Been a while but thought i would add this to my blog.
Preparing Windows 7 to be imaged out the our vanilla domain. For imaging we are currently using Free Open Ghost which is proving to be a very nice imaging suit, but the AD integration has never worked for us so we have always relied on sysprep which under XP was very simple, and would present us with a nice easy setup screen to change workstation name and then add the machine to the domain. With Win 7 sysprep can do the same process but only seems to be able to add the workstation to the domain with a nearly random machine name which is not very helpful so we have come up with a more creative way which seems to work.
Step 1:
Install Windows 7, install drivers, updates and all packages that are required in the image.
Packages we put in as default: Flash, Shockwave, reader, java, realplayer, office, quicktime, photoshop(site licence), openoffice, and VLC.
Disable the UAC in the user control panel.
Step 2:
Create our setup folder structure.
On a networkshare or memory stick create a folder called "c_drive".
Under "c_dirve" create folders "ProgramData" and "Windows".
Under "c_drive\ProgramData" create "Microsoft".
Under "c_drive\ProgramData\Microsoft" create "Windows".
Under "c_drive\ProgramData\Microsoft\Windows" create "Start Menu".
Under "C_drive\ProgramData\Microsoft\Windows\Start Menu" create "Programs".
Under "C_drive\ProgramData\Microsoft\Windows\Start Menu\Programs" create "Startup".
Under "C_drive\Windows" create "System32".
Under "C_drive\Windows\System32" create "Sysprep".
Now we have our folder structure we start to populate it with the files required.
Step 3:
Prepare a unattend.xml.
This file is used by sysprep to minimize the amount of information that needs to be setup after imaging, such as region, timezone, agrement.
To create this file we have used a free microsoft product called "Microsoft Windows AIK" installed on our Win 7 machine.
Insert a windows 7 DVD then run "Windows System Image Manager".
In the "Windows Image" right click and select new image, browse to DVD:\sources and select "install_Windows7 PROFESSIONAL.clg".
In the "Answer File" section right click and create a new answer file.
In the "Windows Image" section under the components find x86_Microsoft-Windows-Inernational-Core(version)_neutral and right click add to oobeSystem.
Under the components find x86_Microsoft-Windows-Shell-Setup_(version)_neutral and right click add to oobeSystem.
Back into the "Answer File" location expand components - oobeSystem, and select x86_Microsoft-Windows-International-Core.
Set everything under the settings on the right to "en-UK".
Select x86_Microsoft-Windows-Shell-Setup in the Answer file. expand to AutoLogon and set Enabled to true, LogonCount to 1, and username to administrator.
expand password and set value to the local administrators password.
Below AutoLogon select OOBE and set HideEULAPage to true, HideWirelessSetup to true, NetworkLocation to Work, and ProtectYourPC to 1.
Below OOBE select UserAccounts and Set the AdministratorsPassword to the same as above.
We now need to create a local user to stop the menu showing during setup, this user will not be required for any other purpose so the password can be set to a long complicated password which we will never need to use.
Right click on LocalAccounts and insert new local account, give the new account a description, display name, group = administrators, any name you like that does not already exists on the machine. Expand the local account and select password and set it to a long random string of chars/numbers/upper and lower-case characters.
Click File - Save Answer File as.... and save it in the previously created folder structure as: C_drive\Windows\System32\Sysprep\unattend.xml
Step 4:
Crate a new file in our file structure C_drive\Windows\System32\Sysprep\addtdom.ps1
Edit the file and add the following on one line changing the domain name to your domain name, and add2dom to the account you use to add machines to the domain, and password to the password of that account.
$credential = New-Object System.Management.Automation.PsCredential("DomainName\add2dom", (ConvertTo-SecureString "password" -AsPlainText -Force))
Then add the line replacing DomainName.local to your domain name:
Add-Computer -DomainName "DomainName.local" -Credential $credential
Save and exit.
Step 5:
Crate a new file in our file structure C_drive\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\runonce.bat
Edit the file and add the following lines:
powershell Set-ExecutionPolicy unrestricted
powershell c:\windows\system32\sysprep\addtdom.ps1
shutdown -r -t 30
del "c:\setup.bat"
del "c:\Windows\System32\sysprep\unattend.xml"
del "c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\runonce.bat"
Save and exit the file.
Step 6:
Create a new file in our file structure c_drive\setup.bat
and add the line:
c:\windows\system32\sysprep\sysprep.exe /oobe /shutdown /unattend:c:\windows\system32\sysprep\unattend.xml
Save and exit.
Step 7:
You now have all the necessary files in place and are ready for gathering the image.
Copy the contents of you created file structure onto the root of c:\ then run c:\setup.bat
Your machine will now sysprep then shutdown, Now is the time to gather the image.
When your workstation next boots all it will prompt you for is a machine name then it will add itself to the domain reset a few times then be ready to use.
End
Just to remind you I mainly only write this for my own memory but welcome any use and comments.
Friday, November 13, 2009
Friday, March 06, 2009
DanceEjay For Schools Network Edition
Ok, Done this before but since the update to server 2008 my old way failed, so i have deleted the blog and started again.
1) Run a wininstall scan on clean workstation.
2) Perform Full install of Dance EJ, and allow it to run.
3) Run after scan from wininstall.
Right got the MSI to install it now, but still fully aware that is i deploy this MSI and get a user to run it without 'Admin rights', they will recieve a Currupt instalation message.
After running the good old classic tool filemon (updated a lot since i last used it), Noticed the only error seemed to be when a program called reg_start tried to created a TMP file in the windows directory.
I have now enabled write access to the top level windows directory, (no sub directorys) and tested the software again, and it worked.
4) Moved built MSI to Applications share on server.
5) Created a New GPO in Active Directory called 'Software-EjayFS-Music'.
6) In the GPO under 'Computer Configuration - Policies - Software Settings - Software installation' selected 'New Package' and selected the MSI using the full unc path (eg \\server-name\application-share\music\ejay\ejay.msi).
7) In the Same GPO under 'Computer Configuration - Policies - Windows Settings - Security Settings - File System' right click and add file. select the 'c:\windows' directory click 'ok'.
8) Give users 'Write' access, (should now have read and execute, list folder contents, read, and write). Click OK
9) Next make sure 'Configure this file or folder then' is selected and 'Propagate inheritable permissions to all subfolders and files' is selected then click 'ok'.
10) Now simply close the gpo and deploy it to your test workstation and hopefully all should work.
A word of causion THIS PROCCESS DOES GIVE STANDARD USERS WRITE ACCESS TO THE ROOT OF C:\WINDOWS, This is not something i want to give users but until a better solution comes about it is all i have got.
1) Run a wininstall scan on clean workstation.
2) Perform Full install of Dance EJ, and allow it to run.
3) Run after scan from wininstall.
Right got the MSI to install it now, but still fully aware that is i deploy this MSI and get a user to run it without 'Admin rights', they will recieve a Currupt instalation message.
After running the good old classic tool filemon (updated a lot since i last used it), Noticed the only error seemed to be when a program called reg_start tried to created a TMP file in the windows directory.
I have now enabled write access to the top level windows directory, (no sub directorys) and tested the software again, and it worked.
4) Moved built MSI to Applications share on server.
5) Created a New GPO in Active Directory called 'Software-EjayFS-Music'.
6) In the GPO under 'Computer Configuration - Policies - Software Settings - Software installation' selected 'New Package' and selected the MSI using the full unc path (eg \\server-name\application-share\music\ejay\ejay.msi).
7) In the Same GPO under 'Computer Configuration - Policies - Windows Settings - Security Settings - File System' right click and add file. select the 'c:\windows' directory click 'ok'.
8) Give users 'Write' access, (should now have read and execute, list folder contents, read, and write). Click OK
9) Next make sure 'Configure this file or folder then' is selected and 'Propagate inheritable permissions to all subfolders and files' is selected then click 'ok'.
10) Now simply close the gpo and deploy it to your test workstation and hopefully all should work.
A word of causion THIS PROCCESS DOES GIVE STANDARD USERS WRITE ACCESS TO THE ROOT OF C:\WINDOWS, This is not something i want to give users but until a better solution comes about it is all i have got.
Tuesday, March 25, 2008
Mounting network shares from a web browser.
Continuing my project of a php network file manager.
First problem i have come across is simply that you need to have super user rights to mount network shares.
The solution,
1) try and find out the username the web service uses when sending commands, this is managed by using the command:
?php system("whoami"); ?
this simply outputted the username "www-data" to the web browser.
2)allow user "www-data" to use the mount and umount command without prompting for a password.
This is done by making changes to the sudoers file. (WARNING FIRST TIME I DID THIS I MADE A MISTAKE AND SCREWED MY LINUX INSTALL)
- from the terminal run "sudo visudo -f /etc/sudoers" (you must use visudo to edit)
- under the user section add these lines:
"www-data ALL=NOPASSWD: /bin/mount"
"www-data ALL=NOPASSWD: /bin/umount"
- to save hold Ctrl and tap o, then make sure it saves as just "sudoers" Ctrl x to exit.
3) adding the mount command to the php page
(FOR MOUNT TO WORK YOU NEED TO INSTALL SMBFS "sudo apt-get install smbfs")
?php
system("sudo mount -t smbfs //server/share /folder-to-mount-to -o username=username,password=password"); ?
4) running the page will now mount the share to the folder, this is very basic, but a good place to start, i will move on now to replacing this string with variables, and run with the idea of putting this command in the header and putting a umount in the footer.
First problem i have come across is simply that you need to have super user rights to mount network shares.
The solution,
1) try and find out the username the web service uses when sending commands, this is managed by using the command:
?php system("whoami"); ?
this simply outputted the username "www-data" to the web browser.
2)allow user "www-data" to use the mount and umount command without prompting for a password.
This is done by making changes to the sudoers file. (WARNING FIRST TIME I DID THIS I MADE A MISTAKE AND SCREWED MY LINUX INSTALL)
- from the terminal run "sudo visudo -f /etc/sudoers" (you must use visudo to edit)
- under the user section add these lines:
"www-data ALL=NOPASSWD: /bin/mount"
"www-data ALL=NOPASSWD: /bin/umount"
- to save hold Ctrl and tap o, then make sure it saves as just "sudoers" Ctrl x to exit.
3) adding the mount command to the php page
(FOR MOUNT TO WORK YOU NEED TO INSTALL SMBFS "sudo apt-get install smbfs")
?php
system("sudo mount -t smbfs //server/share /folder-to-mount-to -o username=username,password=password"); ?
4) running the page will now mount the share to the folder, this is very basic, but a good place to start, i will move on now to replacing this string with variables, and run with the idea of putting this command in the header and putting a umount in the footer.
I'm Back
Been a while since i posted anything, not because i forgot about this blog but mainly because i have been doing nothing interesting for a long time. Time to change!!!!
Friday, October 05, 2007
HP Compaq nx7300
Had my replacment laptop today!
Now running a HP Cmpaq nx7300, 1 gig of ram, 80 gig hdd, Celeron CPU 1.86 g, shipped with Vista Basic.
First things first GOOD BYE VISTA, hello Ubuntu.
Machine runs nice and fast, but did have a problem getting wireless to work straight away, but after finding/downloading the following files into /lib/firmware/, then restarting all worked ok
Now running a HP Cmpaq nx7300, 1 gig of ram, 80 gig hdd, Celeron CPU 1.86 g, shipped with Vista Basic.
First things first GOOD BYE VISTA, hello Ubuntu.
Machine runs nice and fast, but did have a problem getting wireless to work straight away, but after finding/downloading the following files into /lib/firmware/, then restarting all worked ok
- bcm43xx_initval05.fw
- bcm43xx_initval06.fw
- bcm43xx_initval07.fw
- bcm43xx_initval08.fw
- bcm43xx_initval09.fw
- bcm43xx_initval10.fw
- bcm43xx_microcode5.fw
- bcm43xx_pcm5.fw
will update here if i have any other probs.
Sunday, August 19, 2007
KWorld VS-DVBT 355U-G Ubuntu
Having installed ubuntu i would like to try out the media side of things so i thought i would just connect my freeview dvb stick, this did nothing, so after a while searching the net i think i have managed to put together the solution.
1) Run the terminal (Applications, Accessories, Terminal)
2) Type 'sudo apt-get install mercurial linux-headers-$(uname -r) build-essential' press enter
3) Type 'hg clone http://mcentral.de/hg/~mrec/v4l-dvb' press enter
4) Type 'cd v4l-dvb' press enter
5) Type 'make' press enter
6) Type 'sudo make install' press enter
7) Reset the machine
Now just the testing phase!
1) Run the terminal (Applications, Accessories, Terminal)
2) Type 'sudo apt-get install mercurial linux-headers-$(uname -r) build-essential' press enter
3) Type 'hg clone http://mcentral.de/hg/~mrec/v4l-dvb' press enter
4) Type 'cd v4l-dvb' press enter
5) Type 'make' press enter
6) Type 'sudo make install' press enter
7) Reset the machine
Now just the testing phase!
Saturday, August 18, 2007
Thursday, July 06, 2006
Exchange Week lost count
Server hardware has been here for about a week now, i have already setit up as a domain controller with exchange installed on it with no problems.
After a little discusion with my assistant have decided it would be a good idea to take this opertunaty to rebuild the entire network again, so have set the new server up as the PDC with the same name as the exsisting PDC.
After a little discusion with my assistant have decided it would be a good idea to take this opertunaty to rebuild the entire network again, so have set the new server up as the PDC with the same name as the exsisting PDC.
Wednesday, June 07, 2006
Exchange week 5.2
He Shoots He Scores
Meeting was a success everyone gave me the go ahead to order hardware and get the proccess started. Looking at quotes now for hardware, Server + Switch + UPS + Backup.
For backup i have decieded to look at network storage sata hdds, they look pretty good.
Meeting was a success everyone gave me the go ahead to order hardware and get the proccess started. Looking at quotes now for hardware, Server + Switch + UPS + Backup.
For backup i have decieded to look at network storage sata hdds, they look pretty good.
Tuesday, June 06, 2006
Exchange Week 5.1
Time has come. 1 hour left before i have to go and sell the product to the leadership team. If all goes well we should get the go ahead and the money to order our new server plus some extra backup devices.
Thursday, May 25, 2006
Exchange 4.1
The time has been set, Tuesday 6th June at 3:30, need to sell exchange to the entire leadership team.
Great will need to iron my shirt for a change, and possibly put a tie on instead of leaving it on my desk every day.
Have decieded to cut down on the need of an extra workstation by installing a virtual workstation onto the server, encouted errors due to no network connection but a quick google search on the images told me how to create a loop back cable.
Setup four users using "random" names: Bart, Lisa, Homer, and Marge each with there own mail box.
Ran a test sending tasks to different users: successful
Looking at ways of sharing a calandar. seems to be two different ways either share a calander of a user, so for a whole school calandar create a user called whole school calandar. This would mean that someone would have to keep checking a different mail box.
The other way is to create a public folder and create a calandar in there. this seems to be the best way, will look into this more.
Great will need to iron my shirt for a change, and possibly put a tie on instead of leaving it on my desk every day.
Have decieded to cut down on the need of an extra workstation by installing a virtual workstation onto the server, encouted errors due to no network connection but a quick google search on the images told me how to create a loop back cable.
Setup four users using "random" names: Bart, Lisa, Homer, and Marge each with there own mail box.
Ran a test sending tasks to different users: successful
Looking at ways of sharing a calandar. seems to be two different ways either share a calander of a user, so for a whole school calandar create a user called whole school calandar. This would mean that someone would have to keep checking a different mail box.
The other way is to create a public folder and create a calandar in there. this seems to be the best way, will look into this more.
Wednesday, May 10, 2006
Exchange 3.3
The Verdict
Mandatory profiles do not work with Outlook.
Looking at the facts moving the application data to the home dir speeds up the logon procces a bit but not needing to be copied to the local drive at logon, so possibly if i switch everybody back to roaming profiles it would work, but printers will become an issue again.
So....
attempt to rewrite my printer program to remove network printers at start up then install chosen printers.
Mandatory profiles do not work with Outlook.
Looking at the facts moving the application data to the home dir speeds up the logon procces a bit but not needing to be copied to the local drive at logon, so possibly if i switch everybody back to roaming profiles it would work, but printers will become an issue again.
So....
attempt to rewrite my printer program to remove network printers at start up then install chosen printers.
Tuesday, May 09, 2006
Exchange 3.1
Had anouther look at the profile problem this morning.
Started by removing everything to do with profiles so far.
Redirected the application data folder to the home directory, now this sounds simple but just try it. To start with enter the gpo then goto User Config - Windows Settings - Application Data and bring up the properties, and change the first setting to 'Basic' then in the target folder location you have to use 'Create a folder for each user under the root path' if you do not it just changes back after you click 'OK', in the root path enter the unc path.
Started by removing everything to do with profiles so far.
Redirected the application data folder to the home directory, now this sounds simple but just try it. To start with enter the gpo then goto User Config - Windows Settings - Application Data and bring up the properties, and change the first setting to 'Basic' then in the target folder location you have to use 'Create a folder for each user under the root path' if you do not it just changes back after you click 'OK', in the root path enter the unc path.
Monday, May 08, 2006
Exchange Week 3
Not a lot done on exchange over the last few days, still having problems using mandatory profiles, but simply alowing admin users to use it in outlook and students to use it in explorer may bypass this problem.
Tuesday, May 02, 2006
Exchange week 2.2
Converted my users to mandatory profiles today to discover that this just screws everything up.
Have looked at a couple of web sites that claim to have this working but it is still causeing me problems. i will let you know when i have an answer.
Teaching myself outlook: It all looks very basic, there are a few sections that just seem to be pointless and some that look very complicated, i can see that restricting students may be a problem.
Have looked at a couple of web sites that claim to have this working but it is still causeing me problems. i will let you know when i have an answer.
Teaching myself outlook: It all looks very basic, there are a few sections that just seem to be pointless and some that look very complicated, i can see that restricting students may be a problem.
Exchange week 2.1
Outlk11.adm
installed with the microsoft office resource kit
used by adding template to group policy object editor
Very help full for customizeing security in outlook.
installed with the microsoft office resource kit
used by adding template to group policy object editor
Very help full for customizeing security in outlook.
Exchange week 2
Didn't manage to get an update to this blogg done on friday so thought i would do it now.
Exchange server fully up and running, workstation built and tested.
Had an issue when starting outlook on the workstation for the first time on any profile where the user would have to set up exchange manualy on every workstation he/she wnated to use it on, but after a bit of a play with the office custom insterlation wizard i managed to get this fixed.
Now just to teach myself some of the features of outlook/exchange.
Exchange server fully up and running, workstation built and tested.
Had an issue when starting outlook on the workstation for the first time on any profile where the user would have to set up exchange manualy on every workstation he/she wnated to use it on, but after a bit of a play with the office custom insterlation wizard i managed to get this fixed.
Now just to teach myself some of the features of outlook/exchange.
Wednesday, April 26, 2006
Exchange Day 2
Managed to getserver 2003 + exchange installed onto my laptop with no problems.
Have created a single user with a mail box.
Now trying to use our crappy test station to install windows xp with out any luck so far.
Have created a single user with a mail box.
Now trying to use our crappy test station to install windows xp with out any luck so far.
Tuesday, April 25, 2006
Exchange Day 1
End of day one and test machine has fell over twice, so have given up on it (bloody blue screens).
Decieded to use my laptop instead, specs as follows
40 gig HDD
756 Ram
DVD Rom
1.4 pentium M cpu
I think it should be able to handle it and it means i should be able to work on it from home as well.
Decieded to use my laptop instead, specs as follows
40 gig HDD
756 Ram
DVD Rom
1.4 pentium M cpu
I think it should be able to handle it and it means i should be able to work on it from home as well.
Exchange Day 1
After a very small amount of thought decided it would proberbly be better to keep the test eviroment completly seperate from our domain. This means that our crappy test machine needs to also handle active directory as well as exchange, cant wait to see it struggle.
Installing server 2003 with Active dir, and IIs, and NNPT + SMPT.
Installing server 2003 with Active dir, and IIs, and NNPT + SMPT.
Subscribe to:
Posts (Atom)