are set, click Finish.
The status of the agent install appears.
Deployment Solution 349

After the Deployment Agent is installed, it automatically connects to the Deployment
Server and appears in the Computers pane of the Deployment Console.
Download Microsoft Sysprep
If you select Enable this agent to use SIDgen and/or Microsoft Sysprep on the
previous dialog, the Remote Agent Installer dialog locates the required installation
files for the specific versions of Sysprep.
Update file system permissions when changing SIDs. Select this option to
automatically update file system permissions to maintain the individual file permissions
that you may have set. This also includes the individual network shares that may exist
on this client. On selecting this option, SID conversion takes a long time.
Note
SIDgen is no longer supported and should not be used. Altiris recommends using
Microsoft Sysprep in situations where SID replacement is required.
Change Settings
Click Change Settings to modify access, security and other settings on the Deployment
Agent to be installed. See Deployment Agent Settings on page 110.
Get Server Security Key
This page appears only if you select the Enable key-based authentication to
Deployment Server option in the Default Agent Settings dialog.
Enter the security key file path for the Deployment Server or browse and select a file
containing the security key file path.
Installing Deployment Agent for Windows
Run AClient.exe from the Deployment Share (shared folder) or download the installation
file from the Deployment Web Console.
1. On the Altiris Client Service dialog, enter a location to install the Deployment
agent. Select one of these options, if required, and click Next:
Secure modification of server properties. Select to prohibit users from
changing any agent settings.
Enable changing of Security ID. Select to manage the security IDs to run a
SID utility as part of an imaging job.

To install Microsoft Sysprep, you must download the installation files
required for the Windows operating systems running on the client
computer.
Windows 2000/XP/2003 (deploy.cab)
We recommend installing these files from a Windows 2003 server CD.
Windows Vista and 2008 Server include sysprep files by default.
Deployment Solution 350

Advanced. Click to open the Computer Configuration Properties dialog and
enter the settings for the Deployment agent you are installing. See Computer
Configuration Properties on page 101.
2. If you have enabled the security IDs, a page listing the options for managing the
SIDs appears. Select the utilities you want to use and enter the path where the
utilities are stored. Click Next to install the Deployment Agent.
3. (Optional) Select a group in the Deployment Console to add the client to. You can
also leave it at the default group.
After the Deployment Agent is installed, it connects to the Deployment Server and
appears in the Computers pane of the Deployment Console.
See Installing Deployment Solution Agents on page 345.
Automating the Installation of Deployment Agent
If you do not select Remote Agent Installer to install the Deployment Agent, install the
Deployment Agent using log-on scripts or batch flies. However, this requires that you
manually complete the installation at each client computer. Instead, you can use a
template file to set applicable options and properties.
The template file is a text file that can be used to automate configuration of the
properties when installing the Deployment Agent from a batch file, login script, or
manually from a client computer.
The template file can be created using two methods: editing the sample.inp file or using
Remote Agent Installer.
Editing the Sample.inp file
Deployment Solution ships with a sample template file named sample.inp, which
contains the commands to configure installation options and properties. This file is
located in Program Files\Altiris\eXpress\Deployment Server.
Most of the parameters are disabled in this file. To enable an option, remove the
semicolon. Example: To specify an IP address and port number for the client to locate
the Deployment Server, remove the semicolon from the TcpAddr and TcpPort lines and
change the address and port number to the correct values.
Using Remote Agent Installer
You can create a template file when running Remote Agent Installer. After modifying
agent properties and adding computers to the Selecting Clients window, click Export
to create a template file to import computers (*.rci) as well as the template file (*.inp).
Example: If you have computers named PC-1 and PC-2 listed in the Selecting Clients
window and you export these computers using the file name Export.rci, the following
two template files are created:
Export_PC-1.inp
Export_PC-2.inp
Using the Template File
To use the template file you create, run the AClient.exe installation program specifying
the template file and using the -install switch. Example:
Deployment Solution 351

\\FX1\eXpress\AClient.exe aclient.inp -install
The following command-line options are available:
Installing Deployment Agent on Linux
You can install the Deployment Agent on any supported Linux workstation or server by
downloading and running the Deployment Agent for Linux installation file (a .BIN file) on
the client computer. The Deployment Agent is updated automatically on Linux
computers when you upgrade to a new version of Deployment Solution. The creation
date of the Deployment Agent is checked and updated when a new agent is available.
Installing the Deployment Agent for Linux
1. After downloading the .BIN file to a local directory, you can install from the
command line.
Browse to the directory where you saved the .BIN file, switch to the root user
(su) and change the directory to the location of the .BIN file by entering
( cd < di r ect or y>)
After changing the directory, you must have the permission to execute the .BIN
file; to obtain the permission, enter
chmod 544 <filename>
Enter: . / <file name>
The Deployment Agent for Linux is installed in the / opt / al t i r i s/
depl oyment / adl agent directory.
2. To change the adlagent configuration file settings, update the adl agent . conf file.
This file is located in the / opt / al t i r i s/ depl oyment / adl agent / conf directory.
You can also change the adlagent configuration file settings by executing the
conf i gur e script from the / opt / al t i r i s/ depl oyment / adl agent / bi n
directory.
To edit the configure file directly, open the adl agent . conf file located in the
/ opt / al t i r i s/ depl oyment / adl agent / conf directory and make the
required changes.
You can also edit the configuration file to change the functionality or properties.
Example: You can open the adl agent . conf file in an editor and scroll to the
Option Definition
-install AClient.exe runs and installs the Deployment Agent on the
computer instead of just running it in memory.
-remove Permanently removes the Deployment Agent from the computer
where it is installed.
-silent Lets you use the options without being prompted for further
input.
-stop Stops the Deployment Agent from running, but does not remove
it. The next time the computer is booted, the Deployment Agent
runs in production mode.
-start Starts the Deployment Agent. This option works only when
Deployment Agent is installed on the computer.
Deployment Solution 352

[ Tr anspor t ] section and the UseMcast line. Change UseMcast =t r ue to
UseMcast =f al se. In the TCPAddr =<I P addr ess>line, enter the IP address
of the specific Deployment Server you want to manage the client computer. You
can also identify and edit additional configuration settings in the configuration
file.
To run the script to change the settings for the adl agent configuration file,
browse to the / opt / al t i r i s/ depl oyment / adl agent / bi n directory from
the shell and enter
. / conf i gur e
You are prompted to select Multicast options to identify a Deployment Server to
manage the current client computer, or you can select a specific Deployment
Server by setting the Multicast option to false and adding the IP address of the
required Deployment Server.
3. After editing the configuration file, restart the Deployment Agent for Linux.
To start and stop the Deployment Agent for Linux, enter the full path or browse to
the / et c/ r c. d/ i ni t . d directory (with administrator/root rights). You can use
either the adl agent st op and adl agent st ar t commands, or only the
adl agent r est ar t command. You can also use the Package Manager installed
with Linux to restart the Deployment Agent for Linux.
By stopping and starting the Deployment Agent for Linux, the service updates the
changes made in the adl agent configuration file.
You can now view the Linux managed computer from a Deployment Console.
See Installing Deployment Solution Agents on page 345.
Installing the Automation Agent
After Deployment Server has detected a managed computer through the Deployment
Agent in a production environment, you can install an Automation Partition from the
Computers pane.
Here are some other ways to create and install an Automation Agent, which is saved in
an embedded (recommended) or hidden partition on the client computers hard disk.
For Deployment Solution systems running the PXE Server, create boot menu options
from the PXE Configuration Utility, using one of the following methods: Boot Disk
Creator, Direct from floppy, or User Specified. See PXE Configuration Utility
Help.
To install an Automation Partition you can create a Microsoft Install Package (MSI)
and deploy it using a job from the console. (See Distributing Software on page 172.)
You can also create floppy disks, bootable CDs with an ISO image, or bootable USB
devices. See Boot Disk Creator Help.
To install an Automation Partition
See Install Automation Partition on page 133.
Deployment Solution 353

Managing Licenses
From the Deployment Console, you can find the number of licenses used, detect an
expired license, or apply a license to a client computer. Although you can install multiple
Deployment Servers, licensing is based on the number of managed client computers.
The Deployment Server system also provides the license utility to install or update
regular licenses, or to add licenses to computers installed with Deployment Solution.
This utility shows the license status, installs a new license, and adds additional licenses.
Licensing Terms
See also: Using the License Utility on page 353, Adding a License from the Deployment
Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the
Number of Licenses Used on page 356, Computers Not Using a Regular License on
page 357, Detecting an Expired License on page 357, and Expired Licenses on
page 358.
Using the License Utility
The Deployment Server system provides a license utility to update or add licenses to
installed sites, which lets you apply the license activation key file (.lic file) after Altiris
products are installed. This utility is installed on the Deployment Share during the
Deployment Server installation.
Term Description
AUP - Annual Upgrade
Protection
Altiris Annual Upgrade Protection or AUP lets registered
Altiris software users upgrade to any version of the
registered product that is released during the coverage
period without paying an upgrade charge. Regular
production licenses never have a license expiration
date, but always have an AUP date. As long as this date
does not expire, you can use the license to register any
version of Deployment Server.
Licensed Nodes The total number of client and server computers that a
Deployment Server is licensed for. Each client computer
that has an agent, and that communicates actively with
the Deployment Server, uses a single license node.
You can view this information on the About
Deployment Console box. This information appears in
the License Details section when you apply a license
using the Product Licensing Utility.
DS and PCT These are common abbreviations for Deployment
Server and PC Transplant. Both these products are
licensed with the same licensing model, and often a
single license applies to both products at once, although
some licenses apply only to PC Transplant.
Expired License All regular licenses (that are purchased) never expire.
However, evaluation licenses do have an expiration
date. After the expiry date, the trial or evaluation
licenses do not function, and need to be replaced with a
regular license.
Deployment Solution 354

When you open the License Utility, the Altiris Activation Key Wizard appears. On the
Select Altiris Program Files to Activate page, you can select the Replace all
existing license Activation Keys with this new Activation Key check box, which
overwrites the current Activation Key with the one you are installing.
You can use the License Utility to view the license status, install a specific product,
install new or updated licenses for installed software, and additional licenses for installed
software.
To view license status
1. Open the License Utility.
2. Enter the directory path to the new .LIC file.
3. Click Next.
A summary page displays the activation key information.
4. Click Cancel.
Install a Regular License for Altiris Products
When a product is installed from the Altiris CD or the Altiris Web site, a 7-day trial
license is automatically applied. However, you can apply a 30-day evaluation license or
a purchased regular license to installed products that use a license activation key file
(.LIC).
Note
Save the license activation key file, because you will need it when future product
updates are released. After you receive the key, store it in a safe place (such as a floppy
disk) for future reference. You can store multiple license activation key files in individual
folders on a single disk. You can also store multiple license activation key files in the
same folder, but the file names must be different.
To apply a regular license file
1. Open the License Utility.
2. Enter the directory path to the new .LIC file and click Next.
The Altiris Activation Key Wizard displays the activation key information.
3. Click Next.
A list displays the Altiris products that are installed on the Deployment Server. Each
program file uses license activation key files.

To open the Altiris License Utility
Option 1:
Click Start > Programs > Altiris > Deployment Solution
> Product Licensing Utility.
Option 2:
1. Browse to the location where you installed the Deployment
Share.
2. Run license.exe.
Deployment Solution 355

4. Select the products that you want to license.
Use the Shift key to select multiple products.
Click Add and browse to add another Altiris product. Select the program
filename and click Open.
Select the products that you do not want to apply a license to and click
Remove.
5. Click Finish to apply the license to the selected products.
See Installing Deployment Solution Agents on page 345.
HP client computers and licensing
HP client computers automatically connect to the Deployment Server with a 30-day trial
license. In the Deployment Console, HP client computers display a clock icon to indicate
that the trial license is limited and has an expiration date. The steps to upgrade the trial
license are as follows:
1. From the Deployment Console, right-click the HP client computer and select
Properties.
2. Select Apply regular license.
3. Click OK. The license is automatically upgraded to a purchased license.
Note
You do not need to apply a license key to activate the HP Thin Client t5000 Series. This
managed client computer automatically receives a non-expiring license when connected
to the console.
Install Multiple Licenses
Some Altiris utilities can combine multiple licenses together for the total number of
nodes. Example: Two 50-node licenses can be combined to a single 100-node license.
This option lets you apply an add-on license to the Altiris products that you have
installed on the Deployment Server.
1. Open the License Utility.
2. Enter the directory path to the new .LIC file and click Next.
The Altiris Activation Key Wizard displays the activation key information.
3. Click Next.
A list displays the Altiris products you have licensed.
4. Click Finish.
See also: Managing Licenses on page 353, Adding a License from the Deployment
Console on page 356, Rapid Deployment Pack Licensing on page 356, Finding the
Number of Licenses Used on page 356, Computers Not Using a Regular License on
page 357, Detecting an Expired License on page 357, and Expired Licenses on
page 358.
Deployment Solution 356

Adding a License from the Deployment Console
Use this option to install a license to a computer from the Deployment Console after the
free trial has expired. You must apply a regular (permanent) license to continue
managing client computers. You cannot install a license directly on a client computer.
However, you must install a regular license on the Deployment Server before you can
install and manage licenses for client computers from the Deployment Console.
To install a regular license on a single computer
1. From the Deployment Console, right-click the computer to which you want to apply
the license.
2. Select Properties.
3. Select Apply regular license.
4. Click OK.
To install a regular license on multiple computers
1. From the Deployment Console, right-click the computer group to which you want to
apply the license.
2. Select Advanced.
3. Select Apply Regular License.
See also: Managing Licenses on page 353, Using the License Utility on page 353, Rapid
Deployment Pack Licensing on page 356, Finding the Number of Licenses Used on
page 356, Computers Not Using a Regular License on page 357, Detecting an Expired
License on page 357, and Expired Licenses on page 358.
Rapid Deployment Pack Licensing
Rapid Deployment Pack (RDP) is the version of Deployment Server that is released to HP
customers. The RDP licensing functionality is similar to the Deployment Server licensing.
If you have RDP licenses with AUP longer than 3 years the Deployment Solution license
utility might not work. To use these licenses, download the installation files from the HP
Web site. These installation files use a slightly different version of the Product Licensing
Utility, and they allow licenses with long AUP dates.
See also: Managing Licenses on page 353, Using the License Utility on page 353,
Adding a License from the Deployment Console on page 356, Finding the Number of
Licenses Used on page 356, Computers Not Using a Regular License on page 357,
Detecting an Expired License on page 357, and Expired Licenses on page 358.
Finding the Number of Licenses Used
Open the Deployment Console and select Help > About from the main menu bar. You
can see the total number of licenses you have purchased, the total licenses you have
used, and the total licenses available.
You can view the information in the Computers pane to understand for which
computers regular licenses have been applied. In the Computers pane, a clock icon in
the lower left corner implies that the computer still has a free license.
See also: Managing Licenses on page 353, Using the License Utility on page 353,
Adding a License from the Deployment Console on page 356, Rapid Deployment Pack
Deployment Solution 357

Licensing on page 356, Computers Not Using a Regular License on page 357, Detecting
an Expired License on page 357, and Expired Licenses on page 358.
Computers Not Using a Regular License
From the Deployment Console, you can understand which computers do not have a
regular license. If the icon has a clock in the lower left corner of the Computers pane,
this is an HP computer that still has the free 30-day license.
See also: Managing Licenses on page 353, Using the License Utility on page 353,
Adding a License from the Deployment Console on page 356, Rapid Deployment Pack
Licensing on page 356, Finding the Number of Licenses Used on page 356, Detecting an
Expired License on page 357, and Expired Licenses on page 358.
Detecting an Expired License
A computer listed in the Computers pane of the Deployment Console will be gray
instead of blue if the license has expired. However, this may not always mean that the
license has expired. To verify that the license has expired, use the following options:
When you select a computer with an expired license, the following message
appears:
Client license expired - see computer properties.
If you try to view the properties of a computer with an expired license, the following
error message appears:
Error: You have chosen a computer that has expired. Clients that are expired
cannot be managed until a license is purchased for them and they have been
flagged in the Computer Properties dialog to accept a regular license.
Note
If you place a job on a computer with an expired license, the same error message
appears.
Directing client computers to the correct Deployment Server
If you review the client computer list from the Deployment Console and notice that some
computers are not available when you select them, it is possible that the computer was
moved from one Deployment Server to the other, and the former server had an expired
licence. To verify that a client computer is associated with the Deployment Server you
want, do the following:
1. Click the Deployment Agent icon on the client computer.
2. Select Properties.
3. Enter the IP address of the correct Deployment Server in the Address/Hostname
field.
4. Click OK.
See also: Managing Licenses on page 353, Using the License Utility on page 353,
Adding a License from the Deployment Console on page 356, Rapid Deployment Pack
Licensing on page 356, Finding the Number of Licenses Used on page 356, Computers
Not Using a Regular License on page 357, and Expired Licenses on page 358.
Deployment Solution 358

Expired Licenses
Regular Deployment Server licenses do not expire, however the 7-day trial license and
the 30-day evaluation licenses do expire, and can cause some problems if not replaced
properly after adding regular licenses. Computers with expired licenses become dead
nodes and can no longer be managed by the Deployment Console.
When a license is first installed on the Deployment Server, each computer in the
database takes a license node. If this node is a temporary license, that computer has a
tag in the database that says it is a trial node. If that license is not replaced before the
time limit, the computer stops accepting jobs or any type of remote management.
When the Deployment Server receives new regular licenses, it does not by default
release the trial license nodes that it was using before. This can cause problems if the
trial licenses are still being used and they expire even after you apply a regular license.
You can use one of the following methods to deal with this lingering expired license
issue:
You can set up a global option that automatically replaces any trial license with a
regular license as soon as they become available. This is a long term and
preventative solution to expired license issues.
1. In the Deployment Console, go to Tools > Options.
2. Click the Global tab.
3. Select the Automatically replace expired trial licenses with available
regular licenses check box. This resolves the computer node licenses expiry
issue.
You can reapply all regular licenses to the computer nodes. This is helpful if you
want to see an immediate resolution to a license issue.
1. In the Deployment Console, right-click the All Computers computer group (or
any other computer group you need to do this to).
2. Select Advanced > Apply Regular License. This makes all computer nodes in
that group release the license node they were using and take a regular license
node.
See also: Managing Licenses on page 353, Using the License Utility on page 353,
Adding a License from the Deployment Console on page 356, Rapid Deployment Pack
Licensing on page 356, Finding the Number of Licenses Used on page 356, Computers
Not Using a Regular License on page 357, and Detecting an Expired License on
page 357.
DS Installation Help
The following are the help file topics for the Deployment Server installation program that
you can access by clicking Help or pressing the F1 key. These topics identify and explain
the elements on the dialogs used in the installation process.
Install Configuration
The Deployment Server system supports a Simple Install as well as a Custom Install
option. A Simple installation lets you install all components on a single computer. The
Custom installation lets you distribute individual components of a Deployment Server
system on multiple computers. The Thin Client Install lets you install the Thin Client
Deployment Solution 359

view of the Deployment Console on your computer. The Component Install option lets
you install additional components on your system.
Pre-Installation
Simple Install Helper. Select this option to check for an installation of Microsoft SQL
Server for a Simple Install. If Microsoft SQL Server or MSDE is located, the installation
program continues. Otherwise, the installation program prompts you to download and
install MSDE 2000 from the Altiris Solutions Center.
Installation Type
Simple Install. Select this option to install all Deployment Server components on a
single computer. This configuration is recommended for managing computers on a
single LAN or across a site with few subnets. See Simple Install for Deployment Server
on page 335.
Include PXE Server. Select this option to install the PXE Server when running the
Simple install option. The PXE Server requires a DHCP server also installed on your
network. See Altiris PXE Server on page 332.
Custom Install. Select this option to install Deployment Server components on
multiple computers across your system. A Custom Install lets you balance network
activity for large enterprises with multiple subnets. Example: Use this option to
distribute the Deployment Database on another computer or assign another file server
as the Deployment Share to store image and package files. See Custom Install for
Deployment Server on page 338.
Thin Client Install. Select this option to install the Thin Client view of the Deployment
Console on your computer. You do not require a license file to install this view. See Thin
Client Install for Deployment Server on page 342.
Include PXE Server. Select this option to install the PXE Server when running the
Simple install option. To install the PXE Server, you must install a DHCP server on
your network. See Altiris PXE Server on page 332.
Component Install. Select this option to install additional Deployment Server
components on your system. Example: Use this option if you want to add a PXE Server
to your Simple or Custom installation, or if you need multiple Deployment Consoles. See
Component Install for Deployment Server on page 344.
If you have multiple network adapter cards, a secondary dialog appears asking you to
select the IP address for the Deployment Server interface.
See also Deployment Server System Requirements on page 334.
Note
If you run the Deployment Server on a MS Windows Server 2003 Domain Controller with
SMB Signing enabled, you cannot execute any imaging and DOS jobs. When running
jobs on MS Windows Server 2003, you must change the SMB Signing Registry Key to
execute DOS-based deployment jobs.
To disable SMB signing on the Windows 2003 Server
1. Click Start > Control Panel > Administrative Tools > Local Security Policy >
Local Policies >Security Options.
2. Locate the Microsoft network server: Digitally sign communications
(always) policy setting, right-click it, and select Properties > Disabled.
Deployment Solution 360

3. Disable the Microsoft network server: Digitally sign communications (if
client agrees) policy setting as well. This is enabled by default.
Installing Deployment Server
Specify the Deployment Share (shared directory) where you want to store the image
files, .RIPs, and other package files. Before installing the Deployment Server, ensure
that you have a shared Windows or NetWare directory with free disk space and
appropriate security rights.
File server path. Select the drive letter and directory path where you want to install
the Deployment Server. The default path is the Program Files directory on the local
computer.
Create Deployment Share. If you are installing the Deployment Server on a local
Windows computer, select this option to create a shared directory as your Deployment
Share. If you are installing on a remote file server or if you select an invalid path, this
option is unavailable.
Note
If you are installing the Deployment Server on a remote file server, create a share or
grant access rights to the Deployment Server directory on the file server before you
start the installation. For Windows XP, you must run the Network Setup Wizard accessed
from My Network Places to enable sharing.
Select one of the following options to configure the licensing information:
If you do not have a license file, select the Free 7 day license option to use an
evaluation license for a new Deployment Server installation.
Select the Upgrade using existing license option to upgrade the installation
using an existing license.
Select the License File option and browse to locate the license file (.LIC file)
that you received when you registered on the Altiris Web site. See the Altiris
Getting Started Guide for further licensing information.
Service username and Service password. If running a Simple Install, you must enter
an administrator user name and password for the Deployment Server and the
Deployment Share. This account must already exist on the Deployment Server and the
Deployment Share. If you use a domain account, enter the domain name (Example:
orgDomain\admin.
See also Deployment Server Components on page 329, Installing Deployment Server,
and Managing Licenses on page 353.
Installing Deployment Server using Component Install
Specify the Deployment Share (shared directory) where the image files, RIPs, and other
package files are stored. Ensure that you have a shared Windows or NetWare directory
with available disk space and security rights before installing. See Deployment Share on
page 332.
Deployment Server Install
Install the Deployment Server on a computer. The service is identified in the Services
section of the Windows Computer Management as Altiris eXpress Server. See
Deployment Server on page 330.
Deployment Solution 361

To install service on a local computer
1. Select the On this computer option.
2. Enter the Deployment Server IP address and port information.
3. Enter the path to install the Deployment Server.
4. Enter the user name and password of the Deployment Server. For a domain
account, enter the domain and user name. Create this account before starting the
installation.
To install service on a remote computer
1. Select the On a remote computer option.
2. Enter the name of the computer or browse to where you want to install. By default,
the destination path and IP address of the computer appear.
3. Enter the user name and password of an administrator account for the Deployment
Server computer. For domain accounts, include the domain name (Example:
orgDomain\admin). The user account must have rights to the Deployment Share.
Create the administrator domain account before starting the installation. See
Deployment Share on page 332.
See also Deployment Server Components on page 329 and Installing Deployment
Server on page 329.
Pre-boot Operating System (Simple)
Select a pre-boot operating system, which the Deployment Server can use as the
default, when creating a deployment job with an automation task. You can also install
additional pre-boot operating system files later by using Boot Disk Creator.
If you are running a PXE Server in your system environment, the first pre-boot
operating system that you install becomes the default boot menu option for Initial
Deployment. The menu options display DOS Managed, Linux Managed, or Windows
Managed.
You can assign an automation pre-boot operating system to an automation task when it
is added to a deployment job. This flexibility lets you run several automation tasks
within a single job, and each task can boot to the automation environment you want.
None. Select this option if you do not want to provide a default automation
operating system. You can also select this later through the Boot Disk Creator
utility.
FreeDOS. Browse to the BDCgpl.frm file. This is available on the Deployment
Solution download site.
MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or
browse to the system formatted files.
Linux. Browse to the BDCgpl.frm file. This is available on the Deployment Solution
download site.
WinPE. Browse to the WinPE files.
See Boot Disk Creator Help and PXE Configuration Help.
Deployment Solution 362

Pre-boot Operating System (Custom)
Select a pre-boot operating system that the Deployment Server can use as the default
when creating a deployment job with an automation task. You can also install additional
pre-boot operating system files later by using Boot Disk Creator.
If you are running a PXE Server in your system environment, the first pre-boot
operating system that you install becomes the default boot menu option for Initial
Deployment.
You can assign an automation pre-boot operating system to an automation task when it
is added to a deployment job. This flexibility lets you run several automation tasks
within a single job, and each task can boot to the automation environment you want.
FreeDOS. Browse to the BDCgpl.frm file. This is available on the Deployment
Solution download site.
MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or
browse to the system formatted files.
Linux. Browse to the BDCgpl.frm file. This is available on the Deployment Solution
download site.
WinPE. Browse to the WinPE files.
See Boot Disk Creator Help and PXE Configuration Help.
Deployment Database Install
Install the Deployment Database on a local or remote server with or without an existing
Microsoft Data Engine (MSDE) or Microsoft SQL Server. To install the database, you
must have administration rights to the selected server. See Deployment Database on
page 331.
Note
If you have multiple instances of the Microsoft SQL Server already set up, you can
identify a specific instance using this format: <SQL Ser ver Name>\ <dat abase
i nst ance>. The instance of the database can vary. Example: If you have a clustered
Microsoft SQL Server to manage multiple Deployment Solution systems on different
network segments, you can enter the name sal esSegment \ expr ess or
mar ket i ngSegment \ expr ess depending on the previously established database
instance.
Install the Deployment Database using these options:
Select the Microsoft SQL Server instance where you want to install your Deployment
database.
You can also change the default SQL Port number.
You can rename the Deployment Database default name, eXpress, by entering a
different name in the Database Name field. However, this does not alter the
Deployment Share name.
See also Deployment Server Components on page 329.
Deployment Solution 363

Altiris PXE Server Install
Select the options to boot locally using the Altiris Automation Partition. For PXE-
compliant computers, you can boot across the network using the Intel Pre-boot
eXecution Environment option in the PXE Server. See Altiris PXE Server on page 332.
Note
If you have a Novell NetWare file server, you must set up the PXE Server after installing
the Deployment Server. The Universal Network Device Interface (UNDI) default driver is
not supported by Novell NetWare.
Select the No I will be using an Altiris automation partition on each client
computer option, if you do not want to use PXE and prefer to use embedded
(preferred) or hidden partitions, or bootable media to run tasks.
Note
This option is unavailable for installing the PXE Servers using the Component Install
option.
Select the Yes, I want to install PXE Server on this computer option to install
the PXE Server on the local computer.
Note
This option is selected by default for the Component Install.
Select Yes, I want to install PXE Server on a remote computer to install the
PXE Server on a remote computer. Enter the name of the computer and the path.
Enter the IP address for the PXE Server and the Deployment Server.
Enter the path where you want to install the PXE Server.
Select the pre-boot operating system that can be used as the default PXE boot
menu item. The pre-boot operating system options that are enabled depend on the
options you selected for the pre-boot operating systems in the Pre-boot Operating
Systems page. Example: If you select Linux in the Pre-boot Operating Systems
page, the Linux option is enabled as the default PXE boot menu item.
See Installing the Automation Agent on page 352, Pre-boot Operating System (Simple)
on page 361, and PXE Configuration Utility Help.
Client Connection to Server
Select the protocol your managed computers can use to connect to the Deployment
Server.
Connect directly to Deployment Server. Installs the PXE Server using the Intel Pre-
boot eXecution Environment (for PXE-compliant computers only). You can use this
without PXE for faster access, as it goes directly to the IP address without searching.
If managed computers are on a different segment or if you are using the PXE Server
with an UNDI driver, click Connect directly to Deployment Server and enter the IP
address of the Deployment Server that the managed computers can connect to. Do not
change the port number unless the default is already being used.
Note
If you change the port number, you must change the client configurations.
Deployment Solution 364

Discover Deployment Server using TCP/IP multicast. Lets the managed
computers connect to any Deployment Server. To use multicasting and connect to a
specific Deployment Server, enter the name of the Deployment Server computer.
Multicasting cannot be used with the UNDI driver. If you want to use different drivers on
the PXE Server, you can create multiple PXE boot files after installing.
See also Deployment Agents on page 109.
Deployment Web Console Information
This feature lets you remotely manage Deployment installations, deploy and manage
Windows and Linux computers (both client and server editions) in real-time, and benefit
from many of the features available in the Deployment Console.
To Install Deployment Web Console
1. By default, the Deployment Web Console installs on the computer that is running
the installer. Select the On a remote computer option and browse to a computer
where you want to install. If you do not want to install the Deployment Web
Console, select the Do not install option.
2. If you want to change the default values, enter the Console port and Deployment
Web Console path for the installation.
3. You must enter the Service username and Service password that already exist
on the Deployment Share and the destination computer where you install the Web
Console.
Note
If you are installing an additional Deployment Web Console using the Component Install
option, the Do not Install option is disabled.
See Deployment Console on page 330 and Deployment Server Components on
page 329.
Sysprep
Enter the location of the Microsoft Sysprep files according to the operating system.
Specify the location or browse and select the required files.
Installing Components
Click Install, or click Back to change the settings.
See Deployment Server Components on page 329.
Installation Information Summary
The components are installed.
You can remotely install Deployment Agents, enable Sysprep support, and download
Adobe Acrobat for documentation.
Enable Microsoft Sysprep Support. Select this option to enable Sysprep support.
Provide the location of the Microsoft Sysprep files.
Deployment Solution 365

Remotely Install Deployment Agent (Windows 2000 or later only). Select this
option to push the Deployment Agent.
Install add-ons to provision server hardware. Select this option to install the add-
ons for Dell computers.
Note
This option is enabled on Dell computers only when add-ons are present in the
oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress
directory. This is the only option available on the Installation Information Summary
page when you select Component Install.
Click Finish. See also Deployment Server Components on page 329.
Add Components Summary
The components in the list are installed.
Download Adobe Acrobat. Select this option to download the Adobe Acrobat Reader
to read the documentation in the .PDF format.
Click Finish. See Deployment Server Components on page 329.
Deployment Database Authentication
Specify the type of authentication the Deployment Database will use. You can select
Windows authentication or SQL Server authentication. If you select SQL authentication,
enter the user credentials with administrative rights for the SQL database.
Use Windows NT authentication. Select this option to use the Windows network or
Active Directory authentication.
Use SQL Server authentication. Enter the user name and password set for the
Microsoft SQL Server. If using MSDE, the default sa user name is used and no
password is required.
See also Deployment Server Components on page 329 and Installing Deployment
Server on page 329.
Add Components
If you have already installed Deployment Server, you can add components to the
existing system. Select the type of component you want to add.
See also Deployment Server Components on page 329.
Console Install
You can install the Deployment Console either on the local computer or on multiple
remote computers. Installing the Deployment Console on remote computers lets you
manage computers from multiple Deployment Consoles across the Deployment Server
installation. See Deployment Console on page 330.
Select the On this computer option to install the Deployment Console on the local
computer.
Select the On a remote computer option to install the Deployment Console on a
remote computer. Enter the computer name or browse and select a computer.
Deployment Solution 366

See also Deployment Server Components on page 329 and Installing Deployment
Server on page 329.
Installer Return Codes
For a list of return codes for the installation program, see the Error Messages in
Deployment Solution chapter in the Reference Guide.
Deployment Solution 367

Part VII
Deployment Web Console
The Deployment Web Console allows you to manage and deploy computer resources in
real-time from a web browser to manage multiple Deployment Server sites.
In addition, the Deployment Web Console loads into the Altiris Console to provide
comprehensive reports and integrate additional management solutions. Deployment
from the Altiris Console allows you to use the built-in features of Notification Server
such as Package Servers, security, and collections with standard Deployment Solution
management features.
Deployment Solution 368

Managing from the Deployment Web Console
Deployment Solution provides both Windows and Web user interface consoles to deploy
and manage computer devices across local or wide area networks. As an IT
administrator, you can manage all types of computer devices and servers from the
Deployment Web Console using all features available in the Windows console. The Web
console reads and writes directly to the Deployment Database and can be accessed as a
standalone Web application or integrated within the Altiris console:
The Deployment Web Console provides basic deployment and management functionality
from a Web browser, including the ability to remotely access and manage computer
devices, build and schedule jobs, and view multiple Deployment sites. To launch the
Deployment Web Console, double-click the icon on the desktop, or click Programs >
Altiris > Deployment Solution > Deployment Web Console.
The Web console for Deployment Solution provides standard Computers, Jobs, and
Details panes to view computer icons and properties, perform remote operations,
schedule deployment jobs, and identify the state and status of computers in your
system. See Deployment Web Console Basics (page 369).
Deployment from the Altiris Console lets you manage and generate reports across
multiple Deployment Server systems and integrate additional Web applications available
in the client and server management suites, including Inventory, Software Delivery,
Recovery, HelpDesk, and Application Metering solutions. Deployment from the Altiris
Console lets you generate enterprise-wide reports that track deployment resources and
integrate features such as Package Servers for location-sensitive software distribution.
Notification Server also provides collection features to group computers by defined
criteria. See Deployment from the Altiris Console (page 386).
The Deployment Console is a Windows-based console with complete deployment and
management features, including remote control, security, PXE server configuration,
image editing, and other deployment utilities and features. To launch the Deployment
Server Console, double-click the icon on the desktop or click Programs > Altiris >
Deployment Solution > Console. See the Deployment Server Help and Deployment
Product Guide for additional information.
Deployment Solution 369

The Deployment Web Console also provides features and functionality to integrate with
Microsofts Automated Deployment Services (ADS). See Automated Deployment
Services (ADS) (page 385).
See Basic Tasks from the Deployment Web Console (page 372) for steps to manage and
deploy computer devices from the Deployment Web Console.
Deployment Web Console Basics
The Deployment Web Console is a feature-rich Web application that uses Microsoft
.NET and other built-in services to provide real-time access to computer resources,
deployment jobs, and package files. The Deployment Web Console includes a graphical
user interface with distinct icons to identify type and status of the computer, groups,
deployment job or other system components.
From the Deployment Web Console you can build simple or complex deployment jobs to
migrate users, set up new users, install software and image hard disks all from a Web
browser. The Deployment Web Console also loads from the Deployment tab in the
Altiris Console for integration with the Client Management Suite and Server
Management Suite.
Refresh. Click to update console information after adding or deleting
items, creating groups, or making other screen changes.

Expand. Click to expand or contract feature sections within the Web
page.
Apply. Click to apply settings, properties or names. You remain on the
current page after clicking Apply.
Cancel. Click to cancel out of an action or delete a property or name. You
remain on the current page after clicking Cancel.
New. Click to add new items or objects within a group, such as new
computer accounts or conditions sets.

New Computer. Click when Adding New Computers.
New Job. Click to create a new job.

Up/Down arrows. Click to change the order of items in a list. Example:
the order of tasks in a deployment job.
Task User Passwords. Click to change the users task password on
multiple Deployment servers. Users have access to the job tasks: Copy
file to, Distribute Software, Run Script, Distribute Personality, and
Capture personality.

Find. Click to find or filter selected computers in a group or jobs in a
folder. You can also filter computers by operating system or jobs by task
types.
Deployment Solution 370

Like all Deployment consoles, the Deployment Web Console is divided into several panes
to organize computers, deployment jobs, software packages and scripts. It gives you a
graphical view of your network and provides features to build jobs, store and access
jobs and packages, and report the status and state of all of your computer resources.
Computers pane
From the Computers pane, you can traverse multiple Deployment Server systems and
navigate the treeview of each system to select computers or computer groups. You can
view Computer Details, run Remote Operations, or Assigning and Scheduling Jobs for
each selected computer or group. Elements of each group appear in the Details pane
with features to view properties and run management tasks.
By drilling down into a selected Deployment Server system, you can view and select
New Computers and other computer groups defined for your organization. When running
Deployment from the Altiris Console, you can also identify managed computers within
the Altiris Console Collections created by Notification Server. These collections
identify only managed computers with the Deployment Agent installed, displaying
computers by operating system, computer model, type, or other properties. You can
now manage computers by defined groups or filtered by client type.
When a computer or group is selected, the Details pane shows a list of computers in the
group and gives basic information about each computer. The Find detail bar appears in
the Details pane to filter computers by a set criteria. When a computer is selected, you
can view the computer status in the Details pane, including a list of jobs that have run or
are scheduled to run on the computer and the status of each job. See Managing

Go. Click to run a process or actuate a feature.
Delete. Click to delete an item.

Deployment Web Console options. Click to set these features set
properties for the Deployment Web Console and the ADS features.
About Deployment Web Console. Click to view supported Deployment
Servers, licensing information for each system, and general information.
Help. Click to open help documentation for the Deployment Web Console.
Deployment Solution 371

Computers from the Deployment Web Console (page 398) for complete information
about organizing computers, running remote operations, and viewing properties from
the Computers pane.
Jobs pane
Use the Jobs pane to create and build jobs with specified deployment tasks. You can
organize the job objects using the New job folder command from the Select Action list.
Jobs in one Deployment Server group can be scheduled to computers in another
Deployment group, where they are replicated to the source Deployment Server. Jobs
can also be replicated directly to another system using the Move job command in the
Details pane.
From the Jobs pane you can schedule and execute deployment jobs such as creating
images, deploying computers, changing configurations, or installing software. Once a
job is created, you can change it by adding, modifying, or deleting tasks. Jobs can be
run immediately, scheduled to run a particular time, or saved for a later time. See
Scheduling Jobs from the Deployment Web Console (page 419) for complete information
about setting up, importing, and managing computers from the Jobs pane.
Jobs are organized by Deployment Servers, listing all job folders and individual jobs for
a specific site under the name of the managing Deployment Server. When a job is
selected, the Details pane displays a list of jobs in the folder and provides basic
information about each job object, such as its state, status, and task list. It also shows
the computers or computer groups to which the job is assigned.
Details pane
The Details pane is the right-hand pane in the Deployment Web Console. It extends the
user interface features when working in the Computers or Jobs panes.
When you select Deployment Servers in the Computers pane, the Details pane
lists all associated Deployment Server in your organization and displays links to
access the computers and jobs for that site. When you select a specific Deployment
Server, all computers and computer groups for that system appear.
When you select a Deployment Server in the list, the computer groups and
managed computers for that system appear.
When you select a job icon in the Jobs pane, the Details pane displays information
about the job to set up conditions, order tasks, and add, modify, or remove tasks.
Deployment Solution 372

Deployment Web Console Options
Click the Console Options icon in the toolbar of the Deployment Web Console.
The Deployment Web Console appears with the following console options.
Clear the computer and job selections after scheduling. Select this option to clear
selected computers or computer groups and the associated jobs assigned to them.
Prompt before performing operations. Verify actions to the user before scheduling
jobs or performing other operations.
Show physical devices. Show blade servers as Rack/Enclosure/Bay objects in the
Computer pane.
Microsoft Automated Deployment Services (ADS)
Enable ADS. Deploy and manage using the Microsoft ADS features. See Automated
Deployment Services (ADS) (page 385).
Basic Tasks from the Deployment Web Console
The following are basic tasks you can perform using the Deployment Web Console as a
stand-alone console or from the Altiris Console.
Remote Computer Operations (page 372)
Assigning and Scheduling Jobs (page 373)
Finding and Filtering Computers and Jobs (page 373)
Remote Computer Operations
From the Deployment Web Console, you can quickly deploy and manage computers on-
the-fly using remote operation features.
1. Click a Deployment Server or other computer group in the Computers pane. In the
Details pane, the computers and computer groups are listed. Select the managed
computers to select the check box for specific computers.
The computers appear as a Selected Computer.
2. From the Selected Computers list, select an action to perform on the managed
computer. See Remote Operations (page 415) for a list of provided management
actions.
3. Depending on the selected action, a secondary page may open to run the operation.
Set the appropriate values and click OK.
The selected operation runs on the managed computers.
Reject Client Computer Connections
To manage unwanted client computers from attaching to the Deployment Server, use
the Reject Connection Computer Action to remove the clients MAC address and other
information from the Deployment database. If the client tries to connect to the server,
the MAC address cannot be found and the client-server connection is rejected.
Deployment Solution 373

Note
Virtual client computers cannot be rejected.
To reject client computers
1. From the Deployment Web Console, in the Computers pane, click a
Deployment Server name. A list of client computers and groups appears in the
Details pane.
2. Select the check box next to the computer whose connection you want to reject.
3. Click the Computer actions drop-down list, and select Reject Connection.
Assigning and Scheduling Jobs
From the Deployment Web Console, you can assign jobs to computers and schedule
them to run immediately or at a later time.
1. Click a Deployment Server or another computer group in the Computers pane.
Select the check box for specific computers or computer groups in the Details pane.
The computer appears as a Selected Computer.
2. Click a job folder in the Jobs pane. Select the check box for one or more jobs in the
Details pane. The jobs appears as a Selected Job. .
To clear the computers or jobs and reselect, click the clear icon.
3. Click Run Now or Schedule to run the selected jobs on the selected computers.
Secondary pages appear to set scheduling values.
Finding and Filtering Computers and Jobs
You can search for or filter computers or jobs within a selected group or job folder. If
you select a computer group in the Computer pane, you can enter a search string for a
computer name in the Find field and filter by operating system. If you select a job folder
in the Jobs pane, you can enter a search string for a job name in the Find field and
filter by task types.
See Find a Computer in the Database (page 417) and Creating a Computer Group Filter
(page 417).
Scheduling Jobs
After selecting computers or computer groups and assigning jobs, you can now select to
run the job immediately or schedule it for another time. See Scheduling Jobs on
page 373.
Deployment Server Configuration
You can configure all the options for a single Deployment Server from the Deployment
Server Options page from the Deployment Web Console. Click the Deployment
Servers link in the Computers pane to view a list of all available Deployment servers
Deployment Solution 374

appears in the Details pane. Then, double-click a particular Deployment Server in the
Details pane to view the Deployment Server Options page.
You can change the following options:
Global (page 374)
Maintenance (page 375)
Agent Settings (page 375)
Security (page 380)
Logon (page 385)
Global
Set global options for the selected Deployment Server.
Synchronize display names with windows computer names. Automatically
updates the display name of the managed computer names in the Web console when
the managed computer name changes. If this option is not selected, changes to
computer names is not reflected in the Web console. Synchronization option is off by
default. The computer names do not have to be synchronized for the Deployment Server
to manage the computer.
Display imaging status on console (percent complete). Shows the status, in
percentage, for the scheduled imaging job.
Deployment Agent/Deployment Server file transfer port. Specify a static TCP port
for file transfers to the clients or choose to assign it dynamically. The default value for
static port is 0 and causes the server to use a dynamic port. This setting is useful if you
have a firewall and need to use a specific port rather than a dynamically assigned port.
The transfer port range is 1 to 2147483647.
Remote control ports. You can specify the two ports; Port 1 and Port 2 by selecting
the Remote control ports check box. By default the check box for Remote control
ports is not selected and dynamic port is used while remote controlling. If the Port 1 is
already in use, Port 2 is used for remote control. The remote control port ranges from 0
to 65535.
Key. Specifies the primary lookup key type used to associate a new computer with a
managed computer. The options are Serial Number (SMBIOS), Asset Tag
(SMBIOS), UUID (SMBIOS), or MAC Address (SMBIOS).
Speed. This is the file transfer speed between the Deployment Server and client
computers. Select a transfer rate from the Speed list.
Change Sysprep Settings. Enter the global Sysprep values you want to use when
creating or distributing disk images. Click Change Sysprep Settings to view the
Sysprep Settings dialog.
SysPrep Settings
OS Product Key tab
Click the drop-down arrow and select an Operating System from the list. Then,
click Add product key to enter product key (up to 29 characters) information. Add
as many product keys as needed and select a product key from one of the keys
listed. To modify a product key, select the product key and click Modify product
Deployment Solution 375

key. To delete a product key from the list, select the product key and click Delete
product key.
Note
If a product key is being used by another task, a message prompt appears that the
product key is currently in use and you cannot delete the product key until the task
completes.
Maintenance
Retry failed imaging jobs immediately. Immediately retry a failed image
deployment job. The program continues to retry until the job succeeds or until the job is
cancelled.
Automatically replace expired trial licenses. Allows Deployment Server to
automatically assign a permanent license to the managed computers after the trial
license expires.
Delete History older than _____ days. Specify the number of days an entry is kept
in the history until it is deleted. If the number of days is set to 0, no entries are kept in
the history. If this option is not selected, log entries remain in the history.
Remove inactive computers after _____ days. Specify the number of days you
want to keep inactive computers in the Deployment database before they are deleted.
The default value is 30 days, but any number between 1 and 10,000 is valid.
Agent Settings
Use the Agent Settings tab to control the default agent settings for new computers.
These default settings are applied only for new client computers that have never
connected to the Deployment Server and have no information stored in the Deployment
Database.
Production Agent Settings
Force new Production agents to take these default settings. Select this option to
force these settings when adding a new computer.
Modify default settings. Click this link to change Deployment Agent Settings for
Windows and Linux systems.
See Production Agent Settings (page 375).
Automation Agent Settings.
Force new Automation agents to take these settings. Select this option to force
these settings to effect new client computers until you can change the settings using the
Deployment Console.
Modify default settings. Click this link to change Automation Agents Settings.
See Automation Agent Settings (page 379).
Production Agent Settings
The description below is for client computers running the Windows or Linux operating
systems. This option is only available if you select Force new agents to take these
default settings.
Deployment Solution 376

Click the Modify default settings link to set or modify Deployment Agent for Windows
and Deployment Agent for Linux properties from the same dialog. The Production
Agent Settings dialog appears.
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client
receiving the Deployment Agent connects to the Deployment Server you selected to
configure.
Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server
computer.
Port. Enter the port number communicating with the Deployment Server.
Enable key-based authentication to Deployment Server. Select this option to valid
the client computers that are trying to connect to the Deployment Server. This helps
keep rogue computers from connecting to unauthorized Deployment Servers.
Key file. Enter or browse to an authorized key. The client computer checks the
Deployment Server authentication key and if a match is made, the client connection is
allowed.
Discover Deployment Server using TCP/IP multicast. Managed computers can use
the multicast address if they are on the same segment as the Deployment Server or if
multicast is enabled on the network routers. Ensure that the multicast address and port
match those set up on the Deployment Server. Try using defaults on both the client and
Deployment Server if you are having problems connecting.
Managed computers should use the Deployment Server IP address if multicasting is
disabled on the network routers or if they are not on the same network segment as the
Deployment Server. The port number must match the number set on the Deployment
Server. Otherwise, your clients cannot connect.
Server Name. Enter the NetBIOS name of the computer running the Deployment
Server.
Port. Enter the port number distributing the multicast address.
Multicast Address. Enter the group multicast address.
TTL. Specifies the number of routers the multicast request is can pass through. Change
this setting if you need to find a Deployment Server that is more than 32 routers away
(default setting) or if to restrict the search to a smaller number of routers, making it
easier to find the closest Deployment Server.
Refresh connection after idle. Select the Refresh connection after idle check box
and set the refresh time by seconds, minutes, hours, or days. The Deployment Server
closes the connection after the specified time and immediately tries to re-open the
connection. This forces clients to realize the network is down.
The default checking is of 28800 seconds or 8 hours. It is recommend keeping this
setting above 28800. Do not set this option too low--reconnecting to the Deployment
Server increases bandwidth when connecting. If this option is set too low you can run
into problems where it takes longer for your clients to connect than to refresh their
connections.
Abort files transfers if the rate is slower than. Preserve bandwidth on slower
connections by selecting this option, which saves bandwidth when running deployment
tasks on slower connections.
Deployment Solution 377

Access
Set these commands to control how the client handles requests from the server.
Allow this computer to be remotely controlled. If you select this option, the
administrator can remote control the selected computer. The default setting is to NOT
allow the computer to be remote controlled.
Prompt the user before performing actions
Shut down and Restart. Select for the user to be prompted before shutting down or
restarting the computer. This feature overrides the Power Control option from the
Deployment Server to Force applications to shut down without a message.
Copy file and Run command. Select for the user to be prompted before running a
program or executing file copy commands
Remote Control. Select for the user to be prompted before running the Remote Control
commands.
You can set a default time before running or aborting the commands. Select the time for
the user to respond and either continue with the operation or abort the operation.
Time to wait for response. If one of the Prompt the user before performing
actions is selected and the user is not at the computer to respond, you need to decide
whether to continue or abort. Select the amount of time you want to wait for a response,
and select one of the following:
Continue the operation. Click to continue without receiving a response from
the user.
Abort the operation. Click to not continue without receiving a response from
the user.
Select when the Deployment Server is denied access to the Deployment Agent.
Select the days and set the start and end times when access to the Deployment Agent is
denied.
Security
This page lets you secure data between the Deployment Server and the Deployment
Agent, or to set a password so that the user on the client computer can only view and
modify the User Properties of the Altiris Client Settings on the managed computer.
Encrypt session communication with Deployment Server. Select to allow
encryption from this managed client computer to the Deployment Server. This allows
encrypted data transmissions between the Deployment Server and the Deployment
Agent on the client computer. If selected, the client computer can connect (but is not
required to connect) using encryption.
To enable encryption protocols, you must open the Deployment Configuration tool
(Start > Programs > Altiris > Deployment Server > Deployment Configuration
tool), and select the Transport tab. Select the Allow encrypted sessions with the
servers check box to allow Deployment Server to transmit using encryption protocols.
Require encrypted sessions with the servers. Select to require encryption between
the managed client computer and the Deployment Server. If this option is selected and
the option to allow encryption in the Deployment Configuration tool is not selected, the
Deployment Server does not communicate with the Altiris Client on the managed client
computer.
Deployment Solution 378

Note
Selecting encryption options slows down the communication path between Deployment
Agent for Windows and the Deployment Server, so do not use encryption unless it is
necessary for high security environments.
Password protect Admin properties. Select to allow users on the managed computer
to access the Admin properties only if they enter the set password. If the option is
selected and the user does not know the password, they have rights only to open the
User Properties, which includes only the User Prompts and Remote Control tabs on the
Altiris Client Settings dialog.
Click Edit Password to change the password settings for users trying to access
the Admin properties.
Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the
managed computer. If you hide the icon you are required to run AClient.exe -admin to
view and modify the complete administration properties from the managed client
computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment
Server system, allowing you to save different types and levels of information to the log
files. You can save a text file with log errors, informational errors, and debugging data
using this dialog.
If the log exceeds the specified size, older data is dropped from the files. You can
maximize the size of the log file to save all selected data.
Save log information to a text file. Click to save information to a log file.
File name. Enter the name and path of the log file. The default is to save the log file to
the \ Pr ogr amFi l es\ Al t i r i s\ ACl i ent \ ACl i ent . l og file.
Maximum size. Enter the maximum number of bytes for each log file.
Log errors. Select this option to save only the errors returned when running a job or
operation between the Deployment Server and the Deployment Agent.
Log informational messages. Select this option to save a list of procedural steps run
on the client computer.
Log debugging information. Select this option to list comprehensive debugging
information in the text file.
Use this tab to save the Deployment Agent for Windows log file. By default, the option
Save log information to a text file is cleared. Select it to enter a file name for the log
and the maximum size for the log file.
Note
If the log exceeds the specified size, older data is dropped from the files, so it is
recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive
multicast or Wake On LAN packets from the Deployment Server. Setting the managed
computer as a proxy client computer forwards or re-creates the multicast packets. A
Deployment Solution 379

managed client computer set up as a multicast proxy simply acts as a Deployment
Server and advertises the servers name and IP address through multicasting. Or you
can set the managed computer as a proxy to send Wake On LAN packets.
Set these options to control how the managed computer can act as a proxy agent,
identifying the type of traffic this managed computer can forward from the server.
Forward Wake-On-LAN packets. Select if you want the managed computer to
forward Wake on LAN packages.
Forward Deployment Server multicast packets. Select if you want to advertise the
Deployment Server to client computers on another LAN segment or if the client
computer is on the other side of the router.
Send multicast advertisement every. Set the time by seconds, minutes, hours,
or days for managed computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours,
or days for managed computers to delay jobs until after system startup.
Specify the Windows boot drive. Specify the drive that the client computer can boot
from. The default is C:
Force all programs to close when shutting down. Select this option to shut down
applications when using Power Control features. The user is still prompted to Abort or
Continue the shutdown.
Synchronize date/time with Deployment Server. Select this option to synchronize
the system clock of managed computers with the time of the Deployment Server.
Prompt for a boot disk when performing automation jobs. Select this option to
prompt for a boot disk while doing any automation jobs.
Advanced
Disabled direct disk access for Deployment Agent for DOS (BootWorks)
communication. Select this option to disable the direct disk access for automation
communications.
Automation Agent Settings
You can configure property settings for the Automation Agents (DOS, Linux, and WinPE)
for specified computers or computer groups. You can remotely maintain important agent
settings and update settings as required from the console.
When a new client computer connects, it receives the default agent settings from
Deployment Server for drive mappings, authentication, and LMHost entries. Each client
computer still has the capability to maintain its unique settings for the Deployment
Agent for DOS as set in the Boot Disk Creator.
Select the Force new Automation agents to take these settings check box, and
click the Modify default settings link to view the default settings for the DOS, Linux,
and WinPE Automation Agents.
Drive Mappings
Set drive mappings used by the Automation Agents to access hard disk image files and
other packages from a specified network drive. It is required that the F Drive be
Deployment Solution 380

mapped to the Deployment Share. You can also map other file server directories when
storing large numbers of image files or deployment packages.
Drive. Select the drive letter of a shared folder. Example: F: \ \ WebDepl oy\ I mage
f i l es.
Note
You must select a shared folder in this field. From the browse window you are
allowed to select any type of folder, but the Automation Agents can only map and
access files from a shared folder.
Path. Enter a UNC path.
Authentication
Enter the login credentials that Automation requires to map network drives. The
associated credentials for each network drive must have the appropriate rights for the
Automation Agents to access files.
Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the
Automation Agents can log on to map the network drives.
User name. Enter the user name that the Automation Agents can use to log on so they
can map to the specified network drives.
Password. Enter the password.
Network
These settings allow you to match the IP address with the computer name, as
maintained in the LMHosts file in automation partition.
1. Click the Add LM Hosts icon.
2. Enter the Computer Name to associate with an IP address.
3. Enter the IP Address. You can click Lookup IP and the IP address field
automatically fills in the IP address of the computer you entered in the Computer
Name field.
4. Click Apply.
Security
This features lets you enable or disable security for the Deployment Server. You can also
add local users and local groups, import both Active Directory users and groups, and
assign rights for users to perform Deployment Solution operations.
Use the Security tab to provide enable/disable security and to add local users and local
groups. You can also import both Active Directory users and groups and assign rights to
all of them. You can create users and groups and set scope-based rights.
Enabling Security (page 381)
Rights (page 382)
Setting Permissions (page 383)
Deployment Solution 381

Enabling Security
You can enable security by first creating a user with Administrative rights or selecting a
user who belongs to a group having Administrative rights and selecting Enable Security.
To enable security
1. Click the Deployment Servers link in the Computers pane. A list of all available
Deployment servers appears in the Details pane.
2. Select or click the specific Deployment server in the Details pane to view the
Deployment Server Options page.
3. Click the Security tab.
4. Click New User to add new user information. Type the user details.
Note
The first user automatically gets the administrative rights. Any subsequent users do
not have rights and cannot be added to any group by default.
You can also import new users from the Active Directory. See Importing user groups
from Active Directory (page 382).
5. Click Membership to view the membership groups and all available groups.
6. Click Rights to view the available rights.
7. Click Apply to add the user.
8. Now that you are an administrator, select the Enable Security check box. Security
is now enabled. You can now create users and groups and assign permissions to
computer groups and job folders.
Importing users from Active Directory
You can import users from Active Directory.
1. Click Import User on the toolbar to view the Import Active Directory User page.
2. Add users from Active Directory (not groups) by providing the user names and
domain to which they belong. The users are added to the Deployment Database.
Notes
If you add Active Directory Syntax name, such as sam@abc.com, the field Domain
name becomes disabled. No default group membership is applied nor any default
rights are applied unless this is the first user you have imported. However, you still
need to assign the users to security groups with appropriate rights and permissions.
When logging on with the imported AD account, Deployment Web Console accesses
the Windows Active Directory server to validate the user password.
Membership Groups
Assign the user to previously created groups. If enabling security, you can assign the
user to a group with Administrative rights.
1. Click New Group from the toolbar.
2. Enter a name for the group and a description, and click Apply.
Deployment Solution 382

Importing user groups from Active Directory
You can also import user groups from Active Directory.
1. Click Import Group on the toolbar to view the Import AD Group page.
2. Add groups from Active Directory by providing the group names and domain to
which they belong. The groups are added to the Deployment Database.
3. Click Apply to save the changes.
DS Authentication
If the user is already in the DS database, and it tries to access the Deployment Server
Console, DS checks the authentication with the logged on user, and upon matching
doesn't prompt for user credentials. Similarly, if a group has already been added in the
DS database, and any user who is a part of the group tries to access the Deployment
Server Console, DS doesn't prompt for credentials. This method of authentication is the
same for AD user and AD group also.
Rights
Rights allow you to set general rights for a user or group. To verify, add or change the
rights assigned to each console user, use the following steps:
1. From the Security tab, click a user and click Rights.
2. Select the check box for every right you want to grant.
3. After selecting all applicable rights, click Apply to save your changes.
A brief explanation of each deployment server right that can be assigned is detailed
below:
Administrator Lets you access all available features from
Deployment Web Console. You must have
Administrator rights to enable security.
Options Console Lets you view and set console options.
Options Global Lets you view and set global options
Options Domain Accounts Lets you view and set domain accounts options.
Options RapiDeploy Lets you view and set RapiDeploy options.
Options Agent Settings Lets you view and set agent settings options.
Options Database Tokens Lets you create custom data sources options. You
can view, create, and set database tokens.
Manage Rejected
Computers
Lets you view rejected computers in Deployment
Solution and change their status.
Refresh Clients Lets you Refresh Deployment Solution clients.
Allow scheduling on All
Computers Groups
Lets you schedule jobs on all computers. If you
have Administrator rights, by default you have the
rights to schedule job on all computers, irrespective
of the state of the Allow scheduling on All
Computers check box. You can grant this right to a
specific user or a group.
Deployment Solution 383

Setting Permissions
Set permissions for jobs, job folders, computers, computer groups, and physical
devices.
1. Click the Deployment Servers link in the Computers pane.
2. Select or click a specific Deployment server in the Details pane to view the
Deployment Server Options page.
3. Click the Security tab.
4. Log on as a user with administrative privileges. A list of all computers belonging to
the selected Deployment Server appears.
5. Click a specific computer to view its property, inventory, and scheduled jobs status.
6. Select Permissions from the Computer actions drop-down list.
Notes
If you do not have administrator privileges, you cannot view Permissions option.
You can set permissions for all jobs and computers by clicking in the Jobs pane or
Computers pane without selecting a job or computer object.
7. A list of users or user groups appears. You can select a user or a group and grant
permissions accordingly.
8. Select the check box for the permission group to allow the permissions you want to
grant for the selected user or user group.
Notes
Administrators have access to all objects with unrestricted rights and permissions.
The description of each permission group appears under Description column.
You cannot explicitly deny permissions to computer or job objects for users with
administrator rights.
9. Click Advanced to view the advanced options associated with the selected
permission group. This page contains Allow as well as Deny check boxes. For
information on evaluating permissions, see Evaluate Permissions (page 384).
Import/Export Lets you import and export any jobs/computers.
Option Task Password Lets you centrally update passwords for users and
groups so they can access the tasks: Copy File to,
Distribute Software, Run Script, Distribute Personality,
and Capture Personality when creating or modifying
jobs. You must have administrative rights to access
this option.
Use PXE Configuration
Utility
Lets you set up and modify PXE Configurations.
Administrator Lets you access all available features from
Deployment Web Console. You must have
Administrator rights to enable security.
Deployment Solution 384

10. To assign permissions to multiple groups, click Apply permissions recursively to
all child objects to assign the permissions.
11. Give permissions as per your requirements, and click Apply.
Notes
If a user does not have the Schedule this job permission for a particular job, the user
cannot schedule it. This is irrespective of any other privileges.
If a user has Schedule this task permission for a certain task and the user schedules
the job and the user modifies the job by adding another task, for which the schedule
task permission is not allowed, the second task also gets executed. This is because the
Web console checks the permissions only before scheduling the job, and not after the
execution of the job.
Permission Rules
Permissions received through different sources may conflict with each other. The
following permission rules determine which permissions are to be enforced:
Permissions cannot be used to deny the user with Administrator console rights
access to use any console objects or features.
User permissions take precedence over Group permissions.
Deny overrides Allow. When a user is associated with multiple groups, one group
could be allowed permission at a particular level while the other group is denied the
same permission. In this scenario, the permission to deny the privilege is the one
enforced.
Permissions do not flow down an object tree. Instead, the object in question looks in
the current location and up the tree for the first permission it can find, which is the
one it uses.
If a Web Console user does not have permissions to run all tasks the job contains, the
user is not allowed to run the job.
Evaluate Permissions
Identify the combined permissions of groups and containers with contrasting
permissions. You can identify effective permissions for each object by resolving any
possible conflicts.
Permissions are represented in three different stages according to the state of the check
box, which is called tri-state check box. This tri-state displays a full check mark when all
permissions in the selected group are allowed. It displays a partial check mark (check
mark with a grey background) when at least one, but not all permissions in the selected
group are allowed. And finally, it displays no check mark if none of the permissions in
the selected group are allowed.
You can evaluate permissions in three ways:
If none of the Allow or Deny options are selected for a permission associated with
a subfolder, it inherits the options specified for the permission associated with its
parent group. This type of inheritance can be confirmed with the message that
appears for the subfolder.
If a user group is associated with some permission, the users belonging to that
group inherits the same permissions as that of the group. This is true only if none of
the 'Allow' or 'Deny' options are specified for a permission for that user.
Deployment Solution 385

The Deployment Web Console displays the simple as well as advanced options of
granting permissions. The simple option displays only the Allow column, whereas
the Advanced option displays both the Allow and Deny column. Security permissions
are grouped together and appear as a single Permission group under Simple option.
You can use the Advanced option to view all the individual permissions that together
form the Permission Group. This grouping of permissions varies from object to
object.
Example: a Modify permission for a job folder can contain different security permissions
than a Modify permission for a computer group. To view all the permissions related to a
specific permission group, select the check box for a specific permission, and click
Advanced to view the individual permissions related to the selected permission group.
If you want to exclude a specific security permission, click Advanced to view the
individual permissions related to the selected permission group. A list of all permission
with Allow and Deny check boxes appears. Select the Deny check box or clear the
Allow check box for the specific security permission, and click Apply.
Logon
This option lets you set user credentials for the Deployment Server, but only if Role Base
Security is enabled for the server you selected. The user can access the server through
the Deployment Web Console. If you want to change the Task Password for multiple
Deployment Servers, select the servers from the Details pane and click the Task
Password icon on the toolbar.
Username. Enter the name of the user.
Password. Enter a password for the specified user.
Confirm Password. Enter the password to confirm the entry.
Domain. Enter the domain name for the specified user.
Automated Deployment Services (ADS)
From the Deployment Web Console, you can utilize and extend features of Microsofts
Automated Deployment Services (ADS).
1. Click the Console Options icon in the toolbar of the Deployment Web
Console.
2. Select the Enable ADS option.
An ADS Controllers collection appears in the Computer and Jobs pane.
3. In the Computers pane, click ADS Controllers.
4. From the Details page, click the Add icon to enter the computer name where
the ADS controller is installed. Enter the login credentials and access paths on this
page. All specified ADS controllers are listed.
5. In the Jobs pane, click ADS Controllers. Enter credentials and ADS paths as in step
4.
All ADS controllers, devices and job templates appear. You can now manage
computer devices using standard ADS features.
Deployment Solution 386

Deployment from the Altiris Console
Deployment from the Altiris Console provides additional features and functionality for
managing and deploying computer resources using Deployment Solution. In use, the
Altiris Console opens and displays the Deployment Web Console, while providing
additional collections, reports and other basic Notification Server features from the
Altiris Console. See Installing Deployment Solution from the Altiris Console (page 14).
Using Deployment Solution from the Altiris Console
Integrate with other IT solutions. Deploy and manage computers from the
Deployment tab while managing other aspects of your organization such as
inventory reports, software delivery, application management, remote control,
patch management and other administration tasks.
Generate Reports. From the Reports tab, create reports for all Deployment
Servers computers devices and deployment tasks across all sites. By setting polling
intervals on the Altiris Agent and the Deployment Server Agent, you can transmit
data from the Deployment Database to the Notification Database from which you
can generate reports.
Organize using Deployment Collections. Computer devices can now be grouped
on criteria such as operating system, computer type, workstation or server, mobile
computers, and other groupings.
Employ the Schedule Wizard. From the Tasks tab, open the Schedule Wizard to
select computer groups, assign jobs, and schedule jobs to run immediately or at a
specified time.
Set Security. From the Configuration tab, set NS security to limit users from using
the Deployment tab. All other Deployment security is set from the Deployment
Server Console (the Windows console).
Deployment Solution 387

Adding Deployment Servers
You can manage multiple Deployment Servers from the Deployment Web Console. To
consolidate multiple Deployment Server sites, you can identify and add existing
Deployment Servers to appear in the Computers and Jobs pane from the Deployment
Web Console.
Note
You can also remotely install Deployment Servers from the Deployment Web Console.
See Installing Deployment Solution from the Altiris Console (page 23).
1. Click Add Deployment Server in the Computers or Jobs action list, or click the
New Server icon.
2. From the Deployment Servers page, type the name of an existing Deployment
Server. This is the computer name of the Deployment Server, in most cases.
3. Enter the Deployment servers port number if it is different than the default value.
4. Click Credentials. If Deployment Solution security is enabled for the Deployment
Server, enter a username, password, and Domain name.
5. Click Speed. Select the speed of the network connection for the Deployment Server
from the drop-down list.
Task Password options
This feature lets you centrally set or change user passwords for multiple Deployment
Servers to they can access the tasks: Copy File to, Distribute Software, Run Script,
Distribute Personality, and Capture Personality when creating Jobs. However, this
tab is only visible to administrators and users who have been granted the appropriate
rights to modify task passwords.
To change task passwords
1. Click Deployment Servers in the Computers pane. The available Deployment
Servers appear in the Details pane.
2. Click one or more Deployment Servers you want to change the task user passwords.
3. Click Change Task User Password icon on the toolbar.
4. Enter the user information for all 4 fields on the page. Click Apply.
Configuring the Deployment Server AClient
The Deployment Server AClient option lets you view the Notification Server clients that
do not have AClient installed. See Viewing Notification Server Clients without AClient
(page 388).
You can create a package to install AClient to the existing Notification Server clients. See
Installing AClient to a Notification Server Client (page 388).
You can also assign the Deployment Server AClient package to computers. See Creating
Deployment Server AClient Packages (page 388).
Deployment Solution 388

Viewing Notification Server Clients without AClient
In the Altiris Console, you can view the Notification Server Clients that do not have
AClient installed.
To view the Notification Server clients without AClient
1. In the Altiris Console, click the Configuration tab.
2. In the left pane, select Configuration > Solutions Settings > Deploy and
Migrate > Deploy > Deployment Server AClient Configuration > All NS
Clients without AClient.
In the right pane, the All NS Clients without AClient page appears with a list of all
Notification Server clients that do not have AClient installed.
You can view details such as Name, Domain, User, OS Name, OS Version, and so on for
each client. You can also double-click a client to view more details.
Installing AClient to a Notification Server Client
You can install an AClient to the Notification Server client by creating a task to install the
AClient. The task that you create uses the package that was created on the Creating
Deployment Server AClient Packages page. For more information, see Creating
Deployment Server AClient Packages (page 388).
To create a task to install AClients to Notification Server clients
1. In the Altiris Console, click the Configuration tab.
2. In the left pane, select Configuration > Solutions Settings > Deploy and
Migrate > Deploy > Deployment Server AClient Configuration > Deployment
Server AClient Install.
3. In the right pane, make the required changes.
4. To select the computer collections, click All NS Clients without AClient.
The Collection Selector dialog box opens.
5. Select the computer collections and click Apply.
6. Select the required scheduling options.
7. Click Apply.
The AClient installation task is saved.
8. To enable the task, select the Enable check box.
9. Click Apply.
The task is enabled.
Creating Deployment Server AClient Packages
You can create the Deployment Server AClient package that is used in the Installing
AClient to a Notification Server Client (page 388) task.
To create the Deployment Server AClient Package
1. In the Altiris Console, click the Configuration tab.
Deployment Solution 389

2. In the left pane, select Configuration > Solutions Settings > Deploy and
Migrate > Deploy > Deployment Server AClient Configuration > Deployment
Server AClient Package.
3. On the Package tabview, specify the Name and Description for the package.
4. Click the Programs tab.
5. Check the command line and the specified parameters in the Command line field.
6. Click Update Distribution Points.
7. Click Apply.
The Deployment Server AClient package is created.
For more information, see Exporting and Importing Deployment Jobs (page 393).
Configuring the Deployment Server Agent
To update Notification Server collections and generate reports from the Altiris Console,
set the polling intervals from the Configuration tab.
Enable. Select to enable communication between the Deployment Database and the
Notification Database.
Resynchronize all Deployment Server computers/tasks for this configuration.
Click to completely transmit all Deployment Server data to the Notification Database.
For large Deployment Server systems, this process can take several minutes and require
large amounts of bandwidth. Use this feature carefully.
Set polling intervals for Deployment Servers
1. Click Add. A list of Deployment Servers is listed.
2. Select the Deployment Server to configure. You can select all Deployment Servers
or identify an individual Deployment Server. The new agent configuration appears in
the list.
3. Select a Deployment Server. Select a polling interval for that Deployment Server
from the list in the Computer/Job Polling Interval box.
Database Login ID. Enter credentials for the Deployment Database selected in the list.
Role-based user name. Enter credentials if Deployment Solution security has been
enabled using the Deployment Server Console.
Generating Deployment Reports from the Altiris Console
Deployment from the Altiris Console furnishes features to generate comprehensive
reports detailing computer information and deployment jobs for all Deployment Server
sites. To run deployment reports, you must configure the Deployment Server Agent (see
Configuring the Deployment Server Agent on page 389) to transmit data between the
Deployment Database to the Notification Database. The Deployment Solution reports
are generated from the Altiris Console from data stored in the Notification Database.
1. Click the Reports tab on the Altiris Console.
2. Click Reports > Deploy and Migrate > Deployment.
Deployment Solution 390

3. Select reports specific to Client Information, Job Information, Job Status, Server
Information, or Software Deliver Execution Status. A description of each report
appears in the Details pane after it is selected.
4. Click a report option to run, view, or schedule a report to run.
Altiris Console Collections
From the Deployment Web Console you can view and order computers based on Altiris
Console Collections created automatically in Notification Server and viewed from the
Altiris Console. These collections identify computers running the Deployment Agent and
meeting the criteria for each collection, such as Mobile Computers, Windows Servers,
Windows Workstations, and so on. You can assign jobs and perform operations to these
collections from the Deployment Web Console.
Collections are updated between the Notification Database and Deployment Database.
At each polling interval the new data is transmitted between the databases and updated
in the Deployment Web Console. See Configuring the Deployment Server Agent
(page 389).
Using Package Servers to Replicate Deployment
Jobs
Deployment Solution takes advantage of Package Servers (a basic component of
Notification Server) to automatically copy images, software packages, scripts, and other
package files for building deployment tasks for use across multiple Deployment Server
installations. From a central Deployment Server installation, packages can be built and
saved to a local Library structure, where they are replicated to other Deployment
Servers and used in deployment jobs for each Deployment Server system.
Note
Package Servers can only replicate packages on Deployment Server installations set up
as a simple install, where all Deployment Server components are on a single computer.
Overview of Package Servers
Package Servers are a basic feature of Notification Server and are used to reduce
network traffic and HTTP download times when deploying packages across your system.
Package Servers replicate and transmit packages from a central computer to local
computers during off-peak hours. When deployment tasks are executed, package files
are accessed quickly from local package libraries. Notification Server lets you identify
managed computers running the Altiris Agent as a Package Server.
Deployment Solution 391

Replication of packages from a central Deployment Server to other Deployment Servers
is a one-way process: You can build and copy packages from the Library of a central
Deployment Server to replicate to other Deployment Servers; however, any changes
made to a destination Deployment Server cannot be replicated back to the central
Deployment Server. After the package files have been copied once (per each package
server), they can never be copied again unless the files are updated, new files are added
to the package, or files are set manually to be copied down to other destinations again.
When the Deployment is installed and enabled on the Altiris Console (on Notification
Server), default packages, collections, and policies are created to take advantage of
Package Server technology. To complete the setup process, however, additional
configuration steps are required.
Setting up Package Servers requires three basic steps:
1. Setting Up a Central Deployment Server Library (page 391)
2. Setting Up Package Servers (page 392)
3. Exporting and Importing Deployment Jobs (page 393)
Note
Before delivering packages, check the Package Server settings and the package settings
to ensure that the package can be delivered. The DS install package by default is not set
to use any Package Servers. There is a global configuration variable that says not to
allow any package downloads from the server, leaving the DS Install in a state where
there is no way to access the package.
Setting Up a Central Deployment Server Library
Before setting up Package Server in a Altiris Console, you need to select a central
Deployment Server to copy and store all packages to be replicated to other Deployment
Server installations. After selecting a Deployment Server in your system, you can set up
the Deployment Server Library directory structure. The Library is a directory structure
that contains your images, RIPs, and any other package files needed for a Deployment
Server Task.
Because the package used to replicate files only points to one location, all items to be
replicated must reside under this substructure. You need to manually create the Library
directory and any other subdirectories on the central Deployment Server.
1. Go to your Central Deployment Server directory (default is c: \ Pr ogr am
Fi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver ).
Deployment Solution 392

2. Create a Library directory.
3. Under the Library directory, create subdirectories to use for images, RIPs, or other
package files.
4. Create a Temp directory for deployment tasks that require a temp directory.
5. Copy into this structure any required files accessed during execution of the jobs.
Note
Any job that is automatically created needs to be modified before running or the default
directories cannot be correct. Example: if you choose to change the configuration of a
computer by choosing the Configure option in the Deployment on the Notification
Server, the task creates a CFG file in the temp directory located in the Deployment
Server directory. For this task to replicate correctly, you must copy the file into a temp
directory under the Library structure and edit the task to point to the file in the
Li br ar y\ t emp directory. Remember that only the files under this structure are
replicated to the other Deployment Server installations.
After installing Deployment from the Altiris Console, you have two packages and one
policy created to help facilitate replication. You can manually modify the packages and
enable the policy.
Setting Up Package Servers
After setting up a Library directory structure on the central Deployment Server
computer, you can set up Package Servers on other Deployment Server installations.
To set up a Package Server
1. From the Altiris Console, select the Configuration tab.
2. From the left pane, select Server Settings > Notification Server Infrastructure
> Package Servers.
3. Select Add Package Server from the bottom of the page.
4. Locate and select the Deployment Server computer (or the Deployment Share for
each installation) and click Add. Use the search feature if required.
Modify the DS Library Package
To replicate files stored in the central Deployment Server Library directory, the
DS Library package installed with the Deployment Solution (on Notification Server)
must be edited with configuration information, including:
The source of the files and programs to be replicated.
The Package Servers that can receive the files to be replicated.
The destination directory for the files being replicated.
The programs that will run after the files are copied to the Package Servers.
Follow these steps to modify the DS Library package:
1. Select the Tasks tab and select Deploy and Migrate > Deployment >
Deployment Server Replication > DS Library.
2. From the right pane, select the Package Source option to configure the path to the
files that are included in this package.
Deployment Solution 393

3. Select the applicable Package Source method and enter the correct path to the
Central Deployment Server Library.
Choose from one of the following options:
Access Package from a local directory on the Notification Server
computer
Use this option when the central Deployment Server is installed on the same
computer as the Notification Server. Fill in the Package Location box with the
correct path for the Library.
Access Package from Existing UNC
Use this option when the Deployment Server that has been configured as the
Central Deployment Server Library is not installed on the same computer as the
Notification Server.
When using this option, read and follow the instruction on this page.
Note
Depending on the amount of data in the Central Deployment Server Library, a
message warning you about the size of the files in the Package can appear. This
message is to remind you that all files in this directory will be sent when this
package is used.
4. Select Package Servers.
This option lets you specify to which Package Servers you would like this package to
be replicated to.
5. Enable all applicable Package Servers by clicking the Enabled check box.
6. To identify the destination directory (where the package files will be sent) on the
destination Deployment Server, select the Advanced tab.
7. At the package destination location, enter the destination path:
\ \ %COMPUTERNAME%\ eXpr ess\ Li br ar y
8. Select Apply to save the changes.
As soon as the Notification Server Clients Configuration request interval time (on the
destination Deployment Servers) has elapsed, the files in the central Deployment Server
are sent to the Package Servers on other Deployment Servers.
Exporting and Importing Deployment Jobs
After creating a Library directory on the central Deployment Server and setting up
Package Servers, you need to create the jobs to copy and run the packages on the
managed computers. These tasks need to be exported from the central Deployment
Server to the destination Deployment Servers by configuring the DS Task Import
Utility package and modifying the DS Task Import Utility policy on the central
Deployment Server.
Note
Replicated deployment tasks need to reference files created in the Library directory
structure. Example: a deployment task that deploys an image named NT4. i mg would
use the file path of . \ Li br ar y\ I mages\ NT4. i mg instead of the standard
. \ i mages\ Nt 4. i mg path.
Deployment Solution 394

To create a job export file
After creating deployment jobs to use with the replicated packages, you can create a job
export file.
1. Right-click the jobs you want to export. Select Export (or click File > Import/
Export > Export Jobs) .
The Export Jobs dialog appears.
2. Browse to the \ Not i f i cat i on Ser ver \ nscap\ bi n\ wi n32\ x86\ DSUt i l
directory and enter a name for the export file. (The default file name used in the
task replication package is t ask. bi n.)
The DSUtil directory is added when you install the Deployment view on Notification
Server. If you want to export the task subfolders, choose the Export subfolders
check box.
Note
If you use an export file name other than t ask. bi n, you must edit the program
command-line in the task replication package.
3. Click OK to start the export.
Configure the DS Task Import Utility Package
After creating deployment tasks and exporting them to the DSUt i l directory, you need
to configure (or verify) settings in the DS Task Import Utility package. Modifications
to this package are required when any of these alterations are made:
The Deployment Server jobs exported are not saved in a file called Task. bi n.
The method of handling duplicate job names on the destination Deployment
Server needs to be changed.
Security for the Deployment view on Notification Server is enabled on the
destination Deployment Server.
The DS Task Import Utility package runs the axi mpor t . exe program to import
deployment jobs. When the Deployment view on Notification Server is installed, the
axi mpor t . exe program file is copied to the \ Not i f i cat i on
Ser ver \ nscap\ bi n\ wi n32\ x86\ DSUt i l directory. This is the same directory where
you saved your exported t asks. bi n file from the central Deployment Server. When all
steps are completed, no changes are required for this package.
To configure or modify how the DS Task Import Utility package is configured,
complete the following steps:
1. Open a Notification Server Administration console and select the Tasks tab. Select
Deploy and Migrate > Deployment > Deployment Server Replication > DS
Task Import Utility.
2. In the right pane, select the Programs link.
By default, the Identification section expands to view settings.
3. If needed, change the name of the file on the command line to match the name of
the export file created when the Deployment Server tasks from the central
Deployment Server were exported.
Deployment Solution 395

As can be seen in the figure above, the default command-line parameters for the
axi mpor t . exe program are configured to use the Task. bi n file. This file contains
the exported Deployment Server deployment tasks (jobs).
Note
The /o switch causes the import to replace any tasks with the same name as those being
imported. If this is not the desired result, change the command-line options.
If you have Console Security enabled, the username (/u) and password (/p) command
line options need to be included for this process to work correctly.
/u Database user name
/p Database user password
Example: axi mpor t . exe t ask. bi n / o / u admi ni st r at or / p your pw
See the command-line chapter in the Altiris eXpress Deployment Solution User Guide for
additional command-line options for axi mpor t . exe.
4. Select Apply.
You can choose to force an update of the package to ensure that the task export file is in
the package.
Modify and Enable the DS Task Import Utility Policy
You must enable the DS Task Import Utility policy to allow the Deployment Server
tasks to be replicated to the destination Deployment Servers.
1. Open a Notification Server Administration console and select the Tasks tab. Select
Deployment and Migration > Deployment > Deployment Server Replication
> DS Task Import Utility.
The Identification section of the Advertisement page appears by default.
2. Verify that the Applies to Collection option has been configured to use the DS
Package Servers collection. This collection is selected by default.
Before enabling the DS Task Import Utility policy, ensure that the t ask. bi n file
has been created and saved in the \ Not i f i cat i on
Ser ver \ nscap\ bi n\ wi n32\ x86\ DSUt i l directory.
3. Click the Enabled check box.
4. Select Apply.
The policy is now enabled. The next time the Notification Server Clients configuration
timer elapses on the Deployment Servers with Package Server installed, the policy is
executed. On the destination Deployment Servers, a DOS box appears on this computer
and axi mpor t . exe is run.
Synchronize Deployment Server Tasks
You can update deployment tasks by creating a new t ask. bi n file and placing it in the
DSUtil directory. After all timers elapse, Notification Server compares and detects the
new export file by its time stamp. When the Altiris Agent checks for new policies, this
policy runs on the destination Deployment Servers.
To avoid waiting for Notification Server to detect that the file has been modified, the
package can be refreshed manually by selecting the DS Task Import Utility package
Deployment Solution 396

(from the Solutions tab of the Notification Server Administration Console) and selecting
the Update Distribution Point option.
From a destination Deployment Server, the policy to import the Deployment Server jobs
can be forced to run again by manually scheduling the policy.
Setting Polling Intervals in Deployment Solution
You can set polling intervals to transmit data from the Deployment Database to the
Notification Database when generating reports from multiple Deployment Server
systems. Deployment Solution uses two separate interval settings to synchronize data
between the Deployment Database and the Notification Database. (1) To update the
Notification Database, new computers and deployment tasks created in a Deployment
console and saved to the Deployment Database are transmitted using the DS Agent to
update the Notification Database. (2) Conversely, updated collection data created in
Notification Server is transmitted using the Altiris Agent to update the Deployment
Database.
Setting polling intervals and configuration request intervals requires that you plan how
often you want to refresh console and deployment information based on network traffic
requirements. If you set frequent updates (such as setting a polling interval to 1
minute), your console information is relatively up-to-date, but network traffic is heavy
because data is extracted and transmitted every minute from every Deployment
Database to update the Notification Database.
In contrast, if you set polling intervals and configuration requests for a larger polling
interval (such as one day), your network traffic is light--and you can plan the polling
updates for off-hours--but report data is more static and out-of-date.
The balance between timely deployment information appearing in the Deployment view
on the Notification Server and the level of network traffic should meet your IT policies,
organizational requirements, and network design.
See Setting the DS Agent Polling Interval (page 396).
See Setting the Altiris Agent Configuration Request (page 397).
Setting the DS Agent Polling Interval
To refresh data to the Notification Database, set the polling interval in the Altiris
Console.
1. Select the Configuration tab.
2. Select Solution Settings > Deploy and Migrate > Deployment > Deployment
Server Agent Configuration > Deployment Server Agent Configuration.
Deployment Solution 397

Multiple policies to configure or install Deployment Server Agents are provided.
3. Select the Deployment Server Agent for all Deployment Servers.
You can also select settings for each Deployment Server installation.
4. Set the Computer/Job Polling Interval.
5. Click Apply.
Setting the Altiris Agent Configuration Request
To download collection data from Notification Server for each Deployment Server
installation, the Notification Database must update the Deployment Database. This
updated data is transmitted automatically through the Altiris Agent at defined
configuration request intervals.
To update scheduling and configuration information for each Deployment Server
installation, you must set the interval request information in the Altiris Console.
1. Click the Configuration tab.
2. Select Altiris Agent > Altiris Agent Configuration > All Windows Servers.
3. In Agent Basic Settings, select new values in the Request new configuration
field. You can also set inventory updates, if required.
Request new configuration information every: _______. This feature sends a
request to Notification Server to flag all new scheduling records in the Notification
Database. This transmits data to the Deployment Database to update data.
Send basic inventory every: ______. This feature transmits all inventory data
from the computer running Deployment Server. This field is only used by
Deployment Server when first installing the Deployment from the Altiris Console. By
sending basic inventory (including information that Deployment Server is installed
on the computer), Notification Server identifies that the DS Agent needs to be
installed.
4. Click Apply.
Deployment Solution 398

Managing Computers from the Deployment Web
Console
From the Computers pane of a Deployment Solution console, you can identify, deploy,
and manage all computer resources across your organization, including desktop
computers, notebooks, handhelds, network and Web servers, and network switches. All
computer resources can be accessed and managed as single computers or organized
into computer groups with similar hardware configurations or deployment requirements,
allowing you to run deployment jobs or execute operations on multiple computers
simultaneously. You can use search features to locate a specific computer in the
Deployment Database, or set filters to sort computers by type, configuration, OS, or
other criteria.
Manage multiple Deployment Server sites. From the Deployment Web Console, you
can now access different Deployment Server systems and manage all sites or network
segments across your organization. Each Deployment Server site is identified in the
Computers pane under Deployment Server. You first select a Deployment Server
icon and expand the treeview to see the computers and computer groups managed by
the selected Deployment Server. See Managing Multiple Deployment Server Systems
(page 399).
Manage with Computer icons. Major computer types are identified by a computer
icon in the console, with a listing of scheduled jobs and operations associated with each
computer. In the Deployment Web Console, you assign and schedule deployment jobs to
computers or groups with easy-to-use Web features. See Viewing Computer Details
(page 402).
Add new computers. Deployment Solution lets you add new computer accounts and
set configuration properties for new computers before they are recognized by the
Deployment Server system. Preset computer accounts automatically associate with new
computers when they start up, or can be associated with virtual computers. See Adding
New Computers (page 403).
Deploy to groups of computers. Organize computers by department, network
container, hardware configuration, software requirements, or any other structure to
meet your needs. You can deploy and provision computers on a mass scale. To filter
computers in a computer group to schedule jobs only to the appropriate computer
types, see Creating a Computer Group Filter (page 417).

To select a computer to run remote operation or schedule a job, select a
Deployment Server group icon from the Computers pane and select the
computer or computer group in the Details pane. Select a job and click
Run Now or Schedule.
Deployment Solution 399

Configure Computer Agents. See the property pages for modifying Deployment Agent
settings. See Deployment Agents (page 410).
View and configure computer properties. You can modify computer settings for
each computer from the console. See Computer Configuration Properties (page 406). Or
you can view the Computer Properties page for detailed access to a computers
hardware, software, and network property settings. See Computer Details (page 412).
Run remote operations from the console. Perform operations quickly in real-time
from a Deployment console. Configure property settings, send a file, run deployment
jobs or select from additional management commands. See Remote Operations
(page 415).
Build and schedule jobs. Build deployment jobs with one or more management tasks
to run on selected computers. Create jobs, add tasks, assign the job to computer
groups. Jobs can be organized and assigned for daily tasks or to handle major IT
upgrades. See Building and Scheduling Jobs on page 102.
Managing Multiple Deployment Server Systems
From the Computers pane of the Deployment Web Console, you can access multiple
Deployment Servers and drill down to view all client computers attached to each
Deployment Server system.
Adding Deployment Servers
You can identify and add existing Deployment Servers to the Deployment Web Console.
This lets you manage computers and use jobs created at various sites managed by
different Deployment Server systems.
1. In the Computers pane, select Add Deployment Servers from the drop-down
list, or click the on the Details page.
Note
To push down a new installation of Deployment Server using Deployment from the
Altiris Console, see Installing Deployment Solution from the Altiris Console on
page 14.
2. Enter the computer name for the computer running Deployment Server. Enter the
port number if it is different from the provided default.
3. Use Logon tab to set security options, if required. This lets you authenticate to a
role if security has been set up in the Deployment Server Console.
The Deployment Server appears in the Computers pane with its job folders listed in
the Jobs pane.

Deployment Servers collection. All Deployment Servers are listed under
this collection. Expand the Deployment Server group icon to view all
computers for a specific site or network segment.

Individual Deployment Servers. This icon identifies an individual
Deployment Server system with its managed computer devices. Expand
the Deployment Server system to view all managed client computers and
groups for the selected Deployment Server.
Deployment Solution 400

Changing Task User Password options
Change Task User Password option lets you update the user credentials to be used
for the execution of Copy File to, Distribute Software, Run Script, Distribute Personality,
and Capture Personality tasks. Task password option facilitates to update user
credentials for multiple Deployment Servers at one time.
Note
This feature is valid only for the Copy File To, Distribute Software, Run Script, Distribute
Personality, and Capture Personality tasks.
1. Click Deployment Servers link in the Computers pane. The available Deployment
Servers appear in the Details pane.
2. Select Deployment Servers for which you want to perform Change Task User
Password operation.
3. Click Change Task User Password from the toolbar. The Task Password page
appears.
4. Type the user credentials, and click Apply.
5. Click Yes to the summary message to update the password of specified user.
Note
This tab is visible only to the administrators and those users who have the rights to
modify password.
Scheduling Jobs from Other Deployment Server Systems
From the Deployment Web Console, you can schedule jobs from one Deployment Server
to computers in another Deployment Server. This lets you easily replicate jobs from one
site to another site quickly and efficiently. Files (image files, software packages, scripts)
associated with a specific job are linked from the Deployment Server Deployment Share
of the originating job.
1. Select a job in the Jobs pane of the Deployment Web Console.
2. Click Schedule job in the Jobs Action list.
3. From the Computers pane, select another Deployment Server system. Computers
and computer groups of the selected Deployment Server site appear in the Details
pane.
4. Select the check box for each computer or computer group you want to run the job.
5. Click Schedule in the toolbar of the Details page.
6. Select scheduling options and click OK.
The job from the original Deployment Server appears in the Deployment Share of the
targeted Deployment Server. If the job includes associated files, a linked icon appears
with the job identifying that the associated files are referenced from the original
Deployment Server system.
Replicating Jobs to Other Deployment Server Systems
1. Select a job in the Jobs pane of the Deployment Web Console.
Deployment Solution 401

2. Select Copy job/folder in the Select Action list. The Job/Folder Selection page
appears with all Deployment Server systems and their job folders.
3. Select a folder in another Deployment Server system from this page and click OK.
The job is replicated from the original Deployment Server system to the targeted
Deployment Server system. If the job includes associated files, a linked icon
appears with the job identifying that the associated files are referenced from the
original Deployment Server system.
Note
To successfully replicate a job from one Deployment Server to another Deployment
Server, both Create and Modify Permissions are required for the Job objects if security is
enabled. Otherwise, the job does not appear in the target Deployment Server Console,
and an error appears in the Altiris Console Manager log in the Event Viewer.
Replicating Jobs without Copying the Collateral
When copying jobs from one Deployment Server to another, the associated collateral,
such as files are also copied. However, you can also copy dependent files to the
destination server using a different mechanism, such as Package Servers. To enable a
Do not copy value for all replication, set the key value in the ExcludeAllTargets registry
key as dsword:00000001. The path of this registry key is HKEY_LOCAL_MACHINE >
SOFTWARE > Altiris > eXpress > Deployment Web Console > Deployment Console
Manager > Job Replication.
Note
If the key value name does not exist or if the key value is not equal to 1, the files are
replicated. When this value is set to 1, the Console Manager waits until the file exists on
the destination Deployment Server before copying the job data and scheduling data. The
Console Manager logs a warning in the event log stating that Console Manager is waiting
for the file to exist. Once the file exists, the Console Manager proceeds.
To enable the Do not copy value for an individual target (destination) Deployment
Server, set the key value in the Exclude Targets registry key as Timpanogos =
dword:00000001. The path of this registry key is HKEY_LOCAL_MACHINE > SOFTWARE
> Altiris > eXpress > Deployment Web Console > Deployment Console Manger > Job
Replication > Exclude Targets.
In the above example, Timpanogos is the name of the target Deployment Server. When
the key value is set, replication targeting Timpanogos does not copy collateral files. To
enable the Do not copy value of an individual Deployment Server, it must be equal to
1. The Console Manager follows the same procedure for an individual Deployment
Server that it follows when the ExcludeAllTargets value is set.
Note
When the ExcludeAllTargets value is changed or set, the Console Manager must be
restarted for the changes to be implemented. However, changing the value for an
individual Deployment Server does not require a restart of the Console Manager service.
The ExcludeAllTargets global value when set to 1, overrides all Deployment Server-
specific flags regardless of their respective settings. When the ExcludeAllTargets value
does not exist or is not set to a value of 1, any Deployment Server-specific flags take
precedence.
Deployment Solution 402

Viewing Computer Details
In Deployment Solution, a computer resource is identified in the console with a
distinctive icon to display the computer type Windows desktop or notebook,
handheld, server, or Linux operating system and its current status. These computer
icons change to convey the state of the computer, such as the log on status, server
waiting status, or user with a timed license status. You can also view the status of the
jobs assigned to the selected computer in the Details pane of a Deployment console.
The following is a sample list of computer icons appearing in each Deployment console
identifying the computer type and state.

Computer connected to the Deployment Server with a user logged in.

Computer connected to Deployment Server but the user is not logged on.

Computer with a time-limited user license and a user logged on.

Computer not currently connected to the Deployment Server but known to
the Deployment Database.
The computer is designated as a master computer and is used to broadcast
images to other client computers.

A virtual computer with values defined in advance using the New Computer
feature. As soon as the computer connects and the Deployment Server
recognizes the new computer and changes the icon. See Adding New
Computers on page 63.

A client computer waiting for user interaction before running deployment
tasks. This icon appears if the Workstations check box is selected on the
Advanced tab of Initial Deployment. See Advanced on page 131.

A connected handheld computer.

A managed server connected to the Deployment Server with a user logged
on. Additional icons identify different states of server deployment.

A managed Linux computer connected to the Deployment Server with a user
logged on. Additional icons identify different states of Linux computer
deployment.
Deployment Solution 403

See also Deployment Agents on page 67.
Adding New Computers
Computers can be added to the Deployment Database using three methods:
Install the Deployment Agent on a Windows or Linux system. If you install
the Production Agent (Deployment Agent) to a computer with the operating system
already installed, the computer is added automatically to the Deployment Database
at startup. New computers with the Deployment Agent installed are added to the All
Computers groups (unless otherwise specified in the Deployment Agent
configuration). You can move the computer to another group listed in the
Computers pane.
Use Initial Deployment to configure and deploy new computers booting to
automation. Starting up a new computer in automation lets you image the hard
drive, assign IP and network settings, distribute personal settings and software, and
install the Deployment Agent for new computers. Using Initial Deployment you can
associate new computers with pre-configured virtual computer accounts. These
newly configured computers appear in the New Computers group. See Initial
Deployment (page 442).
Create or import computer accounts from the Deployment console. You can
add new computers using the New Computer feature or import computers using a
delimited text file. You can pre configure computer accounts by adding names and
network settings from the console. See Creating a New Computer Account
(page 404).

View the Physical Devices by clicking the drop list in the Computers
pane and selecting Show Physical Devices. Physical view of Rack/
Enclosure/Bay components for high-density server systems. These
icons appear as physical representations to allow management of
different levels of the server structure. In addition, server icons
identify logical server partitions.
See Bay on page 70 for properties and rules to deploy Rack/
Enclosure/Bay servers.

Select the New Computers or All Computers group to run jobs or
operations for these default groups identified by an icon in the Computers
pane.

Additional computer groups can be added to the Computers pane to
organize similar computer types or to list computers of similar departments
or locations. Click New Group or select New > Computer Group to create
a new group.
Deployment Solution 404

About New Computers
When a new computer starts up, if Deployment Server recognizes the MAC address
provided in a New Computer account or import file, it automatically associates the user
account at startup with the New Computer icon. If this value is not provided, the
computer appears as a virtual computer, letting you to associate it to a new computer.

A virtual computer account can be associated with a new computer using the Initial
Deployment feature. You can create multiple virtual computer accounts and associate
the account with a new computer when it boots to automation. At startup, the
configuration settings and jobs assigned to the virtual computer can be associated with
the new computer.
Virtual Computers
Deployment Solution provides features to create a virtual computer to pre-define a
computers configuration settings and assign customized jobs to that computer even if
you do not know that computer's MAC address. This type of computer is known as a
virtual computer.
Virtual computers offer a great deal of power and flexibility, especially when you need to
deploy several computers to individual users with specific needs. The virtual computer
saves time because you can configure the computer before it arrives on site. You can set
up as much configuration information (computer name, workgroup name, and IP
address, for example) you know about the computer and apply it to the new computer
as it comes online. You can also prepare jobs prior to the arrival of the new computer to
deploy the computer using customized images, MSIs and RIPs based on a user's specific
needs.
When the new computer finally arrives, you are ready to deploy it because have done all
the work ahead of time. Just set the managed computer option in PXE or automation
and the new computer can connect to the server as a managed computer. The virtual
computer you created now turns into a managed computer in the console.
Creating a New Computer Account
You can create computer accounts for individual computers or for computer groups.
When creating new accounts for computer groups, you can automatically assign new
names and associate them with existing computer groups or the New Computer group.
To create a new computer account
Create new computer accounts in the Deployment Database for one or more computers.
1. To add one or more new managed computers, first select the desired Deployment
Server system in the Computers pane and select New computer(s) from the

The New Computer icon appears for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.

A virtual computer icon appears if specific hardware data (MAC Address) is
not known. As soon as the computer starts up and is associated with a
virtual computer account, Deployment Server recognizes the new
computer and the icon changes.
Deployment Solution 405

Computer actions drop-down list or click the new computer icon in the Details pane.
The Computer Configuration Properties appears.
2. Type the name of the new computer (up to 15 characters) and configure settings. A
virtual computer icon appears in the selected group.
When a new computer starts up, you can assign it to this preset account.
To create multiple computer accounts
Define a name range and create accounts in the Deployment Database for multiple new
computers.
1. On the Networking tab, click to open the Define name range section.
2. Enter the number of computers to be placed in the name range. Enter the core
name in Fixed text and a numeral for the range start.
3. Select Append to incrementally add the numeral to the end of the Fixed text. If
you clear this box, the numeral is added to beginning of the name.
Importing New Computers from a Text File
You can import computer configuration data using delimited text files (.txt, .csv, or .imp
files) to establish multiple computer accounts in the Deployment Server database. This
file contains all configuration data for a new computer, including all settings in the
Computer Configuration Properties of a selected computer.
To import new computers from a text file
1. Click the Action drop-down list in the Computers pane and select Import
Computers.
A dialog appears, allowing you to select files from the Deployment Share. You can
import: .txt; .csv; or .imp type of files.
2. Select the import file. Click Open.
3. If a correctly formatted computer import file is selected, a message appears,
informing you that the computer import is complete and identifies the number of
computers added. Click OK.
Note
Jobs can be added to the import file. They can be created and associated with the
new computers.
If the computer import file is incorrectly formatted, a warning appears stating that
the computer import file is incorrect.
4. The imported computers appear in the Computers pane of the Deployment Web
Console.
Deployment Solution 406

Computer Configuration Properties
Computer property settings can be viewed, set, and modified when Adding New
Computers, Modifying Configuration, or setting up Initial Deployment.
Networking Settings
Use the Sysprep utility to generate unique SIDs. This can be done by manually using
these utilities or when installing the Deployment Agent.
Networking Settings Set the Windows name of the computer and the
Workgroup or Domain settings.
TCP/IP Settings Set the TCP/IP addresses for one or more
network adapters.
NetWare Client Settings Set Novell Directory Services client logon
options.
Operating System Licensing
Settings
Set the registered name and view the hashed
installation license key for the installed operating
system.
User Account Settings Set the local Windows user account values.
Computer
name
This is the NetBIOS name for the computer. The name must be
unique in the network and is limited to 15 characters.
Computer Name box is disabled for multiple computer
configurations.
Deployment Solution 407

Define name
range
Create a sequential range of computer names. You can identify a
root name and automatically increment its associated number.
This option is available when selecting groups of computers.
For new computers, set a range of names for multiple new
computers:
Number of computers. Enter the number of computers to
be automatically named.
Fixed text. Enter the text portion of the name you want
associated with each computer, for example: Mar ket i ng.
Use Token
Select the check box to specify the computer name using tokens.
Selecting this option enables Fixed text combo box and disables
the Range start, Label, and Append options.
Note
This option is applicable for multiple computers and not for single
computer.Fixed Text: You can select one of the six tokens from
the drop-down list.
%NAME%- Complete computer name.
%NICyMACADDR%- MAC address of the computer with NIC
specific number. Selecting this option enables the NIC
Number option where you need to specify the NIC number
which can range from 1-8.
Note
The default value for NIC number is 1.
%SERIALNUM%- Serial number from SMBIOS.
%NODENAME%- First 8 characters of actual computer name.
Range start. Enter a numeral to add to the fixed text, for
example: Mar ket i ng1.
Append
Select to add the range after the fixed text in the computer name.
If you clear this box, the number is added as a prefix to the fixed
text.
Microsoft
networking
Click Workgroup or Domain and enter the name.
Enter either the fully qualified domain name, the DNS domain
name, or the WINS domain name. You can enter the fully qualified
domain name (example: mj ones. your company. com), and
specify the organizational unit (OU) using this format: OU/
newOU/ user s. The complete entry to place the computer in the
user s OU is the following:
mj ones. your company. com/ OU/ newOU/ user s
i nt er nal . mySer ver . or g/ New Cor por at e Comput er OU/
Mai l Room/ Expr ess Mai l Ser ver s.
Deployment Solution 408

TCP/IP Settings
Host name The Windows name of the managed computer that is hosting
Deployment Server.
Network
adapter
A list of all network adapters installed in the selected computer.
The network adapter with the lowest bus, device, and function
number is the first listed (NIC0 - zero based). If the bus, device,
and function information cannot be determined for a network
adapter, it is enumerated in the order it is detected.
When configuring multiple network adapters, ensure that one
network adapter is not using an Intel Universal NIC driver
(commonly called UNDI driver) to connect to Deployment Server.
If one network adapter uses the native driver and one uses an
UNDI driver, your computer appears twice in the console.
Add. Click the Add icon for additional network adapters
installed on the client computer.
If a computer in the group has only one network adapter, it is
configured only with the IP settings listed first. If IP settings
are provided for additional network adapters not present in
the computer, they are disregarded.
MAC. The MAC address is a unique number assigned to the
network adapter by the manufacturer. This is read-only.
Domain suffix. Enter this to add domain suffixes to the root
address.
Use DHCP to obtain IP address. Click to obtain an address
from a DHCP server.
Assign a static IP address. Click to set static IP address
values.
Deployment Solution 409

NetWare Client Settings
Set Novell NetWare client values for a new or existing computer. Select whether you
want to log on directly to a NetWare server or to a NetWare tree in Novell Directory
Services (NDS). You can specify the preferred tree, server name, and NDS context.
Show
advanced
Click to set
named
interfaces for
this network
adapter.
Click the edit
icon to modify
settings.
Select Advanced to set multiple IP Interfaces.
Name. Enter a name for the IP interface. Ensure you use the
eth syntax when naming new interfaces, for example: et h0: 1
or et h0: new i nt er f ace.
IP Address. Enter or modify the IP address common to all
interfaces.
Netmask. Enter the appropriate subnet mask.
State. The default value of the interface state is Up, which
denotes that the named interface is operating. Shut down the
named interface by selecting Down.
Broadcast Address. Enter the Broadcast address for the
specified IP interface.
Gateway. Click this tab to enter the gateway address for this IP
interface.
DNS. Click this tab to add additional Domain Naming Servers
(DNS) for this network adapter.
Append these DNS suffixes (in order): Add the name of the
Domain Suffix and use the up and down arrows to set the DNS
suffix search order.
DNS Suffix. You can enter DNS Suffix and specify DNS Suffix
order search also.
WINS. Click this tab to add additional WINS settings for this
network adapter.
You can select one of the three available options; Enable
NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, and
Use NetBIOS setting from the DHCP Server.
Static Routes. Click this tab to enter the router settings
information for this IP interface. All the fields, that is,
Designation, Netmask, Gateway, Interface, Metric, Flag,
Ref, and Use are mandatory.
Ignore
NetWare
settings
Select to disregard all Novell NetWare client settings for this
computer.
Preferred tree Click and enter the name of the NDS tree.
Preferred
server
Click and enter the name of the NetWare server, for example:
\ \ OneSer ver . This is the primary login server for the NetWare
client.
Deployment Solution 410

Operating System Licensing Settings
Enter or view the license information for your Windows operating system software
(Windows 98, 2000, XP, and 2003 Servers).
User Account Settings
Set up local user accounts for the newly imaged computer or when running a
configuration task. Enter a user name, full name, and password, set standard Windows
login options.
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is
installed on each computer in the Deployment Server system. Deployment Agents are
NDS User
name
Click and enter the name of the user object for the NetWare client.
NDS Context Click and enter the organizational unit context for the user.
Run login
scripts
Select this option to run the NetWare client login scripts.
Registered
user
Enter the name of the registered user.
Organization Enter the name of the Organization.
License key Enter the alpha-numeric license key. This is the hash value
rendered from the OEM key or 25-digit license key required when
installing the operating system.
User name The user name for this local Windows user account.
Full name The full name for this local Windows user account.
Password The password for this local Windows user account.
Confirm
Password
Retype the password for confirmation.
Groups Specify the Windows groups that this user can belong to as a
comma-delimited list, for example: Admi ni st r at or s,
Mar ket i ng, Management
User must
change
password at
next logon
Select to force the user to change the password after setting the
configuration properties.
User cannot
change
password.
Prohibit the user from changing their password at any time.
Password
never expires.
Select to maintain the user password.
Deployment Solution 411

provided for various computer types, including Windows, Linux, DOS, and PPC
Handhelds.
The following Deployment Agents reside on the client computer and communicates with
the Deployment Server.
Install Deployment Agent to add a managed computer
When Deployment Agent is installed on a computer, it searches across the network for a
Deployment Server to attach to. When a Deployment Server is located by the
Deployment Agent, the client computer is added as a record to the Deployment
Database.
Automatically update to newer version of Deployment Agent
At times, Altiris may update versions of the Deployment Agent to enhance features. For
best performance, it is suggested that all managed computers run the latest version of
the Deployment Agent. When a new version of the Deployment Agent is saved to the
Deployment Share file server, the managed computers automatically update the
Deployment Agent.
Managing Agent Connections
The following utilities are provided for managing transmissions between the Deployment
Server and Deployment Agents running on the managed client computers.
Deployment Agent on
Windows
The Deployment Agent runs on Windows computers,
including desktops, notebooks, and servers.
Deployment Agent on Linux This Deployment Agent runs on Linux workstations
and server.
Automation Agents The Automation Agents boot client computers when
the Deployment Server sends a deployment job.
Altiris supports DOS, Linux, and WinPE pre-boot
operating systems.
Deployment Agent for CE
.NET
This agent runs on the HP T5000 computer devices
running the CE .NET 4.2 operating system.
Notification Server Client The NS client is an Altiris agent that runs on
computers supported by Notification Server. This
agent runs on the Deployment Server computer
when running Deployment Solution on Notification
Server.
Deployment Server Agent This agent runs on the Deployment Server computer
when running Deployment on Notification Server.

When the Deployment Agent is running on a computer, the user sees a small
icon in the system tray. When the icon is blue, the client computer running
the Deployment Agent is connected to the Deployment Solution system.

When the Deployment Agent icon is clear, it shows that the client computer is
not connected to the Deployment Solution system. The agent may be
configured incorrectly, the Deployment Server is down, or other network
problems exist.
Deployment Solution 412

Reset a Client Connection
Resetting the connection that a managed computer has with the Server simply
disconnects and reconnects the computer. This is useful for troubleshooting or if you
suspect there is a bad connection.
To reset a client connection, right-click a computer and click Advanced > Reset
connection. When the computer disconnects, its icon turns gray. The computer should
reconnect and its icon color returns to its original active status color.
Reject or Retrieve a Rejected Computer
If a computer you do not want to manage connects to your Deployment Server, you can
reject it. This removes the unwanted computer from the Computers pane in the Web
Console. Further attempts by the computer to connect are denied. Although the
computer is not deleted, any history or schedule information associated with the
computer is deleted.
1. Click the computer you want to reject from connecting to the Deployment Server.
2. Select Reject Connection from the Select action drop-down list.
3. Click OK.
View Rejected Computers
You can view the rejected computers by clicking on a Deployment Server, and selecting
View Rejected Computers from the Select action drop-down list.
The rejected computers are prohibited from being active in the Deployment Database.
They are identified and rejected by their MAC address.
You can remove computers from the Rejected Computers list by selecting it, and clicking
Accept Computer(s) icon from the toolbar. This allows the computer to attach again
and be managed by the Deployment Solution system.
Computer Details
View and edit the computer properties and inventory for each managed computer.
See Properties (page 412) and Inventory (page 414).
Properties
The following are the general properties of the selected managed computer.
General (page 413)
Network (page 413)
TCP/IP (page 413)
Location (page 413)
Bay (page 413)
Lights-Out (page 414)
Deployment Solution 413

General
View or change the name of the computer as it appears in the console. View logged in
user name, operating system installed, name of the Deployment Server, whether or not
an automation partition is installed, version of the Deployment Agent, and other client
information.
Network
View Microsoft Networking, Novell Netware settings, and user information for the
selected managed client computer.
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to
eight) for the selected computer. Click Change to open the configuration window
allowing you to modify settings.
Location
View and edit user-specific properties such as contact name, phone number, e-mail
address, department, mail stop, and site name. As the administrator, you can enter this
information manually or you can let the user populate this screen using Prompt User for
Properties.
Bay
View location information and other properties for Rack / Enclosure / Bay components
for high-density and blade servers. Set rules for automatic re-deployment of blade
servers based on physical location changes.
Server Deployment Rules
From the Bay property page, you can select rules to govern actions taken when a new
blade server is detected in a selected bay. These rules are described below:
Rule Action
Re-Deploy
Computer
Restore a blade server using deployment tasks and configuration
settings saved from the previous server blade in the bay. This lets
you replace new blades in the bay and automatically run
deployment tasks from its deployment history.See Restoring a
Computer from its Deployment History on page 88
All deployment tasks in the bay's history are executed starting
from the last Distributing Disk Image task or Scripted OS Install
task, or from any script (in a Run Script task) with this command:
r emdepl oyment st ar t .
Run
Predefined Job
The server processes any specified job. Select a job to run
automatically when a new server is detected in the bay.
Deployment Solution 414

Lights-Out
View information about the remote management hardware installed on the selected
computer (most often a server) used to power up, power down and restart the computer
remotely, or to check server status. You can also enter the password for the remote
management hardware by clicking Password.
Note
This feature is currently only available for selected HP Integrated Lights Out (ILO) and
Remote Insight Lights-Out Edition (RILOE) features.
Inventory
The following are the inventory details of the selected managed computer.
Hardware (page 414)
Drives (page 414)
Applications (page 414)
Services (page 415)
Devices (page 415)
Hardware
View processor make and type, processor count, RAM installed on the computer, display
configuration, manufacturer, model, product name, MAC address of each network
adapter installed, serial number, asset tag, UUID, and whether or not Wake On LAN and
PXE are installed and configured.
Drives
View information about each drive on the computer. If you have multiple drives, you can
select a drive from the list box to view its settings, such as capacity, serial number, file
system, volume label, and number of drives installed.
Applications
View the applications that are installed on the computer, including description,
publisher, version number, product ID, and systems components.
Ignore the
Change
This option lets you move blades to different bays without
automatically running jobs. The server blade placed in the bay is
not identified as a new server and no jobs are initiated. If the
server existed in a previous bay, the history and parameters for
the server are moved or associated with the new bay. If the
server blade is a new server (never before identified), the
established process for managing new computers is executed.
Wait for User
Interaction
(default) No job or tasks are performed (the Deployment Agent on
the server blade is instructed to wait). The icon on the console
changes to reflect that the server is waiting.
Rule Action
Deployment Solution 415

Services
View the services installed on the computer as well a description, start type, and path
for each service.
Devices
View the devices installed on the computer, including display adapters, disk drives,
ports, storage volumes, keyboards, and other system devices.
Remote Operations
After selecting a specific computer device, click the Computer actions drop-down list
and select a remote operation to perform on the selected computer. This menu provides
a variety of commands to remotely manage all computers in your site or network
segment.
Configure Set network and local configuration properties for each
computer, including computer name, IP address, domains,
Active Directory context. See Computer Configuration Properties
(page 406).
Quick Disk
Image
Select a computer and image its hard disk. This creates and
stores the image to distribute now or later. To run a disk image
job you must have have an Automation Partition installed on the
client computer. You can also manually boot a client computer
using bootable media created in Boot Disk Creator, or create a
boot menu option in PXE Server.
When you finish this computer operation, a new job appears in
the Jobs pane of the Deployment console under the System
Jobs > Image Jobs folder. The job name has a generic format
of Cr eat e I mage: <comput er name>.
Copy File to Copy selected files, directories, or entire directory structures
and send them to the selected computer(s). See Copy File
(page 437).
Run command Type and run commands remotely. Send a command from the
Deployment console as if you were entering a command from
the command-line prompt.
History View a history of deployment tasks. Click Save to save the
deployment history to a file or click Delete to delete the history.
Reject Connection To manage unwanted client computers from attaching to the
Deployment Server, use the Reject Connection computer action
to remove the client's MAC address and other information from
the Deployment database. If the client tries to connect to the
server, the MAC address cannot be found and the client-server
connection is rejected. See Reject Client Computer Connections
(page 372).
Deployment Solution 416

Wake Up The Wake Up feature is hardware-dependent and is only
available for inactive computers. Select this command to start a
computer that has been turned off.
Your operating system and network adapter must be capable of
recognizing and processing the wake-on-lan packets. Non-
embedded network adapters must be properly configured.
Restart Click to reboot the selected managed computer. Select Force
Applications to close without a message box to restart
immediately without prompting the user.
Shut down Click to shut down the selected managed computer. Select
Force Applications to close without a message box to shut
down immediately without prompting the user.
Log off Click to log off of the selected managed computer. Select Force
Applications to close without a message box to log off
immediately.
Clear Status Clear computer status as shown in the Status field on the Details
page.
Prompt User for
Properties
Query for computer location and user information. This feature
sends a form to the user to fill out and writes it directly to the
database, appearing in the Location properties for the selected
computer.
If the user changes the computer name, the name in the
Computers pane of the Deployment console also changes.
These settings are stored directly to the Deployment Database.
Install
Automation
Partition
Click Install Automation Partition from the drop-down list,
and select a pre-boot operating system for the automation
partition. You can select DOS, Linux, or Windows as the pre-
boot operating system.
Get Inventory Update property settings for a selected computer. These
inventory settings can be viewed in Computer Details
(page 412). Select it to ensure you have the latest inventory of
the computer.
Apply Regular
License
Apply a permanent license if a client computer is using a time-
limited license or requires an updated license.
Rename Assign the computer or group a new name in the console.
Delete Delete a computer, a computer group, or any combination of
computers and groups from the database.
Change
Production Agent
Settings
Select Change Production Agent Settings to modify the production
agent settings. See Production Agent Settings (page 375).
Change
Automation Agent
Settings
Select Change Automation Agent Settings to modify the automation
agent settings. See Automation Agent Settings (page 379).
Move to Group Click to move the selected computer to a new group.
Deployment Solution 417

Find a Computer in the Database
Enter a search string in the Find field to query database fields for specific
computer properties. You can search for user or computer names, licensing or location
information, or primary lookup keys: MAC address, serial number, asset number, or
UUID. In the Find field type all or part of the computers property values you would like
to search for:
A list of computers meeting the search filter requirements is listed in the Details pane.
This search is not case-sensitive and allows wildcard searches using the *.
Creating a Computer Group Filter
For Computer Filters, this dialog lists all computers in a group according to a specified
criteria. Example: you can create a filter to view all computers in a particular group that
have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter,
you can view all computers with that criteria in the Details pane of the Deployment
Server Console.
To create or modify a computer filter
1. Click any computer group. In the Details pane, you can view Filter by on the
toolbar.
2. Click Add Filter icon from the toolbar to create a new filter.
Name BIOS name of the computer.
Computer
Name
Deployment Solution name of the computer.
MAC Address 0080C6E983E8, for example.
IP Address 192.168.1.1, for example.
ID The computer ID. 5000001, for example.
Serial Number Serial number installed in BIOS. A primary lookup key.
Asset Tag Asset number in BIOS. A primary lookup key.
UUID A primary lookup key.
Registered
User
Name entered when the operating system was installed.
Product Key Product Key for the operating system.
Logged On
User
Name of user currently at the computer.
Physical Bay
Name
The actual bay number: 7x, for example.

Click a computer group in the Computers pane. The Filter feature appears
in the Details pane for the selected computer group. Click Setup to add
new filters, or modify and delete existing computer filters.
Deployment Solution 418

3. Type a name for the filter in the Filter Name box, and click Edit Filter Name.
By default, the filter name is Filter N, where N is a sequentially generated numerical.
4. Click New Filter Item in the Filter Definition area.
5. Define the conditions you want to filter.
Click the Field box to see a list of computer values stored in the Deployment
Database. Select a computer value and set the appropriate operation from the
Filter list. In the Value box enter an appropriate value for the selected database
field.
Example: You might choose Computer Name as the Field, Contains as the Filter,
and Sales as the Value.
6. Repeat steps 4 and 5 to add more conditions. Click OK.
See also Find a Computer in the Database (page 417).
Deployment Solution 419

Scheduling Jobs from the Deployment Web
Console
A job represents a collection of predefined or custom deployment tasks that are
scheduled and executed remotely on selected managed client computers. You can build
jobs with tasks to automatically create and deploy hard disk images, back up and
distribute software or personality settings, add printers, configure computer settings,
and perform all aspects of IT administration. Jobs can be run immediately for a specific
computer, or stored and scheduled for daily or long-term administrative duties on
multiple computer groups.
The Job Scheduling Wizard (page 422) guides you through common deployment and
management jobs. It provides three easy steps to select computers, select a job, and
schedule the job to run.
Jobs include one or more Deployment Tasks (page 423). You build jobs by adding tasks
to a job and customizing the task for your specific needs. You can add tasks to capture
and distribute images, software packages, and personality settings. Or you can write
and run a script task, or run scripted installs, configure settings, copy files and back up
registry settings. You can also modify existing jobs by adding, modifying, or deleting
tasks to fit your needs. See Building New Jobs (page 420).
Set conditions on jobs to run only on computers with properties that match the criteria
you specify. You can build one job to run on different computer types for different
needs, and avoid mistakes by ensuring that the right job runs on the right managed
computer.
Initial Deployment lets you run predefined jobs and configuration tasks on new
computers when they start up. You can automatically deploy new computers by imaging
and configuring TCP/IP, SIDs, and other network settings and installing basic software
packages. See Initial Deployment (page 442).
Sample jobs are installed with Deployment Solution and appear in the Samples folder
of the Jobs pane. You can run many sample jobs as they are, or you can set
environmental variables and run.
Viewing Job Details
As jobs are assigned, scheduled and executed, it is helpful to know specific details about
their status and assignments. The Deployment Console provides job icons to show state
and status of the job in the Details pane, including:

Job icons appear in the Jobs pane of the Deployment Web Console. To run a
job, select a job and select a computer or computer group from the
Computers pane. Select the Schedule Job(s) option from the Select
action drop-down list.
Deployment Solution 420

Job status icons that update to display the state of the job in running deployment
tasks. These icons are graphical symbols in the Deployment console used to identify
the status of an assigned job.
A description of the job, if available.
If a job defines error conditions when individual tasks run, the Status field displays
any errors incurred and the tasks that completed successfully.
View all jobs, failed jobs, pending jobs, jobs not scheduled, scheduled jobs, and
successful jobs from the Details pane.
Job Schedule details. This is the job's run time, beginning when the job started
and ending when it completed successfully.
Currently applied conditions. You can add conditions to different task sets for
different computer properties within a job. Conditions specify characteristics that a
computer must have before the job is run.
A list of tasks assigned to the job and task descriptions also appear. Change the
order of the task execution with the arrows. Tasks are executed in the order they
are listed. See Deployment Tasks (page 423).
Features to add, modify, and delete tasks for each job.
A list of assigned computers and its deployment history.
Building New Jobs
A job can be a single task to distribute software or change computer property settings,
or a job can be a series of tasks sequenced to migrate hard disk images, set post-
installation TCP/IP and SID values, and install software packages and personality
settings.

Indicates that a job is scheduled to run on a computer or computer group.

Indicates that a job is in progress.

In the Details pane, indicates that a job has executed successfully.

Indicates that a job is associated with a computer or group of computers
but is not scheduled.
Indicates error conditions when individual tasks run.
Deployment Solution 421

Create and build jobs by adding tasks and setting conditions to run the job.
1. Click a Deployment Server in the Jobs pane. The job is created in the selected
Deployment Server system and saved to the shared folder in its Deployment Share.
2. Select the New job action from the list in the Jobs pane. The Job Details page
appears.
3. Enter information for the new job:
Job name: Enter a unique name for the job and click the apply icon .
Description. Enter a description for the job and click the apply icon .
4. At Condition sets, select a previously created condition set from the list to run the
job only on managed computers meeting specified criteria.
Click the expand in the Conditions area to create a new condition set.
Note
The Tasks area is not enabled when the Conditions area is expanded.
5. In the Tasks area, click the New icon . A secondary page displays job
information and the condition set.
6. In the Task type field, select from the list of tasks to add to the job. The
configuration page for the selected job appears. Enter the configuration information
for each job and click OK. See Deployment Tasks (page 423).
7. Repeat steps 5 and 6 to add more tasks to the job.
8. From the Job Details page, set the order of Tasks to run in the job.
9. After creating and building a job, click the Job Actions list and select Schedule job
or another option.
Delete Job. Select to eliminate the job.
Schedule Job. Select to schedule the job to run immediately or at another time. If
no computers are selected, the Computers page appears to select a computer or
computer group. The Job Scheduling page appears.
Move Job. Select to move the job to another folder.
10. Schedule the job to run immediately or at another time. If no computers are
selected, the Computers page appears to select a computer or computer group. The
Job Scheduling page appears.
After scheduling a job, the selected computers assigned to the job appears in the
Scheduled computers list box.
Create a new job by selecting the New Job command from the drop-
down list in the Jobs pane. You can add tasks and create condition sets in
the Details pane.
Deployment Solution 422

Job Scheduling Wizard
The Job Scheduling Wizard provides features to assign jobs to selected computers and
computer groups, and schedule to run.
Select Computers
1. Click a Deployment Server group and select individual computers or computer
groups. If you are running Deployment from the Altiris Console, you can select by
defined computer collections in the Altiris Console Collections. See Managing
Computers from the Deployment Web Console (page 398).
2. Click Next.
Select a Job
1. Select a job in the left pane to assign to the selected computers. Select a pre-
defined condition to run the job in the Conditions list.
2. Click Next.
Schedule Job
1. Set scheduling options. See Scheduling Jobs (page 422).
2. Click Close.
Scheduling Jobs
After a job has been created, assign it to computers or computer groups. Click Run
Now or Schedule to schedule the job to run immediately, at a scheduled interval, or
assigned but not scheduled. Job and job folders selected from the Jobs pane of the
Deployment Web Console are scheduled in the order they were selected, even across
multiple Deployment Servers.
Note
When a software package or deployment job is scheduled to run on client computers, e
the Altiris Client Service Message dialog appears, warning them that a job is about to
execute. If a user clicks Abort when the message appears, an event is logged to the
client's history so that Deployment Solution administrators know when users abort a
scheduled event.
To schedule a job
From the Schedule Job page, select the appropriate options:
Assign but do not schedule or run. This option lets you apply jobs to computers but
does not run the job until you return to the Schedule Job dialog and set a run time.
Run immediately. This option lets you run the job now.
Schedule to run at a later time. This option lets you type the date and time to run the
job at a specified time and date. When you select this option, Date and Time fields are
enabled to specify a time and date to repeat.
Deployment Solution 423

Repeat this job every x. A job can be scheduled to execute by minute(s), day(s),
hour(s), week(s).
Defer this job up to x. A job can be deferred when the server is busy executing other
jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to five
minutes.
Schedule in batches of x computers at y minute intervals. This option lets you
schedule computers in batches to maximize efficiency.
Click OK.
Deployment Tasks
A task is a subordinate action of a job. After creating a job, you can add tasks to
perform basic operations, including:
Create Disk Image. Create a disk image from a reference computer and save the
image file (IMG or EXE files) for later distribution. See Creating a Disk Image
(page 424).
Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or
create a disk image from a reference computer on the network and simultaneously
distribute it (IMG or EXE) to other managed computers on the network. See Distributing
Disk Image (page 426).
Distribute Software. Distribute RIPs, MSI files, scripts, personality settings and other
package files to computers or groups. See Distributing Software (page 429).
Capture Personality. Capture the personality settings of a selected computer
on the network using the PC Transplant software. PC Transplant ships as a part
of Deployment Server. See Capturing Personality Settings (page 432).
Distribute Personality Package. Send a Personality Package to computer or
groups. It identifies valid Altiris packages and assign passwords and command-line
switches to Personality Packages. See Distributing Personality Settings (page 433).
Change Configuration. Modify the IP address, computer and user name, domains and
Active Directory organizational units, and other network information and computer
properties. See Modifying Configuration (page 434).
Get Inventory. This lets you gather inventory information from client computers to
ensure that the Deployment database is up-to-date with the latest computer properties
information. See Get Inventory (page 435).
Back up Registry Files. Back up an individual registry file for a selected
computer and save it to a selected directory. See Backing up and Restoring
Registry Files (page 434).
Restore Registry Files. Restore registry settings previously saved for a selected
computer. This lets you recover from a hard disk crash or other disaster. See Backing
up and Restoring Registry Files (page 434).
Run Script. Create custom commands using scripts to perform jobs outside the
bounds of the pre configured tasks. Use the Run Script dialog to select or define a
script file to run on specified computers or groups. See Run Script (page 435).
Copy File to. Copy a file from the Deployment Share or another source computer
to a destination computer. See Copy File (page 437).
Deployment Solution 424

Shutdown/Restart. Perform power control options to restart, shutdown, power off,
and log off. See Power Control (page 438).
Tasks are listed for each job in the task list box. Each task executes according to its
order in the list. You can change the order using the up and down arrow keys.
Creating a Disk Image
When you create an image of a client computers hard disk, it is saved to the
Deployment Share (by default) as an .img or .exe file. Imaging deployment jobs require
that the client computer boot to automation. PXE-enabled client computers can boot to
automation from the PXE Server. Other methods of booting to automation include
installing an embedded or hidden automation partition, or manually booting a computer
using bootable media, created with Boot Disk Creator. See Boot Disk Creator Help, and
PXE Configuration Utility Help.
To create a Disk Image
1. Enter the path and file name to store the image file. You can store image files to
access later when a managed computer is assigned a job that includes the image
file.
The default file name extension is IMG. Saving image files with an EXE extension
makes them self-extracting executable files (it adds the run-time version of
RapiDeploy in the file).
2. Click Local image store if you want to store the image file locally on the client
computer's hard drive. Enter the path relative to the managed computer (example:
c: \ myi mage. i mg). This is optional.
When you store an image locally on a computer instead of a file server, you save
server disk space and reduce network traffic. If you are imaging multiple computers
or image computers frequently, there it is advisable to store images locally.
Prerequisite: Ensure you have an embedded (recommended) or hidden
automation partition installed on the computers hard disk with enough disk space
to save the images you want to store.
Note
When imaging computers where labs are cached, do not use the option to remove
the automation partition unless you want to clear the lab from the computer.
3. Enter an image description (optional) in the Description field to help identify the
image.
4. Select Prepare using Sysprep to use sysprep to prepare system for imaging. Click
Advanced Sysprep Settings. See Advanced Sysprep Settings for Creating a Disk
Image (page 425)
5. Select the operating system from the Operating System drop-down list.
Note
Click Add new to go to the Sysprep Settings dialog and select the OS
Information.
6. Select the product key from the Product Key drop-down list.
Deployment Solution 425

7. Select the required pre-boot environment from the Automation - PXE or
BootWorks environment (DOS/WinPE/Linux) drop-down list to perform the
Create Disk Image task in selected pre-boot environment. By default, the
DOSManaged Boot Option type is selected.
8. (Optional) Click Advanced to select Media Spanning and additional options. See
Create Disk Image Advanced on page 425.
9. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
10. Click OK. The task appears in the Task list for the job.
Tip
If an imaging Job fails on a managed computer, the Deployment agent configuration
screen appears on the client. This screen displays a prompt to confirm if the user wants
to configure the client or restore the original settings. Select Cancel > Restore
Original Settings on the client screen.
See also Deployment Tasks (page 423).
Advanced Sysprep Settings for Creating a Disk
Image
Click Advanced Settings to open the Advanced Sysprep Settings dialog. You can
use the Advanced Sysprep Settings dialog to specify Sysprep mass storage device
support. By default, the Enable mass storage device support using built-in drivers
option is selected.
Disable mass storage device support. When this option is selected, the Sysprep.inf
file contains the section [Sysprep] with the key value pair as
Bui l dMassSt or ageSect i on = No.
Enable mass storage device support using built-in drivers. When this option is
selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as
Bui l dMassSt or ageSect i on = Yes.
Enable mass storage device support using the following: When this option is
selected, the Sysprep.inf file contains the section [SysprepMassStorage] and is
appended by contents of the file mentioned in the Mass storage section file field. You
can also copy the drivers directory mentioned in the Mass storage drivers field.
Create Disk Image Advanced
RDeploy Options
Graphical Mode (RDeploy). Click this option if you want to choose the imaging
executable as RDeploy.
Text Mode (RDeployT). Click this option if you want to choose the imaging executable
as RDeployT. Text Mode or RDeployT is the default choice.
Media Spanning
Maximum file size. The Maximum file size supported is 2 GB. To save an image larger
than 2 GB, Deployment Server automatically breaks it into separate files regardless of
your storage capacity. From the Maximum file size list, select a media type.
Specify ___ MB. If the preferred type is not on the list, enter the file size you want in
the field.
Deployment Solution 426

Additional Options
Do not boot to Windows. Select this option to create an image of the hard disk while
booted to DOS without first booting to Windows to save network settings (TCP/IP
settings, SID, computer name, and so on). If you select this option, these network
settings cannot be reapplied to the computer after the imaging task, resulting in
network conflicts when the computer starts up.
Note
This check box should be selected when imaging Linux computers.
Compression. Compressing an image is a trade-off between size and speed.
Uncompressed images are faster to create, but use more disk space.
Select Optimize for Size to compress the image to the smallest file size. Select
Optimize for Speed to create a larger compressed image file with a faster imaging
time. The default setting is Balanced for Size and Speed.
Command-line switches. You can add command-line switches specifically for the
RapiDeploy program to execute imaging tasks. See the Altiris RapiDeploy Product Guide
located in the Docs folder in the Deployment Share.
Distributing Disk Image
Distribute an image (.img) or executable (.exe) file to managed computers to set down
a previously created hard disk image.
1. Click Select a disk image file to select a stored image file. This lets you set down
a new image file from a previously imaged computer. This is a common method to
distribute an image file.
2. If you want to image a source computer on the network, click Select a computer
on the network. Enter the name and location of the source computer to create an
image and distribute the newly created image file. This is optional.
This option saves an image of a selected computers hard disk in its current state
each time the job executes. You can schedule the job to image a specified computer
every time it runs, allowing the image to be updated each time.
Note
Network mapping must exist on the source computer before imaging. UNC paths are
not supported in DOS.
3. Select Local image store if you saved the image file on the client computers hard
drive. With local image store, the image file is stored on a partition on the computer
being imaged. The server cannot validate the image when a local image store is
used. This is optional.
4. Select Prepare using Sysprep to use sysprep to prepare system for imaging. Click
Advanced Sysprep Settings. See Advanced Sysprep Settings for Distributing a
Disk Image (page 427).
5. Select the operating system from the Operating System drop-down list.
Note
Click Add new to go to the Sysprep Settings dialog and select the OS
Information.
Deployment Solution 427

6. Select the product key from the Product Key drop-down list.
7. Click Automatically perform configuration task after completing this
imaging task to reboot the computer and push down the configuration settings to
the newly imaged computer. This is optional. By default, the DOSManaged Boot
Option type is selected.
8. Select the required pre-boot environment from the Automation - PXE or
BootWorks environment (DOS/WinPE/Linux) drop-down list to perform the
Distribute Disk Image task in selected pre-boot environment. The option reported
by the PXE Manager is the default pre-boot environment option.
9. Click Advanced to resize partitions and set additional options. See Distribute Disk
ImageResizing (page 427) and Distribute Disk ImageAdditional Options
(page 428).
10. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
11. Click OK.
See also Deployment Tasks (page 423).
Advanced Sysprep Settings for Distributing a Disk
Image
Click Advanced Settings to open the Advanced Sysprep Settings dialog. You can
generate the Sysprep.inf file for the Distribute Disk Image task, depending on the
option selected in the Advanced Sysprep Settings dialog.
Use default answer file. When this option is selected, the Deployment Server
generates the Sysprep.inf file depending on the data present in the database.
Use the following answer file. When this option is selected, the Deployment Server
picks up the contents of the file mentioned in the Sysprep answer file textbox and
prepares the Sysprep.inf file.
Distribute Disk ImageResizing
By default, whenever you deploy an image, you have the option to resize the partition to
take advantage of the available disk space. Drive Size gives you information about the
size of the image, so you can determine if you need to change partition sizes. Minimum
indicates the amount of space the image usees on the target computers. Original
indicates the image source disk size.
Fixed Size. Select this option and enter the desired partition size.
Percentage. Select this option and enter the percentage of free space you want the
partition to occupy.
Min. View the minimum size of the partition.
Max. View the maximum size of the partition.
Note
FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it
can be sized smaller than the minimum value). HP partitions remain a fixed size.
Deployment Solution 428

Distribute Disk ImageAdditional Options
This option lets you specify operations for existing automation and OEM disk partitions.
The options are as follows:
Leave the partition as it is
Remove the automation partition
Replace the existing partitions
RDeploy Options:
Graphical Mode (RDeploy). Click this option if you want to choose the imaging
executable as RDeploy.
Text Mode (RDeployT). Click this option if you want to choose the imaging executable
as RDeployT. Text Mode or RDeployT is the default choice.
Automation Partition:
Leave the client's existing Automation partition as it is. If the image file contains no
automation partition information, by default, this option is selected. The Automation
partion remains unchanged when distributing disk images.
Delete the client's Automation partition [-nobw]. Select this option if you want to delete the
existing Automation partition from client computers.
Replace the client's existing Automation partition from the image file [-forcebw]. Select this option
if you want to replace the existing Automation partition on the client computer with the
Automation partition from the image file.
OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition
information, by default, this option is selected. The OEM partion remains unchanged
when distributing disk images.
Delete the client's OEM partition [-nooem]. Select this option if you want to delete the existing
OEM partition from client computers.
Replace the client's existing OEM partition from the image file [-forceoem]. Select this option if
you want to replace the existing OEM partitions on the client computer with the OEM
partition from the image file.
Additional Command-line switches. You can add command-line switches specifically for the
RapiDeploy program that runs imaging tasks. See the Altiris RapiDeploy Product Guide
located in the Docs folder of the Deployment Share.
Note
The checkdisk command-line option should not be used from a Deployment console,
because the post-configuration task fails after an image restore.
See also Deployment Tasks (page 423).
Imaging Computers from USB Disk on Key (DOK)
Devices (JumpDrives)
Deployment Solution supports imaging clients from bootable USB Disk on Key (DOK)
devices.
Deployment Solution 429

To image computers from USB Disk on Key Devices
1. Format the USB DOK using HPs USB Disk Storage Format tool as FAT and make it a
DOS startup disk.
2. In Boot Disk Creator, create a new automation boot disk while creating a new
configuration.
3. Select Bootable disk-Removable disk to install on the USB Disk on Key.
4. Copy HIMEM.SYS to the device.
5. Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment
Server\RDeploy\DOS directory to the device.
6. Copy the <Filename>.img file to the device.
7. Create an Autoexec.bat with the script and command-line option, r depl oyt - md -
f c: \ I MAGE. i mg - d2
Note
The -d2 switch is the most important part of the script, as it specifies the flash drive.
8. Create a Config.sys with the following:
DEVI CE=C: \ HI MEM. SYS
swi t ches = / f
DOS=HI GH, UMB
SHELL=command. com/ p / E: 1024
BUFFERS=20
FI LES=20
STACKS=0, 0
FCBS=1, 0
LASTDRI VE=Z
9. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and
images correctly.
Distributing Software
Send MSI, CAB, EXE, and other package files to selected computers or
computer groups, including EBS, and RPM files for Linux computers. This task
identifies valid Altiris packages and assigns passwords and command-line switches.
1. Enter the name and location of the package to distribute in the Name field.
Note
Information about the package appears in the Title area for valid packages. If no
description appears, the file is not a RIP or a Personality Package.
2. To distribute Software Delivery Packages, click .
Deployment Solution 430

Note
The Import Software Delivery Packages option is enabled only if the Notification
Server is installed on the Deployment server computer.
A dialog appears containing a list of all available Software Delivery packages and
programs.
3. Select the Software Delivery package from the Software Delivery Packages drop-
down list. After you select the package, all available programs for that package are
listed in the Software Delivery Programs drop-down list. Select the required
program from the Software Delivery Programs drop-down list.
4. Select Package distribution options.
Select Run in quiet mode to install the package without user interaction.
Select Apply to all users to run the package for all users with accounts on the
computer. If sending the package to a managed computer with multiple users
and if you only want it installed for certain users with a unique password, clear
the Apply to all users box.
If distributing an install package or other types of packages with associated
support files, you can select Copy all folder files to install all peer files in the
directory.
Select Copy sub folders to distribute peer files in the directory and all files in
associated subdirectories.
Note
Some clients may have software installed on the client computer that, for
protection against harmful software, only allows software programs on a list of
well-known executable to run. Therefore, whenever the system administrator
wanted to install a patch on client computers, he or she would have to update
the well-known-executable list on all the client computers, which could be a lot
of work.
To save the work of updating that list, or of manually renaming distribution
packages, the RenameDistPkg feature was added. Now, the system
administrator may update the well-known-executable list once with a filename
of their choosing. The well-known filename may be entered into the Windows
registry of the Deployment Server computer (the computer running
axengine.exe), as the Value data of a string value named RenameDistPkg
under the HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options
key. If the RenameDistPkg registry entry is set, Deployment Server renames
installation files that are copied to the client computers.
This feature only affects files that are temporarily copied to the client computer
as part of a Distribute Software task. The file that is to be executed only
during the installation, sometimes referred to as the package, is the file that
gets renamed, not the files that actually get installed to various locations on the
target computer.
If the Copy all folder files option is enabled, only the main (installable) file is
renamed.
5. For RIPs, if you set the Package password option when you created the RIP, you
must enter the password for the package to run.
6. Add values to the Command-line switches field, for example:
Deployment Solution 431

- cu: J Doe; TMaya; Domai n\ BLee
Note
The command-line switches are specific to any package you are distributing that
supports command-line options, such as RIPs and Personality Packages. For a
complete list of command-line switches, see the Wise MSI Editor and the Altiris PC
Transplant Pro Product Guide.
7. Click Advanced to specify how files are distributed to the managed computer. You
can copy through Deployment Server, or copy and run directly from the Deployment
Share or from another file server. See Distribute Software-Advanced on page 431.
Click Next.
8. Set Return Codes. See Setting Up Return Codes (page 440). This is optional.
9. Click OK.
Notes
When a RIP or Personality Package is executed through Deployment Server, the quiet
mode command-line switch is applied. This means the user cannot interact with the user
interface on the managed computer.
If the Personality Package is configured to run only if a particular user is logged in and
only if the user has an account on the managed computer, the package runs the next
time that user logs in. If the user does not have an account, the package aborts and
sends an error back to the console via the Deployment Agent. If the package is not run
through Deployment Server, a message appears on the managed computer and the user
is prompted to abort or continue.
Distribute Software-Advanced
Copy files using Deployment Server. Click this option to distribute packages through
Deployment Server to the managed computer, requiring two file copy transactions if the
Deployment Share is on another file server. This option is run for Simple installs and is
the default option.
Copy directly from file source. Click this option to copy packages directly from the
Deployment Share if this data store is located on another server (a custom install). It
copies the file and runs it, avoiding running through Deployment Server and diminishing
processor output.
Run directly from file source. Click this option to run files remotely from the
Deployment Share or another selected file server.
File source logon. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an
issue if both are on the same domain).
Note
Windows 98 computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. We recommend that you use
the Copy files using Deployment Server option for these types of computers or plan
a proper security strategy for direct copying.
Deployment Solution 432

Capturing Personality Settings
The Capture Personality task lets you save personal display and user interface
settings defined in the operating system for each user. You create a
Personality Package that can be saved and distributed when migrating users.
This task runs Altiris PC Transplant from the console to capture and distribute settings.
1. In Personality template file, enter the name of a personality template. A default
personality template is included in the PCT folder of the Deployment Share
(DEFAULT.PBT).
2. In Store package in folder, enter the name of the folder where you want to save
the personality package.
3. In User account and folder login, enter the login credentials for the managed
computer from which the personality settings are to be captured, and the file server
where the Personality Package is to be stored.
4. In Package login, enter a password for the Personality Package. This is a run time
password that is required when the Personality Package runs on the destination
computer.
5. Click Advanced to specify additional features. See Capture Personality-Advanced
(page 432).
6. Set Return Codes. See Setting Up Return Codes (page 440).
7. Click OK.
Notes
To capture a personality on a Windows 98 computer, ensure that all users have Write
access to the Deployment Server share (by default at C: Pr ogr am
Fi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver in a Simple install). Also, ensure
that the User account and folder login boxes are blank. A user must also be logged
on at the client computer to capture the client profiles. An error is returned if you
attempt to capture personality settings on Windows 98 computers that are not
authenticated. We recommend that you don't capture personalities for mixed groups of
Windows 98 and Windows 2000/XP/2003 computers.
Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003
computers to ensure that the appropriate Capture Personality task runs on the
appropriate computers.
Capture Personality-Advanced
Domain users. Select this option to capture personality settings for all domain users on
the computer.
Local users. Select this option to capture personality settings for all local users on the
computer.
Custom. Specify users or groups to capture personality settings. Select the Custom
check box and enter the Users or Groups you want to capture personality settings.
Also, instead of specifying names, you can also select users that have been either
created or last accessed in a specified number of days.
Use condition. Set conditions for personality files that were accessed (a user logged
on) or created (a personality package created) in the past defined days or months.
Deployment Solution 433

Command-line switches. You can add command-line switches specifically for the PC
Transplant program that migrates personality settings. See the Altiris PC Transplant
Guide in the docs folder of the Deployment Share.
Distributing Personality Settings
The Distribute Personality task lets you save personal display and user
interface settings defined in the operating system for each user. You can
distribute Personality Packages to migrate personality settings. This task runs
Altiris PC Transplant from the console to capture and distribute settings.
1. In the Name box, enter the file name and location of the PCT file.
Note
Information about the Personality Package appears in the Title area for valid
Personality Packages (PCT files). If no description appears, the file is not a valid
package.
2. Select Run in quiet mode to install the package without viewing the PC Transplant
screens.
3. Specify the users to associate with the Personality Package.
Click Apply to all users to run the package for all users with accounts on the
specified computer.
If sending the package to a managed computer with multiple users and if you
only want it installed for certain users with a unique password, clear the Apply
to all users box.
Example: to install a Personality Packages for a specific user accounts on a
computer, add values to the Command-line switches field:
- user : J Doe; TMaya; BLee
Note
The command-line switches are specifically for Personality Packages. For a
complete list of command-line switches, see the Altiris PC Transplant Pro
Product Guide.
4. In the Package Password box, type the password set for the PCT file when
created.
5. Enter command-line parameters in the Command-line switches field.
6. Click Advanced to specify how Personality Packages are copied to the managed
computer. You can copy through Deployment Server, or copy and run directly from
the Deployment Share, or from another file server. See Distribute Personality
Advanced (page 434).
7. Set Return Codes. See Setting Up Return Codes (page 440).
8. Click OK.
For more information about capturing a computer's personality settings, see the Altiris
PC Transplant Pro Product Guide.
Deployment Solution 434

Distribute Personality Advanced
Copy files using Deployment Server. Click this option to distribute software
packages through Deployment Server to the managed computer, requiring two file copy
transactions if the Deployment Share is on another file server. Use this option for Simple
installs to take advantage of security rights defined by Deployment Server. This is the
default option.
Copy directly from file source. Click this option to copy packages directly from the
Deployment Share, sending only one copy across the network. It copies the file and runs
it and avoids running through Deployment Server and diminishing processor output.
Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to
have a mapped drive to the data source, you need to identify a user name and password
for the data share computer from the target computer. This option also requires a full
UNC path name in the Source Path field in the Copy File dialog.
Run directly from file source. Click this option to run files remotely from the
Deployment Share or another selected file server.
File source logon. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an
issue if both are on the same domain).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property
settings using the Modify Configuration task. The Deployment Agent updates the
property settings and restart the computer for changes to take effect.
1. Enter or edit the property settings in the Modify Configuration page. Click a tab to
set additional values for each property setting group. See Computer Configuration
Properties (page 406).
2. Select the Reboot after Configuration check box to restart client computer after
the configuration changes are complete. By Default, the Reboot after
configuration check box is selected.
3. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
4. Click OK.
Backing up and Restoring Registry Files
Copy registry files of selected computers using the Back up Registry task and save the
registry file settings to a selected directory. You can also create a Restore Registry
task to copy the registry settings to a managed computer.
1. In the Folder field, enter the directory path to back up or restore registry files. The
default is to create a RegFiles folder in the Deployment Share. All computers with
registry files in this folder appear in a list.
2. Select the required pre-boot environment from the Automation - PXE or
BootWorks environment (DOS/WinPE/Linux) drop-down list to perform the
Backup and Restore task in selected pre-boot environment. The option reported by
the PXE Manager is the default pre-boot environment option. By default the DOS
Managed boot menu option type is selected.
3. Click Advanced if Windows was installed on client computers in a directory other
than the default path. Enter the correct path to the root of the Windows directory.
Deployment Solution 435

4. Select Include registry information for all users to back up registry keys for all
user accounts.
Note
If you clear this check box, only the Administrator and Guest user accounts are
backed up or restored.
5. Set Return Codes. See Setting Up Return Codes (page 440).
6. Click OK.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This
ensures that the Deployment database is up-to-date with the latest computer properties
information. The status of the task shows Received Inventory and Received
Inventory in the Scheduled Details pane below the task list on the Jobs page.
1. Click one of the jobs in the Jobs pane
2. Click the New Task icon, and select Get Inventory from the Task type drop-down
list.
3. Click OK.
Run Script
Select an existing script or write a new script file to run on selected managed client
computers.
1. If you have a script file defined, click Run script from file and browse from the
folder icon to select the file. You can now modify the script in the edit box.
2. To create a new script, click Run this script. Type the script in the provided text
box.
3. Click Import to import the scripts from a text file.
4. In the Choose the script operating system area, select Windows, DOS, or
Linux as the operating system for running the specified script.
5. Click Advanced to provide the advanced details. See Advanced Run Script Options
(page 436).
6. Set Return Codes. See Setting Up Return Codes (page 440).
7. Click OK.
Notes
When a computer is in Automation mode using the DOS Automation Agent, it does not
see DOS partitions. To run a script from Automation, use FIRM (File-system
Independent Resource Manager) commands. FIRM can only copy files and delete files; it
cannot run code on a drive.
Deployment Server assumes a return code of zero (0) as a successful script execution.
Some programs return a code of one (1) to denote a successful script execution. If a
program returns a one (1), you see an error message at the Deployment console even
though the script ran correctly. To modify the return codes, you can edit the script file to
return a code that the console interprets correctly.
Deployment Solution 436

Advanced Run Script Options
Select advanced options for running the script such as location of the script and running
environment.
Script Run Location
On the client computer. The option runs the script on the managed computer to which
you assign the job.
Locally on the Deployment Server. This option runs a server-side script on the
Deployment Server of the managed computer. In most cases you can create a server-
side script task that runs in context with other tasks. Example: you can add a task to
image a computer and add a task to execute a server-side script to post the imaging
return codes to a log file stored on the Deployment Server computer.
Use the -id switch for running scripts on Deployment Server when using the WLogEvent
and LogEvent utilities.
Note
Scripts requiring user intervention do not execute using this feature. The script runs on
the Deployment Server of the managed computer, but is not visible. Example: if you run
a DOS command locally on the Deployment Server, the Command Prompt window does
not open on the Deployment Server computer when the script executes.
When running the script on the Deployment Server, it executes specifically for the
assigned managed computer. Example: if you create a job with a script to run locally on
the Deployment Server and assign the job to 500 computers, the script runs on the
Deployment Server 500 times.
Client Run Environment
Select the environment for your client. You can run in either production or automation
mode.
Production - Client-installed OS (Windows/Linux). Click this option to run the
script in a Windows or Linux production environment.
Security Context - (Windows only)
Default (local system account). Use Windows authentication to authorize a
users account name and domain information to manage client computer.s
Enter user name and password. Enter a name and valid password for the user to
manage client computers.
Script options (Windows/Linux)
Script Window. This determines how you want the Script Window to appear when
the script runs. Select Minimized, Normal, Maximized, or Hidden from the drop-
down list.
Additional command-line switches. Enter any commands you want to execute
when the script runs in Windows or Linux.
Automation - PXE or Bootworks environment (DOS/WinPE/Linux). Click to run
the script in the automation environment. Select a pre-boot automation environment
from the drop-down list.
If you select Linux as the operating system type, the Locally on the Deployment
Server option is disabled and only the Additional command-line switches under the
Production Client installed OS(Windows/Linux) is enabled.
Deployment Solution 437

If you select DOS as the operating system type, the Locally on the Deployment
Server option and the Production - Client-installed OS (Windows/Linux) option is
disabled.
Example Script
The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful
completion. Here is an example of the file that is modified to return a code of 0 (which is
the success code recognized by the Altiris Console and utilities). You can make similar
changes to your script files as needed.
CONVERT / FS: NTFS
i f ERRORLEVEL 1 got o success
got o f ai l ur e
: success
set ERRORLEVEL = 0
got o end
: f ai l ur e
echo Fai l ed
set ERRORLEVEL = 1
got o end
: end
Copy File
Copy all types of files to managed computers. You can send selected files or
directories to a computer or computer group.
1. Click either the Copy file or Copy folder option. Click Copy sub folders to copy all
subdirectories.
2. Enter the directory path and name of the file or directory. The Source path defaults
to the Deployment Share, but you can type or browse to another file or directory.
To copy files or directories through Deployment Server from the Deployment Share,
you can enter a relative path in this field. To copy files or directories directly from
the Deployment Share to the managed computer, you must enter the full UNC path
name (see Copy File Advanced on page 438 features).
Note
When entering the source path for copying files through the Deployment Server,
you can only access the shared directories through an established user account.
Specifically, you can only use UNC paths when you have sufficient authentication
rights established.
3. Type the destination path. The Destination field automatically enters a sample
path, but you can enter the directory path you require. If the destination path does
not exist on the destination computer it is created.
4. Click Advanced to specify additional features to copy files through Deployment
Server or directly from a file server. See Copy File Advanced (page 438).
Deployment Solution 438

5. Set Return Codes. See Setting Up Return Codes (page 440).
6. Click OK.
Using Location Variables
Location variables are being added to Deployment Server for the Copy Files feature,
allowing you to enter a token variable rather than requiring a complete location path
when copying files to a managed computer (a client computer running the Deployment
Agent). The current variables include:
Temp. Enter Temp in the Destination path to set the Temp directory (identified in the
system path) for the managed computer. Example: instead of entering
C: \ wi ndows\ t emp\ set up. exe in the Destination path, just enter temp:setup.exe.
Copy File Advanced
Select options to copy files directly from the Deployment Share. This option is for files
stored on another network server in a distributed Deployment Server installation.
Copy files using Deployment Server. This option distributes software packages
through Deployment Server to the managed computer, requiring two file copy
transactions if the Deployment Share is on another file server. Use this option for Simple
installs to take advantage of security rights defined by Deployment Server. You can use
a relative path name entered in the Source Path box in the Copy Files dialog. This is
the default option.
Copy directly from file source. Click this option to copy packages directly from the
Deployment Share, sending only one copy across the network. It copies the file directly
to avoid running through Deployment Server and diminishing processor output. Because
the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a
mapped drive to the data source, you need to identify a user name and password for the
data share computer from the target computer. This option also requires a full UNC path
name in the Source Path field in the Copy File dialog.
File source logon. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an
issue if both are on the same domain).
Note
Windows 98 computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. We recommend that you use
the Copy files using Deployment Server option for these types of computers or plan
a proper security strategy for direct copying.
Power Control
Start the computer using Wake-on-LAN or run standard power control options to restart
the computer, shut down, or log off the current user.
1. Select a power control option:
Restart, Shut down (if available), Log off, or Wake up (send Wake-On-LAN).
2. Select the Force applications to close without prompting check box to force
applications to close without saving unsaved data,.
Deployment Solution 439

If you use this option, any unsaved data in open applications is lost. If you do not
use this option, open applications with unsaved data do not close until the user
chooses to save or not save the data. As a result, the managed computer cannot
complete the selected power option until the user makes a selection.
3. Click OK.
4. (Optional) Set Return Codes. See Setting Up Return Codes (page 440).
Copy Jobs and Job Folders
Jobs or job folders (including their subfolders) can be copied to any other job folder in
the treeview of the Jobs pane of the Web Console. A Job folder can only be copied to a
root level folder, which has a limit of 30 subfolders, and cannot be copied to a child level
folder.
If you copy a job or folder with the same name as the destination job or folder, the
copied job or folder is automatically named Copy of <job or folder name>. This feature
can only be performed by administrators or users who have been granted permissions to
create jobs, or job folders.
To copy jobs and job folders
1. In the Jobs pane, click a job or job folder.
2. Click the Job Actions drop-down list, and select Copy job/folder.
3. In the Select a folder dialog, select a destination job folder, and click OK.
Importing and Exporting Jobs
If you have several Deployment Servers in your environment, this feature lets you
Import (restore) and Export (back up) job folders, so you can move data from one
Deployment Server to another. Administrators and users, who have been granted
privileges, do not have to go to the Deployment Console to perform these functions.
To import jobs
1. From the Deployment Web Console, click a job or job folder in the Jobs pane.
2. Click the Job Actions drop-down list, and select Backup/Restore job. The
Backup Job Restore Job dialog appears.
3. By default the Backup Job(s) option is selected. Click the Restore Job(s) option.
4. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the
File name field, or browse to the file you want to import. The file must be a valid
.bin file or have been created with a current version of the database schema.
5. By default the job or job folder name you selected in the Jobs pane appears in the
Restoring to selected folder field. If you did not specify a job or job folder, the
Deployment Server imports the file at the root level in the Jobs pane.
6. Select the Overwrite existing Jobs and Folders with the same name check box
to replace jobs and folders with the imported data.
7. Select the Delete existing Jobs in folder check box to delete all the jobs in the
folder you selected. The folder is populated with the jobs from the imported file. If
you did not specify a specific job folder to import (restore), this option is disabled.
Deployment Solution 440

8. Click OK. The import file restores the jobs on the Deployment Server.
To export jobs
1. From the Deployment Web Console, click on a job or job folder in the Jobs pane.
2. Click the Job Actions drop-down arrow and select Backup/Restore job. The
Backup Job Restore Job dialog appears. By default the Backup job(s) option is
selected.
3. On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the
File name field, or browse to a directory where you want to save the exported file.
If you do not enter a file extension, the file is saved with a .bin file extension. Click
Save.
4. Click Browse associated with the Select job(s)/folder(s) to backup option.
5. Select a job or folder in the dialog, and click OK.
6. Click OK. The jobs or folders on the Deployment Server back up to the file name
you specified.
Setting Up Return Codes
When you create a task in a job, you can define a response to specific return codes
generated from that task after it runs. You can determine the response if the task runs
successfully or if the task fails. You can also set up custom return codes generated from
scripts or batch files that are unique to your environment or deployment system.
Note
Return code handling cannot be set up for jobs created in the Job Scheduling Wizard.
When creating a task, the Return Codes dialog appears to let you set a response if the
task was successful or to determine a default response if the task failed. Because
Deployment Server returns a 0 (zero) if the task runs successfully, any other return
code value denotes some type of failure in running the task. As a result, in the Success
box you can select an action if the return code is 0 (zero), or select an action in the
Default box if the return code is not a 0 (zero).
Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task
returns as successful, it runs the action in the Success box. If it is not successful, it
determines if the return code has been assigned a custom code value. If the return code
is defined as a custom code, the selected action for that custom code is executed. If no
custom code is assigned to the return code, the action set in the Default list is
executed.
Note
If using LogEvent and WLogEvent in Scripts, you can only generate return codes when
the level 3 message is specified. Specifying a severity level 3 causes the script job to fail
and lets you respond using this return code feature.
Return Code Actions
For both successful tasks (in the Success list) and failing tasks (in the Default list), you
can determine these specific actions:
Stop. This action stops the job after the task runs. Subsequent tasks do not run.
Deployment Solution 441

Continue. This action continues with subsequent tasks in the job after the task runs.
Select a job. This action lets you select existing jobs to run after the task.
These actions also apply to custom return codes designed specifically for your system.
Custom Return Codes
In the Specific return codes area, you can view custom return codes set specifically
for your system. Type a custom code in the Code box and select a response action in
the Response list. Specify the interpretation of this return code as Success or Failure
from the Result list, and give appropriate message in the Status field, if required.
These custom codes can respond to any return codes set up in scripts or batch files in
the Run Scripts task, or these custom codes can respond to system return codes thrown
from Deployment Server or external codes generated when distributing applications,
personality settings, or disk images. Any task can have custom codes that respond to
different return code values.
New. This lets you add a new custom return code for the task. You can also choose
to add the return code to the Master Return Codes list.
Add Existing Return Codes. This is a list of all the return codes existing in the
Deployment database. You can add, modify, and delete the codes and their values so
that setting codes for other tasks is easier.
Delete. This lets you delete return codes listed in the Other return codes area, but
not from the Master Return Codes list.
Modify. This lets you modify the return codes listed in the Other return codes area.
The changes you make do not update the Master Return Codes list.
To set up return codes
To set up return codes, you need to determine how to respond to the Deployment
Server success return code (zero) in the Success box, how to respond to a failure
return code (a non-zero) in the Default box, and how to respond to a custom or
externally generated return code defined in the Specific return codes section.
The example below describes how to set up a simple process to deal with custom and
system return codes:
1. In the Success list, keep the default value Continue. This allows the job to
continue running additional tasks in the job after successfully completing this task.
2. Select Select a job from the Default list to select a job to be executed when a
default condition is reached. The Select a Job dialog opens, allowing you to select
an existing job that runs if the task returns a failed system return code (non-zero)
or a return code not defined as a custom return code.
3. Click New to add custom return codes.
4. In the Code box, enter a value of 10 (ten).
5. Click the Response drop-down arrow, and select Continue from the list.
6. Click the Result drop-down arrow, and select Success from the list. Even if the
return code was not zero, which is success by default, the task is considered a
success as per users choice.
Deployment Solution 442

7. Enter a description for the return code in the Status field. This message appears
when the task within a selected job, executes.
8. Select the Add to master return code list check box to add the custom code to
the master return code list. The code is listed in both, the Other return code and
Master Return Codes list. This is helpful if you want to use the return code again.
9. Click Apply.
Note
The status of the tasks executed in a job appears in the history of a computer.
Initial Deployment
Initial Deployment is a default job designed to aid in the process of setting up computers
that do not yet exist in the Deployment Database. Initial Deployment lets you define
how computers are initially set up after being identified by the Deployment Server.
You can define various computer configuration sets and deployment jobs to present to
the user during startup, allowing the user to select the computer settings and hard disk
images, software, and personality settings for their specific needs and environment.
New computers appear in the New Computers group in the Computers pane of the
Deployment Web Console.
Notes
Initial Deployment is ideal for small-scale deployments (1 to 10 computers). This feature
is not recommended for large deployments (10 to 100 computers) or mass deployments
(100 to 5,000) where you would use virtual computers, customized jobs, and the
computer import feature.
Although Initial Deployment is most commonly used on computers that support PXE,
you can also configure a boot disk to run Initial Deployment. In this case, the image
deployed must include automation pre-boot environment so that post imaging tasks can
run successfully. Installing an Automation Partition on the client computers hard disk
ensures that future imaging deployment jobs run.
Note
To completely deploy and configure a computer using Initial Deployment, you must
define at least one Configuration and one Job.
Initial Deployment consists of three dialogs with separate features to deploy new
computers:
Configurations
Jobs
Options

To access Initial Deployment, select a Deployment Server group in the
Jobs pane and select Initial Deployment from the Details pane. The
Initial Deployment page appears with three tabs: Configurations, Jobs,
Options.
Deployment Solution 443

Configurations
Click the Configurations tab in Initial Deployment to configure different sets of
computer properties. Each configuration set is presented to the user in a menu. The user
can select the configuration set designed for their environment. Compare the
Configuration tab with the Jobs tab.
Note
If you do not create any configuration sets, the deployment process automatically sets
TCP/IP information to use DHCP and names the computer to match the computers asset
tag, serial number or MAC address (in that order, depending on what is available).
1. Click a Deployment Server in the Jobs pane. Double-click Initial Deployment.
2. Click the Configurations tab.
3. Click the Add icon . Enter values to set computer and network properties for
new computers. See Modifying Configuration (page 434) for a list of property
categories.
4. Name the configuration in the Configuration set name field. You can provide a
descriptive name that identifies the configuration set for the user.
5. Click the Add icon again to configure another set of property settings. You can
add multiple configuration sets for the user to select from a menu after connecting
to Deployment Server. Add as many different configuration sets as required.
6. After setting properties, click Apply.
7. Click Default menu item to select the configuration set you want to be the default.
8. Click Timeout after ___ seconds and proceed so that the default job runs
automatically after a specified amount of time.
9. Click OK, or click the Jobs tab to define a task.
Jobs
Click the Jobs tab in Initial Deployment to add existing jobs or create new jobs to run on
the new computer. The jobs you add or build using this dialog are listed in a menu and
presented to the user during startup. The user can choose the deployment jobs to image
the computer and install applications and personality settings. Compare the Jobs tab
with the Configurations tab. Conditions on jobs are limited to the data that can be
accessed at the DOS level (example: serial number, manufacturing number, NIC
information, manufacturing name).
1. Double-click Initial Deployment in the Jobs pane drop list. The Initial Deployment
page appears.
2. Click the Jobs tab.
3. Click the Add icon .
4. Click New to build a new job. See Building New Jobs (page 420).
5. Click Default menu choice to select the job as a default.
Deployment Solution 444

6. Select Timeout after ___ seconds and proceed and type the number of seconds
to wait before the computer automatically starts the default job. The default setting
is 300 seconds.
7. Click OK, or click the Options tab to stop either servers or workstations from
running configuration task sets and jobs automatically.
See also Initial Deployment (page 442).
Options
Click the Options tab to set options to stop Initial Deployment from running the default
configuration task sets and jobs automatically. This avoids accidental re-imaging or
overwriting of data and applications for either workstations (desktop, laptop, handheld
computers) or servers (Web and network servers identified by Deployment Server).
When a computer not yet known to the Deployment Database is first detected, it is
placed in the New Computers group and run an Initial Deployment configuration set and
job. However, in many cases you do not want Web or network servers to be
automatically re-imaged without confirmation from IT personnel.
Servers. Stop servers from automatically running Initial Deployment configuration jobs.
Servers are identified as those managed computers running multiple processors or
identified as a specific server model from specific manufacturers. Example: both a HP
Proliant and a Dell computer with multiple processors are identified as a server.
(Identifying a computer as a server by operating system cannot be accomplished for
new computers until the server operating system has been installed.)
Select Workstations to force desktop, laptop, and handheld computers to stop before
automatically running Initial Deployment.
Select Process as each agent becomes active if you want to run the job as soon as
the computer connects to the Deployment Server. Use this option for imaging 1 to 5 new
computers.
Select Process in batch mode if you want to run the job once a certain number of
computers are connected to the Deployment Server. Enter the minimum number of
agents in Minimum agents field. You can set a timeout deadline so that the job does
not run if the number of computers you specify fail to connect during a certain amount
time. Multicast technology sends the image over the network once, and all computers
listen for and accept the image, reducing network traffic and increasing speed. Enter
the timeout in Timeout field.
Select Hold all agents until this time if you want to process the job on all computers
at a particular time of day. All clients are held before the task sets. The message states:
Deployment server has instructed Automation to wait.
Deployment Solution 445

Part VIII
Technical Reference
This section technical information for command-line switches, return code values and
other detailed information for Deployment Solution components.
Deployment Solution 446

Appendix A
Command-Line Switches
This section provides detailed information about command-line switches for specific
executables within Deployment Solution.
Job Utilities
The Job Utility applications allow you to import, export, create and schedule jobs
from the command line. Each action is performed from separate binaries installed in the
Deployment Share file directory.
axExport.exe Exports jobs from Deployment Server. See Job Export Utility
(page 446).
axImport.exe Imports jobs in to Deployment Server. See Job Import Utility
(page 447).
axEvent.exe Creates jobs in Deployment Server. See Create Job Utility (page 448).
axSched.exe Schedules jobs in Deployment Server. See Schedule Job Utility
(page 450).
axComp.exe Imports computers to the Deployment Server from a DOS mode.
Axcomp allows you to import .csv and .txt files that are in a comma separated format.
ImportComputers55.txt in the Samples folder off of the eXpress share is an example of
the format needed. There are various command-line options available depending on
whether the user is in a Trusted or Non-Trusted account environment. See Import
Computer Utility (page 451).
Each utility connects to the Deployment Server Database to perform specific operations.
As a result, the appropriate ODBC and security rights are required. Each job utility
supports the /o /d /u /p switches.
The /o option (ODBC datasource) allows connectivity to the Deployment Server SQL
database using a different DSN. By default the standard Deployment Database DSN is
used. This is helpful when connecting to a second system from a common machine.
The /d /u /p options can be used if no DSN is set up for a particular server. However, the
SQL driver must be installed for any of these utilities to work. Each utility has the / ?
switch to show the version of the utility and all command-line options.
Job Export Utility
This utility can be used to export jobs from the Deployment Database. It can be helpful
in copying jobs from one Deployment system to another, backing up jobs, creating
standard jobs during multiple installations, and other actions.
Syntax: axExport <filename> (options)
Deployment Solution 447
Command-Line Switches

Options
Example 1: Export all jobs to a binary backup file.
axExport /s /i backup.dat
Example 2: Make a backup copy of a single job.
axExport /e "Deploy Office 2000" backup2.dat
Example 3: Export all jobs in the Projects folder.
axExport /f Projects projects.dat
Example 4: Export a job to a binary backup file without supplying the SQL server
and instance.
axExport Backup.dat /e "Image Job"
Example 5: Export a job to a binary backup file with the database server name.
axExport Backup.dat /e "Image Job" /d DatabaseServerName /db DatabaseName /u
DatabaseUserName /p DatabaseUserPassword
Job Import Utility
Syntax: axImport <filename> (options)
Options

/f <folder-name> Job folder to be exported
/e <job-name> Job to be exported
/s Process all subfolders also
/i Include the Initial Deployment Job
/y Suppress confirmation prompts
/dsn <odbc-dsn-name> ODBC data source name
/d <db-server> Database server name
/u <db-user> Database user name
/db <db-databaseName> Database name
/p <db-password> Database user password
/lu <login-user> Deployment Server login user name
/lp <login-password> Deployment Server login password
/f <folder-name> Job folder to be imported
/r Delete current contents of this folder
/n Don't notify consoles of the changes
/o Overwrite jobs that have the same
name and parent folder
/y Suppress confirmation prompts
/dsn <odbc-dsn-name> ODBC data source name
Deployment Solution 448
Command-Line Switches

Note
When new jobs are created in a console, by default, Deployment Server will notify all
other consoles that changes have been made so they can refresh and show the newly
imported jobs. If several batches of jobs are imported, the '/n' option should be used
until the last batch to reduce the amount of refreshes performed.
Example 1: Restore all jobs from a binary backup file.
axImport /r backup.dat
Example 2: Restore jobs from a backup file into pre-created folder (named Test
Jobs).
axImport /f "Test Jobs" backup.dat
Create Job Utility
Syntax: axEvent <job-name> (options) <task-type> (parameters)
/d <db-server> Database server name
/u <db-user> Database user name
/db <db-databaseName> Database name
/p <db-password> Database user password
/lu <login-user> Deployment Server login user name
/lp <login-password> Deployment Server login password
Deployment Solution 449
Command-Line Switches

Tasks
Options
Note
To use the Run Script option (/trs), a script must be created in a file first. If you want the
script to be embedded, include the /i option. Otherwise, the task will link to the script
filename.
Example 1: Create a Job that makes an image of a computer named "Oscar" and run it
immediately.
/tci <filename> Create disk image
/tdi <filename> Distribute disk image
/tds <filename> Distribute software
/tbr <path> Backup registry files
/trr <path> Restore registry files
/trs <path> Run Script
/tcf <source> <dest> Copy file
/tgi Get Inventory
/tre Restart
/tsd Shutdown
/tlo Logoff
/a Add task to existing job
/r Replace all tasks within this job
/x <parameters> Command-line parameters for task
/f <folder-name> Job folder to be created in
/i Import script into task definition
/w Run the script from Windows
/lnx Run the script in Linux
/n Don't notify consoles of the changes
/nc Dont do post image config
/de Add Description to task
/y Suppress confirmation prompts
/dsn <odbc-dsn-name> ODBC data source name
/d <db-server> Database server name
/u <db-user> Database user name
/db <db-databaseName> Database name
/p <db-password> Database user password
/lu <login-user> Deployment Server login user name
/lp <login-password> Deployment Server login password
Deployment Solution 450
Command-Line Switches

axEvent CreateOscar /tci .\Images\oscar.img
axSched oscar CreateOscar /t "2000-12-31 08:00"
Example 2: Shutdown Oscar's computer right now.
axEvent Shutdown /tsd
axSched oscar Shutdown /t "2000-12-31 08:00"
Example 3: Run a Windows program on all computers right now. (Calc.exe is the only
line in script.txt.)
axEvent /w /i RunCalc /trs script.txt
axSched oscar RunCalc /t "2000-12-31 08:00"
Example 4: Create a Job (named Win2000 and Off2000) that reimages a computer with
Windows 2000 and deploys an Office 2000 Rapid Install Package.
axEvent "Win2000 and Office 2000" /tdi .\Images\w2000.img
axEvent "Win2000 and Office 2000" /a /tds .\RIPs\off2000.exe
To migrate Oscar to Windows 2000:
axSched Oscar "Win2000 and Off2000" /t "2000-12-31 08:00"
Schedule Job Utility
Syntax: axSched <computer/group> <job-name> (options)
OR
axSched /q <filename> (options)
Options
Note
The format for <time> is yyyy-mm-dd hh:mm. If the date is omitted, the current date
is assumed.
/t <yyyy-mm-dd hh:mm> Time to schedule
/n Don't notify servers of the changes
/f <folder-name> Schedule the job-name found in this
folder
/q <filename> File used for exporting jobs
/y Suppress confirmation prompts
/dsn <odbc-dsn-name> ODBC data source name
/d <db-server> Database server name
/u <db-user> Database user name
/db <db-databaseName> Database name
/p <db-password> Database user password
/lu <login-user> Deployment Server login user name
/lp <login-password> Deployment Server login password
Deployment Solution 451
Command-Line Switches

If the /t switch is not used, the job is assigned to the computer but not scheduled. As a
result, it will not execute.
If you would like the job to run immediately, choose a date in the past.
If you have a group or computer name which include spaces, put the name in quotes.
All Computers can now be used as a group option.
Example 1: Schedule a job called Office2000 to run on Oscars computer at midnight on
12-31-2002.
axSched Oscars Office2000 /t "2000-12-31 00:00"
Example 2: Schedule a job called Office2000 to run on the Accounting Group
computers tonight at 10PM.
axSched Accounting Office2000 /t "2001-2-15 22:00"
Example 3: Schedule a job called ShutDown to run on all computers at tonight at 10
PM.
axSched "All Computers" ShutDown /t "2001-2-15 22:00"
Import Computer Utility
Syntax: axcomp <import-file> <options>
Options

Example 1: Import a computer using trusted account
axcomp <filename> /u <db-user> /p <db-password> /lu <login-user> /lp <login-
password>
Example 2: Import a computer using non-trusted account.
axcomp <filename> /u <db-user> /p <db-password>
axengine.exe
The Al t i r i s eXpr ess Ser ver (axengi ne. exe) is the Deployment Server
component of the Deployment Solution infrastructure. Command-line start parameters
/n Don't notify consoles of the changes
/y Suppress confirmation prompts
/dsn <odbc-dsn-name> ODBC data source name
/d <db-server> Database server name
/u <db-user> Database user name
/db <db-databaseName> Database name
/p <db-password> Database user password
/lu <login-user> Deployment Server login user name
/lp <login-password> Deployment Server login password
Deployment Solution 452
Command-Line Switches

for this service are set in the registry setting rather than in the Start Parameters
property of the service.
If you want to add start parameters after the install, you can modify the registry
settings. The registry key is LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Altiris
Express Server.
Deployment Agent for Windows
The following sections identify command-line and input parameters for Acl i ent . exe,
the executable file for the Deployment Agent for Windows.
Aclient.exe Command-line Switches
The Acl i ent . exe executable installs and runs on client computers, enabling them to
be managed by a Deployment Server. It enables clients to receive work from the
Deployment Server, and it reports client status to the Server.
The program is normally installed and configured remotely using the Client Install
wizard, or the program is run at the client computer. However, you can use the
command-line options to run it from a script file if you want to. (If you use a script file,
see the following section on acl i ent . i np for information on using an import file to
specify install switches for the Deployment Agent.)
You can use either a forward slash (/) or a dash (-) with the command-line options.
Commands are not case sensitive.
Switch Details
-ver Function: Shows the version of aclient.exe running on the computer.
-install Function: Installs the client.
Option: -silent allows install to complete without sending output to the
client.
Example: To install aclient.exe from the Deployment Server directory
without sending messages to the client, type
Depl oyment Ser ver / acl i ent / i nst al l / si l ent
-remove Function: Removes (uninstalls) aclient.exe from a computer.
Option: -silent removes the Deployment Agent for Windows without
sending output to the client.
Example: To remove Deployment Agent for Windows, type
acl i ent - r emove
-start Function: Manually starts aclient.exe on a computer.
Option: -silent starts the aclient.exe without sending output to the client.
-stop Function: Manually turns off Deployment Agent for Windows on a
computer.
Option: -silent turns off Deployment Agent for Windows without sending
output to the client.
Deployment Solution 453
Command-Line Switches

Aclient.inp Parameters
You can use this input file to set installation parameters for acl i ent . exe, so you can
install the client program from a script file. The file is copied to the Deployment Server
program directory when you install the product. Command-line parameters are included
in the file, but are marked with a REM statement.
To use the input file, open it and remove the REM commands from the parameters you
want to use. When you have the file set up the way you want it, you can run it by
entering the file name as the first parameter after the acl i ent command.You can also
put the same line in a script file if you want to run it from a file. Type
acl i ent acl i ent . i np
The input file name (acl i ent . i np) and InstallDir parameters are required; all
others are optional. Parameters are case sensitive.
Note
Many parameters will work after setting other parameters first. Example: you can only
use ServerName after the multicast parameters, MCastAddr and MCastPort, are set.
Parameters Details
ForceReboot Function: Specifies how the system should be shut down and
rebooted. Applications are forced closed and the system shuts down
even if programs hang. (User data could be lost.)
Example: To force clients to reboot when a reboot task is assigned,
type
For ceReboot =Yes
The default is No.
HardTimeout Function: Specifies the length of time (in seconds) that aclient.exe
will maintain an idle connection with the Deployment Server. After
the time limit is exceeded, the client will disconnect and establish a
new connection with the Server.
Example: To establish a new connection with the Deployment
Server whenever the connection is idle for 900 seconds, type
Har dTi meout =900
InstallDir
(required)
Function: Specifies the full path name to the directory where
aclient.exe will be installed. The default location is
c: \ al t i r i s\ acl i ent .
Example: To change the default location, replace it with a new
path. Type
I nst al l Di r =c: \ pr ogr ams\ acl i ent
LogFile Function: Specifies the full path name to the log file.
Example: To write log entries to a log file in your aclient directory,
type
LogFi l e=c: \ al t i r i s\ acl i ent \ acl i ent . l og
Deployment Solution 454
Command-Line Switches

LogSize Function: Sets the maximum log file size (in bytes).
Example: To set the log file size limit to 4096 bytes, type
LogSi ze=4096
MCastAddr Function: Specifies the multicast group address to be used to find
the Deployment Server.
Example: To set the IP address for multicasting, type
MCast Addr =225. 1. 2. 3
MCastPort Function: Specifies the port number to use for multicasting.
Example: To use port 402 for multicasting, type
MCast Por t =402
Password Function: Sets a password on the client to prevent users from
accessing aclient.exe settings.
Example: To lock the settings, type
Passwor d=cl i ent manager
PromptExecute Function: Sends output (messages) to the client when tasks are
being executed.
Options: Yes, No
Examples: To allow prompts and messages to be sent to the client,
type
Pr ompt Execut e=Yes
To suppress output, type
Pr ompt Execut e=No
PromptOverride Function: Specifies the default action to take when there is no user
response to a restart prompt.
Options: Abort, Continue
Examples: To abort the client reboot, type
Pr ompt Over r i de=Abor t
To reboot the client, type
Pr ompt Over r i de=Cont i nue
PromptReboot Function: Prompts the user before restarting the client.
Options: Yes, No
Examples: To prompt for user input before restarting a client, type
Pr ompt Reboot =Yes
To restart a client without requiring user input, type
Pr ompt Reboot =No
Parameters Details
Deployment Solution 455
Command-Line Switches

PromptSeconds Function: Specifies the length of time (in seconds) that the client
will wait for a response from the user.
Example: To wait 30 seconds for user input, type
Pr ompt Seconds=30
ShowTrayIcon Function: Specifies whether or not to show the Altiris client icon in
the system tray. If the icon is not in the tray, users cannot access
Aclient.
Example: To not show the icon, type
ShowTr ayI con=No
The default is Yes, which loads the icon into the system tray.
SpeedLimit Function: Sets the minimum transfer rate accepted from the
Deployment Server (in bytes per second). If aclient.exe cannot
receive data from the Server at this rate, it will disconnect and retry
at specified intervals. See HardTimeout below.
Example: To set a minimum ransfer rate of 7500 bytes per second,
type
SpeedLi mi t =7500
TcpAddr Function: Specifies the IP address of the Deployment Server that
the client will connect to. Using this parameter causes the client to
use TCP instead of multicasting to connect to the Server.
Example: To have the client connect to a Deployment Server using
its IP address, type
TcpAddr =192. 1. 2. 3
TcpPort Function: Specifies the port number of the Deployment Server
listening for requests. Using this parameter causes the client to use
TCP to connect to the Server.
Example: To specify the port number of the Deployment Server to
connect to, type
TcpPor t =402
TTL Function: Sets the maximum number of hops to multicast through.
Example: To limit the number of hops to 32, type
TTL=32
UpdateFileSystemSids Function: Specifies if you want SIDgen to update permissions on
any local NTFS volumes. This parameter only applies if you have
domains and use SIDgen to manage the computer IDs.
Example: To update permissions on the local NTFS volume, type
Updat eFi l eSyst emSi ds=Yes
The default is No.
Parameters Details
Deployment Solution 456
Command-Line Switches

Note
A CR/LF (blank line) is needed at the end of the aclient.inp file in order for it to be
utilized when installing Deployment Agent for Windows.
ADLAgent.config Parameters
You can use the ADLAgent.config file to configure the ADLAgent service settings. When
the ADLAgent service is suspended, certain information is needed to restore the
previous settings. This information is saved in the ADLAgent configuration file. This
ensures that the next time the computer reboots, the ADLAgent service starts up
without any problems.
UseRCDrivers Function: Specifies whether or not to install keyboard and mouse
filter drivers that enable remote control on Windows NT and 2000
client computers. (The default is No, so the drivers are not
installed. This parameter is not necessary for Win 95/98 computers,
because they do not require Ctrl-Alt-Del input to log in.
Example: To install the drivers for remote control, type
UseRCDr i ver s=Yes
UserName Function: Associates a computer with the primary user or users.
This is used to target RIP deployments to a specific user or group of
users. To assign more than one user, separate the names with
semicolons.
Examples: To associate user Fred with the client being installed,
type
User Name=Fr ed
To associate users Fred and Sam with the client, type
User Name=Fr ed; Sam
ServerName Function: Specifies the computer name of the Deployment Server
you want the client to connect to. This is useful if you have multiple
Deployment Servers on your network and you do not want the client
to connect to the first Server it finds.
The ServerName parameter is only valid if you are using
multicasting (by setting MCastAddr and MCast Port parameters).
Note
ServerName can only be set after the multicast parameters,
MCastAddr and MCastPort, are set.
Example: To restrict client connection to a Server named
Server3, type
Ser ver Name=Ser ver 3
Parameters Details
Deployment Solution 457
Command-Line Switches


Parameters Details
DebugTrace Specifies whether or not to log any messages.
Changes to the DebugTrace field may not be
recognized until the ADLAgent is stopped and
restarted.
Example: DebugTrace=True.
LogErrors Specifies the types of messages to be written in the
log file.
Example: LogErrors=True.
LogInformation Specifies the types of messages to be written in the
log file.
Example: LogInformation=True.
LogDebug Specifies the types of messages to be written in the
log file.
Example: LogDebug=True.
UseLogFile Specifies whether or not to write messages in the log
file.
Example: LogFile=True.
LogFile Specifies log file path and name.
Example: / opt / al t i r i s/ depl oyment /
adl agent / l og/ adl agent . t xt
LogSize This is the maximum file size for all trace files in bytes
(optional).
Example: LogSize=409600.
IPTrace Specifies whether or not to log messages between the
ADLAgent and the Deployment Server. Changes to the
IPTrace field may not be recognized until the ADLAgent
is stopped and restarted.
Example: IPTrace=True.
IPUseLogFile Specifies whether or not to use the IP log file.
Example: IPUseLogFile=True.
IPTraceFile Specifies the IPTrace log file path and name.
Example: / opt / al t i r i s/ depl oyment /
adl agent / l og/ adl agent l pTr ace. t xt
IPLogSize This is the maximum file size for all trace files in bytes
(Optional).
Example: LogSize=409600.
SyncTimeWithServer Synchronize the agents time with the Deployment
Server. This may be set to True or False.
Example: SyncTimeWithServer=True.
Deployment Solution 458
Command-Line Switches

GetApps Specifies whether or not to get the Applications at a
Get Inventory request.
Example: GetApps=True.
GetServices Specifies whether or not to get the Services at a Get
Inventory request.
Example: GetServices=True.
GetDevices Specifies whether or not to get the Devices at a Get
Inventory request.
Example: GetDevices=True.
GetSmbios Specifies whether or not to read the Smbios table.
Example: Smbios=True.
EncryptSessions Specifies whether or not the ADLAgent will attempt to
make an encrypted session with the server.
Example: EncryptSession=True.
RequireEncrypt Specifies whether or not the ADLAgent will fail to
connect if an encrypted session cannot be established.
Example: RequireEncrypt=True.
UseMCast Specifies whether or not to use multicast to find a
Deployment server or make a connect directly to the
Deployment server using the specified IP port and
address.
Example: UseMCast=True.
MCastAddr Specifies the multicast group address to be used to
find the Deployment Server (Optional).
Example: MCastAddr=225.1.2.3.
MCastPort Specifies the port number to use while multicasting
(Optional).
Example: MCastPort=402.
TTL Specifies the maximum number of hops to multicast
through (Optional).
Example: TTL=32.
ServerName Specifies the computer name of the server (Optional).
Example: Server=RADAR.
TcpAddr Specifies the IP address of the Deployment Server to
connect to (Optional). Specifying this parameter will
switch the ADL Agent to use TCP to connect to the
Deployment Server.
Example: TcpAddr =127. 0. 0. 1.
Parameters Details
Deployment Solution 459
Command-Line Switches

TcpPort This is the IP port number of the Deployment Server
listening for requests (Optional). Specifying this
parameter will switch the ADL Agent to use TCP to
connect to the Deployment Server.
Example: TcpPor t =402.
WakeOnLANProxy Specifies whether to proxy Wake on LAN packets.
Example: WakeOnLANProxy=True.
MCastProxy Specifies whether this agent will advertise the
presence of the Deployment server. Specifies whether
to proxy Multicast packets.
Example: MCastProxy=True.
UseFQDN Specifies whether the ADLAgent should attempt to
reverse the IP address to return a proper fully
qualified domain name to the Altiris Deployment
Server. If the network is set up to properly resolve PTR
record requests this option will return the fully
qualified name of the agent, such as
myhost.mydomain.com. However, if the network does
not resolve PTR records, this option may delay
adlagent connection by as much as a minute or two.
Example: UseFQDN=True.
UseHardTimeout Specifies whether to use the hard time out or not.
Example: UseHardTimeout=True.
HardTimeout Specifies the number of seconds of inactivity the agent
will wait before reconnecting to the Deployment
Server. The default is 12 hours.
Example: HardTimeout=43200.
APPEND_HOSTNAME_TO_L
OCAL_HOST
This is used should the ADLAgent attempt to append
the new hostname to the hosts file as an alias to
localhost.
Example:
APPEND_HOSTNAME_TO_LOCAL_HOST=True.
USER_CHECK_INTERVAL Interval at which adl_users should report changes to
the logged in users. This value is in seconds, with the
default being 6 seconds.
Example: USER_CHECK_INTERVAL=6.
Note: A value of 0 will not send user updates.
KILL_TIME The amount of time in seconds to wait for the agent to
the Deployment Server before killing the adlagent.
This will reboot the system in automation mode.
Currently, this is only supported in automation mode.
The default is 3 minutes.
Example: KILL_TIME=180.
Parameters Details
Deployment Solution 460
Command-Line Switches

AClient.config Parameters
You can use the AClient.config file to configure the system. This file is used to modify the
AClient settings.

MAKE_LOWER_CASE Changes the file path and file name to lower case
when copying a file from the Deployment Server.
Example: MAKE_LOWER_CASE=True.
FORCE_NEW This is for the agent in automation mode only. It forces
the agent to run the Initial Deployment event, even if
it is already in the database.
Example: FORCE_NEW=True.
AUTO_UPDATE This allows the agent control as to whether it will
automatically update to the newest or only adlagent
on the Deployment Server.
Example: AUTO_UPDATE=True.
Parameters Details
Global
MACAddrList Specifies the list of MAC Addresses for every NIC
installed on the PC separated by a comma.
Example: MACAddrList=000C29C63002,
000C29C6300C.
Serial-Number Specifies the serial number of the PC.
Example: Serial-Number=VMware-56 4d db 10 9f cd
9d 7e-d4 7e 52 4e 88 c6 30 02.
Reboot Specifies whether to reboot the computer. By default,
AClient will reboot the computer only when it is
necessary for the changes that have been made.
Example: Reboot=True.
RebootAfterConfig Specifies whether to reboot the computer after the
configuration task.
Example: RebootAfterConfig=True.
Status-Code Specifies the status code of the last executed job.
Example: Status_Code=0.
Status_Module Specifies the module that reported the status code.
Example: Status_Module=AClient.
Parameters Details
Deployment Solution 461
Command-Line Switches

SIDgenCount Specifies the number of times SIDGen has run.
Example: SIDGenCount=0.
Note: This value is set by the AClient and the user
need not set it.
TaskSequence Specifies the task sequence of the task executed by
the AClient.
Example: TaskSequence=0.
ScheduleID Specifies the schedule ID of the last job executed by
the AClient.
Example: ScheduleID=100000008.
Remove Specifies whether to remove AClient from the PC.
Example: Remove=True.
Config Specifies whether to configure the PC.
Example: Config=None, Config=New or
Config=Reply.
Note: Config=Configure.
License
Sysprep2KLicense Specifies the Sysprep License number.
Example:
LicenseNumber Specifies the operating system License Key.
Example: LicenseNumber=5274-649-6478953-
23135.
RegOrganization Specifies the operating system Registered
Organization.
Example: RegOrganization=Altiris.
RegUser Specifies the operating system Registered User.
Example: RegUser=Altiris.
Prompt Specifies whether to prompt the user for the computer
name and to join a Workgroup/Domain during
configuration.
Example: Prompt=True.
Networking
DomainPassword Specifies the domain password.
Example: DomainPassword=FVZSiJELzmpvn[^][@
DomainUsername Specifies the domain user name.
Example: DomainUserName=FVZS@J\iYI ^Vjpsp
DSDomainController Specifies the Domain Controller.
Example: DSDomainController=mycompany.
Parameters Details
Deployment Solution 462
Command-Line Switches

DSOrganizationalUnit Specifies the organizational unit for Deployment
Solution.
Example: DSOrganizationalUnit=myou.
ChangeSID Specifies whether to change the SID value.
Example: ChangeSID=True.
Computer Name Specifies the name of the computer.
Example: ComputerName=Altiris.
DNSDomain Specifies the DNS domain, which is the name of the
Workgroup or Domain that this computer is a member
of.
Example: DNSDomain=cybage.com.
Workgroup Specifies whether the computer is a member of a
Workgroup.
Example: Workgroup=True or Workgroup=False.
Prompt Specifies whether to prompt the user for the computer
name and whether to join a Workgroup/Domain.
Example: Prompt=True.
Netware
RunScrits Specifies whether to run NetWare login scripts.
Example: RunScrits=True.
Context Specifies the NDS Context.
Example: Context=NDS Context.
PreferredTree Specifies the preferred Netware tree.
Example: PreferredTree=Tree.
LoginTree Specifies whether to login using the Preferred Tree or
Preferred Server.
Example: LoginTree=True or LoginTree=False.
Username Specifies the NDS User Name.
Example: Username=User.
Prompt Specifies whether to prompt the user for Netware
Client Settings.
Example: Prompt=True.
TCP/IP
MACAddress Specifies the MAC Address.
Example: MAC Address=0007E97FD73C.
Description Specifies the description of the NIC (Network Interface
Card).
Example: Description of NIC=AMD PCNET Family PCI
Ethernet Adapter.
Parameters Details
Deployment Solution 463
Command-Line Switches

VendorID Specifies the Vendor ID for the NIC.
Example: Vendor ID=32902.
DeviceID Specifies the device ID for the NIC.
Example: Device ID=4153.
PCIFunction Specifies the PCI Function for the NIC.
Example: PCI Function=0.
PCIDevice Specifies the PCI Device for the NIC.
Example: PCI device=8.
PCIBus Specifies the PCI Bus for the NIC.
Example: PCI Bus=1
WINS-Server1 Specifies the WINS Server 1 for TCP/IP.
Example: WINS-Server1=0.0.0.0.
WINS-Server0 Specifies the WINS Server 0 for TCP/IP.
Example: WINS-Server0=0.0.0.0.
WINS-Server-Count Specifies the number of WINS servers for TCP/IP.
Example: WINS-Server-Count=2.
WINS-Enabled Specifies whether the WINS servers are enabled.
Example: WINS-Enabled=True.
SetWINSInfo Specifies whether to set the WINS information.
Example: SetWINSInfo=True.
DNS-Server2 Specifies the DNS server 2 for TCP/IP.
Example: DNS-Server2=0.0.0.0.
DNS-Server1 Specifies the DNS server 1 for TCP/IP.
Example: DNS-Server1=0.0.0.0.
DNS-Server0 Specifies DNS server 0 for TCP/IP.
Example: DNS-Server0=0.0.0.0.
DNS-Server-Count Specifies the number of DNS Servers for TCP/IP.
Example: DNS-Server-Count=3.
DNS-Domain Specifies the DNS domain for TCP/IP.
Example: DNS-Domain=mydomain.com
DNS-Host Specifies the name of the DNS host.
Example: DNS-Host=TSTWXP2.
DNS-Enabled Specifies whether the DNS is enabled.
Example: DNS-Enabled=True.
SetDNSInfo Specifies the DNS information for TCP/IP.
Example: SetDNSInfo=True.
Parameters Details
Deployment Solution 464
Command-Line Switches

Gateway Specifies the Gateway information for TCP/IP.
Example: Gateway=172.17.31.2.
Netmask Specifies the Netmask value for TCP/IP.
Example: Netmask=255.255.255.0.
Address Specifies the address for TCP/IP.
Example: Address=172.17.31.98.
DHCP Specifies the DHCP value for TCP/IP.
Example: DHCP=True.
SetIPInfo Specifies whether to set the IP information for TCP/IP.
Example: SetIPInfo=True.
NIC-Section-Count Specifies the NIC section count for TCP/IP.
Example: NIC-Section-Count=2.
Interface0
State Specifies the state of Interface0.
Example: State=Up.
Gateway Specifies the gateway of Interface0.
Example: Gateway=172.17.31.2.
Netmask Specifies the netmask of Interface0.
Example: Netmask=255.255.255.0.
IP-Address Specifies the IP address for Interface0.
Example: IP-Address=172.17.31.98.
DHCP Specifies the DHCP value for Interface0.
Example: DHCP=Yes.
Name This is the name of Interface0.
Example: Name=eth0.
Interface1
State Specifies the state of Interface1.
Example: State=Up.
Gateway Specifies the gateway of Interface1.
Example: Gateway=10.10.10.1.
Netmask Specifies the netmask of Interface1.
Example: Netmask=255.0.0.0.
IP-Address Specifies the IP-Address for Interface1.
Example: IP-Address=10.10.10.10.
NICEntry
Parameters Details
Deployment Solution 465
Command-Line Switches

MACAddress Specifies the MACAddress for NICEntry.
Example: MACAddress=00-FF-3C-03-85-C0.
Description Specifies the description of the computer for NICEntry.
Example: Description=AMD PCNET Family PCI
Ethernet Adapter.
VendorID Specifies the Vendor ID for NICEntry.
Example: Vendor ID=4332.
DeviceID Specifies the Device ID for NICEntry.
Example: Device ID=33081.
PCIFunction Specifies the PCI function for NICEntry.
Example: PCIFunction=0
PCIBus Specifies the PCI bus for NICEntry.
Example: PCIBus=1
Gateway Specifies the gateway for NICEntry.
Example: Gateway=10.10.10.1.
Netmask Specifies the netmask for NICEntry.
Example: Netmask=255.0.0.0.
Address Specifies the address of NICEntry.
Example: Address=10.10.10.10.
DHCP Specifies the DHCP value for NICEntry.
Example: DHCP=True.
SetIPInfo Specifies the IP information for NICEntry.
Example: SetIPInfo=True.
WINS-Server-Count Specifies the number of WINS servers for NICEntry.
Example: WINS-Server-Count=0.
WINS_Enabled Specifies whether the WINS servers are enabled.
Example: WINS-Enabled=False.
SetWINSInfo Specifies the WINS information for NICEntry.
Example: SetWINSInfo=True.
DNS-Server1 Specifies DNS Server 1 for NICEntry.
Example: DNS-Server1=10.10.10.3.
DNS-Server0 Specifies DNS Server 0 for NIC Entry.
Example: DNS-Server0=10.10.10.2.
DNS-Server-Count Specifies the number of DNS servers for NIC Entry.
Example: DNS-Server-Count=2.
Parameters Details
Deployment Solution 466
Command-Line Switches

DNS-Host Specifies the DNS host for NICEntry.
Example: DNS-Host=TESTWXP2.
DNS-Domain Specifies the DNS domain for NICEntry.
Example: DNS-Domain=mydomain.com.
DNS-Enabled Specifies whether the DNS is enabled for NICEntry.
Example: DNS-Enabled=True.
SetDNSInfo Specifies the DNS information for NICEntry.
Example: SetDNSInfo=True.
ConfigSettings
LogFile
UseLogFile Specifies whether to save log information to a text file.
Example: UseLogFile=Yes.
LogFile Specifies the location and name of the log file to save
logging information to. UseLogFile must be enabled for
this setting to work.
Example: Log File=File Location.
LogSize Specifies the maximum size of the log file in bytes.
UseLogFile must be enabled for this setting to work.
Example: LogSize=4096.
LogErrors Specifies the log errors. UseLogFile must be enabled
for this setting to work.
Example: LogErrors=Yes.
LogInformation Specifies the log informational messages. UseLogFile
must be enabled for this setting to work.
Example: LogInformation=Yes.
LogDebug Specifies the log debugging information. UseLogFile
must be enabled for this setting to work.
Example: LogDebug=Yes.
Security
ShowTrayIcon Specifies whether to show AClient tray icon.
Example: ShowTrayIcon=Yes.
EncryptSessions Specifies whether to encrypt sessions with the server.
Example: EncryptSession=Yes.
RequireEncrypt Specifies whether to require encrypted sessions with
the server. EncryptSessions must be enabled for this
setting to work.
Example: RequireEncrypt=Yes.
Parameters Details
Deployment Solution 467
Command-Line Switches

EncryptedClientID Specifies the encrypted client ID.
Example: EncryptedClientID=0
Password Specifies the password.
Example: Password=Altiris
AllowMod Specifies whether or not to enable or disable security
for admin properties. If the value is 0, the security is
disabled. if the value is 1, the security is enabled.
Example: AllowMod=1
Transport
TransportUse Specifies how AClient will find and connect to a
Deployment Server. To use TCP/IP multicast,
TransportUse=0. To use TCP/IP, TransPortUse=1.
Example: TransportUse=0 or TransPortUse=1.
MCastAddr Specifies the multicast group address to use to locate
a Deployment Server. TransportUse must be 0 for this
setting to work.
Example: MCastAddr=225.1.2.3.
MCastPort Specifies the multicast port to use to locate a
Deployment Server. TransportUse must be 0 for this
setting to work.
Example: MCastPort=402.
TTL Specifies the Multicast Time to Live to use to locate a
Deployment Server. TransportUse must be 0 for this
setting to work.
Example: TTL=32.
ConsoleName Specifies the server name to use to locate a
Deployment Server via Multicast. If nothing is
specified, AClient will connect to the first Deployment
Server it locates. TransportUse must be 0 for this
setting to work. This is optional.
Example: ConsoleName=ALTIRIS.
TcpAddr Specifies the IP Address or Host Name to use to locate
a Deployment Server.TransportUse must be 1 for this
setting to work.
Example: TcpAddr=172.19.16.20
TcpPort Specifies the IP port to use to locate a Deployment
Server. TransportUse must be 1 for this setting to
work.
Example: TcpPort=402.
User Prompts
Parameters Details
Deployment Solution 468
Command-Line Switches

PromptReboot Prompt before executing shutdown and restart
commands.
Example: PromptReboot=Yes.
PromptExecute Prompt before executing program execution and file
copy commands.
Example: PromptExecute=Yes.
PromptRemoteControl Prompt before executing remote control commands.
Example: PromptRemoteControl=Yes.
PromptSeconds Specifies how long the user prompt should appear in
seconds.
Example: PromptSeconds=10.
PromptOverride Specifies whether the AClient should continue the
operation or abort it, when the user prompt times out.
Example: PromptOverride=Continue.
Connection
ConnectionParadigm Specfies whether to select to either stay connected to
the Deployment Server, or check periodically for work.
To remain connected, ConnectionParadigm=0. To
remain mostly disconnected, ConnectionParadigm=1.
Example: ConnectionParadigm=0 or
ConnectionParadigm=1.
UseHardTimeout Specifies whether to refresh connection after idle time
specified in HardTimeout. ConnectionParadigm must
be 0 for this setting to work.
Example: UseHardTimeout=Yes.
HardTimeout Specifies how frequently to refresh the connection to
the server in seconds. ConnectionParadigm must be 0
and UseHardTimeout must be Yes for this setting to
work.
Example: HardTimeout=28800.
ReconnectInterval Specifies how often in seconds to reconnect to check
for work. ConnectionParadigm must be 1 for this
setting to work.
Example: ReconnectInterval=28800.
CloseTimeOut Specifies how long, in seconds, to wait for work before
disconnecting. ConnectionParadigm must be 1 for this
setting to work.
Example: CloseTimeOut=60.
SetSpeedLimit Specifies whether to set speed limit for transfer files. If
it is Yes, check transfer rate is slower than the rate
specified in SpeedLimit. If it is No, do not transfer files.
Example: SetSpeedLimit=Yes.
Parameters Details
Deployment Solution 469
Command-Line Switches

SpeedLimit Specifies the minimum speed limit in Kbps to transfer
files. If the rate is slower than the rate specified here,
do not transfer files. SetSpeedLimit must be enabled
for this setting to work.
Example: SpeedLimit=10000.
Blockout
ScheduledBlockStart Specifies the beginning of the period when the client
cannot connect to the server.
Example: ScheduledBlockStart=08:00.
ScheduledBlockEnd Specifies the end of period when the client cannot
connect to the server.
Example: ScheduledBlockEnd=17:00.
BlockedDaysSun Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Sundays.
Example: BlockedDaysSun=True.
BlockedDaysMon Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Mondays.
Example: BlockedDaysMon=True.
BlockedDaysTue Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Tuesdays.
Example: BlockedDaysTue=True.
BlockedDaysWed Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Wednesdays.
Example: BlockedDaysWed=True.
BlockedDaysThu Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Thursdays.
Example: BlockedDaysThu=True.
BlockedDaysFri Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Fridays.
Example: BlockedDaysFri=True.
Parameters Details
Deployment Solution 470
Command-Line Switches

BlockedDaySat Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Saturdays.
Example: BlockedDaysSat=True.
Proxy
WakeOnLANProxy Forward Wake On LAN packets sent from the
Deployment Server.
Example: WakeOnLANProxy=Yes.
MCastProxy Specifies whether to advertise for the Deployment
Server the client is connected to. This allows local
clients to discover the server on a remote network
through TCP/IP multicast.
Example: MCastProxy=Yes.
MCastProxyRate Specifies how often to send multicast advertisements
in seconds. MCastPRoxy should be set to Yes for this
setting to work.
Example: MCastProxyRate=900.
BootWorks
EnableDirectDiskAccess Specifies whether to enable direct disk access to
BootWorks.
Example: EnableDirectDiskAccess=Yes.
UpdateBootworkTransport Specifies whether to synchronize transport (IP/
multicast) settings with Bootworks.
EnableDirectDiskAccess must be enabled for this
setting to work.
Example: UpdateBootworkTransport=Yes.
UpdateBootworkIP Specifies whether to synchronize TCP/IP (static IP,
netmask/DHCP) settings with Bootworks.
EnableDirectDiskAccess must be enabled for this
setting to work.
Example: UpdateBootworkIP=Yes.
BootDiskMessageUsage Specifies when the user should be prompted for a
Bootworks boot disk when performing tasks from DOS.
Example: BootDiskMessageUsage= 0 for Never;
BootDiskMessageUsage=1 for Always;
BootDiskMessageUsage=2 if Bootworks is not
detected; BootDiskMessageUsage=3 if PXE is not
detected; and BootDiskMessageUsage=4 if neither
BootWorks nor PXE is detected.
Other
Parameters Details
Deployment Solution 471
Command-Line Switches

Deployment Agent for DOS Command-line Switches
BootWorks (boot wor k. exe) manages client-server connections in DOS for imaging and
registry management tasks. Parameters and switches for Altiris program files can be
used in batch files and from the command line, usually for troubleshooting. Under
normal circumstances, the program interfaces and wizards provide the tools you need to
manage your network; you will not need to manually edit files.
ForceReboot Specifies whether to force applications to close when
shutting down.
Example: ForceReboot=Yes.
BootDrive Specifies the Windows boot drive.
Example: BootDrive=D:\.
SyncTimeWithServer Specifies whether to synchronize the client systems
date and time with the Deployment Server.
Example: SyncTimeWithServer=Yes.
SettingsChanged Specifies whether to change the settings.
Example: SettingsChanged=Yes.
RequirePasswordForUserPro
p
Admin password required to edit admin properties. If
the value is 0, the password is not required. If the
value is 1, the password is required.
Example: RequirePasswordForUserProp=0
DownloadWait Specifies in seconds whether and how long to wait for
download.
Example: DownloadWait=10.
ReconnectWait Specifies in seconds whether and how long to wait for
reconnect.
Example: ReconnectWait=10.
EnableReconnectDownload
Waits
Specifies in seconds whether to enable the reconnect
and download waits.
Example: EnableReconnectDownloadWaits=10.
UpdateFileSystemSids Specifies whether to update the SIDs file system.
Example: UpdateFileSystemSids=Yes.
UpdateSettings Specifies whether to update settings.
Example: UpdateSettings=True.
UpdateAllSettings Specifies whether to update all settings.
Example: UpdateAllSettings=True.
Parameters Details
Deployment Solution 472
Command-Line Switches

Bootwork.exe
You can use either a forward slash (/) or a dash (-) with the command-line options.
Commands are not case sensitive.
Switch Details
-dsbios Function: Disables reading of the BIOS for system information. This is
typically used for troubleshooting, if a client computer crashes when it
first starts running BootWorks.
Example: To load and run BootWorks without reading the BIOS, type
boot wor k - dsbi os
-f Function: Causes a computer to pause during the BootWorks boot
process and wait for a job from the Deployment Server, instead of
booting to production if work is not assigned. This allows new
computers that need to run Initial Deployment to wait for a connection
to the Server.
Example: To have a new computer wait for the Deployment Server to
assign a job, type
boot wor k - f
-hr Function: Specifies a hard reboot when a client computer boots to
production. This is the default. It ensures the BootWorks boot data is
cleared from memory, so the computer reads the MBR when booting to
production. If this is not used, the client computer might lock up when
it reboots.
Example: Because this is the default, you do not need to enter
anything.
-ip<address> Function: Specifies the IP address of the Deployment Server you want
the client to connect to. Use this if the network is not configured for
multicasting, or if there is more than one Deployment Server on the
network. Specifying the Servers IP address prevents the client from
connecting to the wrong Deployment Server. The port number must
also be specified if you change this parameter. (See -p<port>.)
Example: To connect a client directly to a Deployment Server, type
boot wor k - i p207. 197. 28. 38
-mcdelay[xx] Function: Sets the number of seconds the client waits between
multicast requests for a Deployment Server. The default is 5 seconds.
Example: To set the interval for multicast requests to10 seconds, type
- mcdel ay10
-mcwait[xx] Function: Sets the length of time (in seconds) that the client searches
for a Deployment Server before rebooting to production. The default is
30 seconds. This parameter applies to multicast sessions only. It does
not apply if the clients connect using the Console IP address.
Example: To have the client search for a Deployment Server for 45
seconds, type
- mcwai t 45
Deployment Solution 473
Command-Line Switches

-mip<IPaddress> Function: Specifies the multicast IP address of the Deployment
Server. The default value is 225.1.2.3. If the address is changed on the
Server, use this parameter to change the address in BootWorks so the
client looks for the correct address. The port number must also be
specified if you change this parameter. (See -mp<port>.)
Example: If you changed the Deployment Servers multicast address
to 225.12.12.13, you would change the address for BootWorks by
typing
boot wor k - mi p225. 12. 12. 13
-mp<port> Function: Specifies the multicast port address of the Deployment
Server. The default value is 402. If you have changed the port number
of the Server, use this parameter to change the number in BootWorks.
(Any unassigned number that is less than 65536 is valid.) The IP
address must also be specified if you change this parameter. (See -
mip<address>.)
Example: If the Deployment Servers IP address was changed and you
set a new port number of 1026, type
boot wor k - mp1026
-name Function: Prompts the user to enter the name of the client computer.
This name will be registered in the Console Computers list. If no
name is specified, the client computers MAC address will be used.
Example: To prompt for a computer name, type
boot wor k - name
The client computer will prompt you to enter a name. The name
appears in the Computers list on the Console.
-new Function: Runs Initial Deployment.
Example: To run Initial Deployment on a client computer, type
boot wor k - new
-nologin Function: Loads the LAN drivers on the client so BootWorks can check
the Deployment Server for work without completing a user login.
Example: To load the network drivers and check the Deployment
Server, type
boot wor k - nol ogi n
-p<port> Function: Specifies the port number of the Deployment Server you
want the client to connect to. The default port number is 402. If you
have changed the port number of the Deployment Server, use this
parameter to change the number in BootWorks. (Any unassigned
number that is less than 65536 is valid.) The IP address must also be
specified if you change this parameter. (See -ip<address>.)
Example: If the Deployment Servers port number has been changed
to 1026 and clients are not multicasting to find the Server, type
boot wor k - p1026
Switch Details
Deployment Solution 474
Command-Line Switches

Deployment Agent for DOS Install (Bwinst.exe) Switches
The Deployment Agent for DOS is installed by bwi nst . exe, so if you have problems
installing you might need to edit these settings in the Deployment Agent for DOS
aut oexec. bat file.
Parameters are case sensitive. Use a space between the command and the switch, and
between switches if you use more than one.
-pause Function: Causes the computer to pause for 5 seconds before
beginning production boot processes. This allows time to access the
bootworks program before the computer boots to production.
Example: To add a 5-second pause before a production boot, type
boot wor k - pause
-s<name> Function: Specifies the computer name of the Deployment Server you
want the client to connect to. Otherwise, if you have more than one
Console on the network, clients will connect to the first one they find.
Example: If you want a client to connect only to a Deployment Server
named ServerOne, type
boot wor k - ser ver one
-sr Function: Specifies a soft reboot when a client computer boots to
production.
Example: To reboot a client using a soft reboot instead of the default
hard reboot, type
boot wor k - sr
-wb Function: Specifies a warm reboot when a client computer boots to
production.
Example: To reboot a client using a soft reboot instead of the default
hard reboot, type
boot wor k - wb
Switch Details
-mbr Function: Rewrites the BootWorks MBR code and exits.
Example: If the BootWorks code is overwritten by another program and
you want to rewrite it to the boot record, type
bwi nst - mbr
-u Function: Uninstalls BootWorks.
Example: To uninstall BootWorks from a client, type
bwi nst - u
-c Function: Checks for Altiris MBR code.
Example: To find out if BootWorks is installed on a client, type
bwi nst - c
Switch Details
Deployment Solution 475
Command-Line Switches

-s[x] Function: Works with the -old switch to set the partition size (in MB) for
hidden BootWorks partitions. The minimum size is 5 MB, which is the
default.
Note
If you install embedded BootWorks (new style for 4.x versions), this switch
does not apply. A 5MB embedded partition is always installed.
Example: To set the BootWorks partition size at 10 MB for a hidden
partition, type
bwi nst - s10 - ol d
-old Function: Installs a hidden (old style) BootWorks partition instead of an
embedded (new style) partition. The default size is 5 MB. To install a larger
partition, use the -s switch.
Note
When this partition is installed, it will overwrite any data on the drive it is
installed to. Ensure the drive is empty, or upload an image of the drive, and
then download it to a different drive after BootWorks is installed.
Example: To install a hidden BootWorks partition of 30 MB, type
bwi nst - s30 - ol d
-q Function: Runs BootWorks install in quiet mode, so no user input is
required to complete the install. This switch is intended for use with
unattended installs, so you should use it in conjunction with the -f switch to
install from a file instead of disks.
Since there are no prompts, bwinst makes the following decisions/
assumptions.
If a partition is found, you will not be asked if you want to move or
overwrite the partition. BootWorks will automatically overwrite the partition
and existing data will be erased.
You will not be prompted for the second BootWorks disk. You will see a
message that a file could not be found.
If you are installing an embedded partition, it is assumed that NT Service
Pack 4 is installed.
Example: To install BootWorks unattended from a boot directory on a
network drive, type
bwi nst - q - f =f : \ boot f i l e
Switch Details
Deployment Solution 476
Command-Line Switches

Keyboard and Screen Lock Utility (Kbdsclk) Switches
This utility can be used to limit user intervention while client computers are in
BootWorks mode.
BootWorks connects client computers to the Deployment Server to run assigned Jobs
(receive images, back up and restore registries, and so on). The Server then releases
control of the computers to run their regular boot processes and come up in production
mode. KBDSCLK is part of the BootWorks aut oexec. bat file. The utility runs from the
file as a TSR.
How the Keyboard and Screen Lock Utility (kbdsclk) Works
During the time the computer is in BootWorks mode, the Altiris client graphic appears so
the user knows the Altiris boot processes are running. However, the keyboard is not
locked, so the boot process can be interrupted if a user breaks in using CTRL-C,
CTRL-ALT-DELETE, CTRL-Break, or another interrupt command.
The screen and keyboard can be locked by setting the security option when you use the
Boot Disk Creator to make BootWorks boot files. Or, you can change the settings in the
BootWorks aut oexec. bat file. Just remove the REM statements for the commands you
want to use. You can also add commands to set and clear keyboard and screen locks in
multiple places in the batch file. This is useful for enabling input when applications are
loaded (such as the Microsoft client, which prompts for a password), and then relocking
the screen and keyboard to complete the boot processes. You can also use KBDSCLK on
the command line if you want to temporarily override the batch file settings.
Keyboard and Screen Lock Utility Usage
Commands are not case-sensitive. The syntax is as follows:
kbdscl k [ p=passwor d] [ +| - k] [ +| - s] [ x [ h#] ] [ c| t ] [ w=f i l e] [ b]
For help when running the utility, type KBDSCLK ?
The batch file includes keyboard and screen lock commands, which are marked out
(REM). When you remove the REM commands and run the commands in a batch file, the
utility behaves as a TSR. The defaults are:
-f= Function: Specifies the source path to the BootWorks files. The default is
drive a:.
Example: To install BootWorks from a directory named bootfile on a
network drive, type
bwi nst - f =f : \ boot f i l e
-b Function: Reads the BIOS settings for the hard drive if IDE settings fail or
return incorrect values. If you get the message, Error creating drive map
when installing BootWorks, run bwinst with this switch to correct the
problem.
Example: To solve the Error creating drive map error and install bwinst,
type
bwi nst - b
Switch Details
Deployment Solution 477
Command-Line Switches

The Altiris client graphic appears.
The keyboard and screen are not locked.
If options are added to the batch file, they are executed in the order they appear in
the file.
Order Of Operations
The order of operations and utility behavior when KBDSCLK is run from the command
line is as follows:
When c or t is used, it performs its functions and exits without performing any other
functions, regardless of order. KBDSCLK does not remain loaded as a TSR, so the
keyboard is not locked and no screen output appears.
Option Description
p=pwd [b] Function: Sets a password to enable/disable the keyboard and screen
lock. Maximum character length is 128.
Option:
b Scans keyboard input for a password to set locks when they are not set.
(Be careful using this option. It can interfere with keyboard input for
applications that are running!)
+|- k Function: Enables/disables keyboard input. To allow keyboard input, use
+k. To lock the keyboard, use -k.
Default: Locked.
+|- s Function: Enables/disables screen output. To allow screen output, use +s.
To disable it, use -s.
Default: Disabled.
x [h#] Function: Displays the wallpaper or graphic and then exits the KBSCLK
utility. Once the utility has exited (no longer running as a TSR), the
keyboard and screen are not locked.
Default: 3 second graphic/wallpaper display, then unload TSR.
Options:
h Allows use of the Home key to bypass BootWorks and begin production
boot processes.
# Specifies the time (in seconds) for the graphic to appear (a maximum of
34 seconds is possible). During that time, you can use the Home key to
bypass the BootWorks processes. If zero is used, the graphic appears for 3
seconds and no bypass is allowed.
c Function: Clears the screen and exits the program. Used mostly for
troubleshooting.
t Function: Sets video text mode (MODE CO80) and exits. Used mostly for
troubleshooting.
w=file Function: Specifies the name of a graphic/wallpaper file to appear. This is
valid only if the x option is used. Valid files are pcx files with 640x480x16
color.
Deployment Solution 478
Command-Line Switches

Use w to specify the name of a wallpaper/graphic file to replace the default. See the
table above for details on using graphics files.
When x is used, the wallpaper/graphic appears and the KBDSCLK program exits,
ignoring all other commands except w and h, regardless of order. KBDSCLK does
not remain loaded as a TSR, so the keyboard is not locked.
If the utility is loaded as a TSR (in the aut oexec. bat file), and you execute
KBDSCLK on the command line and specify the k and s options, it changes the
keyboard and screen lock settings of the TSR instance. Options w, p, and b are
ignored, regardless of order. If the TSR is not loaded, w, p, and b can be used with
k and s in any order.
The p option can be used on the command line to set a password for unlocking the
screen and keyboard.
Deployment Server Install Switches
You can run the Deployment Server installation executable (axi nst al l . exe) from the
command-line using these switches:
Switch Details
-s Function: Runs a Simple install where all components are installed on a
single computer.
Example: axi nst al l - s
-a Function: Adds a component when installing a custom install where
componentsthe Deployment Server database, PXE server, Deployment
Share, services can be installed on separate computers.
Example: axi nst al l - a
-t Function: Allows you to run a silent install (where the install application
executes without asking for user input.
Example: axi nst al l - t
Deployment Solution 479
Command-Line Switches

Silent Install Options
You can add parameters for a silent install using an INI file that is accessed and used by
the axinstall executable. The INI file can be named anything, but for the following
section it will be identified as SILENT.INI. This file can be modified to directly input
values when running an install without user interaction.
axinstall.exe -t <INI filename>
Example: axi nst al l - t c: \ si l ent . i ni
To add the ability to provide all inputs from a Simple Install, Custom Install, or an Add
Component install, the Si l ent . i ni file is required and must contain input parameters
for each type of install.
By adding Version and InstallType entries to the [SilentInstall] group, Deployment
Solution can identify if its working with an old SILENT.INI file or a new file. The old file
type will be supported for backward compatibility and will continue to function.
Note
The silent.ini file cannot have comments or blank lines between the header line and the
key/value pairs.
[ Si l ent I nst al l ]
Ver si on=3
SEDat aManager Por t
WCLocat i on
WCPat h
-i - Function: Allows you to create a setup.ini file used for automation or a
silent install
Example: axi nst al l - i
-t <INI file
location>
Function: Allows you to run a silent install (where the install application
executes without asking for user input) and read setting from an INI file.
See Silent Install Options (page 479).
Example: axi nst al l - t c: \ si l ent . i ni
Sample Silent.INI file:
[ Si l ent I nst al l ]
Pr ogr amFi l es=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment
Ser ver \
Li censeFi l e=axi nst al l . l i c
User name=Admi ni st r at or
Passwor d=
DOSBoot Fi l esPat h=
Switch Details
Deployment Solution 480
Command-Line Switches

WCRemot eComput er Name
WCUser name
WCPasswor d
WCEncr ypt edPasswor d
WCConsol eManager por t
The Version and InstallType entries are both required in the new SILENT.INI file. If the
Version entry is missing, it is assumed that it is an old SILENT.INI file (implicitly
assumed to be version 1). If the InstallType entry is missing for a new version of
SILENT.INI, an error will be logged to the log file and the installation will be aborted.
Depending on the value of InstallType, different entries will be expected in the
SILENT.INI file. The expected entries are listed in the following sections.
Note
A validator checks all input values during a silent install. It ensures that all user input
(such as the user name, password, data path, and so on) is valid before starting the
silent install. The validator inherit its behavior from the validation in the wizard pages of
a non-silent install. If the validation fails, an appropriate error message writes to a log
file and the installation process is aborted.
Simple Install Entries
If the InstallType is set to Simple, the following entries are expected in the SILENT.INI
file. If any of the entries are missing, default values are used. We do not recommend
using default values because it may cause the validator function to abort the install
because the default values won't work with the specified values. Any entries other than
the ones listed below are ignored for a simple install.
DAPat h=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver
Li censeFi l e=ax85. l i c
DAUser name=Admi ni st r at or
DAPasswor d=passwor d
OR
DAEncr ypt edPasswor d=z%l $qr y^w
I nst al l PXE=0
Cr eat eExpr essShar e=FALSE | TRUE
DOSFi l esPat h=c: \ dos
To install Sysprep files, specify the following fields
AddSyspr epFi l es=FALSE | TRUE
XPSyspr epPat h=c: \ xp\ depl oy. cab
2KSyspr epPat h=c: \ 2k\ depl oy. cab
NTSyspr epPat h=c: \ nt \ nt 4pr ep. exe
Deployment Solution 481
Command-Line Switches

To install FreeDos files, specify the following fields
PBFr eeDOS=FALSE | TRUE
PBFr eeDOSFi l e=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m
If you install DOS files, the following fields are listed:
PBMSDOS=FALSE | TRUE
PBMSDOSPat h=c: \ DOSFi l es
To install Linux files, specify the following fields
For Linux IA64, specify the path of the .FRM file in PBLi nuxFi l eI A64. The
PBLi nuxI A64 field should be Tr ue.
Example
PBLi nuxFi l eI A64=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m
PBLi nuxI A64=Tr ue
For Linux x64, specify the path of the .FRM file in PBLi nuxFi l eX64. The PBLi nuxX64
field should be Tr ue.
Example
PBLi nuxFi l eX64=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m
PBLi nuxX64=Tr ue
For Linux x86, specify the path of the .FRM file in PBLi nuxFi l eX86. The PBLi nuxX86
field should be Tr ue.
Example
PBLi nuxFi l eX86=c: \ DSSet up\ BDCgpl _6. 8. 8271. f r m
PBLi nuxX86=Tr ue
To install WinPE files, specify the following fields
For WinPE x86, to use an add-on file, specify the path of the add-on file in
PBWi ndowsPEX86AddOnPat h. The PBWi ndowsPEX86AddOn field should be Tr ue.
Example
PBWi ndowsPEX86AddOn=TRUE
PBWi ndowsPEX86AddOnPat h=c: \ DSSet up\ AddonX86. exe
To specify the WinPE disk path, specify the path in PBWi ndowsPEWi nPEX86Pat h and
the operating system path in PBWi ndowsPEX86OSPat h. The PBWi ndowsPEWi nPEX86
field should be Tr ue.
Example
PBWi ndowsPEX86=TRUE
PBWi ndowsPEWi nPEX86Pat h=c: \ Wi nPE\ Di sk1
PBWi ndowsPEX86OSPat h=c: \ Wi nPE\ Di sk2
Deployment Solution 482
Command-Line Switches

For WinPE x64, to use an add-on file, specify the path of the add-on file in
PBWi ndowsPEX64AddOnPat h. The PBWi ndowsPEX64AddOn field should be Tr ue.
Example
PBWi ndowsPEX64AddOn=TRUE
PBWi ndowsPEX64AddOnPat h=c: \ DSSet up\ AddonX64. exe
To specify the WinPE disk path, specify the path in PBWi ndowsPEWi nPEX64Pat h and
the operating system path in PBWi ndowsPEX64OSPat h. The PBWi ndowsPEWi nPEX64
field should be Tr ue.
Example
PBWi ndowsPEX64=TRUE
PBWi ndowsPEWi nPEX64Pat h=c: \ Wi nPE\ Di sk1
PBWi ndowsPEX64OSPat h=c: \ Wi nPE\ Di sk2
For WinPE IA64, to use an add-on file, specify the path of the add-on file in
PBWi ndowsPEI A64AddOnPat h. The PBWi ndowsPEI A64AddOn field should be Tr ue.
Example
PBWi ndowsPEI A64AddOn=TRUE
PBWi ndowsPEI A64AddOnPat h=c: \ DSSet up\ AddonI A64. exe
To specify the WinPE disk path, specify the path in PBWi ndowsPEI A64 and the
operating system path in PBWi ndowsPEI A64OSPat h. The PBWi ndowsPEI A64 field
should be Tr ue.
Example
PBWi ndowsPEI A64=TRUE
PBWi ndowsPEWi nPEI A64Pat h=c: \ Wi nPE\ Di sk1
PBWi ndowsPEI A64OSPat h=c: \ Wi nPE\ Di sk2
Custom Install Entries
If the InstallType is set to custom, the following entries will be expected in the
SILENT.INI file. If any of the entries are missing then default values will be used. Using
default values is not recommended because it may cause the validator function to abort
the install because the default values won't work with the specified values. Any entries
other than the ones listed below will be ignored for a custom install.
Note
If you attempt to push out a silent Deployment Solution install to a computer where
Microsoft SQL Server is installed and SQL Server has a password for the "sa" account,
then it will not work.
DAPat h=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver
Li censeFi l e=ax85. l i c
DAUser name=Admi ni st r at or
DAPasswor d=passwor d
Deployment Solution 483
Command-Line Switches

OR
DAEncr ypt edPasswor d=z%l $qr y^w
Cr eat eExpr essShar e=FALSE | TRUE
DOSFi l esPat h=c: \ dos
SEPat h= C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver
SELocat i on=l ocal | r emot e
SERemot eComput er Name=DESKPRO1
SEUser name=admi ni st r at or
SEPasswor d=passwor d
OR
SEEncr ypt edPasswor d= z%l $qr y^w
SEI PAddr ess=172. 16. 2. 123
SEDat aManager Por t = 8080
SEDBLocat i on=l ocal | same | r emot e | sql ser ver
SEDBRemot eComput er Name=DESKPRO2
SEDBSQLPor t Number =<Ent er SQL Por t Number her e>
SEDBEngi nePat h=c: \ mssql 7
SEDBDat aPat h=c: \ mssql 7\ dat a
SQLAut hent i cat i on=FALSE | TRUE
SQLMachi neUser name=admi ni st r at or
SQLMachi nePasswor d=passwor d
OR
SQLEncr ypt edMachi nePasswor d= z%l $qr y^w
I nst al l PXE=FALSE | TRUE
PXLocat i on=dos | l ocal | r emot e
PXRemot eComput er Name=DESKPRO3
PXMakeMast er Ser ver =FALSE | TRUE
PXI PAddr ess=172. 16. 2. 123
PXDSI PAddr ess=172. 16. 2. 123
PXPat h=c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver
PXUser name=Admi ni st r at or
PXPasswor d=passwor d
OR
PXEncr ypt edPasswor d= z%l $qr y^w
Deployment Solution 484
Command-Line Switches

PXCr eat eDef aul t PXEBoot Fi l es=FALSE | TRUE
SQLAut hent i cat i on=FALSE | TRUE
SQLUser name=Admi ni st r at or
SQLPasswor d=passwor d
OR
SQLEncr ypt edPasswor d=zl q%r *x+y
DSConnect i onMet hod=mul t i cast | t cpi p
DSConnect i onSer ver Name=* | <ser ver name>
DSConnect i onDSI PAddr ess=172. 16. 2. 123
DSConnect i onDSPor t =402
COLocat i on=l ocal | r emot e
CORemot eComput er Name=DESKPRO4
COUser name=Admi ni st r at or
COPasswor d=passwor d
OR
COEncr ypt edPasswor d=zl q%r *x+y
WCLocat i on=l ocal | r emot e | none
WCPat h= c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver
WCRemot eComput er Name=DESKPRO5
WCUser name=Admi ni st r at or
WCPasswor d=passwor d
WCEncr ypt edPasswor d= zl q%r *x+y
WCConsol eManager Por t =8081
Add Component Entries
If the InstallType is set to addcomponent, the following entries will be expected in the
SILENT.INI file. If any of the entries are missing then the default values will be used.
Using default values is not recommended because it may cause the validator function to
abort the install because the default values will not work with the specified values. Any
entries other than the ones listed below will be ignored for adding new components.
AddDSConsol e=FALSE | TRUE
AddPXESer ver =FALSE | TRUE
AddDSWebConsol e=FALSE | TRUE
DOSFi l esPat h=c: \ dos
DAPat h=C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver
SEI PAddr ess=172. 16. 2. 123
Deployment Solution 485
Command-Line Switches

SEDat aManager Por t =8080
COLocat i on=l ocal | r emot e
CORemot eComput er Name=DESKPRO4
COUser Name=Admi ni st r at or
COPasswor d=passwor d
OR
COEncr ypt edPasswor d=zl q%r *x+y
PXLocat i on=dos | l ocal | r emot e
PXRemot eComput er Name=DESKPRO3
PXMakeMast er Ser ver =FALSE | TRUE
PXI PAddr ess=172. 16. 2. 123
PXDSI PAddr ess=172. 16. 2. 123
PXPat h=c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver
PXCr eat eDef aul t PXEBoot Fi l es=FALSE | TRUE
PXUser name=Admi ni st r at or
PXPasswor d=passwor d
OR
PXEncr ypt edPasswor d= zl q%r *x+y
WCLocat i on=l ocal | r emot e | none
WCPat h= c: \ Pr ogr amFi l es\ Al t i r i s\ expr ess\ Depl oyment Ser ver
WCRemot eComput er Name=DESKPRO5
WCUser name=Admi ni st r at or
WCPasswor d=passwor d
WCEncr ypt edPasswor d= zl q%r *x+y
WCConsol eManager Por t =8081
Client BIOS Settings for Wake-On LAN and PXE
Some network cards have their own setup utilities. If there is a Wake On LAN option on
your NIC, enable it.
If you want to use Wake On LAN, the motherboard and network card must support
Intels Wired for Management (WfM) specification. You will also have to enable the
features in the BIOS. (Settings are hardware specific.Your BIOS might not list all of
these.).
Power Management ON/ENABLED
Suspend/Wake-up Features ON/ENABLED
Deployment Solution 486
Command-Line Switches

Command-line Switches for the Pocket PC Agent
You can manage the Pocket PC Agent through command-line switches. The default path
of the agent executable file is: C: \ Al t i r i s\ PPCAgent \ PPCAgent . exe.
The following table shows the optional switches and the functions they perform.
Note
If PPCAgent.exe is run and if the agent has not previously been installed, then the agent
will be installed automatically. If the agent was previously installed, it will simply load
the agent.
Command Line Switches for the Pocket PC Agent
Example: to restart the agent, run
C: \ Al t i r i s\ PPCAgent \ PPCAgent . exe - r est ar t
To use more than one command-line parameter, separate the parameters with a space.
Example: ppcagent - i nst al l - si l ent .
Command-line Install Switches for Linux
The command-line switches used for Linux files are express path where the bootwiz.exe
is present -install -os LINUX -x86/x64/ia64 path where the .FRM file is present. The
following table lists the Command-line Install and Silent Install Switches for Linux and
the functions they perform.
Wake On LAN ON/ENABLED
Remote Power Up ON/ENABLED
Power Switch/Wake-up ON/ENABLED
Option Function
-install Installs the agent, or re-installs the agent if already
installed.
-silent When used with - i nst al l , installs the agent without the
installation dialog screens.
-stop Stops the agent.
-start Starts the agent after it has been stopped.
-restart Stops and restarts the agent.
-remove Stops and uninstalls the agent.
Switch Details
-install -os LINUX -x86
e:\BDCgpl_6.8.8260.frm
Installs the Linux agent for x86
computers.
-install -os LINUX -x64
e:\BDCgpl_6.8.8260.frm
Installs the Linux agent for x64
computers.
Deployment Solution 487
Command-Line Switches

Example: To install the Linux agent for x86 computers, run
C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment
Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os LI NUX - x86
" e: \ BDCgpl _6. 8. 8260. f r m"
Example: To silently install the Linux agent for x86 computers, run
C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment
Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os LI NUX - x86
" e: \ BDCgpl _6. 8. 8260. f r m" - qui et
Tip
You can do the same for x64 and ia64 computers.
Command-line Install Switches for WinPE
The command-line switches used for WinPE files are express path where the
bootwiz.exe is present -install -os WINPE -x86/x64/ia64 path where the .EXE file is
present. The following table lists the Command-line Install and Silent Install Switches for
WinPE and the functions they perform.
-install -os LINUX -ia64
e:\BDCgpl_6.8.8260.frm
Installs the Linux agent for ia64
computers.
-install -os LINUX -x86
e:\BDCgpl_6.8.8260.frm -quiet
Silently installs the Linux agent for x86
computers.
-install -os LINUX -x64
e:\BDCgpl_6.8.8260.frm -quiet
Silently installs the Linux agent for x64
computers.
-install -os LINUX -ia64
e:\BSCgpl_6.8.8260.frm -quiet
Silently installs the Linux agent for ia64
computers.
Switch Details
-install -os WINPE -x86
e:\Altiris_DS_Preboot_WinPE2005_x86.
exe
Installs the WinPE agent for x86
computers.
-install -os WINPE -x64
e:\Altiris_DS_Preboot_WinPE2005_x64.
exe
Installs the WinPE agent for x64
computers.
-install -os WINPE -ia64
e:\Altiris_DS_Preboot_WinPE2005_ia64
.exe
Intalls the WinPE agent for ia64
computers.
-install -os WINPE -x86
e:\Altiris_DS_Preboot_WinPE2005_x86.
exe -quiet
Silently installs the WinPE agent for x86
computers.
Switch Details
Deployment Solution 488
Command-Line Switches

Example: To install the WinPE agent for x86 computers, run
C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment
Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os WI NPE - x86
" e: \ Al t i r i s_DS_Pr eboot _Wi nPE2005_x86. exe"
Example: To silently install the WinPE agent for x86 computers, run
C: \ Pr ogr amFi l es\ Al t i r i s\ eXpr ess\ Depl oyment
Ser ver \ Boot wi z\ boot wi z. exe i nst al l - os WI NPE - x86
" e: \ Al t i r i s_DS_Pr eboot _Wi nPE2005_x86. exe" - qui et
Tip
You can do the same for x64 and ia64 computers.
-install -os WINPE -x64
e:\Altiris_DS_Preboot_WinPE2005_x64.
exe -quiet
Silently installs the WinPE agent for x64
computers.
-install -os WINPE -ia64
e:\Altiris_DS_Preboot_WinPE2005_ia64
.exe -quiet
Silently installs the WinPE agent for ia64
computers.
Switch Details
Deployment Solution 489

Chapter 21
RapiDeploy Technical Reference
In Deployment Solution, most imaging tasks can be completed directly from task wizard
in the Deployment Console.
For advanced imaging operations, you might need the extended functionality provided
by the command-line interface of the Deployment Solution imaging tool, RapiDeploy.
This section provides details on using the RapiDeploy command-line interface.
See Also
RapiDeploy Executable Files on page 489
Running RapiDeploy from the Command-line on page 489
Using File System Independent Resource Management (FIRM) on page 502
Using File System Independent Resource Management (FIRM) on page 502
Troubleshooting RapiDeploy on page 93
RapiDeploy Executable Files
The following table lists and gives a short description of RapiDeploy executable files:
Running RapiDeploy from the Command-line
You can create and deploy images from the command-line using switches. This is useful
if you want to run imaging from a batch file and not use the Rdeploy wizard.
RapiDeploy Executable Files
File Description
rdeploy An Altiris program with a graphical wizard-like interface. When run on a
computer, rdeploy.exe temporarily designates the computer as the
RapiDeploy Master PC or as the Client PC. The Master PC controls how
images are created, uploaded, and downloaded, and how they are sent or
multicasted to other computers.
Rdeploy.exe lets you set up configurations (such as TCP/IP and networking
settings) on the computer after it has received an image. You can run
rdeploy.exe with command-line switches and set up other options for
imaging and multicasting.
rdeployt A text-based version of RapiDeploy, this version does not provide a
graphical interface but supports the command-line switches.
firm File System Independent Resource Management (FIRM) lets you access
files in automation. This is an advanced feature. You do not have to use it
to perform normal management tasks. For more information, see Using
File System Independent Resource Management (FIRM) on page 502.
Deployment Solution 490
RapiDeploy Technical Reference

Switches can be entered in any order and they are not case sensitive. When using
multiple switches, leave a space between each option.
You can also get a list of switches at the DOS prompt by typing the following:
r depl oy - ?
If you want to redirect this list to a file, type the following:
r depl oy - ? - t ext > r dpar ams. t xt
RapiDeploy Command-line Switches
The following table lists all the command-line switches that you can use with
rdeploy.exe.
RapiDeploy Command-line Switches
Switch [ parameters] Details
-? Function Shows command-line help.
-align:[cyl|track|none] Function Sets partition alignment to the provided values. None
disables partition geometry rounding entirely, which very
slightly affects the partitions when restoring an image.
-bsl:[maximum
bandwidth]
Function Determines the maximum bandwidth to be used by
the multicasting session.
Example To limit the bandwidth to 5 Megabits per second, type
r depl oy - bsl : 5
-c[compression mode] Function Sets the compression mode for image creation. Speed
is the default mode.
Modes
off turn compression off.
size make smallest image size with slight speed penalty.
speed (default) make a less compressed image in less time.
balanced make a reasonable compressed image with a reduced
speed penalty.
Example To optimize image creation for speed, type
r depl oy - mu - f [filename] - cbal anced
Deployment Solution 491
RapiDeploy Technical Reference

-cfgfile:[filename] Function Sets the configuration filename (default is
lastrun.cfg). The configuration file provides information for post
configuration. The default configuration file is lastrun.cfg that
can be edited in a text editor with the specific information
needed for the computer.
This command is useful if you want to run imaging in a batch file
using configuration information saved previously by the
RapiDeploy program. (If you select the option to save settings in
the RapiDeploy program, a configuration file will be created with
the name lastrun.cfg.) You can rename lastrun.cfg and specify it
in your batch file to apply configuration settings.
Example If you have run RapiDeploy and have chosen the
option to save configuration settings, you could rename
lastrun.cfg to laptop1.cfg and use it in a batch file by typing the
following:
r depl oy - md - f [filename] - cf gf i l e: l apt op1. cf g
You can also put configuration files in a shared directory and
load them from the network.
See also
-m[mode], -f[path & file name]
-cmdline Function In text mode, display the command-line options.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 492
RapiDeploy Technical Reference

-d[hard disk number] Function Specifies which hard disk to read from or write to,
depending on whether you are uploading or downloading. This
switch is used for computers that have more than one hard disk.
Examples
To download an image to disk 2, combine with the - md switch
and type
r depl oy - d2 - md - f [filename]
To create an image from disk 2, combine with the -mu switch
and type
r depl oy - d2 - mu - f [filename]
See also -m[mode], -f[path & file name]
Disk to Disk
A colon indicates disk-to-disk imaging.
-d1:2 (disk to disk mode, source is disk 1, destination is disk 2)
-d3:2 (Source is disk 3, destination is disk 2)
Linux Software Raid and LVM
When using a Linux software raid or LVM, a comma specifies the
disks in the set.
r depl oy - d1, 2 - md - f [filename]
If using a hardware raid, this syntax might not be required if the
disk set is recognized as a single drive. Use the f i r mdr i ves
command to determine how the drives are recoginized.
-ddio:[on|off] Function Causes RDeploy to bypass the operating system
cache and use direct disk access instead. This can improve
performance in some circumstances. Default is off.
-dpos[1-2] Function Specifies the disk location to set if the imaged disk will
be removed after imaging.
-dsconfig:[filename] Function Specifies the Deployment Agent configuration file to
copy to the computer when the imaging job completes.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 493
RapiDeploy Technical Reference

-f[path & file name] Function Used with the - mswitch. In upload mode, it specifies
the filename and location for storing an image file. In download
mode it specifies which image file to restore.
To create (upload) a regular image file, use an .img extension.
To create a self-extracting executable image file, use an .exe
extension.
Examples
To upload an image file to disk g:, type
r depl oy - mu - f g: \ i mages\ wi n98. i mg
To upload a self-extracting executable image file, type
r depl oy - mu - f g: \ i mages\ wi n98. exe
See also -m[mode], -f[path & file name]
-forcebf Function Forces boot fixup in cases when it does not normally
occur. When imaging completes, certain files, such as boot.ini or
grub, and the MBR are modified to ensure that the computer
boots.
This is used in circumstances when you want to keep existing
partitions using the -kp switch. If you are replacing a boot
partition use this switch to fix booting. If you are replacing a
data partition this is not required.
-forcebw Function Forces the automation partition to be restored. Use
this switch when using PXE or to overwrite an existing
automation partition on the hard disk with the automation
partition in the image.
Example To restore an image and have the automation
partition in the image replace an existing automation partition
on the hard disk, type
r depl oy - md - f [filename] - f or cebw
See also -m[mode], -f[path & file name]
-forcegui Function Forces the wizard to appear even if it does not have
to. Use this switch to force the wizard to appear so that you can
view or edit settings for each computer.
Example To restore an image but first view or make changes in
the settings, type
r depl oy - md - f [filename] - f or cegui
See also -m[mode], -f[path & file name]
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 494
RapiDeploy Technical Reference

-forceoem Function Forces the OEM partition to be restored. Use this
switch to overwrite an OEM partition on the hard disk with an
OEM partition in the image.
Example To restore an image and have the OEM partition in the
image replace an existing OEM partition on the hard disk, type
r depl oy - md - f [filename] - f or ceoem
See also -m[mode], -f[path & file name]
-frm:[name] Function Specifies a FIRM file that contains a list of FIRM
commands to be executed after a restore. A FIRM file is a text
file containing FIRM commands to execute.
Example After a computer has received an image, you can copy
a file that is not in the image to the computer. Example: you
may want to copy a .cfg file that a computer needs but is not in
an image.
r depl oy - md - f [filename] - f r m: c: f i l es. t xt
In this example, you would have two files:
The file that includes the copy commands.
The file that you want copied to a computer, sample.cfg
Both of these files must be in the RapiDeploy/FIRM application
folder.
The FIRM file, firm.txt, could have the following FIRM command:
copy sampl e. cf g c: \ sampl e. cf g
In this example, after the image has been received, sample.cfg
is copied from the RapiDeploy application folder on the server to
the computer in the specified folder.
-grubdir:[dir] Function Specifies the directory where the GRUB boot files are
located. If GRUB is installed on a system, the MBR is re-created
based on the GRUB files when imaging completes. If GRUB files
are located in a non-default directory, use this command to
specifiy their location.
-h Function Shows command-line help.
-i:[20..25] Function Sets screen resolution.
For information on setting VESA modes, see -ve:[31.34]
Example To set screen resolution to VGA mode 23
(640x480x16), type
r depl oy - i : 23
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 495
RapiDeploy Technical Reference

-i[IDnumber] Function Sets session ID when sending an image file to more
than one computer. Use this switch with multicast sessions so
the Master PC can identify Client PCs in the same session.
Example To send an image to 10 Client PCs, type
r depl oy - mdb - f [filename] - s9 - i 5000001
Note
-i500001 is given as an example. This value is an example of
what the Deployment Server console would send for a session
ID.
See also -m[mode], -s[number of Client PCs], -f[path & file
name]
-ip:[n.n.n.n:p] Function Sets the multicast IP address and port. This can be
used for two purposes: 1) To allow multicasting through a router
that is set up to use a different multicast IP address, and 2) to
separate multiple multicasting sessions more efficiently.
If you are manually running multiple multicast sessions, you can
specify a different multicast IP address for each session to allow
the NIC itself to filter out unwanted packets from other sessions.
This speeds up all sessions involved.
Important
Remember to put the port number at the end of the IP address
after a colon.
Example
r depl oy - mdb - f [filename] - s9 - i p: 224. 2. 0. 3: 401
See also -m[mode], -s[number of Client PCs], -f[path & file
name]
-iosize:[n] Function Sets the size in KBytes of reades and writes to the
image file. (4-64k). Default is 32k. If setting this to greater than
32k in DOS, you must use a DOS extender, such as DOS/32A.
-kap Function Prevents rdeploy.exe from overwriting any existing
partitions on the hard disk.
-kp[1-31] Function (Download only) Prevents rdeploy.exe from
overwriting a specified partition.
n=partition 1 - 31
Example To keep partition 2 from being overwritten during
imaging, type
r depl oy - md - f [filename] - kp2
See also -m[mode], -f[path & file name]
-kprs Function Keeps the recovery partition during image restoration.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 496
RapiDeploy Technical Reference

-m[mode] Function Sets the operating mode.
Modes
u (Upload image)
d (Download image)
dd (Disk-to-disk)
b (Multicast only)
mm (Multicast master)
ub (Upload and multicast image)
db (Download and multicast image)
client (Client mode)
Examples
To upload an image, type
r depl oy - mu - f [filename]
To designate a computer as a Client PC, type
r depl oy - mcl i ent
See also -f[path & file name], -i[IDnumber]
-makeimx Function Minimizes the number of disk swaps that occur when
restoring a hard disk image that has been split across multiple
CDs or other storage media. This switch causes RapiDeploy to
create an .imx (IMage IndeX) file which contains data that may
reside on other CDs. If RapiDeploy has access to the .imx file, it
will not prompt you to insert any CD more than once.
Use the -makeimx switch when you create an image. However,
no switches are needed when restoring the image. Once the
split image file has been created and you are ready to burn the
image to CDs, put the .imx file on the CD with the first .img split
image file. Subsequent split image files do not require the .imx
file to be placed on the CD.
-mcastspeed[speed] Sets the speed used in multicast operations. Range: 1 or
greater. Deployment Solution 6.5 and previous use 1 as default,
later versions use 5.
-mclient Function Operate in client mode. When multicasting, set this
flag to force the computer to not attempt to act as master.
-mcint:[n.n.n.n] Function Specifies the interface used for multicasting. This is
useful if you have a computer with multiple NICs and you want
to force multicast data to use a specific NIC.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 497
RapiDeploy Technical Reference

-mconv Function Used with the - f switch to convert an existing image
file (.img) to a self-extracting .exe file. (Does not upload or
download; just converts the file.)
Example To convert a file named WINXP.IMG, type
r depl oy - mconv - f wi nXP. i mg
See also -f[path & file name]
-mig:[filename] Function Used to specify a migration file. Prompts before
overwriting the drive. This is used mainly by PC Transplant Pro.
-n Function Do not save the image to the destination. This is
useful to see if an image capture completes successfully without
consuming disk space.
-nobw Function Makes sure that a BootWorks partition does not exist
in the destination, is not on the disk when restoring, and is not
in the image when creating.
Example To remove an existing BootWorks partition from a
hard disk and exclude the BootWorks partition from being
downloaded with an image, type
r depl oy - md - f [filename] - nobw
See also -m[mode], -f[path & file name]
-nocancel Function Does not allow the user to cancel the imaging task.
-nooem Function Makes sure that an OEM partition does not exist in the
destination, is not on the disk when restoring, and is not in the
image when creating.
Example To remove an existing OEM partition from a hard disk
and exclude the OEM partition in an images from being restored,
type
r depl oy - md - f [filename] - nooem
See also -m[mode], -f[path & file name]
-noprompt Function Prevents any need for user interaction. Example:
clicking OK after an error occurs. This is very useful in scripting
situations where there won't be a user present to hit a key.
-nors Function Makes sure that a recovery partition does not exist in
the destination, is not on the disk when restoring, and is not in
the image when creating.
-nospacecheck Function Dont check for available space on the volume when
creating an image.
-nt64k
(Download only)
Function (NT computers only) Enables a 64K cluster size with a
FAT16 partition. This allows you to resize a FAT16 partition up to
4 GB rather than the normal 2 GB limit.
Example To change the size, type
r depl oy - md - f [filename] - nt 64k
See also -m[mode], -f[path & file name]
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 498
RapiDeploy Technical Reference

-p[partition] Function Specifies which partition to process.
Parameters
n Number (1-31) uploads the partition (each partition must be
designated separately)
b images the BootWorks partition (works for both hidden and
embedded types)
oem images the oem partition
rs images the recovery partition
Examples
To upload an image of partition 2, type
r depl oy - mu - p2 - f [filename]
To upload multiple partitions, type
r depl oy - mu - p2 - p3 - p4 - f [filename]
To upload the BootWorks partition, type
r depl oy - mu - pb - f [filename]
To upload the oem partition, type
r depl oy - mu - poem- f [filename]
See also -m[mode], -f[path & file name]
-password:[pwd] Function Specifies the image password. Passwords are case
sensitive.
Example To create a password-protected image file, type
r depl oy - mu - f [filename] - passwor d: Al t i r i s
To restore that file, type
r depl oy - md - f [ f i l ename] - passwor d: Al t i r i s
See also -m[mode], -f[path & file name]
-postconfig Function Perform postconfig from within RDeploy.
-raid:[n] Function Specify the software raid level.
-raw Function Treats all partitions as raw. The Master PC reads and
images a partition by sectors rather than by files. This switch
makes the image drive geometry dependent (must have the
same heads, cylinders, and tracks as the image source). Used
mostly by Altiris Technical Support for troubleshooting, or it
could be used to make sure that any extra data residing outside
of the file system is included in the image.
-retainstart Function Retain the start sector of the first partition. DOS
partitions only, up to 2048 sectors.
-rescan Function Reread the partition table after imaging.
-restorebt Function Restore the boot track during download.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 499
RapiDeploy Technical Reference

-restoresig Function Causes RapiDeploy to restore the unique disk
signature in the MBR of the hard disk from which the image was
created. Normally, RapiDeploy does not transfer the disk
signature to the target computer when deploying an image. This
switch can be used when restoring an image to the same or
similar systems. The -szf switch may be needed in combination
with the -restoresig switch.
Example One This -restoresig switch has been added to the
Distribute Disk Image job in the XP Embedded folder in the
Samples folder to protect the Write Filter Partition. It is required
for all Restore Image jobs for XPe Thin Clients.
Example Two The -restoresig switch is needed when restoring
an image to a Citrix Metaframe Server to preserve the alternate
drive mappings. In this situation the -szf switch is also required.
Note
This switch will function only if no production partitions are
being preserved on the hard drive when deploying the disk
image.
-rscs:[name] Function Create a recovery solution checksum during upload.
-s[number of Client PCs] Function Specifies the number of Client PCs included in a
multicast session. When the Master PC detects the specified
number of Client PCs, it automatically starts the multicast
session. The number specified does not count the Master PC.
Example To set the number of Client PCs that will be connecting
to the Master PC in a multicast session to 9 computers, type
r depl oy - mdb - f [filename] - s9
See also -m[mode], -f[path & file name]
-span Function Prompts between each piece of an image file (if set
when using the -split command), allowing you to insert new
media.
Example To prompt between each file in the image set, type
r depl oy - mu - f [filename] - spl i t : 500 - span
See also -m[mode], -f[path & file name]
-split:[n] Function Breaks an image into multiple files of a specified size
during an upload (in megabytes).
Example To set the file size to 500 MB, type
r depl oy - mu - f [filename] - spl i t : 500
See also -m[mode], -f[path & file name]
-sN Function Send to N clients.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 500
RapiDeploy Technical Reference

-szf Function Use this switch to set fixed sizing for all partitions. By
using this switch, RapiDeploy will use the original sizes that
existed on the computer from which the image was created.
Example If the original size of the partition to be downloaded
was 250 MB and you want the destination partition to remain
250 MB, use the -szf switch. If the target disk has 500 MB of
free space, you will have a 250 MB fixed partition and 250 MB of
free space.
-sz[parameter] Function Resizes partitions during imaging.
Syntax
rdeploy -sz[#]:[x{m|p}] where # is the partition number and x
is the size based on the number of megabytes or a percentage.
Parameters
[x]m (Resize partitions in megabytes)
[x]p (Resize partitions as a percentage of hard disk size for
primary partitions or the percentage of the extended partition
for logical drives)
Examples
If the size of partition 2 being downloaded is 300 MB and you
want it to fit in half of the 500 MB of disk space on the client
disk, type
r depl oy - sz2: 50p - md - f [filename]
This resizes the 300 MB partition to 250 MB, leaving the other
250 MB unused.
You can set the target size for multiple partitions on the same
command-line by including multiple instances of the switch:
r depl oy - sz1: 200m- sz2: 50p - md - f [filename]
See also -m[mode], -f[path & file name]
-text Function Run in text mode instead of GUI mode. To use this
switch, all settings must be specified at the command-line.
Examples
r depl oy - md - f [filename] - t ext
or
r depl oy - mu - f [filename] - t ext
If you want to save a list of command-line parameters to a text
file, you can use the -text parameter
r depl oy - ? - t ext > r dpar ams. t xt
See also -m[mode], -f[path & file name]
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 501
RapiDeploy Technical Reference

-threshold:[n] Function This option applies only to the Restore and Send (-
mdb) mode. We have found that when using a small number of
clients, it is faster to perform individual downloads on each
client than it is to multicast to all of them. There is a point where
it becomes more efficient to multicast than it is to perform
individual downloads. This threshold is where it becomes
faster to multicast than to do individual downloads and can be
specified by the -t hr eshol d: [n] command line parameter.
Depending upon the network environment, this number may
vary. You should perform a few tests to pick a good threshold
value for your network. It may be a small number, like four, or it
could be much larger, like 15.
Once you have found this threshold value, you can specify this
number on the command line and then RapiDeploy will,
depending on the number of clients that connect, have them do
individual downloads or have them multicast.
The number [n] specifies the minimum number of clients that
will need to connect to the master in order for it to multicast.
Example: if you specify - t hr eshol d=5, and four or fewer
clients connect to the master PC, it will have them all do
individual downloads of the image. If five or more clients
connect to that master, it will multicast to them.
This becomes more important when multicasting across subnets
with a router that doesn't support multicasting. If you start one
master and nine clients (10 PC's total), three of which are on
one side of the router and seven of which are on the other side,
RapiDeploy will detect that there are only three on one side of
the router and do individual downloads to them. It will also
detect that seven are on the other side and multicast to them.
RapiDeploy does all of this automatically. All you must supply is
the threshold value to let RapiDeploy determine when it should
multicast or not.
Example
Suppose you have determined that the threshold value for your
network is five. In other words, you have found that
multicasting from one master to five or more clients is faster
than doing individual downloads to those clients and the master.
You could then specify the following threshold value on the
command line:
r depl oy - mdb - f [filename] - s9 - t hr eshol d: 5
See also -m[mode], -f[path & file name], -s[number of Client
PCs]
-throttle:[n]
FunctionThrottle RDeploy operations to N mbps.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 502
RapiDeploy Technical Reference

Using Command-line Switches with Executable Images
In rare cases, you might need to use switches with executable image files. Multiple
switches can be used on the same command-line. As with other switches, you can use
them on the command-line or in a batch file.
In addition, you can use the - nopr ompt switch, which bypasses the default screen that
prompts the user before imaging begins.
Example If you named your self-extracting file baseimag.exe when you created
(uploaded) it, you would type the following on the command-line or in your autoexec.bat
file:
basei mag. exe - nopr ompt
You can combine this switch with any of the other switches.
Using File System Independent Resource
Management (FIRM)
FIRM gives you file access to all FAT, NTFS, and EXT2 file systems on your hard disk from
the automation environment. This is an advanced feature. You do not have to use it to
perform normal management tasks.
-ve:[31.34] Function Set VESA screen resolution.
Example To set screen resolution to VESA mode 31
(640x480x256), type
r depl oy - ve: 31
-w[n] Function When multicasting, specifies the maximum number of
minutes to wait for Client PCs to connect. If all Client PCs
connect, it will start right away.
Default: 5 minutes (or until the specified number of Client PCs is
connected).
Example To set the timeout to wait for PC Clients to 10
minutes, type
r depl oy - w10 - mdb - f [filename] - s9
See also -m[mode], -s[number of Client PCs]
-x Function Cause the image to be saved as a self-extracting file.
This setting will automatically be set if the image file name
specified by the - f parameter ends with .EXE.
RapiDeploy Command-line Switches (Continued)
Switch [ parameters] Details
Deployment Solution 503
RapiDeploy Technical Reference

How FIRM Works
FIRM identifies two drive types: DOS drives and FIRM drives. DOS drives are those that
DOS recognizes, such as local drives and network drives. FIRM recognizes DOS drives in
addition to other local partitions that are present but may not be recognized by DOS.
FIRM assigns drive letters to partitions in the order they are defined on the hard disk.
Because FIRM and DOS both assign drive letters, they might see different drives. So,
the drive letter assignments might be different depending on which operating system
you use to see the mappings.
Here is an example of what you would see with several operating systems compared to
what you would see with FIRM. Note that the only way to see the location of the
embedded BootWorks partition is with FIRM.
*Drive letters are assigned according to where the drives physically reside on the
disk.
FIRM uses the following logic to determine which type of drive to use:
Drives A: and B: are DOS drives.
All other drives are assumed FIRM drives unless prepended with the drive type identifier
D. Example: DC: indicates DOS drive C:.
If a FIRM drive is not found, then a DOS drive is assumed.
FIRM drives can also be explicitly specified by prepending the drive type identifier F.
Example: FK: indicates FIRM drive K:.
Running FIRM
The computer must be booted to DOS.
The firm.exe program must be on a disk or a server where you have rights to access it.
To run FIRM
1. Put the disk containing FIRM.EXE into drive a:, or log into the server where the
program files are located.
2. Type FI RMto run the program.
Drive mapping comparison
Sample Partitions Partitions
recognized
by Win 98
Partitions
recognized
by WIN NT
Partitions
recognized
by WIN 2000
Partitions
recognized
by FIRM
Embedded BootWorks
partition (always drive
W:)

*
FAT 32 * * *
FAT 16 * * * *
NTFS * * *
EXT2/EXT3 *
Deployment Solution 504
RapiDeploy Technical Reference

FIRM Command-Line Switches
Drive designations Because FIRM and DOS recognize drives differently, they might
assign different letters to the same drive. So, for some commands you must specify the
drive type in addition to the drive letter.
Drive types are: OS (operating system drive), and f (FIRM drive).
Tokens You can use a token in place of a drive letter wherever one is required. Tokens
are just another way of accessing a drive on the partition. FIRM replaces tokens with the
appropriate drive letter.
FIRM Tokens
Token Function
auto Function Used in place of the BootWorks partition letter (w: drive).
Examples
To delete the autoexec.bat file from the BootWorks partition, type
f i r mdel et e aut o: \ aut oexec. bat
To see a directory list of the BootWorks partition, type
f i r mdi r aut o: \
prod Function Used in place of the production partition letter (Example: firm c:
drive).
Examples
To see a directory list of firm drive c:, type
f i r mdi r pr od: \
To copy backup files from the production partition c: to the BootWorks
partition, type
f i r mcopy pr od: \ backup. l st aut o: \ backup. l st
temp Function This is an environment variable string that maps to wherever
your TEMP directory is assigned.
Example
To see a list of files and directories in your TEMP directory, type
f i r mdi r t emp: \
Deployment Solution 505
RapiDeploy Technical Reference

FIRM Modes and Switches
Mode Options
drives Function Gets a list of all partitions/drives. Shows the file system and
FIRM drive letters. Also shows the percentage of the drive used by the
partition.
Usage f i r mdr i ves
Example To see a list of all supported drives, including the embedded
BootWorks partition, type
f i r mdr i ves
type Function Sees the contents of an ascii text file. (Other file types do not
display correctly.)
Usage f i r mt ype [filename]
Option [filename]= path and name of the file you want to read
Syntax f i r mt ype[drive type][drive letter or token]: [path][filename]
Example To see the contents of a file called disk32.txt, type
f i r mt ype f c: \ di skf i l es\ dat a\ di sk32. t xt
copy Function Copies a file from one directory to another.
Usage f i r mcopy [source file][destination file]
Options
[source file]=path and filename to be copied
[destination file]=location path and filename file will be copied to
Syntax f i r mcopy [drive type][drive letter or token]: [path][filename]
Examples
To copy an autoexec.bat file from DOS drive C: to the BootWorks partition,
type
f i r mcopy dc: \ aut oexec. bat aut o: \ aut oexec. bat
To copy backup files from the production partition to the BootWorks
partition, type
f i r mcopy pr od: \ backup. l st aut o: \ backup. l st
To backup an autoexec.bat file on FIRM drive c: to FIRM drive c:, type
f i r mcopy f c: \ aut oexec. bat f c: \ aut oexec. ol d
To copy an autoexec.bat file from DOS drive c: to FIRM drive c:, type
f i r mcopy dc: \ aut oexec. bat f c: \ aut oexec. bat
Deployment Solution 506
RapiDeploy Technical Reference

dir Function Displays file and directory lists.
Usage f i r mdi r [directory]
Option [directory]=directory letter or path
Syntax f i r mdi r [drive type][drive letter or token]: [path]
Do not include a filename or you will get an error. The drive type is
optional.
Examples
To see a list of directories and files in the BootWorks directory, type
f i r mdi r w: \
or, type
f i r mdi r aut o: \
(This shows the same results as dos: dir c:\ when running in BootWorks.)
When you are in the BootWorks partition, you can get a list of the contents
of the TEMP directory on DOS drive c: by typing
f i r mdi r aut o: \ t emp
To see a list of files and directories in the Windows system directory, type
f i r mdi r pr od: \ wi ndows\ syst em
delete Function Deletes a file.
Usage f i r mdel et e [filename]
Option [filename]=path & name of file to delete
Syntax f i r mdel et e [drive type][drive letter or
token]: [path][filename]
Always use the full path when deleting a file. You can also use tokens.
Examples
To delete the autoexec file from your BootWorks partition, type
f i r mdel et e aut o: \ aut oexec. ol d
To delete the file foo.txt from a directory on DOS drive d:, type
f i r mdel et e dd: \ mydi r \ f oo. t xt
To delete the autoexec file from FIRM drive e:, type
f i r mdel et e f e: \ aut oexec. bat
FIRM Modes and Switches (Continued)
Mode Options
Deployment Solution 507
RapiDeploy Technical Reference

backupreg Function Backs up registry files.
Usage f i r mbackupr eg [ dest file][local path]
Options
-noprofile Backs up default registries without the user profiles.
[destination file]=destination filename (must be a DOS filename)
[local path]=local path to registry files (source)
(Default source path for Win NT/2000 is c:\winnt\system32\config. Default
for Win 95/98 is c:\windows). If files are stored in the default location, you
do not need to enter the path.
Syntax f i r mbackupr eg [ destination path and filename] [drive letter
or token]:[local path]
Include the complete path.
Examples
To back up registries without user profiles to c:\regback.lst, type
f i r mbackupr eg c: \ r egback. l st - nopr of i l e
To back up registries from FIRM drive e: to regback.lst, type
f i r mbackupr eg c: \ r egback. l st e: \ wi nnt
restorereg Function Restores registry files.
Usage f i r mr est or er eg [source file] [local path]
Options
[source file]=source filename (must be a DOS filename)
[local path]=local path to registry files
(Default source path for Win NT/2000 is c:\winnt\system32\config. Default
for Win 95/98 is c:\windows. If files are stored in the default location, you
do not need to enter the path.)
Syntax f i r mr est or er eg [source path and filename][drive letter or
token]: [local path]
Include the complete path.
Examples
To restore registries from c:\regback.lst to default location, type
f i r mr est or er eg c: \ r egback. l st
To restore registries from c:\regback.lst to e:\winnt
f i r mr est or er eg c: \ r egback. l st e: \ wi nnt
FIRM Modes and Switches (Continued)
Mode Options
Deployment Solution 508
RapiDeploy Technical Reference

backuplist Function Backs up a set of files.
Usage f i r mbackupl i st [destination file] [list file]
Options
[destination file]=destination filename (must be a DOS filename)
[list file]=filename containing a list of files to back up (source)
Must be in a DOS text/ascii file format.
Syntax f i r mbackupl i st [destination path and filename][list
filename]
Include the full path.
Example
To back up the files in c:\backup.lst and store them in c:\backup.txt, type
f i r mbackupl i st c: \ backup. t xt c: \ backup. l st
The backup.lst file might contain the following:
c:\autoexec.bat
c:\config.sys
prod:\windows\command\format.com
restorelist Function Restores a set of files.
Usage f i r mr est or el i st [source file][logical drive]
Options
[source file]=source filename (must be a DOS filename)
[logical drive]= drive letter to overwrite default logical drive
Default logical drive = PROD:\
Syntax f i r mr est or el i st [source path and filename][logical drive
letter]
Include the complete path.
Example
To restore backup files to DOS drive c:, type
f i r mr est or el i st dc: \ backup. t xt
FIRM Modes and Switches (Continued)
Mode Options
Deployment Solution 509

Appendix B
Tokens: Dynamic Database Access
These are variable tokens that can be inserted in scripts (see Run Script on page 181) or
answer files (in Scripted OS Install on page 165) to extract information from the
Deployment Database.
Example: the token named %ASSETTAG% contains the asset tag of a computer. Tokens
are most commonly used when creating custom scripts (using the Run Script Task) or
answer files when doing unattended operating system installations. The custom script is
unique to the computer in which it is applied.
System Tokens
The following table lists all predefined system tokens supported by Deployment Solution
5.6 or higher. System tokens are case sensitive. The percent symbol % at the
beginning and end of each token is part of the token name and must be included.

Token Description
%ASSETTAG% Asset tag from SMBIOS
%AGENTIPADDR% The IP address of the NIC of the client computer
connected to the Deployment Server.
%BWIPADDR% The IP address of the client computer connected to the
Deployment Server. This token only works with
Bootworks. It is deprecated and it is recommended
that you use the token %AGENTIPADDR% instead.
%CALLINGJ OBNAME% The name of the job that called this job (as used when
Setting Up Return Codes) or the name of this job if not
called by another job
%COMPNAME% Actual computer name used by the OS
%CONTACT% Contact name defined in the Location properties
%DATE% Date string in the form of mm/dd/yyyy
%DEPT% Department description defined in the Location
properties
%DNSSUFFIXSEARCHORDER% The DNS suffixes under the DNS tab.
%DOMAIN% MS Workgroup or domain name
%DOMAINOU% Domain organization units. Example:
MyCompany. com/ MyPar ent OU/ MyOU
%DSSERVER% The NetBios name of the computer where the
Deployment Server is installed.
%EMAIL% Email from the Location properties
%ID% Unique Computer ID Generated by Deployment
Server
Deployment Solution 510
Tokens: Dynamic Database Access

%IPNAME% Full DNS name of the computer
%J OBNAME% The name of the current job.
%J OBUSER% The name of the user logged on to the Deployment
console
%LDAPDOMAINOU% The LDAP format for AD domains. Example:
dc=MyCompany, dc=com, OU=MyPar ent OU,
OU=MyOU
%MAILSTOP% Mail stop from the Location properties
%MANUF% Computer manufacturer from SMBIOS
%NAME% Complete computer name as it appears in the console
%NETBIOSDOMAIN% The NetBios name for the Microsoft Domain
%NICyIPADDR% IP Address for NIC y (y =1-8). Example: the first NIC
would be %NIC1IPADDR%I , second
%NIC2IPADDR%
%NICyIPDNSx% DNS entry x for NIC y. Example: the second NIC
fourth DNS entry would be %NIC2IPDNS4%
%NICyIPDNSALL% All DNS IP addresses for NIC y. Example: All DNS
entries for the second NIC would be
%NIC2IPDNSALL%.
%NICyIPGATEWAY% Default gateway for NIC y (y =1-8). Example: the
first NIC would be %NIC1IPGATEWAY%, second
%NIC2IPGATEWAY%
%NICyIPHOST% IP HOst for NIC y (y =1-8). Example: the first NIC
would be %NIC1IPHOST%; the second would be
%NIC2IPHOST%.
%NICyIPNETMASK% Netmask for NIC y. Example: the first NIC would be
%NIC1IPNETMASK%, second
%NIC2IPNETMASK%
%NICyIPWINSx% WINS entry x for NIC y. Example: the third NIC first
WINS entry would be %NIC3IPDNS1%
%NICyIPWINSALL% All WINS addresses for NIC y. Example: All WINS
entries for the second NIC would be
%NIC2IPWINSALL%.
%NICyMACADDR% MAC for NIC y (y =1-8). Example: the first NIC
would be %NIC1MACADDR%,
second%NIC2MACADDR%
%NICyNETBIOSOPTIONS% NetBios options for NIC y. Example: the NetBios
options for the third NIC would be
%NIC3NETBIOSOPTIONS%.
%NICyPCIBUSNUMBER% PCI Bus number for NIC y. Example: the PCI Bus
number for the second NIC would be
%NIC2PCIBUSNUMBER%.
%NICyPCIDEVICENUMBER% PCI Device number for NIC y. Example: the PCI
Device number for the fourth NIC would be
%NIC4PCIDEVICENUMBER%.
Token Description
Deployment Solution 511
Tokens: Dynamic Database Access

Finding the Right Token Value
By default, all values for the custom tokens can be located using the computer ID
number that is automatically assigned to all computers when they are added to the
Deployment Server database. This ID number is located in the computer_ID column of
its associated table.
The computer ID number can be viewed from a Deployment Server console by right-
clicking a computer and then selecting Properties > General. After the computer ID
number has been located, the associated column value can be used.
The example below shows a Deployment Server Job using the Run Script Task, which
will extract information from the Deployment database using the alias name of FS2.
Script
echo Thi s comput er has %#FS2*" SELECT r am_f r ee f r omhar dwar e
wher e comput er _i d = 5000001" %MB of f r ee RAM
%NICyPCIFUNCTIONNUMBER% PCI Function number for NIC y. Example: the PCI
Function number for the third NIC would be
%NIC3PCIFUNCTIONNUMBER%.
%NICyUSEDHCP% If you use DHCP, the valid values are Yes or No.
%NICyUSEWINS% If you use WINS, the valid values are Yes or No.
%NODEFULL% Complete computer name
%NODENAME% First 8 characters of actual computer name
%NWCONTEXT% NetWare context name
%NWSERVER% NetWare preferred server
%NWTREE% NetWare preferred tree
%OS% Specific operating system (WIN98, WIN2K, WINXP)
%OSTYPE% Operating system type (WIN9x, WINNT, Linux)
%PHONE% Phone defined in the Location properties
%PROCDESC% Description of the processor
%PROCSPEED% Processor Speed
%PROCCOUNT% The number of processors installed (not the number of
processor slots)
%PROD_LIC% Product License Key
%PROCTYPE% Processor Type
%RAMTOTAL% Total Random Access Memory
%SERIALNUM% Serial number from SMBIOS
%SITE% Site description defined in the Location properties
%TIME% Time string in the form of hour:minutes
%USER_NAME% The Registered To user name that can be viewed on
the System Properties page of Windows.
%UUID% The Universally Unique Identifier (UUID) of the
computer, if supported by hardware.
Token Description
Deployment Solution 512
Tokens: Dynamic Database Access

Explanation of Script
FS2 i s t he al i as name.
har dwar e i s t he t abl e name
Ram_Fr ee i s t he col umn name t o f i nd t he val ue i n.
If a job using the above script was assigned to the PC-1 computer (with the computer_id
of 500001), the values specified are located in the database and appear on the clients
computer. The message shows the DS database search results.
Users Display Message
C: \
Thi s comput er has 213 MB of f r ee RAM
Pr ess any key t o cont i nue. . .
Creating Unique Files Using Tokens
There are times, during the deployment of a computer, where the computers being
deployed need a unique file to complete the deployment process. Example: when using
the Microsoft System Preparation (sysprep) program, a unique configuration file is
needed to ensure that each computer gets a unique computer name and that it gets
assigned to the correct Domain (among other things.) An answer file used to perform
unattended operating system installations is another example. In both of these
examples, much of the configuration file is the same for all computers being managed
with only a portion of the file contents needing to be unique.
The challenge is to get a file with the unique entries to the computers being managed
without manually visiting each computer and without having to create each file
manually.
To meet the demands of this challenge, Deployment Server has the ability to
automatically create and distribute a unique text file to meet these needs. This process
is known as the Token Replacement Process.
The token replacement process is accomplished using a template (reference) file which
is automatically customized as needed through the use of tokens (variables) and saved
as a unique file. This unique file is then sent to the individual computer. (See Figure
below.)
Tokens
An Altiris token is a type of variable that can be replaced with unique data from the
Deployment Server database. Each computer can have its own unique value for each
token. Example: the token name of %NAME% stores the name of a computer being
managed as seen in the Deployment Server console view, while the token name of
%DOMAIN% stores the Microsoft Workgroup/Domain a computer belongs to. Depending
on the individual computer, there may or may not be a value stored in the Deployment
Server database for every possible token.
Token names are case sensitive. See System Tokens on page 509.
Token Replacement Template Files
To understand the token replacement template file, consider the needs when using
Microsofts System Preparation program (Sysprep.) When using Sysprep, each computer
Deployment Solution 513
Tokens: Dynamic Database Access

requires a Sysprep.inf file. This file is used, among other things, to set the NetBIOS
computer name for a computer and which Domain the computer will belong to (see the
sample Sysprep.inf file in the figure to the right.)
If the image being deployed to the computers contained this Sysprep.inf file and no
other changes were made, all computers would end up with the same computer name
and Domain when the Sysprep.inf files was used to configure the computers being
deployed. To solve this dilemma, a token replacement template file is used.
The token replacement template file is a copy of the text file, which after being edited
needs to be copied to each computer. In this example it is theSysprep.inf file. The
unique text files that will be sent to the individual computers are created by taking the
contents of this template file and adding the unique data using tokens. Therefore, any
data in the template file that needs to be unique must be replaced with an applicable
token.
Example: to ensure that every computer gets a unique computer name, the Sysprep.inf
file is edited to use a token to provide this information instead of using the real
computer name. As seen in the figure to the right, this is accomplished by placing the
%NAME% token after the ComputerName entry. Likewise, the entry that determines the
Domain is changed to use the %DOMAIN% token instead of the real Domain name.
After the tokens have been added as needed, this file is saved in the Deployment Server
directory structure and becomes the template file.
After going through the token replacement process, the tokens are replaced with unique
data from the Deployment Server database and a new file containing that information is
created. The end result is that the new file created would now have an entry such as
ComputerName=Bryce in one file while another file might have an entry such as
ComputerName=J ackson.
Template File Rules
The following template file rules are as follows:
The template file can have as many Altiris tokens as needed.
The template file needs to be saved in the Deployment Server directory or in one of
its subdirectories. Example: the template file may be saved in the \Deployment
Server\temp directory.
By default, the Deployment Directory is located at C:\Program
Files\Altiris\eXpress\Deployment Server and is the directory where Deployment
Server was installed. It is also referred as the Deployment Share.
The Token Replacement Process
The method of converting the template file to a unique file is accomplished as follows:
The template file (in this example - Sysprep.inf) is created with the necessary
tokens and is placed in the Deployment Server\ temp subdirectory.
A Job is created containing a Run Script task.
The Run Script task contains the command(s) needed to invoke the token
replacement process and the specific paths for all files needed in this process. (See
The Run Script Task on page 1-32 for the Run Script task syntax.)
This Job is then run on selected target computers.
Deployment Solution 514
Tokens: Dynamic Database Access

When the Job is executed the following happens:
The template file (Sysprep.inf) is examined and all tokens are located.
The unique token values for each computer are located in the Deployment Server
database and are used to create a new file for each computer.
The tokens in the new files have now been replaced with their applicable values and
the files are saved in the Deployment Server directory path specified in the task.
The name of the new file created is determined by a token variable used in the task
allowing each new file to have its own unique name.
Each unique file is then copied to the applicable target computer. As the files are
copied, they are renamed back to the correct name needed. In other words, all
computers will end up with a file by the exact same name (this may or may not be
needed depending on what this process is being used for.)
The destination of the file on the target computer and its final name are determined
by the Run Script task in the Job.
Custom Tokens
Custom tokens can be defined in a script or answer file to extract data from any MS SQL
Server database table. This is most commonly used when creating custom tables to
store additional computer inventory information. This token replacement feature allows
you to specify any SQL database, look up a specified value, and replace the custom
token with the value from the selected database (whether it resides on the local
computer or not).
Syntax One
%#Alias^!table name@column name%
Examples:
% Identifies the opening and closing of a variable token in the script.
# Indicates that this is a custom token.
Alias Specify the alias for an external database set up in the Tools > Options
> Custom Data Sources dialog. See Custom Data Sources options on
page 86.
When used, this will provide the information and credentials to gain
access to an external SQL database. If the Alias option is not used, the
values will be obtained from the same Deployment Server database the
Job containing this token is using.
^ Indicates that this is a global identifier token. All tokens by default will be
looked up using the Computer_ID value for which the token ID is being
replaced. This global identifier tells Deployment Solution to NOT use the
value in the computer_ID column. Instead, it will use the first value found
in the specified table.
! Specifies that the following text is the table name in the Deployment
Database. This field is required for all user-defined tokens.
@ Specifies that the following text is the column name in the table. This field
is required for all user-defined tokens.
Deployment Solution 515
Tokens: Dynamic Database Access

To return the names of the computers:
%#! comput er @comput er _name%
To return the color column from a custom database and table that has the computer_id
column in it:
%#DBAl i as! t abl e@col or %
To return the color column from the first record from a custom database and table:
%#DBAl i as^! t abl e@col or %
Syntax Two
%#Alias*SQL query statement%
Examples
To return the names of the computer with an SQL statement:
%#*SELECT comput er _name f r omcomput er wher e comput er _i d =
1234567%
To return the color column from a custom database and table with a computer_id
column:
%#DBAl i as*SELECT col or f r omt abl e wher e comput er _i d = 1234567%
To return the color from the first record from a custom database and table:
%#DBAl i as*SELECT col or f r omt abl e%
* Indicates that the following text is an SQL statement.
Deployment Solution 516

Appendix C
Error Codes
This section presents some error messages generated by Deployment Solution. They are
divided into the following groups:
General Error Messages on page 517
Client Error Messages on page 519
Communication Error Messages on page 520
Memory Error Messages on page 522
Partition Error Messages on page 523
Installer Return Codes (page 524)
Deployment Solution 517
Error Codes

General Error Messages
Error Message Description
"Error reading . . ."
"Error writing . . ."
Explanation: An error occurred while reading or writing to
the disk.
Possible causes:
Faulty disk hardware.
A write-protected disk. The BIOS in some computers has an
antivirus capability which attempts to protect the disk from
Master Boot Record (MBR) viruses by write-protecting the
first sector or track on the hard disk.
"Error reading from file."
"Error writing to file."
"Error opening file for
reading."
"Error opening file for
writing."
"Error saving image info to
file."
"Error closing file."
"Error reading image
information."
Explanation: An image file could not be accessed.
Possible causes:
The file does not exist, or cannot be read (for downloads).
The image file is corrupt.
The directory does not exist or cannot be written to (for
uploads).
The disk where the image file is being written is full.
"Geometry Error . . ."
"Invalid geometry exception
. . ."
Explanation: There was an error converting cylinders,
heads, and sectors to logical blocks or vice versa.
Possible cause: Invalid or corrupt BIOS drive geometry
settings.
"No such drive . . ." Explanation: The specified drive could not be accessed.
Possible cause: An invalid drive letter was entered.
"Error reading drive
parameters from BIOS."
Explanation: The program received an error from the BIOS
while trying to read disk geometry information.
Possible Cause: Often occurs when trying to run a DOS
application from Windows.
"Bad image number. File is
not an image file."
"Bad image number. Buffer
doesn't contain image data."
"Bad file version number.
Cannot read the file."
"Bad version number. Buffer
doesn't contain image data."
Explanation: The file is not recognized as an image file.
Possible causes:
The file is not a valid image file.
File was created with a different version of the imaging
program, which is not compatible.
Data loss is occurring over the network.
"Too many clients for current
license count."
Explanation: More clients connected to the Console or
Master computer than the license allows.
Action: Upgrade your license to support more nodes. Call
your authorized reseller for more information.
Deployment Solution 518
Error Codes

"This program is not licensed
for multicasting (peer-to-
peer imaging)."
Explanation: Multicasting works only when the license count
is greater than one.
Action: Upgrade your license to support more nodes. Call
your authorized reseller for more information.
"Exiting with error code . . ." Explanation: The program failed.
Possible causes:
The operator aborted the program prematurely.
A serious program error occurred.
Action: A descriptive error message should appear before
this message to give you information about the problem that
is causing the program to exit. If you do not see a preceding
descriptive message, notify Altiris Technical Support. Write
down the error code and a description of what was happening
before the error occurred.
Error Message Description
Deployment Solution 519
Error Codes

Client Error Messages
Error Message Description
"The master PC ended the
transfer before we received
all of the data."
Explanation: The Master computer sent a "goodbye" packet
before the image-transfer was finished. The download didn't
finish, so the client disk will be in an indeterminate state.
Possible cause: The user aborted the download before it was
complete.
"Error: Received cluster
chunk with wrong version . .
. (want .. .)."
"Client and master versions
do not match."
"Error: Received cluster map
with wrong version . . ."
"Error: End of Block packet
has wrong version . . . (want
. . .)."
Explanation: The Master computer sent a packet with the
wrong version number.
Possible cause: The Master computer and clients are
running different versions, and there are packet-header
differences.
Action: Ensure both master and client programs are updated
to the same software version.
"Error: Received Wrong
NetBlock . . . (expected . .
.)."
"Received Wrong segment . .
. (expected . . .)."
Explanation: The Master computer moved on to the next
segment in an image transfer before the client successfully
received the data in the previous segment.
Possible cause: The client may have lost contact with the
Master computer during a download.
"Error: Master started before
we could register."
Explanation: The client received an unknown packet before
it was ready to begin the download.
Possible cause: The "download confirmation" packet sent
from the Master to the client is lost.
Action: Re-send the image.
"Error decoding buffer."
"Error while getting image
info from master."
Explanation: The client was unable to decode packet or
image information.
Possible cause: Data corruption in a packet somewhere
between the Master computer and the client (likely), or a bug
in either the master or client software (much less likely).
Action: Call Altiris if you see this message and you believe
your network is operating reliably.
Deployment Solution 520
Error Codes

Communication Error Messages
Critical Error Messages
Error Message Description
"Error opening IP socket."
"Error canceling IP listen
packets."
"IP SendPacket error, code .
. ."
"IP Error sending packet ..."
"Error sending farewell
packet: ECB code . . ."
"IP error getting local target
address."
"Unable to bind socket 0x . .
."
Explanation: An error was returned from a call to the
network protocol stack.
Possible causes:
The IP protocol stack isn't loaded.
An internal error occurred in the protocol stack code.
Note
The same errors can occur with IPX.
Error Message Description
"Compression failure, result is
0x. . ."
"Decompression failure, result
0x . . ."
Explanation: Compression or decompression failure.
Possible causes:
A decompression failure can be caused by corrupt data in
an image file or data accessed across the wire.
A compression failure is probably caused by a bug in the
program.
Action: If you get a compression or decompression
failure on a file you know to not corrupted, isolate the
system from the network and try to reproduce the error.
This will determine if the error is on the network or in the
Altiris program. If the problem recurs on the isolated
system, report the error to Altiris.
"Unable to send packet: buffer
too big."
Explanation: The program tried to send a packet that
was larger than the internal limit.
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on
the network or in the Altiris program. If the problem
recurs on the isolated system, report the error to Altiris.
Deployment Solution 521
Error Codes

"Unable to register multicast
cleanup function."
Explanation: Indicates a failure in the programs library
routines.
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on
the network or in the Altiris program. If the problem
recurs on the isolated system, report the error to Altiris.
"Unhandled exception detected.
Please call technical support."
Explanation: A top-level handler in the program
detected an exception from an unknown location in the
program.
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on
the network or in the Altiris program. If the problem
recurs on the isolated system, report the error to Altiris.
"Error: Missing chunk number . .
. too big."
Explanation: Indicates an internal error in the client.
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on
the network or in the Altiris program. If the problem
recurs on the isolated system, report the error to Altiris.
"Error: Received non cluster
map block type 0x . . ."
Explanation: The client received a block of data
containing unexpected information.
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on
the network or in the Altiris program. If the problem
recurs on the isolated system, report the error to Altiris.
Error Message Description
Deployment Solution 522
Error Codes

Memory Error Messages
"Out of range index . . . in
removeItem. ElementCount is . .
."
"Error removing child subtree."
"Invalid item to remove."
"Error: Attempted removal of
top-level container segment."
"Error: unable to copy source
segment."
"Error getting download info
space requirements."
"Error getting image info space
requirements."
"Error getting bitmap space
requirements."
"Error encoding image info into
buffer."
"Error encoding bitmap."
Explanation: Internal program error.
Action: Please report the error to Altiris. Write down the
error code and message and a description of what was
happening just before the error occurred.
"Container segment has invalid
Partition-table slot . . ."
Explanation: A partition table in an extended partition
contains a reference to a nonexistent slot in the partition
table.
Action: Please report this error to Altiris.
Error Message Description
"Insufficient memory for . .
."
"Ran out of memory while . .
."
"Exception . . . while
allocating . . ."
Explanation: The program is out of memory.
Possible cause: The Altiris program requires 16 MB to run.
It could also be a lack of conventional memory.
Action: Add the emm386. exe file, and load as many drivers,
devices, and so on as possible into high memory. Check the
Altiris support forum for information on memory errors.
"Error adding . . ." Explanation: There was a problem building an internal list
structure.
Possible cause: This is almost always a result of memory
exhaustion.
Error Message Description
Deployment Solution 523
Error Codes

Partition Error Messages
Error Message Description
"Collision in partition-table .
."
"Collision with . . ."
Explanation: More than one partition was defined for a
given partition table slot. It can mean one of two things:
Possible cause: The on-disk partition-tables (including
partition tables in extended partitions) are corrupt.
The program was unable to merge an image file with the
local disk contents because both the image and the local disk
contain a partition definition that must reside in the same
slot.
"No partitions to process." Explanation: No partitions were found in the partition table.
The program has nothing to image (upload).
"Segment boundary error:
doesn't start on track
boundary."
"Invalid partition . . . "
Explanation: An invalid partition definition exists.
Possible cause: The invalid entry might be in the partition
tables extended partitions.
Action: Try running i bmast er . exe with the -sz or -szf
switch.
"Error: No partition-table
segment to update."
"Error: Expected container
segment not found."
Explanation: An extended partition was found that
contained no internal partition table, or contained no internal
definitions.
Action: The invalid configuration can be resolved by
removing the invalid partition definition (using FDISK or
similar utility).
"Not enough free disk space
to accept image."
"Underlap error while placing
segment."
"Overlap error while placing
segment."
Explanation: The local disk doesn't have enough free space
to accept the image being downloaded.
Possible cause: The image may have more data than can fit
on the client computer hard drive, or the partition cannot be
resized to fit the drive.
"Collision at beginning of disk
while trying to place boot
record."
Explanation: The program was unable to place the boot
record on the disk.
Possible cause: Another partition may be defined to cover
the required space. This usually indicates corruption in the
target disk's partition table, because it is illegal for a partition
to occupy the space required by the boot record.
Action: Run FDISK to remove all partitions, then reboot the
computer and run FDISK/MBR. Also check for viruses.
Deployment Solution 524
Error Codes

Installer Return Codes
The Deployment Solution Installer returns error codes whenever it encounters any
problems while installing. These return codes are saved in a log file, which is used to
help understand the installation problems. Below is a list of error codes returned with
their descriptions for different components of the Deployment Server.
"This image requires that the
destination drive have the
same geometry . . ."
Explanation: The image being transferred contains a
geometry-dependent partition, and the geometry of the
source disk does not match the geometry of the target disk.
This means the disks are not seen as identical drives by the
drive controller.
"Error flushing MBR sector." Explanation: The program was unable to write data to the
first sector on the hard disk. The image transfer is incomplete
because the partition-table and/or master boot record code
was not successfully written, and the disk is in an
indeterminate state.
Possible cause: This may be caused by a BIOS setting that
prevents programmatic access to the boot sector (see the
CMOS setup).
Return
Code
ErrorID Error Description
1000 IDS_ERR_SETUP_INSTALL This return code is for the DataStore
component. This error occurs while
setting up the installation on a remote
computer. This signifies an error in
opening the setup INI file.
1001 IDS_ERR_COPYING_LICEN
SE
This return code is for the DataStore
component. This error occurs while
copying the license file to the remote
computer. Please ensure that the temp
directory on the remote computer has
at least 100MB free space.
1002 IDS_ERR_SETUP_INSTALL This return code is for the Deployment
Server component. This error occurs
while setting up the installation on a
remote computer. This signifies an error
opening the setup INI file.
1003 IDS_ERR_GRANT_LOGON This return code is for the Deployment
Server component.This error occurs
when it is unable to grant logon as
service rights to the Deployment Server
Service user. If you continue the
installation, it will install the service, but
will require you to manually set "Logon
as Service" rights for the Deployment
Server Service user.
Error Message Description
Deployment Solution 525
Error Codes

1004 IDS_ERR_INSTALLING_SE
RVER_REG
This return code is for the Deployment
Server component. Thus error occurs
while creating some registry entries
required for the server to function
correctly. If you choose to continue, you
will need to set the options manually
from the Altiris eXpress Deployment
Server Configuration control panel
applet.
1005 IDS_ERR_CONNECTING This return code is for the Deployment
Server component. This error occurs
when it is unable to connect to the
remote computer with the given
username and password. Ensure that
the username and password you have
supplied has Administrator rights on the
remote computer.
1006 IDS_ERR_INSTALLING_SE
RVICE
This return code is for the Deployment
Server component. This is an unknown
error that occurs while installing the
Altiris RemoteInstall service. Ensure
that the username and password you
have supplied has Administrator rights
on the remote computer.
1007 IDS_ERR_STARTING_SERV
ICE
This return code is for the Deployment
Server component. This is an unknown
error that occurs while installing the
Altiris RemoteInstall service. Ensure
that the username and password you
have supplied has Administrator rights
on the remote computer.
1008 IDS_ERR_COPYING_LICEN
SE
This return code is for the Deployment
Server component. This error occurs
while copying the license file to the
remote computer. Ensure that the temp
directory on the remote computer has
at least 100MB free space.
1009 IDS_ERR_EXECUTE_PACKA
GE
This return code is for the Deployment
Server component. This error occurs
when it is unable to execute package on
the remote computer. Ensure that the
username and password you have
supplied has Administrator rights on the
remote computer.
Return
Code
ErrorID Error Description
Deployment Solution 526
Error Codes

1010 IDS_ERR_COPYING_PACKA
GE
This return code is for the Deployment
Server component. This error occurs
while copying the install package to the
remote computer. Please ensure the
temp directory on the remote computer
contains at least 100MB free space.
1011 IDS_ERR_SETUP_INSTALL This return code is for the Deployment
Console component. This error occurs
while setting up the install on the
remote computer. This error is usually
encountered when there is a problem in
opening the setup INI file.
1012 IDS_ERR_COPYING_BOOT This return code is for the PXE Server
component. This error occurs while
copying the PXE boot image files. If you
continue the install, you will need to run
the Boot Disk Creator from the PXE
computer and create these files
manually.
1013 IDS_ERR_SETUP_INSTALL This return code is for the PXE Server
component. This error occurs while
setting up the install on the remote
computer. This error is usually
encountered when there is a problem in
opening the setup INI file.
1014 IDS_ERR_SETUP_INSTALL This return code is for the Deployment
Web Console component. This error
occurs while setting up the install on the
remote computer. This error is usually
encountered when there is a problem in
opening the setup INI file.
1015 IDS_ERR_GRANT_LOGON This return code is for the Deployment
Web Console component. This error
occurs when it is unable to grant logon
as service rights to the Deployment
Server Service user. If you continue the
installation, it will install the service, but
will require you to manually set "Logon
as Service" rights for the Deployment
Server Service user.
1016 IDS_ERR_CONNECTING This return code is for the Deployment
Web Console component. This error
occurs when it is unable to connect to
the remote computer with the given
username and password. Ensure that
the username and password you have
supplied has Administrator rights on the
remote computer.
Return
Code
ErrorID Error Description
Deployment Solution 527
Error Codes

1017 IDS_ERR_INSTALLING_SE
RVICE
This return code is for the Deployment
Web Console component. This is an
unknown error that occurs while
installing the Altiris RemoteInstall
service. Ensure that the username and
password you have supplied has
Administrator rights on the remote
computer.
1018 IDS_ERR_STARTING_SERV
ICE
This return code is for the Deployment
Web Console component. This is an
unknown error that occurs while
starting the Altiris RemoteInstall
service. Ensure that the username and
password you have supplied has
Administrator rights on the remote
computer.
1019 IDS_ERR_CONNECTING This return code is for the Deployment
Web Console component. This error
occurs when it is unable to connect to
the remote computer with the given
username and password. Ensure that
the username and password you have
supplied has Administrator rights on the
remote computer.
1020 IDS_ERR_SETUP_INSTALL This return code is for a Hotfix
installation. This error occurs while
setting up the install on the remote
computer. This error is usually
encountered when there is a problem in
opening the setup INI file.
1022 IDS_ERR_CONNECTING This return code is common for all the
components of Deployment Server. This
error occurs when it is unable to
connect to the remote computer with
the given username and password.
Ensure that the username and password
you have supplied has Administrator
rights on the remote computer.
1023 IDS_ERR_INSTALLING_SE
RVICE
This return code is common for all the
components of Deployment Server. This
is an unknown error that occurs while
installing the Altiris RemoteInstall
service. Ensure that the username and
password you have supplied has
Administrator rights on the remote
computer.
Return
Code
ErrorID Error Description
Deployment Solution 528
Error Codes

1024 IDS_ERR_STARTING_SERV
ICE
This return code is common for all the
components of Deployment Server. This
is an unknown error that occurs while
starting the Altiris RemoteInstall
service. Ensure that the username and
password you have supplied has
Administrator rights on the remote
computer.
1025 IDS_ERR_EXECUTE_PACKA
GE
This return code is common for all the
components of Deployment Server. This
error occurs when it is unable to
execute package on the remote
computer. Ensure that the username
and password you have supplied has
Administrator rights on the remote
computer.
1026 IDS_ERR_COPYING_PACKA
GE
This return code is common for all the
components of Deployment Server. This
error occurs while copying the install
package to the remote computer. Please
ensure the temp directory on the
remote computer contains at least
100MB free space.
1027 IDS_ERR_COPYING_ISS This return code is common for all the
components of Deployment Server. This
error occurs while copying the setup.iss
file to the remote computer. Please
ensure that the system temp directory
on the remote computer contains at
least 100MB free space.
1028 IDS_ERR_MONITORING This return code is common for all the
components of Deployment Server. This
error occurs while monitoring the
remote install. The install has been
started, but there is no way to find out if
the install completed successfully.
1029 Install shield writes errors This return code is for all the
components of Deployment Server. This
error is encountered when any of the
components encounter an Install shield
problem.
1030 IDS_ERR_PACKAGE_TERMI
NATED
This error occurs when the package is
terminated unexpectedly.
Return
Code
ErrorID Error Description
Deployment Solution 529

Appendix D
System Jobs for Deployment Solution
System jobs are shipped and installed in the Deployment Share (<DS i nst al l
pat h>\ Al t i r i s\ eXpr ess\ Depl oyment Ser ver \ Sampl es) to assist in various
deployment tasks. During installation, jobs are automatically imported from the
sampl es. bi n file into Deployment Solution where they can be viewed in the System
Jobs folder in the Jobs area of the console. The System Jobs folder contains
subfolders for Imaging, Simple Tests, Migrations, Miscellaneous Jobs, Pocket PC,
Scripted OS Installs, Scripts, XP Embedded, and Agent Update jobs.
Jobs in each folder marked with an asterisk (*) require input parameters or other minor
modifications added before running on your system. These modifications allow you to
add parameters to the job such as user name and password, or other required data to
allow the job to be functional. These jobs will not function properly if you do not edit the
job task with the information specific to your environment.
All files without an asterisk (*) can be used to perform the identified functions without
modification. However, if the job conditions are not met or are not consistent with the
computer type then you may get an error. Example: if the Repair Office XP job runs on
a computer without MS Office XP then you will get an error when trying to run the job.
Note
We recommend that you copy the desired sample job and change the name to avoid
overwrites if you reinstall Deployment Solution.
Sample files are provided to help create jobs and other files for use in your specific
environment. These files portray possible solutions and configurations, and can be
modified and rewritten. Each of these jobs can also be created in the Deployment Server
Console and executed with the same effectiveness to meet your specific needs. Because
of continually changing market conditions and specific requirements for your
organization, Altiris cannot guarantee the effectiveness of these sample files working in
your environment.
See sample jobs in these categories:
Imaging (page 530)
Simple Tests (page 530)
Migrations (page 531)
Misc Jobs (page 532)
Pocket PC (page 536)
Scripted OS Installs (page 537)
Scripts (page 544)
XP Embedded (page 547)
Deployment Solution 530
System Jobs for Deployment Solution

Imaging
Use these sample jobs for basic imaging tasks:
Create Disk Image (page 530)
Distribute Disk Image (page 530)
Create Disk Image
Description Creates a disk image.
Additional files required None.
What this task does This task will create a disk image using the name of the computer
as the image filename.
Steps to use Assign the job to a computer or computer group.
Distribute Disk Image
Description Distributes a disk image.
Additional files required None.
What this task does This job will distribute the disk image using the name of the
computer as the image filename.
Steps to use Assign the job to a computer or computer group.
Simple Tests
Run simple commands and install software packages using these jobs:
DIR Command at DOS (page 530)
DIR Command at Windows (page 530)
Distribute RapidInstall Package (page 531)
DIR Command at DOS
Description Runs the DIR command in DOS
Additional files required None.
What this task does This task runs the DIR command at the DOS prompt. If the
managed computer is running in Windows, it will tell the Deployment Agent to restart
the computer to automation and the computer will reboot. When the computer starts,
the BootWorks application runs and the DIR command executes. After the DIR command
runs, the computer will boot back to the production status. This task also uses the
Logevent application to send the scripting status back to the Deployment Server.
Steps to use Assign the job to a computer or computer group.
DIR Command at Windows
Description Runs the DIR command in Windows from a command prompt
Additional files required None.
Deployment Solution 531
System Jobs for Deployment Solution

What this task does This task runs the DIR command in Windows from a command
prompt.
Steps to use Assign the job to a computer or computer group.
Distribute RapidInstall Package
Description Runs the shwnm. exe RapidInstall package.
Additional files required: None.
What this task does This package includes a utility that displays the computer name in
a window. A shortcut is created in the startup group so that every time the computer is
started the window shows the computer name.
Steps to use Assign the job to a computer or computer group.
Migrations
With the aid of PC Transplant, capture various user settings using these jobs:
Capture User Application Settings (page 531)
Capture User Desktop Settings (page 531)
Capture User Microsoft Office Settings (page 532)
Capture User Printer Settings (page 532)
Capture User Application Settings
Description Collects the users application setting using PC Transplant.
Additional files required None.
What this task does This task will use PC Transplant and a supplied PCT template to
gather the application settings for all users that exist on the computer. The client
computer will execute the PC Transplant Wizard using the specified template and create
a file (comput er name. exe) at the specified location.
Steps to use
1. Edit the job.
2. Assign the username and password for use with Windows 2000/XP/2003 based
systems. If you are using this job on Windows 9x computers, then the logged-in
user must have rights to the specified location for the template and package
creation.
3. Assign the job to a computer or computer group.
Capture User Desktop Settings
Description Collects the users desktop setting using PC Transplant
Additional files required None.
What this task does This task will use PC Transplant and a supplied PCT template to
gather the desktop settings for all users that exist on the computer. The client computer
Deployment Solution 532
System Jobs for Deployment Solution

will execute the PC Transplant Wizard using the specified template and create a file
(comput er name. exe) at the specified location.
Steps to use
1. Edit the job.
2. Assign the username and password for use with Windows 2000/XP/2003 based
systems. If you are using this job on Windows 9x computers, then the logged-in
user must have rights to the specified location for the template and package
creation.
3. Assign the job to a computer or computer group.
Capture User Microsoft Office Settings
Description Collects the users Microsoft Office setting using PC Transplant
Additional files required None.
What this task does This task will use PC Transplant and a supplied PCT template to
gather the Microsoft Office settings for all users that exist on the computer. The client
computer will execute the PC Transplant Wizard using the specified template and create
a file (comput er name. exe) at the specified location.
Steps to use
1. Edit the job.
2. Assign the username and password for use with Windows 2000/XP/2003 based
systems. If you are using this job on Windows 9x computers the logged-in user
must have rights to the specified location for the template and package creation.
3. Assign the job to a computer or computer group.
Capture User Printer Settings
Description Collects the users printer setting using PC Transplant
Additional files required None.
What this task does This task will use PC Transplant and a supplied PCT template to
gather the printer settings for all users that exist on the computer. The client computer
will execute the PC Transplant Wizard using the specified template and create a file
(comput er name. exe) at the specified location.
Steps to use
1. Edit the job.
2. Assign the username and password for use with Windows 2000/XP/2003 based
systems. If you are using this job on Windows 9x computers the logged-in user
must have rights to the specified location for the template and package creation.
Assign the job to a computer or computer group.
Misc Jobs
Misc jobs can be executed on computers, including installation and repair of Office XP,
computer power control, and SQL service and installation:
Install Office XP from Mapped Drive (page 533)
Deployment Solution 533
System Jobs for Deployment Solution

Install Office XP from UNC Source (page 533)
SQL 2000 Unattended Install (page 534)
SQL 2000 Unattended Install Using a RIP (page 534)
Copy WLogevent to Client (page 535)
Install MSI 2.0 Runtime (page 535)
Repair Office XP (page 535)
Restart Computer (page 535)
Shutdown Computer (page 535)
Start SQL Server Service (page 536)
Stop SQL Server Service (page 536)
Uninstall Office XP (page 536)
Wake up Computer (page 536)
Install Office XP from Mapped Drive
Description Installs Microsoft Office XP.
Additional files required Microsoft Office XP setup files located on the network share
that will be used in the drive mapping.
What this task does This script maps a network drive and installs Microsoft Office XP
Professional with Front Page from it.
Steps to use
1. To customize the script, change the UNC that the drive is being mapped to, as well
as the username and password.
2. To change the username, go into the advanced settings of the script. Note that the
client computer must be in the domain if you are using domain authentication.
3. Assign the job to a computer or computer group.
Note
We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to
be deployed. The setup should be customized using the proper tools, and an
administrative install should be performed to place the setup files on the network share.
For more details, consult the Office XP Resource Kit.
Install Office XP from UNC Source
Description This task will install Microsoft Office XP.
Additional files required Microsoft Office XP setup files located on the network share
that will be used in the script.
What this task does This script runs a Microsoft Office XP Professional with Front Page
install directly from a UNC.
Steps to use
Deployment Solution 534
System Jobs for Deployment Solution

1. To customize the script, change the location of the setup files, as well as the
username and password. Note that the client computer must be in the domain if you
are using domain authentication.
2. To change the username, go into the advanced settings of the script.
3. Assign the job to a computer or computer group.
Note
We strongly recommend that you follow Microsoft's guidelines for preparing Office XP to
be deployed. The setup should be customized using the proper tools, and an
administrative install should be performed to place the setup files on the network share.
For more details, consult the Office XP Resource Kit.
SQL 2000 Unattended Install
Description This script will do an unattended install of SQL Server 2000.
Additional files required The files from the SQL Server 2000 disk.
What this task does This script will copy all files and directories from the SQL setup to
the client computer, then execute an unattended install using the specified silent install
script (sql i ns. i ss).
Steps to use
1. Copy the files from the SQL 2000 CD into the . \ sampl es\ mi sc\ sql 2000
directory. Edit the sql i ns. i ss file located in the . \ sampl es\ mi sc\ sql 2000
directory to include your CD key.
2. Assign the job to a computer or computer group.
SQL 2000 Unattended Install Using a RIP
Description This script will do an unattended install of SQL Server 2000 using a
RapidInstall Package to copy the files on the computer and execute the setup using a
post install script.
Additional files required The files from the SQL Server 2000 disk inserted into the
sql 2000pkg. exe RapidInstall package.
What this task does This script will copy all files and directories from the SQL setup to
the client computer using a RapidInstall package, then execute an unattended install
using the specified silent install script (sql i ns. i ss) in a post install script.
Steps to use
1. Start RapidInstall Editor and open the sql 2000pkg. exe located in the
. \ sampl es\ mi sc\ sql 2000 directory.
2. Edit the sql i ns. i ss file in the TempPat h\ SQL2000 directory in the RIP.
To edit the file, select the SQL2000 directory in the Files view and right click the file
listed to the right and choose Open With. Choose Notepad as the associated
program. Replace the CDKey entry in the file and save the file. Close Notepad.
Choose OK in the Edit File dialog to reinsert the changed file into the RIP.
3. Copy the files and directories from the SQL 2000 CD into the SQL2000 directory in
the RIP by dragging and dropping them onto the SQL2000 folder.
Deployment Solution 535
System Jobs for Deployment Solution

4. After the files have been added to the RIP, save it by choosing File>Save. Close the
RapidInstall Editor.
5. Assign the job to a computer or computer group.
Copy WLogevent to Client
Description Copy the wl ogevent . exe to the windows client computer for use with
script logging.
Additional files required None.
What this task does This job will copy the wl ogevent . exe from the Deployment
Server directory to the client computer in the temp directory. This file is used for logging
status in windows scripts.
Steps to use Assign the job to a computer or computer group.
Install MSI 2.0 Runtime
Description Installs the Microsoft Installer runtime files.
Additional files required None.
What this task does This task uses conditions to determine the operating system of
the computer and installs the appropriate MSI 2.0 runtime files.
Steps to use Assign the job to a computer or computer group.
Repair Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be
repaired on the client computer.
Additional files required The source that Office XP was originally installed from must
be accessible in order for the repair to function successfully.
What this task does This script will force Microsoft Office XP Professional with Front
Page to be repaired on the client computer. You can substitute the Product ID of any MSI
(Windows Installer) installed application in this sample.
Steps to use Assign the job to a computer or computer group.
Restart Computer
Description Restarts the client.
Additional files required None.
What this task does Restarts the client if restart is supported.
Steps to use Assign the job to a computer or computer group.
Shutdown Computer
Description Shutdown the client.
Additional files required None.
What this task does Shuts down the client if shutdown is supported.
Deployment Solution 536
System Jobs for Deployment Solution

Steps to use Assign the job to a computer or computer group.
Start SQL Server Service
Description This script will start the SQL Server service.
Additional files required None.
What this task does This script will send the NET START MSSQLSer ver command to the
computer.
Steps to use
1. If you run the SQLServerAgent you need to remove the REM on the line that starts
the agent service.
2. Assign the job to a computer or computer group.
Stop SQL Server Service
Description This script will stop the SQL Server service.
Additional files required None.
What this task does This script will send the NET STOP MSSQLSer ver and NET STOP
SQLSer ver Agent command to the computer. This job will stop the agent service
because the SQL server will not stop if this is running from the command line.
Steps to use Assign the job to a computer or computer group.
Uninstall Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be
uninstalled on the client computer.
Additional files required The source that Office XP was originally installed from must
be accessible in order for the uninstall to function successfully.
What this task does This script will force Microsoft Office XP Professional with Front
Page to be uninstalled on the client computer. You can substitute the Product ID of any
MSI (Windows Installer) installed application in this sample.
Steps to use Assign the job to a computer or computer group.
Wake up Computer
Description Wake up a computer.
Additional files required None.
What this task does Sends a Wake On LAN packet to the computer. If the client
supports Wake On LAN, then this will succeed.
Steps to use Assign the job to a computer or computer group.
Pocket PC
These jobs are used to install agents and CAB files to manage handheld devices in
Deployment Solution:
Deployment Solution 537
System Jobs for Deployment Solution

Distribute Software (page 537)
Install Altiris Pocket PC Agent (page 537)
Distribute Software
Description Installs a simple application that displays the name of the Pocket PC.
Additional files required None.
What this task does This job allows you to set a condition for a MIPS, ARM, or SH3
processor for your handheld device. Once a condition is set then it will install the correct
CAB file from the Samples directory.
Steps to use Assign the job to the handheld device appearing in the Computers
section of the Deployment Server Console.
Install Altiris Pocket PC Agent
Description Installs Pocket PC Agent on the host computer (the computer with the
handheld cradle) for the handheld device. This job sets a condition to check if
ActiveSync is installed on the host computer. If ActiveSync is installed, the Pocket PC
agent will install. If ActiveSync is not installed, then an error appears stating that your
condition is not met on the selected computer.
Additional files required Microsoft ActiveSync on the host computer.
What this task does This job places the Pocket PC agent on the host computer to
manage a connected handheld device.
Steps to use Assign the job to a managed computer acting as host (with Microsoft
ActiveSync installed) for a handheld device.
Scripted OS Installs
These imported jobs allow you to run scripted, unattended installs on both Windows and
Linux servers. These jobs are used for both Network installs and Hard Disk installs. To do
a network scripted install of Windows, use the Scripted OS install task type in a job:
Create W2K Install Disk Image (Target HD) (page 537)
W2K Scripted Install (Target HD) (page 539)
Create RH7 Install Disk Image (Network) (page 540)
Create RH7 Install Disk Image (Target HD) (page 541)
RH7 Scripted Install (Network) (page 541)
RH7 Scripted Install (Target HD) (page 542)
Create RH8 Install Disk Image (Network) (page 543)
RH8 Scripted Install (Network) (page 543)
Create W2K Install Disk Image (Target HD)
Description This job creates a disk image to be used for installing Windows 2000 using
files from the local hard drive. This method is not supported from the Scripted OS install
task. This process can be repeated for XP and .NET as well. This job is only used once to
Deployment Solution 538
System Jobs for Deployment Solution

set up the image that will be repeatedly called from the "W2k Scripted Install (Target
HD)" job.
Additional files required
< DS i nst al l pat h >\ I MAGES\ DOS_ONLY. I MG. Image file containing a simple
bootable partition that is provided during the product install.
Windows 2000 installation files (I386 directory from the Windows CD). These files
need to be copied from the Windows CD to the operating system files directory. The
default directory is <DS i nst al l pat h>\ DEPLOY\ WI N\ W2K\ I 386 directory.
< DS i nst al l pat h >\ Depl oyment Ser ver \
\ SAMPLES\ SCRI PT~1\ WI NDOWS\ W2KSETUP. BAT. DOS batch file that the job
calls to copy the Deployment Agent, other DOS utilities, and the Windows operating
system files needed for the target HD install.
If you need to supply drivers that are not included with the Windows installation you
will need to create a $OEM$ directory under the i 386 directory.
If you have hardware or other devices that are not supported in the operating
system distribution, you can add the drivers needed in the $OEM$ directory that is
supported by the unattended install process.
In our examples we have added drivers for Intel display, network and chipset. The
$1 specifies the root of the %SYSTEMDRI VE%variable. You will need to verify that
the directories are included in the OemPnpDr i ver sPat h value in the Unat t ended
section of the unat t ended. t xt file.
Note
The Windows unattended install process requires that all drivers in $OEM$ be fully
extracted. Zip files cannot be used. See the "Microsoft Windows 2000 Guide to
Unattended Setup" for more information. This guide is named unat t end. doc and
is in the depl oy. cab file in the \ Suppor t \ Tool s folder of the Windows 2000
installation CDROM.
What this task does This job creates a hard drive image that can later be used for
installing Windows 2000 through the hard disk install method. It downloads the
DOS_ONLY image to the selected client. This creates a 2 GB, FAT16 DOS bootable
partition. It reboots the client so that DOS will recognize the newly created DOS
partition. It calls the w2kset up. bat file to copy the Deployment Agent, and the
Deployment Agent input file (acl i ent . i np) as well as various other DOS utilities to
facilitate a Windows scripted install. It also copies the Windows operating system files
(usually from the I386 directory) to the target's hard drive in the C: \ I 386 directory. It
runs r depl oy. exe to create a disk image of the now populated DOS partition.
Steps to use
1. Make a copy of the sample job.
2. If you want to create your own DOS_ONLY. i mg with MSDOS instead of using the
supplied DR DOS image, you will need to manually create the image. To create your
own DOS image, use a DOS boot floppy to run f di sk. exe to create a 2GB partition
on a reference computer. Format the partition to be a system drive. Copy the
appropriate DOS files needed (example: hi mem. sys, smar t dr v, xcopy). Create
an aut oexec. bat file that runs smar t dr v to speed the installation and then looks
for a file called i nst al l . bat . I nst al l . bat will be used in our examples to
initiate the unattended installation.
Deployment Solution 539
System Jobs for Deployment Solution

Example Aut oexec. bat f i l e:
@echo of f
smar t dr v
I F NOT EXI ST c: \ i nst al l . bat got o no_i nst al l
cal l c: \ i nst al l . bat
got o done
: no_i nst al l
echo No I nst al l Fi l e
: done
Be sure to include smar t dr v in the batch file. This command starts SMARTDrive,
which creates a disk cache in extended memory. A disk cache will significantly speed
up the imaging process. After the above tasks have been performed, create an
image of the drive named MS_DOS. i mg. Once the MS_DOS image is created, copy
the i 386 folder of the Windows CD (along with the $OEM$ folder if supplemental
drivers will be required) to the DOS computer. Now create another image of the
drive and name it W2K_AS. i mg. This image will be used for hard drive scripted OS
installs to provide the operating system files needed for the Windows installation. A
total of two DOS images should be created with the second image containing
Windows install files in a C: \ i 386 folder. If you use the MS_DOS. i mg then edit the
task and replace DOS_ONLY. i mg with MS_DOS. i mg.
3. Edit the last Run Script task, Create Windows Install Disk Image, and change
the SET I mageName=F: \ I MAGES\ W2K_HD. I MG line to the name of the image you
wish to create.
4. If you copied the Windows operating system files to a location other than <DS
i nst al l pat h>\ DEPLOY\ WI N\ W2K\ I 386, edit the second Run Script task,
Copy Windows Files to Hard Drive, and specify the location on the SET
OSFi l esPat h= l i ne.
5. Change the name of the job to reflect the desired purpose (optional).
Note
After this job finishes, it will leave the client computer in an unmanageable state.
6. Assign the job to a computer or computer group.
W2K Scripted Install (Target HD)
Description Deploys the Windows 2000 operating system using the Target HD scripted
install model. This will use the image we created with the Create W2K Scripted Install
(Target HD) job.
We recommend using FAT32.img rather than DOS_ONLY.img to perform scripted installs.
Additional files required
<i nst al l pat h>\ I MAGES\ W2K_HD. I MG. This is the image file created by the
Create W2K Install Disk Image (Target HD) job described above. You may have
changed the name. This image file contains a DOS bootable partition with the
Deployment Solution 540
System Jobs for Deployment Solution

Deployment Agent and other various DOS utilities along with the Windows operating
system files that are required for a Windows unattended install.
<i nst al l pat h>\ I MAGES\ I nst al l . bat . File that executes the scripted install.
Windows unattended answer file. A sample provided by the product installation
located in the <DS i nst al l pat h>\ SAMPLES\ SCRI PTED OS I NSTALL\ WI NDOWS
directory.
What this task does This job starts a Windows unattended operating system install on
a client using the hard disk install method. It downloads the W2K_HD image (or whatever
you have named it) to the selected client. This creates a 2 GB, FAT16 DOS bootable
partition with the operating system files to do a Windows unattended install. It then
reboots the computer to get the new partition and format information. It uses a script to
get the unattended answer file copied to the client. It then reboots the client. Upon
reboot, the DOS partition is booted and the operating system install is automatically
started with the aut oexec. bat that is called in the image.
Steps to use
1. Make a copy of the sample job.
2. Edit the Deploy Image task and change the name of the image file to the name
you created with the Create W2K Install Disk Image (Target HD) job described
above.
3. Edit the answer file to specify the product key and other information.
4. Change the name of the job to reflect the desired purpose (optional).
5. Assign the job to a computer or computer group.
Create RH7 Install Disk Image (Network)
Description Creates a disk image to be used for installing RedHat Linux v7.1 through
the Network install method. The Network method copies the RedHat files from an FTP
server during operating system installation. See the user guide for instructions on
setting up an FTP server for this purpose.
Additional files required
<DS i nst al l pat h>\ I MAGES\ DOS_ONLY. I MG. Image file containing simple
bootable partition. Provided during the product install.
<DS i nst al l pat h>\ SAMPLES\ SCRI PT~1\ RedHat \ RH7SETUP. BAT. DOS
batch file that the job calls to copy the basic RedHat files needed for the Kickstart
install such as LOADLI N, VMLI NUZ, and so on.
What this task does This job creates a hard drive image that can later be used for
installing RedHat Linux through the network install method. It downloads the DOS_ONLY
image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. Then it
reboots the client so that DOS will recognize the newly created DOS partition. It then
calls RH7SETUP to copy the basic RedHat files that facilitate a RedHat Kickstart install. It
then runs RDepl oy to create a disk image of the now populated DOS partition.
Steps to use
1. Make a copy of the sample job.
Deployment Solution 541
System Jobs for Deployment Solution

2. Edit the last Run Script task, Create Red Hat Install Disk Image, and change
the SET I mageName=F: \ I MAGES\ RH71_FTP. I MG line to the name of the image
you wish to create.
3. Change the name of the job to reflect the desired purpose (optional).
4. Assign the job to a computer or computer group.
Create RH7 Install Disk Image (Target HD)
Description Creates a disk image to be used for installing RedHat Linux (v7.1 or later)
through the hard disk install method (where files are installed from the local hard drive).
Additional files required
<DS i nst al l pat h>\ I MAGES\ DOS_ONLY. I MG. DOS_ONLY. I MG is an image file
containing a simple bootable partition provided during the product install.
RedHat operating system files (REDHAT and DOSUTILS directories from the RedHat
CD). These files need to be copied from the RedHat CD to the <i nst al l
pat h>\ DEPLOY\ CDS\ REDHAT\ RH71\ REDHAT and <i nst al l
pat h>\ DEPLOY\ CDS\ REDHAT\ RH71\ DOSUTI LS directories, respectively.
<DS i nst al l pat h>\ SAMPLES\ SCRI PT~1\ REDHAT\ RH7SETUP. BAT. DOS
batch file that the job calls to copy the RedHat operating system files needed for the
target hard drive install.
What this task does: This job creates a hard drive image that can later be used for
installing RedHat Linux v7.1 through the Hard Disk install method. It downloads the
DOS_ONLY image to the selected client. This creates a 2 Gig FAT16 DOS bootable
partition. It reboots the client so that DOS will recognize the newly created DOS
partition. It calls RH7SETUP. bat to copy the basic RedHat files that facilitate a RedHat
Kickstart install. It also copies the RedHat operating system files to the target's hard
drive in the C: \ REDHAT directory. It runs RDepl oy to create a disk image of the now
populated DOS partition.
Steps to use
1. Make a copy of the sample job. Edit the last Run Script task, Create Red Hat
Install Disk Image, and change the SET
I mageName=F: \ I MAGES\ RH71_HD. I MG line to the name of the image you wish to
create.
If you copied the RedHat operating system files to a location other than <DS
i nst al l pat h>. \ DEPLOY\ CDS\ REDHAT\ RH71, edit the second Run Script task,
Copy RedHat Files to Hard Drive, and specify the location on the SET
OSFi l esPat h=line.
2. Change the name of the job to reflect the desired purpose (optional).
3. Assign the job to a computer or computer group.
RH7 Scripted Install (Network)
Description This job deploys the RedHat Linux operating system using the Network
scripted install model. The network method copies the RedHat files from an FTP server
during operating system installation. See the Deployment Solution User Guide for
instructions on setting up an FTP server for this purpose.
Deployment Solution 542
System Jobs for Deployment Solution

Additional files required
<DS i nst al l pat h>\ I MAGES\ RH71_FTP. I MG. This is the image file created by
the Create RH7 Install Disk Image (Network) job described above. You may
have changed the name. This image file contains a DOS bootable partition with the
basic RedHat files that facilitate a RedHat Kickstart install.
RedHat Kickstart answer file. A sample is located in the \ SAMPLES\ SCRI PTED OS
I NSTALL\ REDHAT directory.
What this task does This job starts a RedHat Kickstart operating system install on a
client using the Network install method. It downloads the RH71_FTP image (or whatever
you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable
partition with files to facilitate a RedHat Kickstart install. It reboots the client so that
DOS will recognize the newly created DOS partition. It uses a Scripted OS Install task
to start the unattended install on the client. This task contains the location of the
operating system install files located on the FTP server as well as the Kickstart file to be
used for the operating system install.
Steps to use
1. Make a copy of the sample job.
2. Edit the Deploy Image task and change the name of the image file to the name
you created with the Create RH7 Install Disk Image (Network) job described
above.
3. Edit the Scripted OS Install task and change the location of the Kickstart answer
file.
4. Change the hard drive ID in the Command Line edit box to the proper ID for the
target system. The default is ks=hd: hda1/ ks. cf g where hda1 is the default hard
drive ID.
5. Change the name of the job to reflect the desired purpose (optional).
6. Assign the job to a computer or computer group.
RH7 Scripted Install (Target HD)
Description This job deploys the RedHat Linux operating system using the Hard Disk
scripted install model.
Additional files required
<DS i nst al l pat h> \ I MAGES\ RH71_HD. I MG. This is the image file created by
the Create RH7 Install Disk Image (Target HD) job described above. You may
have changed the name. This image file contains a DOS bootable partition with the
RedHat operating system files that are required for a RedHat Kickstart install.
RedHat Kickstart answer file. A sample is located in the \ SAMPLES\ SCRI PTED OS
I NSTALL\ REDHAT directory.
What this task does: This job starts a RedHat Kickstart operating system install on a
client using the Target HD install method. It downloads the RH71_HD image (or
whatever you have named it) to the selected client. This creates a 2 Gig FAT16 DOS
bootable partition with the operating system files to do a Kickstart unattended install. It
uses a Scripted OS Install task to get the Kickstart answer file copied to the client.
This task contains the location of the answer file to be used for the operating system
Deployment Solution 543
System Jobs for Deployment Solution

install. It reboots the client. Upon reboot, the DOS partition is booted and the operating
system install is automatically started.
Steps to use
1. Make a copy of the sample job.
2. Edit the Deploy Image task and change the name of the image file to the name
you created with the Create RH7 Install Disk Image (Target HD) job described
above.
3. Edit the Scripted OS Install task and point it to the desired Kickstart answer file.
4. Change the hard drive ID in the Command Line edit box to the proper ID for the
target system. The default is ks=hd: hda1/ ks. cf g where hda1 is the default hard
drive ID.
5. Change the name of the job to reflect the desired purpose (optional).
6. Assign the job to a computer or computer group.
Create RH8 Install Disk Image (Network)
Description Creates a disk image to be used for installing RedHat Linux v8.0 through
the Network install method. The Network method copies the RedHat files from an FTP,
NFS, or HTTP server during the operating system installation. See the RedHat User guide
for instructions on setting up a source server for this purpose.
Additional files required
<DS i nst al l pat h>\ I MAGES\ DOS_ONLY. I MG. Image file containing simple
bootable partition. Provided during the product install.
<DS i nst al l pat h>\ SAMPLES\ SCRI PT~1\ RedHat \ RH8SETUP. BAT. DOS
batch file that the job calls to copy the basic RedHat files needed for the Kickstart
install such as LOADLI N, VMLI NUZ, and so on.
What this task does This job creates a hard drive image that can later be used for
installing RedHat Linux through the Network install method. It downloads the DOS_ONLY
image to the selected client. This creates a 2 Gig FAT16 DOS bootable partition. It
reboots the client so that DOS will recognize the newly created DOS partition. It calls
RH8SETUP to copy the basic RedHat files that facilitate a RedHat Kickstart install. It runs
RDepl oy to create a disk image of the now populated DOS partition.
Steps to use
1. Make a copy of the sample job.
2. Edit the last Run Script task, Create Red Hat Install Disk Image, and change
the SET I mageName=F: \ I MAGES\ RH80_FTP. I MG line to the name of the image
you wish to create.
3. Change the name of the job to reflect the desired purpose (optional).
4. Assign the job to a computer or computer group.
RH8 Scripted Install (Network)
Description This job deploys the RedHat Linux operating system using the Network
scripted install model. The network method copies the RedHat files from an FTP, NFS, or
Deployment Solution 544
System Jobs for Deployment Solution

HTTP server during the operating system installation. See the Deployment Solution User
Guide for instructions on setting up an FTP server for this purpose.
Additional files required
<DS i nst al l pat h>\ I MAGES\ RH80_FTP. I MG. This is the image file created by
the Create RH8 Install Disk Image (Network) job described above. You may
have changed the name. This image file contains a DOS bootable partition with the
basic RedHat files that facilitate a RedHat Kickstart install.
RedHat Kickstart answer file, located in the \ SAMPLES\ SCRI PTED OS
I NSTALL\ REDHAT directory.
What this task does This job starts a RedHat Kickstart operating system install on a
client using the Network install method. It downloads the RH80_FTP image (or whatever
you have named it) to the selected client. This creates a 2 Gig FAT16 DOS bootable
partition with files to facilitate a RedHat Kickstart install. It reboots the client so that
DOS will recognize the newly created DOS partition. It uses a Scripted OS Install task
to start the unattended install on the client. This task contains the location of the
operating system install files located on the FTP server as well as the Kickstart file to be
used for the operating system install.
Steps to use
1. Make a copy of the sample job.
2. Edit the Deploy Image task and change the name of the image file to the name
you created with the Create RH8 Install Disk Image (Network) job described
above.
3. Edit the Scripted OS Install task and change the location of the Kickstart answer
file.
4. Change the hard drive ID in the Command Line edit box to the proper ID for the
target system. The default is ks=hd: hda1/ ks. cf g where hda1 is the default hard
drive ID.
5. Change the name of the job to reflect the desired purpose (optional).
6. Assign the job to a computer or computer group.
Scripts
These jobs are provided to give some ideas of things that can be accomplished by
scripting. The scripts have been divided into scripts for Windows and scripts for Linux:
Send Email if Disk Space Low (Linux) (page 545)
Logevent Script (Linux) (page 545)
Restart HTTPD Service (Linux) (page 545)
Move Computer to Default Container (Windows) (page 545)
Move Computer to Specific OU (Windows) (page 546)
Send Error Email (Windows) (page 546)
Server-side Embedded VBScript (Windows) (page 546)
WLogevent CMD Script (Windows) (page 546)
WLogevent VB Script (Windows) (page 547)
Deployment Solution 545
System Jobs for Deployment Solution

Send Email if Disk Space Low (Linux)
Description This script will send an email specifying that the computer had less free
space than specified threshold.
Additional files required None.
What this task does This script will send an email notifying the specified user of the
computer that has less than the specified threshold of disk space free.
Steps to use
1. Edit the embedded script to specify the email username to send to and the threshold
percentage.
2. Assign this job to a computer or computer group.
Logevent Script (Linux)
Description This script shows how to use the logevent utility to send status back to the
console while running a Linux script.
Additional files required None.
What this task does This job sends a status message to the console then executes an
l s command, then sends another message to the console.
Steps to use Assign the job to a computer or computer group.
Restart HTTPD Service (Linux)
Description This script will restart the HTTPD service.
Additional files required None.
What this task does This script will check to see if a page can be loaded from the http
server. If it cannot be loaded, then the script will restart the httpd service.
Steps to use Assign the job to a computer or computer group.
Move Computer to Default Container (Windows)
Description This script will take the specified computer and move it to the specified
domain default computer container.
Additional files required None.
What this task does This script will take the specified computer and move it to the
specified domain default computer container.
Steps to use
1. Edit the movecomp_cn. vbs to specify the domain you want to use for the
computer to be moved in.
This script will not create the computer account in the domain. If it is not already a
member of the domain, this event will fail.
2. Assign the job to a computer or computer group.
Deployment Solution 546
System Jobs for Deployment Solution

Move Computer to Specific OU (Windows)
Description: This script will take the specified computer and move it to the specified
domain OU.
Additional files required None.
What this task does This script will take the specified computer and move it to the
specified domain OU.
Steps to use
1. Edit the movecomput er . vbs to specify the domain and OU you want the computer
to be moved into.
This script will not create the computer account in the domain. If it is not already a
member of the domain, this event will fail.
2. Assign the job to a computer or computer group.
Send Error Email (Windows)
Description This script will send an email specifying that the computer had an error.
Additional files required None.
What this task does This script will send an email using the job name and computer
name to identify the client that had an error. This script is run on the Deployment server
and can be used as a job to be run when having a specific error occurs.
Steps to use
1. Edit the sendmai l scr i pt . vbs to specify the SMTP server and the user to have
the email sent from and to.
2. Assign the job to a return code handler on another task. (See "Setting up Return
Codes" in help for more details).
3. Assign the calling job to a computer or computer group. If you have the error then
this job (Send Error Email) will be called.
Server-side Embedded VBScript (Windows)
Description This script will log an event to the event log.
Additional files required None.
What this task does This script will log an event to the application event log under the
WSH module. The text will read Deployment Server Job complete for
<computername>.
Steps to use Assign the job to a computer or computer group.
WLogevent CMD Script (Windows)
Description This script shows how to use the Wl ogevent utility to send status back to
the console while running a Windows CMD script.
Additional files required None.
Deployment Solution 547
System Jobs for Deployment Solution

What this task does This job will copy the WLogevent . exe to the Windows client,
then sends a status message to the console, then executes a di r command, then sends
another message to the console.
Steps to use Assign the job to a computer or computer group.
WLogevent VB Script (Windows)
Description This script shows how to use the Wl ogevent utility to send status back to
the console while running a Windows VB script.
Additional files required None.
What this task does This job will copy the WLogevent . exe to the Windows client,
then sends a status message to the console, then executes a di r command, then sends
another message to the console.
Steps to use Assign the job to a computer or computer group.
XP Embedded
These jobs are provided to give samples when working with XP embedded that have the
Enhanced Write Filter enabled:
Disable Enhanced Write Filter (page 547)
Enable Enhanced Write Filter (page 547)
Distribute RapidInstall Package (page 547)
Disable Enhanced Write Filter
Description Disable the Enhanced Write Filter.
Additional files required None.
What this task does This job will disable the Enhanced Write Filter and reboot the
client computer.
Steps to use Assign the job to a computer or computer group.
Enable Enhanced Write Filter
Description Enable the Enhanced Write Filter.
Additional files required None.
What this task does This job will enable the Enhanced Write Filter and reboot the
client computer.
Steps to use Assign the job to a computer or computer group.
Distribute RapidInstall Package
Description Runs the shwnm. exe RapidInstall package after disabling the Enhanced
Write Filter.
Additional files required None.
Deployment Solution 548
System Jobs for Deployment Solution

What this task does This job will disable the Enhanced Write Filter, and then install a
package that includes a utility that shows the computer name in a window. A shortcut is
created in the startup group so that every time the computer is started the window
displays the computer name. After installing the RIP, the Enhanced Write Filter will be
enabled.
Steps to use Assign the job to a computer or computer group.
Agent Update
This folder contains a list of agent update jobs that are generated dynamically during
updation. These jobs are created whenever an auto update for agents is required. The
job names can be AClient x64 Update, AClient x86 Update, and adlagent ia64 update.
SVS
This folder contains a sample script (.bin file) that enables installing the SVS fully
licensed version to support customers when they upgrade. The sample script file
contains commands that sets new license key to the SVS client.
Note
You should modify this key before scheduling this job.
Deployment Solution 549

Appendix E
Network Ports
This document lists the details of the ports used by Deployment Solution. It also
includes the steps to configure the ports that are configurable.
Component Service Port Protocol Where is this
port
connected?
Is this port
configurable?
PXE MTFTP Altiris PXE MTFTP
Server
69 UDP PXE Client No (Industry
standard port)
Altiris PXE MTFTP
Server
1758
1759
UDP
(Multicast)
PXE Client Yes
PXE Server Altiris PXE Server 67 UDP PXE Client No
Altiris PXE Server 68 UDP PXE Client No
Altiris PXE Server 4011 UDP PXE Client No
PXE Manager Altiris PXE Manager 405 TCP PXEConfig Yes

Altiris PXE Manager 406 TCP PXECfg Service Yes
PXECfg Service Altiris PXE Config
Helper
407 TCP PXE Server and
PXE MTFTP
Yes
Deployment Web
Console (Web
Console)
Altiris Deployment
Server Console
Manager
8081 HTTP DSWeb Yes
Altiris Deployment
Server Data
Manager
8080 HTTP DSWeb, Console
Manager
Yes
DB Management
(Middle Man)
Altiris Deployment
Server DB
Management
505 TCP Win32 console,
Axengine,
PXEManager
Yes
Deployment Solution 550
Network Ports

PXE MTFTP
The Altiris PXE MTFTP Server service is used to transfer file data between the PXE Server
and the PXE Booting client. This service supports both MTFTP and TFTP standard
interfaces.
To configure the 1758 and 1759 ports
1. Go to the datastore path.
Note: By default, the path is: C:\Program Files\Altiris\eXpress\Deployment
Server.
2. Open the PXE folder.
3. Open the pxe.INI file in a text editor.
4. In the [MTFTPD] section, set the MCAST_CLNT_PORT value to 1758 and the
MCAST_SRVR_PORT value to 1759.
5. Save the pxe.INI file.
6. Restart PXE services.
PXE Manager and PXECfg Service
The Altiris PXE Manager Service controls the data associated with the PXE components
that are included in the PXE package. The PXE Configuration Utility and PXE Servers use
Deployment
Server
Altiris eXpress
Server
402 TCP/UDP
(multicast)
Agents, PXE
Server,
DataManager,
PXEManager
Yes
Deployment
Console (Win32
Console)
5001 TCP AClient Yes
5002 TCP AClient Yes
Deployment
Agent on Linux
(ADLAgent)
Altiris Network
Management Client
for Linux
415 TCP Remote Client Yes
Deployment
Agent on
Windows
(AClient)
Altiris Client Service 402 UDP Deployment
Server
Yes
Altiris Client Service 401 UDP AClient (Wake-
on-LAN Proxy)
No
Component Service Port Protocol Where is this
port
connected?
Is this port
configurable?
Deployment Solution 551
Network Ports

the PXE Manager to route, store, and retrieve information about the status, image
availability, user input, and so on.
To configure the 405, 406, and 407 ports
1. Go to the datastore path.
Note: By default, the path is: C:\Program Files\Altiris\eXpress\Deployment
Server.
2. Open the PXE folder.
3. Open the RPC.INI file in a text editor.
4. In the PMData class for PXEConfig and PXE Manager section, set the
ServerIPPort value to 405.
5. In the PCSData class for PxeCfgservice and PXE Manager section, set the
ServerIPPort value to 406.
6. In the PHData class for PxeServer/PxeMtftp and PreCfgService section, set
the ServerIPPort value to 407.
7. Save the RPC.INI file.
8. Restart PXE services.
Deployment Web Console (Web Console)
The Deployment Web Console allows you to remotely administer a Deployment Server
installation using a Web browser. The Web Console provides the options to deploy and
manage Windows and Linux computers (both client and server editions) in real-time
with many features present in the Deployment Console.
The Deployment Web Console can be installed on any computer running Microsoft IIS
Server, a computer running a Deployment Server or a Notification Server, or a remote
computer running only Microsoft IIS.
To configure the 8080 and 8081 ports
1. From the Windows Explorer, select My Computer > Local Disk (C drive).
2. Run the axInstall.EXE file in the DSSetup folder. The Deployment Server
Install Configuration wizard appears.
Note: The DSSetup folder is created on extracting a build.
3. Select the Custom Install option and click Install.
4. The Software License Agreement dialog appears. Click Yes. The Deployment
Share Information dialog appears.
5. Select the License file option and click Browse to enter the path of the License
file. Click Next. The Deployment Server Information dialog appears.
6. Select the On this computer option.
Note: You can choose whether you want to install the Deployment Server on a local
computer or a remote computer.
7. By default, the Port is 8080. This port is used by the DataManager service.
8. Enter the Service password and click Next. The Deployment Database dialog
appears.
Deployment Solution 552
Network Ports

9. Click Next. The Gathering Information dialog appears.
10. Select the appropriate option, provide the authentication information and click
Next. The Pre-boot Operating System dialog appears.
11. Enter the required information and click Next. The PXE Server Information dialog
appears.
12. Enter the required information and click Next. The Deployment Agent
Connection to Deployment Server dialog appears.
13. Enter the required information and click Next. The Deployment Console
Information dialog appears.
14. Select the required option and click Next. The Deployment Web Console
Information dialog appears.
15. The Console Port is 8081 by default. Click Next. The Installation Information
dialog appears.
Note: This port is used by the Console Manager service. You can change this port if
required.
16. Click Install.
DB Management (Middle Man)
This component is used for secure communication between the Console and the
Database and the Console and the Server.
To configure the 505 port
1. Open the Registry Editor.
2. In the left pane, select HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris
eXpress > MMProc > Port 505. The Edit DWORD Value dialog appears.
3. Set the required value and click OK.
4. Restart the AltirisDeployment Server DB Management and the Altiris
eXpress Server services after this change.
Deployment Server
The AltirisDeployment Server controls the workflow and information exchange
between the managed computers and the other Deployment Server components, such
as Deployment Console, Deployment Database, and Deployment Share. Managed
computers connect and communicate with the Deployment Server to register inventory
and configuration information and to run deployment and management tasks. Computer
and deployment data for each managed computer is then stored in the Deployment
Database.
There are two methods to configure the 402 port.
To configure the 402 port
Option 1:
1. From the Start Menu, click Settings > Control Panel > Altiris Deployment
Server Configuration Utility.
Deployment Solution 553
Network Ports

2. Click the Transport tab.
3. Enter 402 in the TCP Port field and in the Multicast Port field. Click OK.
Option 2:
1. Open the Registry Editor.
2. In the left pane, select HKEY_LOCAL_MACHINE > SOFTWARE > Altiris >
Altiris eXpress > Options > TCP Port 402 or Multicast Port 402.
Note: This is the port where the server accepts all client connections, such as
AClient (Windows Agent), ADLagent (Linux Agent), and DataManager.
3. The Edit DWORD value dialog appears for each port. Set the required values for
both TCP Port 402 and Multicast Port 402 and click OK.
4. Restart the AltiriseXpress Server service.
About the Multicast Port:
On the client computers there is an option in the Altiris Client Service Properties
dialog called Discover Deployment Server using TCP I/P Multicast. On selecting
this option the client locates the deployment server by multicasting. You have to enter
the Multicast Address for using the multicasting option. On finding a Deployment
Server, the client computer connects to the port that is received from the server.
Deployment Console (Win32 Console)
The Deployment Console is the Win32 user interface for Deployment Solution. You can
install this Win32 console on computers across the network to view and manage
resources from different locations. In addition, from this console, you can access the
Deployment Database on other Deployment Server systems to manage sites across the
enterprise.
Note: You can remotely control an active client computer from the Win32 console.
Right-click a connected client and select Remote Control.
To configure the 5001 and 5002 ports
1. Open the Deployment Console and click Tools > Options. The Program
Options dialog appears.
2. Click the Global tab.
3. Select the Remote control ports check box.
4. Enter port number 5001 in the Primary field.
5. Enter port number 5002 in the Secondary (Optional) field.
Note: Port 5002 is the backup port in case Port 5001 is not available.
6. Click OK.
Note: By default, Port 5001 is used for controlling the clients remotely.
Deployment Agent on Windows (AClient)
The Deployment Agent is installed on each client computer in the Deployment Server
system to remotely manage the computers from a Deployment Console. The
Deployment Solution 554
Network Ports

Deployment Agent on Windows runs on Windows computers, including desktops,
notebooks, and servers.
To configure the 402 port
1. Click the AClient icon on your desktop. The Altiris Client Service dialog appears.
2. Click Properties. The Altiris Client Service Properties dialog appears. By
default, the Server Connection tab is selected.
3. Select the Connect directly to this Deployment Server option or select the
Discover Deployment Server using TCP/IP multicast option.
4. Enter the port number.
Note: By default, this port number is 402.
Note: When the AClient is connected to the Deployment Server on port 402, it
internally creates a listening UDP socket on port 402 to accept Wake-up packets
from the server.
Deployment Agent on Linux
The Deployment Agent is installed on Linux workstations and server to establish
communication between Linux computers and the Deployment Server. This agent
collects and sends data from the client computer to the Deployment Server, executes
deployment tasks sent from the server, installs packages, and runs management
processes as directed from a Deployment Console.
To configure the 402 port
1. To edit the configure file directly, open the adlagent.conf file at the following path:
/opt/altiris/deployment/adlagent/conf.
2. Change the value corresponding to the TCPport= if necessary. The default value is
402.
3. Restart the ADLAgent service.
To configure the 415 port
1. To edit the configure file directly, open the trace.conf file at the following path: /
opt/altiris/deployment/adlagent/conf.
2. Change the value corresponding to the TcpTracePort= if necessary. The default
value is 415.
3. Restart the ADLAgent service.
Note: Port 415 is used to remotely view debug messages from the ADLAgent. These
messages include the debug information and communication details between the
ADLAgent and the Deployment Server. This port connects to the Remote Client.
Client/Server File Transfer Port
Open the Copy File To dialog of the Copy File task and click Advanced. Select the
Copy files using Deployment Server option. The files will be copied using this port.
Deployment Solution 555
Network Ports

To configure the Client/server file transfer port
1. From the main menu, open the Deployment Console and click Tools > Options.
The Program Options dialog appears.
2. Click the Global tab.
3. Select the Client/server file transfer port check box.
4. Enter the port number in the Client/server file transfer port field.
5. Click OK.
RapiDeploy Ports
This feature optimizes the multicasting ability of the RapiDeploy application in
Deployment Server. This allows you to deploy images to a group of computers
simultaneously, download an image from a file server, or access a local hard drive, and
manage the imaging of several client computers.
Because RapiDeploy is more efficient when writing directly to the IP address of the
network adapter driver, you can enter a range of IP addresses when using the
multicasting feature to speed computer deployment and management. Deployment
Server accesses the range of computers using the defined IP pairs and avoids retrieving
the computers through the port and operating system layers.
However, some network adapter cards do not handle multiple multicast addresses. In
such instances, you can define a range of ports to identify these computers. On the first
pass Deployment Server accesses the selected computers using the list of IP numbers.
On the second pass, Deployment Server accesses the selected computers using the port
numbers.
To configure the RapiDeploy ports
1. From the main menu, open the Deployment Console and click Tools > Options.
The Program Option dialog appears.
2. Click the RapiDeploy tab.
3. Enter the range of ports in the Port > Range fields.
Note: The port values are 401 by default.
4. Click OK.
Deployment Solution 556

Appendix F
Deployment Agent Authentication
This article describes the AClient and the Deployment Server authentication process.
The authentication process is required to safeguard the use of the AClient from
connecting to a malicious Deployment Server.
Deployment Solution 557
Deployment Agent Authentication

The authentication process starts with the Deployment Solution installer generating a
security key and writing it in the server.key file. You can find the security key at the
following location:
HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options >
Security > ServerSecurity registry key.
This security key is a random numeric value that is generated automatically. When the
Deployment Server starts, the server reads this registry key.
The AClient has to add the automatically generated security key to the AClient registry
by specifying the server.key file path.
To specify the server.key file path
1. Click Start > Program > Altiris > Deployment Solution > Configuration >
Options > Authentication > Add Key.
2. Select the Server.key file and click Open.
Note:
The AClient also has to select the Enable key based authentication check box in
Start > Program > Altiris > Deployment Solution > Configuration > Options >
Transport tab. If this option is not selected, server authentication fails.
The Deployment Server stores the security key at the following location:
HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service >
DSAuthentication
The AClient stores the security key at the following location:
HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > SecurityKey
A random challenge key is generated, which is unique to the AClient. The AClient
encrypts this challenge key and stores the challenge key in the registry using the
security key.
The AClient sends the following connection request to the server in the form of Cipher
Text.
Request =Aut hent i cat e
Ci pher Text =
The Deployment Server uses the ServerSecurity key stored in its registry and decrypts
the Cipher Text. Using the same key, the server again encrypts the challenge key and
sends the following reply in the form of Cipher Text.
Repl y=Aut hent i cat e
Ci pher Text =
The AClient decrypts the Cipher Text using the challenge key already stored in its
registry. It compares the decrypted Cipher Text with the random key it has generated.
If the two keys match, the server authenticates the AClient connection. If the keys do
not match, the authentication fails. The connection is closed and the AClient status is
updated to Server Authentication failed.
The keys stored on the Server and at the AClient are the same. These keys, however,
look different because they are altered using random bytes, and are encrypted using a
constant key. The Cipher text sent on the wire also looks different in request
Deployment Solution 558
Deployment Agent Authentication

authentication as well as in reply authentication, because it is altered using random
bytes. These alterations ensure the safety of the key from malicious users.
Deployment Solution 559

Appendix G
Windows Registry Keys
This section contains a description of the Windows Registry Keys used by Deployment
Solution.
You can access the keys in the Options folder.
3. Open the Registry Editor.
4. Click HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress >
Options.
The keys present in the Options folder are listed in the table below, with their description
and purpose.
Registry Name Description Purpose
Keys present in Options folder
AgentCommLogDir Specifies the path for client server
communication log.
This path is used to create the
client-server communication log file.
AgentCommLogging Checks whether to create a
communication log.
If the value is 0, it disables the
logging, else, it enables the logging.
AgentCommLogMaxFileSize Specifies the size of the log file. The maximum the file can grow is up
to the size specified by this key. If
the size exceeds this, then it starts
overwriting the file from the
beginning.
DebugLogFilename Specifies the path and name of
the engine log file.
Used to create the engine log file at
the specified path.
DebugLogging Checks whether to create the
engine log file.
If 1, creates the engine log file.
DebugLogMaxSize Specifies the max log file. The maximum the file can grow is up
to the size specified by this key. If
the size exceeds this, then it starts
overwriting the file from the
beginning.
PingIntervalMinutes When sending CACKS to active
clients, the server will not send
CACK to an active computer if
there was an activity on the
socket associated with that
computer in the last
PingIntervalMinutes minutes.
PingTimeOut CACK timeout in seconds. If the client fails to respond to a
CACK within the time out, then it is
considered as inactive.
Deployment Solution 560
Windows Registry Keys

ReadThreadCount Specifies the number of threads
for the read operation.
Creates the number of read threads.
The default is 10, the minimum is 0
and the maximum is 200.
ResetInactiveClientConnectionsBatch
Size
Number of computers in a batch. While sending WACs to inactive
computers, the engine processes n
computers at a time. After
processing n computers it waits for
some time (Specified by
ResetInactiveClientConnectionsRest
Time) before processing the next
batch of n computers.
ResetInactiveClientConnectionsHours Reset inactive client connections
every n hours. If it is positive,
this key is activated.
After every n hours, the engine will
send WACs to inactive clients.
ResetInactiveClientConnectionsRest
Time
Wait time (in seconds) between
two batches.
While sending WACs to inactive
computers, the engine processes n
computers at a time. After
processing n computers it pauses
before processing the next batch of
n computers. This entry defines
this pause time.
ResetInactiveClientConnectionsTime If
ResetInactiveClientConnectionHo
urs is negative, this key is
activated. Stores time as a string
in HH:MM format, where HH can
have values 00-23 Hours.
If the value is 13:25, it means 1.25
PM. The Engine will send WACs to
inactive clients at 1:25 PM everyday
or on a particular day of the week
depending upon
ResetInactiveClientConnectionWeek
Day.
ResetInactiveClientConnectionsWeek
Day
If
ResetInactiveClientConnectionHo
urs is negative, this key is
activated. If positive indicates the
day of the week (1=Sunday,
2=Monday,...). A negative value
means everyday.
Engine sends WACs to inactive
computers at the given time
everyday or on a specific day of the
week.
SendBufferSize Specifies the size of the buffer for
the socket.
Sets the size of socket buffer.
SendWaitTime For Backward compatibility.
ServiceInstallPath Specifies the install path of
Deployment Server.
Path of the DS.
SqlPassword Specifies password for SQL
server.
Connects to SQL server using this
password.
SqlUserName Specifies Username for SQL
server.
Connects to SQL server using this
Username.
Registry Name Description Purpose
Keys present in Options folder
Deployment Solution 561
Windows Registry Keys

ThreadLogging Specifies whether to create a log
file in thread directory for
threads.
If checked, creates a thread
directory and threading related log
files.
ThresholdWOL Number of minutes to wait before
retrying to wake up the inactive
computer.
If a job is scheduled on an inactive
client, and if UseWOL is 1, the
engine will try to wake up that
computer by sending WOL every n
minutes until it wakes up.
TimeSyncMaster Specifies whether to sync the
time with the client.
If true, syncs the client time with the
server.
UpdateActiveClientConnectionsHours Updates active client connection
every n hours. If it is positive,
this key is activated.
After every n hours the engine will
send CACKs to active clients.
UpdateActiveClientConnectionsBatch
Size
Number of computers in a batch. While sending CACKs to active
computers, the engine processes n
computers at a time. After
processing n computers it waits for
some time (specified by
UpdateActiveClientConnectionsRestT
ime) before processing the next
batch of n computers.
UpdateActiveClientConnectionsRest
Time
Wait time (in seconds) between
two batches.
While sending CACKs to active
computers, the engine processes n
computers at a time. After
processing n computers it pauses
before processing the next batch of
n computers. This entry defines the
time of this pause.
UpdateActiveClientConnectionsTime If
UpdateActiveClientConnectionsHo
urs is negative, this key is
activated. Stores time as a string
in HHL:MM format, where HH can
have values 00-23 Hours.
If the value is 13:25, it means 1:25
PM, then Engine sends CACKs to
active clients at 1:25 PM everyday
or on a particular day of the week
depending upon
UpdateActiveClientsConnectionWeek
Day.
UpdateActiveClientConnectionsWeek
Day
If
UpdateActiveClientConnectionsHo
urs is negative, this key is
activated. If positive indicates the
day of the week (1 = Sunday, 2 =
Monday,...). A negative value
means everyday.
Engine sends CACKs to active
computers at the given time
everyday or on a specific day of the
week.
Registry Name Description Purpose
Keys present in Options folder
Deployment Solution 562
Windows Registry Keys

UpdateInventoryBatchSize Number of computers in a batch. While inventorying computers,
engine processes n computers at a
time. After processing n
computers, it waits for some time
(specified by
UpdateInventoryRestTime) before
processing the next batch of n
computers.
UpdateInventoryHours Update inventory for active
computers every n hours. If it is
positive, this key is activated.
After every n hours the engine will
send inventory for the active clients.
UpdateInventoryRestTime Wait time (in seconds) between
two batches.
While inventorying computers,
engine processes n computers at a
time. After processing n computers
it takes a pause before processing
the next batch of n computers. This
entry defines the time of this pause.
UpdateInventoryTime If UpdateInventoryHours is
negative, this key is activated.
Stores time as a string in HH:MM
format, where HH can have
values 00-23 Hours.
If the value is 13:25, it means 1:25
PM. The Engine will inventory active
clients at 1:25 PM everyday or on a
particular day of the week
depending upon
UpdateInventoryWeekDay.
UpdateInventoryWeekDay If UpdateInventoryHours is
negative, this key is activated. If
positive, indicates the day of the
week ( 1 = Sunday, 2 =
Monday,...). A negative value
means everyday.
Engine inventories active computers
at a given time everyday or on a
specific day of the week.
UseFD_READ It is related to socket activity. This is being used for internal socket
communication activity.
UseResetInactiveClientConnections 1 if Update active client
connections, on the General Tab
of the Altiris Configuration Utility,
is enabled, otherwise 0.
If Reset inactive client connections
is enabled, the engine periodically
send WACs to the inactive
computers. If the AClient is running
on any of the inactive computers, it
just resets the connection with
server.
UseSql Used to connect to sql server. If true, then connects to database
using username and password
specified in the configuration dialog.
UseUpdateActiveClientConnections 1 if Update active client
connections, on the General Tab
of the Altiris Configuration Utility,
is enabled, otherwise 0.
If Update active client connections
is enabled, the engine periodically
sends CACKs to the active
computers and marks those
computers, which fail to respond to
CACKs as inactive.
Registry Name Description Purpose
Keys present in Options folder
Deployment Solution 563
Windows Registry Keys

Key in the Security Folder
You can access the key in the Security folder.
1. Open the Registry Editor.
2. Click HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress >
Options > Security.
The key present in the Security folder is listed in the table below, with its description and
purpose.
UseUpdateInventory 1 if Update inventory for active
clients, on the General Tab of the
Altiris Configuration Utility, is
enabled, otherwise 0.
If Update inventory for active
clients is enabled the engine
periodically inventories the active
computers.
WakeAgentWithPing Not Used.
AllowJobWOL Not Used.
Registry Name Description Purpose
Key present in Security Folder
Server Security Authenticates client to DS server. This key is used to authenticate the
client to server.
Registry Name Description Purpose
Keys present in Options folder
Deployment Solution 564

Appendix H
Pocket PC
Installing Deployment Agent for PocketPC
The Deployment Agent for Pocket PC lets you manage and deploy handheld computers running the Pocket
PC operating system, including:
HP iPAQ Pocket PC
HP J ornada Pocket PC
Casio Cassiopeia Pocket PC
You can manage handhelds through a cradle attached to a host computer, or through direct connection to
the network using a LAN or wireless network adapter. When connected through the cradle, the Pocket PC
Agent software will reside on the host computer and the Pocket PC Client software will reside on the
handheld computer. This configuration allows Deployment Server to recognize and update the handheld
each time it returns to the cradle and synchronize with the host computer using Microsoft ActiveSync.
Handheld computers connected directly to the network install only the PPC Client softwareand are managed
like any other computer in your Deployment Server system.
Install from a cradle or cable. See Install a Pocket PC Agent from the Deployment Console on page565
to install to a handheld computer in the cradle attached to a host computer.
Download CAB files with ActiveSync. See Install Pocket PC Agent from the Host Computer on
page566 to install the handheld by running or copying the Deployment agent install file or the Deployment
Client CAB files over the network.
Install directly to the handheld. See Install Pocket PC Client on the Handheld on page566 to install only
the Deployment Client from CAB files on the handheld computer.
System Requirements
Processors ARM
MIP
SH3
Disk space 5 Mb contiguous
Operating systems: Pocket PC
RAM 16 Mb
Deployment Solution 565
Pocket PC

The Deployment Agent for Pocket PC (PA) runs on the host computer, which itself is a managed computer
running the Deployment Agent (DS). The Deployment Agent for Pocket PC automatically installs the
Deployment Client for Pocket PC (PC). You can also install the Deployment Client for Pocket PC directly
to the handheld by installing the required CAB files.
Install a Pocket PC Agent from the Deployment Console
When installing a handheld running the Pocket PC operating system, you can attach to a host computer and
run Microsoft ActiveSync software to synchronize data between the host computer and the handheld.
Deployment Solution lets you install Deployment Agents on both the host computer and the handheld to
communicate with Deployment Server as a managed computer.
The Altiris Pocket PC Agent is software that runs on the host computer. This agent communicates through
the handhelds cradle to the Pocket PC Client running on the handheld. The Pocket PC Agent also
automatically installs Pocket PC Client on the handheld. The Pocket PC Agent provides communication
between the Pocket PC Client on the handheld and the Deployment Server. ActiveSync is required for the
Pocket PC Agent because it provides the IP stack the Pocket PC Agent uses to communicate with the
handheld.
The Pocket PC Agent monitors the connect and disconnect jobs sent to the handheld. If the Pocket PC Client
on the handheld is present but not started, then the agent will start it. The Pocket PC Agent also acts as a
relay agent to transfer data from the Pocket PC Client on the handheld to the Deployment Server.
From a Deployment console, you can schedule and run a Sample job to install the Pocket PC Agent on a
host computer. Ensure that the handheld is connected to the host computer and seated in the cradle. You
must also download Microsoft ActiveSync and install it (this is free software available on the Microsoft
web site) on the host computer. Then synchronize the host computer with the handheld.
To install from a Deployment console
Use Deployment Solution to find computers with ActiveSync and run deployment jobs to automatically
copy the necessary files and install the Deployment PPC Agent and PPC Client.
1 From a Deployment console, in the Jobs pane open the Samples > Pocket PC folder.
2 Click the Install Altiris Pocket PC job and then select the Active Sync computer condition in the Condition
box in the Details pane.
3 Drag the Install Altiris Pocket PC job to the host computer. If you are using a Web console, then assign
using web features.
4 Schedule the job.
After the Pocket PC Agent has installed, the Altiris Pocket PC Agent icon will appear in the system tray
of the host computer.
When the Deployment Agent is initialized, it will connect to the handheld. The agent will check if the
Altiris Pocket PC Client is installed on the handheld. If not, the agent will automatically install it.
Deployment Solution 566
Pocket PC

When the Pocket PC Client is installed on the handheld, the Deployment Client icon will appear in the
system tray of the handheld and the client details screen appears.
Note: For ease of use, the Pocket PC Client will first try to connect to a Pocket PC Agent. If it fails, the
Pocket PC Client will try to connect directly to the Deployment Server.
5 Click OK.
The handheld appears in the Deployment Console as a unique computer displaying the handhelds
name.
See Installing Deployment Agent for PocketPC on page564.
Install Pocket PC Agent from the Host Computer
From the host computer, you can install the Pocket PC Agent by running theppcagent.exe installation file
on the host computer. After installing the Pocket PC Agent, it will automatically install the Pocket PC Client
when the computers synchronize. This is the fastest and easiest way to install both agents on the host and
handheld computers.
Note: After you have installed the Altiris Pocket PC Agent on a host computer, the PPCAgent.exe file can
be executed from the C:\Altiris\PPCAgent directory (or the directory where you installed Pocket PC Agent
if you chose a directory different from the default). This lets you access the features of this program even
though the icon has been hidden.
In addition, if you are using ActiveSync 3.5 or a later version, you can also log on to the Deployment Share
in the Depl oyment Ser ver >Pocket PC Cl i ent folder and copy the correct CAB file for the handheld
(based on type of processor) to the host computer. You can then copy the CAB files directly to the handheld
using the Explore feature in ActiveSync.
To install Pocket PC Client directly with ActiveSync
1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from).
2 Connect your device to your desktop computer using a cradle or cable.
3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device.
4 In Windows Explorer, browse to the CAB file you want to copy.
5 Right-click the file and click Copy.
6 Place the cursor in the desired folder for your device, right-click, and click Paste.
7 From the device, tap Start > Programs > File Explorer.
Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the
handheld, the Deployment Agent icon appears in the handhelds system tray.
Note: If using ActiveSync 3.5, the Pocket PC Agent is not required after the Pocket PC Client is installed.
However, the Pocket PC Agent can still be useful for installing the Pocket PC Client onto the handheld,
loading the client, and managing client settings.
See Installing Deployment Agent for PocketPC on page564.
Install Pocket PC Client on the Handheld
You can install the Pocket PC Client directly to the handheld computer if your handheld has a network
adapter (LAN or wireless), allowing you to download the correct CAB file and install the Pocket PC Client
to communicate with the Deployment Server.
The following CAB files are provided based on processor type. Copy the CAB files from the Deployment
Share in the Depl oyment Ser ver \ Pocket PCCl i ent folder: ppccInt.Arm.CAB, ppccInt.MIP.CAB,
ppccInt.SH3.CAB.
Deployment Solution 567
Pocket PC

To install Pocket PC Client using CAB files
1 Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the file from).
2 Connect your device to your desktop computer.
3 In ActiveSync, click Explore. Windows Explorer runs the Mobile Device window for your device.
4 In Windows Explorer, browse to the CAB file you want to copy.
5 Right-click the file and click Copy.
6 Place the cursor in the desired folder for your device, right-click, and click Paste.
7 From the device, tap Start > Programs > File Explorer.
Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the
handheld, the Deployment Agent icon appears in the handhelds system tray.
See Installing Deployment Agent for PocketPC on page564.
Uninstall the Pocket PC Agent
1 Open the Pocket PC Agent status sheet by double-clicking Altiris Pocket PC Agent icon.
2 Click Options > Uninstall.
You can also uninstall the agent by running the ppcagent - r emove switch from the command line.
Note: There is no uninstall program for the PPC Client. To remove the Pocket PC Client, you must remove
the client file from the My Devi ce\ Wi ndows\ ppccI nt . exe file on the handheld.
Command Line Switches for the Pocket PC Agent
You can also manage the Pocket PC Agent through command-line switches. The Pocket PC Agent is started
using the C:\Program Files\Altiris\PPCAgent\PPCAgent.exe program file. If you need to perform some
function with a command-line switch, run the program file followed by the applicable switch.
To restart the agent, you would run:
C:\Program Files\Altiris\PPCAgent\PPCAgent.exe - r est ar t
The following is a list of the supported switches:
- st op
Stops the agent.
- st ar t
Starts the agent after it has been stopped.
- r est ar t
Stops and restarts the agent.
- si l ent
Installs the agent without the installation dialog screens.
- r emove
Stops and uninstalls the agent.
Deployment Solution 568

Appendix I
Managing Switches
To administer roles and configurations for network servers, it is necessary to discover
and modify the network switch settings for the connected network servers. Deployment
Solution provides the Switch Add-On program to discover and manage Virtual Local
Area Networks (VLAN) settings on a LAN switch or to run commands from the
command-line. This utility allows you to directly discover and provision the port settings
of a LAN switch.
Switch Management Features
Typically, a VLAN setting is port based it is a LAN switch port that can be configured as
a member of a specific VLAN. As such, client and server computers connected to that
LAN switch port are members of the VLAN and can communicate with other member
client and server computers of that VLAN. By changing the VLAN setting of a switch port,
you can move client and server computers between logical VLAN groupings without
actually changing the physical network infrastructure.
Often, when modifying server roles or configurations, it will be necessary for you to
change the grouping or VLAN for the servers network. This can be accomplished by
changing the VLAN setting on the switch port that the server is connected to.
The Deployment Solution Switch Add-On allows you to perform the following
functions:
Discover the LAN switch MIB II system information (command-line and GUI)
Discover the switch ports of a LAN switch (command line and GUI)
Discover the VLAN setting for each switch port (command line and GUI)
Modify the VLAN setting of a switch port (command line and GUI)
Assign physical connectivity of a workstation/server to a switch port (GUI)
About Switch Add-On for Deployment Solution
Switch Add-On will assume port-based VLANs (not MAC-based VLANs), managing only
VLANs for a specified port setting on the switch. For this release, it will assume only one
VLAN per port. (Switch Add-On will not perform any type of VLAN trunking management
in its initial release.) Deployment Solution Switch Add-On will only support VLAN
management based on the list of supported devices in LAN Switch Support List
(page 569).
Deployment Solution Switch Add-On will only support SNMP v1. You will need the SNMP
read community name to discover a LAN switch (along with its port/VLAN mappings)
and the SNMP write community name to manage the port/VLAN settings.

To open the Switch Management tool, click Tools > Altiris Tools >
Switch Management. The Deployment Solution Switch Add-On utility tool
appears. Network switches will be identified in the left pane. Click the star
icon to Add New Switches.
Deployment Solution 569
Managing Switches

All discovered switch information will be kept in a local database file
(Swi t chMngt Db. t xt ). To ease installation and support, this file will be text based and
be located in the directory from which the Deployment Solution Switch Add-On
applications are executed.
Notes
If a LAN switch supports the 802.1Q VLAN standard, Deployment Solution Switch
Add-On will only provide PVID management on a port.
Since most vendors do not support VLAN Add/Edit/Delete through SNMP,
Deployment Solution Switch Add-On will not provide these features.
All devices that are to be managed must support SNMP v1.
LAN Switch Support List
Deployment Solution Switch Add-On supports these specific vendors with the
following LAN switches:
Cisco Catalyst 1900/2820 series switches
Models: All models (OS Versions 8.XX and up - Enterprise Edition)
Cisco Catalyst 2900 series switches
Models: WS-C2900, WS-C2926 (OS versions 3.1 and later)
Models: WS-C2948G, WS-C2980G and WS-C2980GA (All operating system
versions)
Cisco Catalyst 2900 XL / 2900 XL LRE series switches
Models: All models (IOS versions 11.2(8) SA3 and later)
Cisco Catalyst 3500 XL series switches
Models: All models (IOS versions 12.0(5) XP and later)
Cisco Catalyst 4000 series switches
Models: WS-C4003, WS-C4006, WS-C4912G (All operating system versions)
Cisco Catalyst 5000 series switches
Models: WS-C5000, WS-C5002, WS-C5500, WS-C5505, WS-C5509, WS-C5509E
(OS versions 3.1 and up)
Cisco Catalyst 6000 series switches
Models: WS-C6006, WS-C6009, WS-C6506, WS-C6509, WS-C6509NEB, WS-C6513
(All OS/IOS versions)
HP
Models: BL eClass Interconnect Switch (802.1Q PVID management only)
Dell
Models: PowerEdge 1655MC Integrated Switch (802.1Q PVID management only)
Using Deployment Solution Switch Add-On
The Deployment Solution Switch Add-On program is a stand-alone application that
displays a graphical view of the all switches that have been discovered along with their
respective switch ports.
Deployment Solution 570
Managing Switches

The following are port attributes appearing in the Details pane of the program:
Switch The switch to which the port belongs
Port The name of the port (vendor-specific port names will be shown when available)
Description The description of the switch port
VLAN The VLAN assignment for the switch port
Connectivity Any user assigned mapping of clients or servers to the switch port
By selecting a device in the tree view pane, the switch port display is updated to show
its respective ports. By selecting Network in the tree view, all switch ports that have
been discovered will be shown in the switch port view. You can sort on attributes by
selecting the appropriate column.
Adding a Switch Device
To add a switch to the Deployment Database
1. Press the Add icon on the toolbar
Or, right-click Network in the tree view.
2. From the pop up menu that opens, click Add Device.
Deployment Solution 571
Managing Switches

Note
When the device is available and the SNMP communities are correct, the application
reads the MIB II system information from the device and add the device to the tree
view. If the device is not available, an error message appears.
Discovering a Device
Once a device has been added to the database, all properties for that device can be
discovered. By selecting the device in the tree view and right clicking, the following
menu appears:
Click Discover Device to discover all the switch device properties and store these
values in the Deployment Database. Once the discovery process is complete, the switch
ports for that device will be seen in the port view.
Deleting a Device
A device can be deleted in two ways:
1. Press the Delete icon on the toolbar:
Or, right-click and select Delete.
Viewing and Setting Device Properties
Select and view Properties for a switch device by right-clicking its name in the tree
view. The system information for the selected device appears. This dialog will allow you
to make any necessary modifications to the SNMP read and SNMP write community
strings (passwords).
Setting the VLAN for a Switch Port
To set a switch port to a specific VLAN, right-click on a switch port in the switch port
view and click Click Set VLAN to view all available VLANs on the switch. Select a VLAN
from the list.
Deployment Solution 572
Managing Switches

The Deployment Solution Switch Add-On application will then use the supplied SNMP
community strings (passwords) and attempt to change the VLAN setting on the port. If
successful, the VLAN column will be updated.
Note
It is possible to select more than one port in the port view and assign all selected ports
to a particular VLAN in one operation. However, due to the number of operations
required to change VLANs on some switching devices, this operation can be time
consuming.
Assigning Connectivity to a Switch Port
From the switch port view, right-click any switch port and click Assign/View
Connectivity to determine what client or server computers are connected to a
particular switch port. This dialog appears:
The Assign/View Connectivity dialog shows all visible devices, including the MAC
addresses that are being forwarded by the switch. It also shows any previous
connectivity mapping, such as an X in the Connected column). You can add a hostname
Deployment Solution 573
Managing Switches

to a specific MAC address by right-clicking the appropriate MAC address. A menu
appears. Click Add/Edit Host Info to enter the hostname on the dialog.
Note
If the IP address and Hostname columns are blank for a MAC address, the application
does not have enough information about the global network to display an IP Address/
Hostname binding to that MAC address.
You can assign connectivity to a particular switch device by selecting the device (or MAC
address) in the list and clicking Assign Connectivity to Port. This will mark the MAC
address as connected to this port. You can remove connectivity by selecting the MAC
address you want to remove from connectivity and clicking Remove Connectivity
from Port. When the dialog is closed, the client and server computers can be seen in
the Connectivity column of the switch port view.
Command-line Parameters
The following command line parameters can be supplied to the Deployment Solution
Switch Add-On program to launch the program with the appropriate
-d=<switch IP address>: By supplying the IP address of the switch, the Switch Add-
On program will launch and automatically select the supplied device in the tree view
(thereby, showing all of its ports in the port view).
-e=<end node MAC address>: By supplying the MAC address of a client or server
computer, the Switch Add-On program will launch and automatically select the switch
and port that the client or server computer is connected to (if the connectivity has been
previously assigned).
GUI Tools
The Switch Management Console includes a Tools menu, providing a Ping IP Range
command to assist in "pinging" a specified IP range in order to generate traffic to a
range of devices that might otherwise be inactive. From this dialog you can specify the
starting and ending IP addresses to ping. Success or failure messages will appear in the
list.
The Ping IP Range tool can be used to lookup the MAC address of the device being
pinged. To be successful, SNMP must be enabled on the end device. The user can supply
an SNMP Read community name to perform this operation. Otherwise, the user may
clear the SNMP MAC Lookup box to ping only the end device.
Deployment Solution 574
Managing Switches

Note
If a device is inactive, the forwarding tables in the switch will not show the MAC address
of the client or server computer. The Ping IP Range tool can be used to refresh the
forwarding table in the switch.
Deployment Solution Switch Add-On (Command Line Options)
Along with the Deployment Solution Switch Add-On graphical program, a command-line
interface is provided that will support the command line arguments listed below. This
program file is named swi t chcf g. exe. It will be executed from the same directory
that the database file (Swi t chMngt Db. t xt ) is located.
Command-line Interface Parameters
By executing the swi t chcf g. exe without any arguments, you can see the usage of the
CLI application as below.
The following is a description of the available command line arguments and how they
are to be used:
-m=<mode> This indicates the mode of the operation to be performed. The two
possible values are: 1) discover, and 2) set (as in set VLAN).
-d=<target ip> This indicates the switch (by IP address) to perform the operation on.
-r=<read community> The SNMP read community name (password) to use to
discover the switch.
-w=<write community> The SNMP write community name (password) to use to
perform any set operations on the indicated device.
-p=<port name> The name of the switch port the user is attempting to configure.
-v=<VLAN number> The VLAN number to set the switch port to (or).
-n-<VLAN name> The VLAN name to set the switch port to.
Deployment Solution 575
Managing Switches

-e=<end node MAC address> The MAC address of the workstation/server you want
to be put in a particular VLAN. In order for the utility to perform this operation correctly,
the connectivity of the MAC address must have already been assigned using the GUI
application. When using this option, the user must only supply the SNMP write
community (password) and the VLAN (name or number) to put the workstation/server
in. The CLI application will use its database to lookup the appropriate (bound) switch
and switch port to provision.
-c=<SNMP retry count> The number of attempts that SNMP should attempt before
giving up.
-t=<SNMP timeout> The SNMP timeout value in milliseconds.
Note
Prior to executing any command to provision a switch, that switch MUST be discovered.
Otherwise, the program will report errors.
Command-line Examples
Discover a Switch
swi t chcf g. exe - m=di scover - d=<t ar get I P> - r =<SNMP r ead>
Set VLAN on a Switch/Port
swi t chcf g. exe - m=set - d=<t ar get I P> - w=<SNMP wr i t e> - p=<por t name>
- n=<VLAN name>
Set VLAN for a Workstation/Server (End Node)
swi t chcf g. exe - m=set - w=<SNMP wr i t e> - e=<MAC addr ess> - n=<VLAN
name>
Deployment Solution 576

Index
Symbols
A
access 377
account option, domain 85
account settings 410
AClient. see Deployment Agent for
Windows
adapter
network 272, 297
adapter settings
adding 273, 297
add
component 484
components 365
computer 97, 403
group 90
server 387
user 89
add components 365
adding servers 399
ADLAgent
configuration 250
installation 250
administrative tools 78
ADS
options 372
set up 385
agent
see also Deployment Agent for...
ADLAgent see ADLAgent
configuring 389
installation overview 345, 411
polling interval 396
production agent settings 375
requirements 335
settings 86, 134, 375, 379
Altiris Console
collections 370, 390
configuration request 397
deployment 386
reports 389
application properties 120
applications 414
assigning jobs
from Deployment Web
Console 373
with conditions 81
Atools.ini 80
authentication 267, 380
agent for DOS 117
database 365
user 90
autoexec.bat file
editing 477
order of operations 477
Automated Deployment Services. see
ADS
Automation Agent settings 379
automation boot disk
creating 281
automation partition
creating 286, 295
creating setup package 280
installing 280
removing 283
automation tasks 288
axengine 451
axinstall 478
B
basics, Deployment Web Console 369
bay
virtual 246
bay properties 413
deployment rules 413
server deployment 121
BDC. See Boot Disk Creator
best practices 87
BIOS settings 485, 485
blade server. see server blades
boot
bootloaders, Linux 251
boot configuration
protocol settings 274, 298
boot disk
creating 281
Boot Disk Creator
about 269
additional files 302
advanced 298
configuration summary 277, 301,
301
creating bootable media 279
integration with PXE
Configuration Utility 288
modifying settings 273, 298
server communication 274, 299
starting 270
tool icon 78
toolbar 270
tracking boot menu options 288
boot image
about 288
boot image files
creating 303
boot menu items
identifying 289
boot menu options
automation tasks 288
creation methods 288
editing 292
importing 292
tracking 288
BootWorks see Deployment Agent for
DOSt
BootWorks. see Deployment Agent for
DOS
broadcast address 106
builder, lab 66
building jobs . see jobs
bwinst.exe
installation switches 474
bwinst.exe see Deployment Agent for
DOS
C
capture personality
advanced 432
capturing personality settings 176
packages 432
Central Deployment Server
Library 391
change password 400
chat feature 132
clear after scheduling 372
clear status
action 416
operation 123
client
BIOS setting 485, 485
client/server file transfer port 84
connections 363
connections, managing 118, 411
connectivity 346
driver 346
driver for Novell 347
Client Access Point. see Deployment
Share
codes, return 190, 440
collections
Altiris Console 390
from Notification Server 370
Deployment Solution 577

color code
operating system
configuration 289
pre-boot configuration 270, 277,
302
command
execute 131
command line switches 213, 446
aclient.exe 452
Aclient.inp 453
add on 574
Bootwork.exe 472
Deployment Agent for DOS 471
Deployment Agent for
Windows 452, 452
export job utility 446
import computer 451
import job 447
job utility 448
keyboard and screen lock
(kbdsclk) 476
Pocket PC agent 486
schedule job 450
command-line switches
rdeploy.exe 489
using 502
communication, server 274
components
add 365
Deployment Console 330
Deployment Database 331
Deployment Server 330
Deployment Share 332
installing 344
PXE server 332
computer
adding 97
booting method 279
communication with Deployment
Server 274, 299
computers pane 71
configuring properties 101, 406
details 412
filtering 373
filters 81, 82
finding 140, 373
group filter 82
groups 71
history 125
icons 96, 402
import 451
locating PXE Server 304
managing 398
managment 95
manual boot 281
migrating with wizard 146
new account 99
pane 370
preconfigured 98
properties 119
rejected 94
remote operations 122
removing automation
partition 283
removing inactive 83
restoring 124
select with wizard 149
showing 71
conditions 149
creating 81
order sets 150
configuration
adding files 278, 278, 303, 303
computer 125, 214
computer properties 101
creating 284
Deployment Server 373
DOS 272, 296
general 263
initial deployment 194, 443
modify 434
modifying 277, 302
modifying multiple tasks 188
multi-network adapter 272, 296
name 271, 295
properties 406
regenerating PXE 293
request, Notification Server 397
summary, Boot Disk Creator 301
configuration summary
Boot Disk Creator 277, 301
confirmation settings 324
connection
to other sites 93
connections 267
rejection 372
console
Deployment Console basics 71
Deployment Console features 71
installation 365
managing from 70
options 83
Web console. see Deployment
Web Console
Web. see Deployment Web
Console
copy
file 184
folders 189
jobs 189, 439
copy file 437
advanced 438
copy folders
439
creating
disk images 154, 424
new script 188
credentials
logon 262
custom
data sources options 86
install 338
installation 482
tokens 514
D
database
authentication 365
connecting to new 93
Deployment Database 331
instances, installing to
multiple 331
debug 268
default
pre-boot operating system 361,
362
delete history entries 83
Dell server blades 139, 246
deployment
reports,generating 389
server deployment 121
Deployment Agent
installing 335, 411
settings 109, 110, 410
Deployment Agent for Automation.
see Deployment Agent for DOS
Deployment Agent for DOS
autoexec.bat 477
bootwork.exe 472
bwinst.exe 474
command line switches 471, 472
installation 352, 474
settings 116
Deployment Agent for Linux
install 351
Deployment Agent for PocketPC
install 564
uninstalling 567
Deployment Agent for Windows
aclient.exe 214, 452, 452
aclient.inp 453
command line switches 452
install 347
Deployment Console
basics 71
features 71
managing from 70
Deployment Database 331
connecting to new 93
installation 362
Microsoft SQL Server and 335
deployment from Altiris Console 386
Deployment Server
adding 387
agent configuration 389
communication with client
computer 274, 299
component install for 344
components of 329
console basics 71, 71, 369
Deployment Solution 578

console features 71, 71
custom install 338
installation 360, 360, 478
installation overview of 329
library 391
memory requirements 334
setting rights for 330
setting TCP port 305
simple install 335
system requirements of 334
systems, managing multiple 399
Thin Client install for 342
Deployment Server configuration 373
Deployment Share 332
requirements 335
deployment tasks. see tasks
Deployment Web Console 333, 364,
364
basics 369
computers pane 370
details pane 371
jobs pane 371
jobs, assigning 373
managing from 368
options 372
requirements 335
description property 316
details
computer 412
pane 72, 371
detecting expired licences 353
devices 415
devices properties 120
DHCP server
managing TCP/IP 333
DIR command
DOS 530
Windows 530
disk image
advanced 425
options 428
resizing 427
disk images
creating 154
distributing 160
disk imaging 266
disk space requirement 334, 334
display options 324
distribute personality
advanced 434
distribute software
advanced 431
distributing
disk images 160, 426
personality settings 178, 433
software 172, 429
distrubuting
software 250
domains
account option 85
DOS
configuration 272, 296
FreeDOS 285
MS-DOS 285
version restriction 285
DOS agent. see Deployment Agent for
DOS
drive mappings 379
creating 263
editing 263
network 276, 300
removing 263
setting up 300
drive mappings for DOS 117
drive properties 119
driver
selecting 273, 297
drives 414
E
editing
autoexec.bat 477
packages 79
shared menu 292
editor
PC Transplant 79, 79
enabling
ADS 372
security 88
enabling security 381
errors
client error messages 519
CMD error handling 234
communication error
messages 520
critical error messages 520
DOS error handling 234
general error messages 517
implementing effective script
reporting 233
memory error messages 522
partition error messages 523
Visual Basic error handling 235
evaluate
permissions 93
rights 90
evaluate permissions 384
execute 131
expired licenses 357
replacing 84
explorer
image 79
exporting jobs 189, 393, 439
EXT2
file systems 212
EXT3
file systems 212
extract folder 319
extract options 324
F
FAT
FAT16 503
FAT32 503
file systems 212
FIRM 502
file
adding in folder 302
copy 184
operating system 284
overwritten 278, 302
properties 316
file server
requirement 335
file server type 271, 296
file system independent resource
management. see FIRM
file systems
EXT2 212
EXT3 212
FAT 212
imaging 212
NTFS 212
file transfer port 84
filter
using to find 320
filters
computer group 81
creating computer group filter 82
find files and folders 319
finding
computers 65, 140, 417
computers and jobs 373
licences used. see licenses
FIRM 502
EXT2 502, 503
EXT3 503
FAT 502
firm.exe 489
tokens 504
flash drive
not appearing 281, 282, 283
folder
adding files 278, 302
extracting 319
folder property 316
Fujitsu-Siemens
server blades 247
Fujitsu-Siemens server blades 139
G
general properties 119, 413
generating deployment reports 389
get inventory 181, 435
Deployment Solution 579

global options 83, 374
groups 90
adding 90
computer 71
importing 90
selecting with wizard 149
H
hardware 414
hardware properties 119
Hewlett-Packard server blades 138
history
computer 125
deleting 83
restoring 124
HTTP imaging 214
I
IBM
server blades 140, 247
icons
Boot Disk Creator 78
computer 96, 402
Image Explorer 79
jobs 143, 143, 419
PC Transplant Editor 79, 79
PXE Configuration 78
Remote Agent Installer 79
toolbar 270
toolbars 78
utilities 78
image
description properties 316
image file
password 323
ImageExplorer 79, 215
convert image 317
create image index 318
flags 320
not enough free space 322
open file 316
self-extracting image 320
settings 324
split image 325
using 315
images 530
creating 154, 424, 530
distributing 160, 426, 530
HTTP 214
Linux 250
properties 315
quick disk 125
rescheduling failed 84
Unix 250
ImageX Sample Scripts 322
imaging
disk 266
Import Package Advanced 176
importing
groups 90
jobs 393
users 89
users from Active Directory 89
importing computers from text
file 405
importing jobs 189, 439
inactive computers, removing 83
INI files 80
Initial Deployment 193, 442
initial deployment
stopping servers 195, 444
initial deployment configuration 194,
443
installation 364, 364, 365
agent 345, 474
automation partition 280
component 344, 360, 484
configuration 358
console 365
custom 338, 482
Deployment Agent for DOS 352
Deployment Agent for Linux 351
Deployment Agent for
Windows 347
Deployment Database 362
Deployment Server 329, 360,
360
DOS 285
multiple database instances 331
operating system files 284
options of 358
Pocket PC (PPC) client from the
network 566
Pocket PC agent from the
console 565
Pocket PC agent from the
host 566
pre-boot operating system 293
PXE Server 310
PXE server 363
Remote Agent Installer 347
return codes 524
scripted 165
silent 479
simple 335, 480
software packages 148
summary 364
switches 478
Thin Client 342
unattended 165
intervals, setting polling 396
inventory
get 181
inventory details 414
inventory update 263
inventory, get 435
IP
interfaces 106
J
job
identifying boot menu items
within 289
jobs 143
applying computers with
wizard 147
assigning 81, 373
associating destination
computers 147
building 143, 148, 420, 448
conditions 81
conditions with wizard 148
conditions,creating 81
defined 143
details 143, 419
exporting 189, 393, 439, 446
filtering computers and jobs 373
finding 373
icon 143
icons 143
imaging 530, 530, 530
importing 189, 393, 439, 447
Initial Deployment 195, 443
Job Scheduling Wizard 149, 422
jobs pane 72
options 195, 443
pane 371
removing 152
removing tasks from 152
replicating jobs 400
rescheduling 84, 151
running from resources view 152
sample 193, 529, 532
scheduling 143, 151, 373, 400,
422, 450
select with wizard 149
selecting computers with
wizard 147
software installation with
wizard 148
tests 530
using package servers 390
wizard 144
K
kbdsclk (keyboard and screen lock
utility) 476
L
Lab Builder 141
lab builder 66
library
package 392
setting up 391
licenses
adding 356
expired 357
finding licenses used 353
replacing 84
Deployment Solution 580

licensing settings 410
lights out 122
lights out properties 414, 414
Linux 250
agent. see Deployment Agent for
Linux
bootloaders 251
Command-line Switches 486
distributing software 250
file location 285
imaging 250
scripted install 172
location properties 121, 413
log file 378
LogEvent utility 183
logon 262
logon option 385
lookup key primary 84
M
MAC address
adding new 307
servicing 306
maintenance 375
Managing 398
managing
computers 95, 398
computers chat feature 132
from Deployment Console 70
from Deployment Web
Console 368
licenses 353
user groups tab 90, 90
Managing the SVS Layer 175
map drives 267
mappings
network drive 276
mappings, drive 379
mappings, network drive 300
media
creating bootable 279
menu
editing shared 292
Microsoft
ADS. see ADS
client driver 346
SQL Server 335
migrating computers
with New Job Wizard 146
migration 531
capture settings 531, 531, 532,
532
see also personality package
modify task 187
modifying configuration task 179, 434
moving jobs to other systems 400
multicasting
Master PC 214
process 213
multi-network adapter
configuration 272, 296
load order 272, 297
multiple
database instances, installing
to 331
deployment servers 399
multiple image files 317
N
name
configuration 271, 295
NetWare authentication 267
NetWare client settings 409
network
drive mappings 300
network adapter 346
adding settings 273, 297
auto-detect 273, 297
configurations 272, 296
modifying card settings 273, 298
network boot disk
creating 282
network configuration properties 120
network drive mappings 276
network properties 413
networking settings 406
new
Job Wizard 144
server blade 245
server blades 137
new computer 98, 404
account 99, 404
new computers
adding 403
New Configuration Wizard
about 295
starting 271, 295
Notification Server
configuration request 397
Novell
client driver 347
NTFS 212
FIRM 502
O
OEM system partitions 213
open
site 93
operating system
configuration color code 289
DOS 294
installing preboot files 293
Linux 295
Linux file location 285
preboot 361, 362
pre-boot installation files 284
regenerating PXE
configurations 293
selecting default 286, 295
operations, remote 415
options 182
agent settings 86
console 83
custom data sources 86
Deployment Web Console 372
domain account 85
for Deployment Solution 83
global 83
import boot menu 292
install 479
new shared menu 291
RapiDeploy 85
task password 85, 387
options tab 195, 444
order
condition sets 150
of operations, autoexe.bat
file 477
OS licensing settings 410
OS product key dialog 84
P
package
editing tools 79
personality 176
Package Server
jobs 390
overview 390
setting up 392
pane
computers 71, 370
details 72, 371
jobs 72, 371
shortcuts and resources 73
partitions
OEM 213
password 380
password options
for tasks 85, 387
password, change 400
password, image file 323
paste
folders 189
jobs 189
PC Transplant Editor 79, 79
permission rules 384
permissions 87, 92, 383
evaluating 93
rules 92
personality package
application settings 531
desktop settings 531
Microsoft Office settings 532
Deployment Solution 581

printer settings 532
see also migration
personality settings 176, 432
distribute 433
distributing 178
physical devices options, show 372
ping time-out 263
ployment 193
Pocket PC Agent
command line switches 486
PocketPC agent
command-line switches 486
installing 564
polling intervals 396
for Deployment Server Agent 389
setting agent 396
port, TCP for file transfer 84
power control 186
operation 126
task 438
PowerEdge, Dell 139
pre-boot operating system 361, 362
installing files 293
pre-configured computer account 98
primary lookup key 84
print
file 323
folder contents 322
preview 323
printer settings, capture 532
product key dialog 84
prompt
before performing operations 372
user for properties 132
properties 412
application 120
bay 121
computer 119
configuring computer 101
devices 120
drives 119
general 119, 316
hardware 119
image 315
location 121
network configuration 120
prompting for 132
RILOE 122
services 120
TCP/IP 120
protocol settings
setting up 274, 298
Proxy settings 378
PXE
BIOS settings 485
boot menu tab 289
client BIOS settings 485
configuration tool 78
server 334
server installation 363
PXE Configuration Utility
about 287
integration with Boot Disk
Creator 288
opening 288
selecting properties 287
tracking boot menu options 288
PXE Manager
about 287
PXE Server 332
communicating with Deployment
Server 305, 305
controlling service load 306
installing remotely 310
multicasting 307
setting response times 304
viewing status 310
Q
quick disk image 125
R
RapiDeploy options 85
RapidInstall
distribute package 531
RIP, distributing 172
rdeploy.exe
command-line switches 489, 493,
502
executable files 489
refresh
displayed data 83
view 94
registry settings
backing up and restoring 180,
434
reject connection 372
rejected computers 94
remote
computer operations 122, 415
control 130
Remote Agent Installer 79, 347
remote control 127
DS Remote Control 127
other programs 131
Remote Desktop 130
removing
computers 83
computers from jobs 152
jobs 152
tasks jobs 152
replicating jobs 390, 400
reports,generating 389
requirements
Deployment Web Console 335
Depoyment Server system 334
disk space 334, 334
file server 335
minimum agent 335
rescheduling jobs 84, 151
resizing disk image 427
resources view 73
restoring
computers history 124
return codes 190, 440
return codes for installer 524
return codes, setting 440
rights 87, 382
evaluation 90
security 91
RILOE properties 122, 414
RIP. see RapidInstall
rules, permission 92
run script 435
run script advanced 436
running
jobs from resources view 152
script tasks 181, 435
S
sample jobs 193, 529
scan resource files for changes 83
schedule job 422
scheduling
jobs 422
scheduling jobs 373, 400, 422
scheduling jobs. see jobs
screen lock 476
switch 476
script 182
creating 188
options, advanced 182
scripting 183
task 181, 435
Scripted OS Install
Windows Vista 171
scripted OS install 165
Linux 172
Windows 166
scripting
DOS/CMD errors 234
reporting errors 233
retrieving values with tokens 232
running scripts on the server 233
server scripting commands 231
Visual Basic error handling 235
writing scripts 231
search for files and folders 319
searching
for computers 65, 140, 417
security 377, 380
best practices 87
DS authentication 90
enabling 88, 381
Deployment Solution 582

importing from Active
Directory 89
Notification Security 386
permissions 87, 92
rights 87, 91
select
computer 149
group 149
jobs 149
select computers 422
select job 422
server
adding 387
communication 274
connection to client 363
Deployment Server 330, 334
DHCP Server 333
file server requirements 335
file server type 271, 296
library 391
package server setting up 392
PXE
server 332
server access 377
server blades 137, 244
Dell 139, 246
Fujitsu-Siemens 139, 247
Hewlett Packard 138
IBM 140
new 137
server deployment
rules 121, 121, 413
settings 136
server deployment rules 413, 413
server management 135
deployment 243
features 242
server package 390
servers
adding 399
services 415
services properties 120
setting
polling intervals 396
settings
account 410
agent 375
Auotomation Agent 379
backing up and restoring files 180
capturing personality 176
changing agent 134
conditions 81, 149
Deployment Agent 109
NetWare client 409
networking 406
OS licensing 410
permissions 92, 383
personality 178
production agent 375
return codes 440
rights 382
Sysprep 84, 84
TCP/IP 408
TCP/IP protocol settings 274, 298
Share
Deployment 332
shared menu
new 291
shortcuts view 73
show
computers 71
physical devices 372
shutdown settings 379
silent install options 479
command line switches 479
simple install 335
simple install entries 480
simple tests 530
DIR command at DOS 530
DIR command at Windows 530
Distribute RapidInstall
Package 531
software
distributing 172, 429
Software Virtualization Solution
(SVS) 79
spanning media 213
split image
find 317
open 317
start parameters for axengine 451
startup settings 379
status detail 71
Stored Procedures, allowed 87
switches
axengine.exe 451
bwinst.exe 474
command line 446
install 478
kbdsclk 476
LAN support 569
Switch Add-On 569
synchronize display names with
Windows computer names 83
Sysprep
file location 364
settings 84
Sysprep settings 84
system
requirements 334
T
tabs
manage user groups 90, 90
rights 91
task user password 400
tasks 423
building jobs 148
change configuration 188
copy file to 184
get inventory 181
list of 152
power control 186
removing 152
rescheduling 84
run sript 181
setting conditions 149
task password options 85
TCP port
setting 305
TCP/IP
properties 120, 413
protocol settings 274, 298
settings 408
tests 530
text file, importing from 405
Thin Client
installing 342
Thin Client View 74
tokens
create unique files 512
finding the right value 511
replacement 513
retrieving database values 232
template file rules 513
token replacement template
files 512
toolbar description 270
tools 78
administrative 78
Boot Disk Creator 78
Image Explorer 79
package editing 79
PC Transplant Editor 79, 79
PXE Configuration 78
Remote Agent Installer 79
toolbar icons 78
Transplant Editor
PC 79, 79
transport 265
U
unattended install 165
uninstalling
Deployment Agent for
PocketPC 567
Unix 250
distributing software 250
imaging 250
updates
tracking 310
USB flash drive
not appearing 281, 282, 283
user name 380
users
Deployment Solution 583

add 89
defined token 81
importing 89
utilities 78
icons 78
kbdsclk 476
keyboard and screen lock 476
LogEvent 183
V
view
refreshing 94
resources 73
shortcuts 73
virtual
bays 246
centers 87
computer. see pre-configured computer account
Virtual Bays 138
virtual computers 404
Vista Sysprep 30
VMware
Virtual Center Web services 87
volume property 316
W
Wake-On LAN
BIOS settings 485
warn user 83
Web console. see Deployment Web Console
Win32 console. see Deployment Console
window. see pane
WinPE
Command-line Switches 487
WinPE Boot Options 277, 277, 301
wizard
bootable media 279
Job Scheduling 149
New Configuration 271, 295
New Job 144
starting 271, 295
Wtools.ini 80