Скачать презентацию Dealing with Windows 7 Deployment Issues KMS SOEs Скачать презентацию Dealing with Windows 7 Deployment Issues KMS SOEs

f0840cdefbfeacd8867200be87c48adf.ppt

  • Количество слайдов: 37

Dealing with Windows 7 Deployment Issues KMS, SOEs, Sysprep and Group Policy © The Dealing with Windows 7 Deployment Issues KMS, SOEs, Sysprep and Group Policy © The Association of Independent Schools of NSW

Welcome § Introduction § Not best practice or complete solution § Not dealing with Welcome § Introduction § Not best practice or complete solution § Not dealing with deployment solutions § Windows 7 deployments? § Challenges? © The Association of Independent Schools of NSW

Windows 7? © The Association of Independent Schools of NSW Windows 7? © The Association of Independent Schools of NSW

Windows 7 © The Association of Independent Schools of NSW Windows 7 © The Association of Independent Schools of NSW

Tools for the job § Windows Automated Installation Kit (WAIK) § Remote Server Administration Tools for the job § Windows Automated Installation Kit (WAIK) § Remote Server Administration Tools (RSAT) § Sysinternals (Autoruns) § Deployment Solution (Ghost, Altiris, WDS etc) © The Association of Independent Schools of NSW

SOE Development § Things I’ve found to help § Make a checklist & keep SOE Development § Things I’ve found to help § Make a checklist & keep it updated § Do more through group policy means less steps on each image § When initially developing images / testing Sysprep it’s a good idea to take a backup image before sysprepping § Any others? © The Association of Independent Schools of NSW

Image Checklist © The Association of Independent Schools of NSW Image Checklist © The Association of Independent Schools of NSW

Installing Windows 7 § We choose to remove system partition and have the one Installing Windows 7 § We choose to remove system partition and have the one partition § Remove the boot partition, create a new 100 MB partition in its place, remove the main partition then extend the partition you just created to the maximum size of the hard disk. § Add a technician account (in addition to the Administrator account) § Choose ‘Work’ as location. This tweaks network, firewall and security settings appropriately. © The Association of Independent Schools of NSW

SOE General suggestions / ideas § Drivers § Use latest versions of video, network SOE General suggestions / ideas § Drivers § Use latest versions of video, network and wireless § Install others one by one as needed – don’t bloat. § Unlock the international desktop backgrounds § mctadmin /a [ AU | CA | GB | US | ZA ] § Customised logon screen utility § Win 7 Logon. Background. Changer (google it) § Customised theme packs © The Association of Independent Schools of NSW

Suggestions / ideas continued… § Enable the local admin account § Tweak UAC to Suggestions / ideas continued… § Enable the local admin account § Tweak UAC to required level (off) § Basic Software to include § § § § Adobe Reader, Shockwave, Flash & Air Microsoft Silverlight & Direct. X Java Runtime PDFCreator Antivirus Codec Pack Client management software agent § Disable Updates (Msconfig/Control Panel/In app) § Clean up with Autoruns (be careful) © The Association of Independent Schools of NSW

Profile customisation options § Edit C: UsersDefault directly § Customise Administrator profile and set Profile customisation options § Edit C: UsersDefault directly § Customise Administrator profile and set Copy. Profile=true in sysprep § Manually copy profile (unsupported and fiddly) § Some ideas for profile customisation… © The Association of Independent Schools of NSW

…maybe not… © The Association of Independent Schools of NSW …maybe not… © The Association of Independent Schools of NSW

Profile customisation ideas § Customise Explorer shortcut default location § Go to start and Profile customisation ideas § Customise Explorer shortcut default location § Go to start and type in explorer, don't hit enter, but right click on Windows Explorer and click properties. Change the target from “%System. Root%explorer. exe” to “%System. Root%explorer. exe /root, : : {20 D 04 FE 0 -3 AEA 1069 -A 2 D 8 -08002 B 30309 D}”. Click apply and then open the explorer shortcut on the quicklaunch and ensure it opens to My Computer instead of libraries. (Note, it may be %windir% instead of %System. Root%, if so, keep with this convention) § Set chosen theme § Organise desktop icons § Customise Explorer favourites © The Association of Independent Schools of NSW

More profile customisation ideas § Customise Taskbar and IE links bar § Open all More profile customisation ideas § Customise Taskbar and IE links bar § Open all programs and run through Introductory wizards § Clean up history / recycle bin etc § Tidy up icons on desktop § Tweak local group policy if you don’t want to do it from the network. © The Association of Independent Schools of NSW

KMS / Activation § Change product key of your chosen server (Server 2008 R KMS / Activation § Change product key of your chosen server (Server 2008 R 2) to the KMS server key and voila you have a KMS server supporting Windows 7 § Check _VLMCS SRV dns record under _tcp subdomain to check for multiple servers § WAIK has Volume Activation Management Tool § Minimum of 25 Windows 7 / Vista machines in order to activate properly, otherwise use an MAK product key. § Doesn’t count to total if Skip. Ream feature is set. Manually rearm with ‘slmgr. vbs /rearm’ © The Association of Independent Schools of NSW

Slmgr. vbs /dlv on activation server © The Association of Independent Schools of NSW Slmgr. vbs /dlv on activation server © The Association of Independent Schools of NSW

VAMT 1. 2 © The Association of Independent Schools of NSW VAMT 1. 2 © The Association of Independent Schools of NSW

Sysprep § Much more complex than XP version § System Image Manager (SIM) in Sysprep § Much more complex than XP version § System Image Manager (SIM) in the WAIK § Need Windows 7 DVD or the install. wim file § Create or open an existing answer file © The Association of Independent Schools of NSW

Windows SIM © The Association of Independent Schools of NSW Windows SIM © The Association of Independent Schools of NSW

Answer files § Broken up into passes – focus on main three § generalize Answer files § Broken up into passes – focus on main three § generalize § specialize § oobe. System § Set Tools->Hide Sensitive Data to encrypt passwords © The Association of Independent Schools of NSW

© The Association of Independent Schools of NSW © The Association of Independent Schools of NSW

generalize § Runs in windows immediately after running sysprep § Required / recommended settings generalize § Runs in windows immediately after running sysprep § Required / recommended settings are: § Microsoft-Windows-Security-SPPSkip. Rearm = 1 § Microsoft-Windows-Pnp. Sysprep Persist. All. Device. Installs=true © The Association of Independent Schools of NSW

specialize § Runs at the beginning of the Windows setup after generalizing (after imaging specialize § Runs at the beginning of the Windows setup after generalizing (after imaging too usually) § Required / recommended settings are: § Microsoft-Windows-Security-SPPUX_neutralSkip. Auto. Activation=true § Microsoft-Windows-Shell-Setup_neutral § § Computer. Name=* Copy. Profile=false/true Product. Key Show. Windows. Live=false © The Association of Independent Schools of NSW

specialize continued § Required / recommended settings are: § Microsoft-Windows-Unattended. Join_neutral § IdentificationJoin. Domain=domainname. specialize continued § Required / recommended settings are: § Microsoft-Windows-Unattended. Join_neutral § IdentificationJoin. Domain=domainname. com § IdentificationMachine. Object. OU=ou (optional) § IdentificationCredentialsDomain=domainname. com § IdentificationCredentialsPassword=userpassword § IdentificationCredentialsUsername=userpassword © The Association of Independent Schools of NSW

oobe. System § Runs during the windows ‘Welcome’ section § Required / recommended settings oobe. System § Runs during the windows ‘Welcome’ section § Required / recommended settings are: § Microsoft-Windows-International-Core_neutral § Input. Locale = en-us § System. Locale = en-au § UILanguage en-au = § UILanguage. Fallback= en-us § User. Locale en-au © The Association of Independent Schools of NSW =

oobe. System continued § Required / recommended settings are: § Windows-Shell-Setup_neutral § Registered. Organization oobe. System continued § Required / recommended settings are: § Windows-Shell-Setup_neutral § Registered. Organization § Registered. Owner § Time. Zone = AUS Eastern Standard Time § OOBEHide. Eula. Page=true § OOBENetwork. Location=Work § OOBEProtect. Your. PC=1 § User. AccountsAdministrator. PasswordValue=password § User. AccountsLocal. Accounts (Add at least 1 and populate values and password) © The Association of Independent Schools of NSW

Running Sysprep § sysprep. exe /generalize /oobe /shutdown /unattend: x: unattend. xml § If Running Sysprep § sysprep. exe /generalize /oobe /shutdown /unattend: x: unattend. xml § If no xml file specified, it searches multiple places including C: WindowsPantherUnattendunattend. xml and removable media etc. § Copies unattend. xml to C: WindowsPantherunattend. xml and runs from there (sensitive data deleted after finishing) § After setup wizard runs, it runs Setup. Complete. cmd from C: Windowssetupscripts if it exists. This can be useful for deleting any xml files not wanted on the image. © The Association of Independent Schools of NSW

Computer Names § Can’t supply computer name during sysprep AND join domain properly § Computer Names § Can’t supply computer name during sysprep AND join domain properly § Pre-staging the supposed solution § Can automate first login and run a VBScript § My. Sysprep 2 is an option © The Association of Independent Schools of NSW

Precautions § Hotfix KB 981542 § Take backup image before sysprep § If using Precautions § Hotfix KB 981542 § Take backup image before sysprep § If using rearm, you can’t sysprep more than 3 times or you’ll brick the image. Without rearm, you have a limit of 8 times (apparently) § If you copy the xml file to C: with passwords in it, be sure to remove it using Setup. Complete. cmd file or another script § Comments? © The Association of Independent Schools of NSW

Group Policy § Computer ConfigurationAdministrative TemplatesPrintersPoint and Print Restrictions Group Policy § Computer ConfigurationAdministrative TemplatesPrintersPoint and Print Restrictions" to disabled § Computer ConfigurationWindows SettingsSecurity SettingsWindows Firewall with Advanced Security § Configure the Domain Profile settings § Any other preferred firewall settings © The Association of Independent Schools of NSW

Group Policy continued… § Computer ConfigurationAdministrative Templates § System/Logon – Don’t display the Getting Group Policy continued… § Computer ConfigurationAdministrative Templates § System/Logon – Don’t display the Getting started welcome screen at logon § Windows Components/Internet Explorer – Configure new tab page default behaviour § Windows Components / Internet Explorer – Prevent performance of first run customize settings § Windows Components / Windows Defender – Turn off Windows Defender © The Association of Independent Schools of NSW

Group Policy Continued… § User ConfigurationAdministrative TemplatesWindows ComponentsWindows ExplorerCommon Open File Dialog – Items Group Policy Continued… § User ConfigurationAdministrative TemplatesWindows ComponentsWindows ExplorerCommon Open File Dialog – Items displayed in Places Bar § My. Computer, H: , Desktop, My. Documents etc § Computer ConfigurationWindows SettingsSecurity SettingsWireless Network Policies (If previously only Windows XP machines) § User ConfigurationAdministrative TemplatesWindows ComponentsWindows LogonOptions – Set action to take when logon hours expire © The Association of Independent Schools of NSW

Group Policy Preferences © The Association of Independent Schools of NSW Group Policy Preferences © The Association of Independent Schools of NSW

Group Policy Preferences § Group Policy Preference Client Side Extensions are needed for XP Group Policy Preferences § Group Policy Preference Client Side Extensions are needed for XP and Vista – available as a feature pack in WSUS § Preferences can be applied once, or refreshed constantly § Overwrites local settings, and doesn’t change it back – there is an option to remove the setting upon removal of the policy § Very granular targeting – like WMI query except user friendly – very easy to use. © The Association of Independent Schools of NSW

Tours? ? ? § Questions / demonstrations etc… © The Association of Independent Schools Tours? ? ? § Questions / demonstrations etc… © The Association of Independent Schools of NSW

© The Association of Independent Schools of NSW © The Association of Independent Schools of NSW

Contact Details Andrew Cullen Network Manager Knox Grammar School cullena@knox. nsw. edu. au (02) Contact Details Andrew Cullen Network Manager Knox Grammar School [email protected] nsw. edu. au (02) 9487 0416 © The Association of Independent Schools of NSW