Windows 7 Deployment using Altiris Deployment Solution 6.9 SP4
-
Upload
mike-pruett -
Category
Technology
-
view
9.031 -
download
1
description
Transcript of Windows 7 Deployment using Altiris Deployment Solution 6.9 SP4
MIKE PRUETTMANAGER, INFORMATION TECHNOLOGY
ISTA PHARMACEUTICALS, INC.
Windows 7 Deployment using Altiris Deployment Solution
6.9
Outline
Who we areProject ScopeResearchSoftware CompatibilityImage BuildMethodologyStagingDeployment ProcessExceptionsAfter-ThoughtsReferences
Who we are
Founded in 1992 as Advanced Corneal Systems
IPO on August 2000Fourth Largest Branded Prescription eye care
business in the US4 Selling Products, Several more in the
Pipeline2010 $157 million annual revenuesNamed number 1 on Deloitte’s Orange
County Fast 50 List, 3 Years in a row. (2008,2009,2010)
Project Scope
IT Department identified the need for a Software upgrade from Windows XP SP3 to Windows 7 Enterprise.
Most workstations had a mix of Volume License & OEM software installed.
45 % of Home Office leased workstations were due back to Hardware Vendor (Dell) starting in Q1 2011.
All of Remote Sales Force workstations were due for Hardware Refresh, starting in end of Q3.
Migration and Upgrade needed to happen during off-hours, or when Employees machine was in shop for servicing.
Research
Using NS Reports to determine hardware Windows 7 System Requirement readiness. Assets and Inventory > Inventory > Windows > Hardware
Count of Computers by Processor Speed, Type, and OS Memory Configuration by Computer Computers by Total Disk Size
Using NS Reports to determine software Windows 7 System Requirement readiness. Assets and Inventory > Inventory > Windows >
Software/Applications Count of Distinct Add/Remove Program Applications Count of Products by Version and Manufacturer Count of Computers by Install Directories
Research (continued)
When running previously mentioned reports, always change the Target Collection to “All Windows Workstations”
Review current application install base for required upgrades. (For instance, Acrobat 7 Professional/Standard does NOT load on Windows 7 64-Bit!!)
Expect to upgrade current Anti-Virus software. (Windows XP AV Clients are not going to cut it!)
ISTA decided to implement Window 7 64-Bit on all machines that met the following specs: 1.8 Ghz processor or better Processor needed to be of the Core Duo or Core Duo 2 type (or Better) 4GB of Memory or better If machine could be upgraded to 4GB then it would be 80GB SATA Hard Drive Minimum (The WINDOWS directory is 40GB in size)
Any machines that did not meet this spec would be replaced.
Software Compatibility
Due to the fact that most/all of our Install base had Windows XP 32-Bit… our current software packages might not be compatible
Utilizing a few Windows 7 Test machines, we deployed/tested our Major software applications
We built a list of Apps, and denoted which had been tested, and which worked under Windows 7
We were not concerned with any of the Microsoft Apps, due to the fact that we are EA customers
We determined that some of our crucial apps did not work with Win 7 We had considered XP Mode/MED-V, but after reading that Microsoft did
not consider those tools a Long-Term solution, we opted against it. A few of the Apps worked successfully under Terminal Services. So we
set up a few TermServ boxes to support those users. For the few remaining applications that have not been upgraded, or
cannot run under Terminal Services, we are awaiting updates from the vendor. (That group has not been upgraded to Win 7 yet)
Methodology
ISTA needed a deployment methodology which supported the upgraded equipment & complete replacement hardware.
We settled on using a Lite-Touch & a Zero-Touch deployment Method: Zero-Touch for those machines which were being upgraded directly.
(No Replacement) Lite-Touch for the users who were getting a new machine, with all of
their data transferred.Data transfer would be done using Microsoft's USMT toolWe would have used PCT, but our installed version did
not support Windows 7 64-Bit restoral. (It now does in SP5)
Methodology (continued)
The steps determined for each method were roughly the same: User Data Archival (Transferred to Network Share) Deploy Image Deploy Customized Drivers Install Software Packages Restore User Data Cleanup Desktop Environment
The only difference was the “User Data Archival”, as this was done on the users original machine. Then the rest of the Job was completed on the new machine.
Image Build
Similar to Windows XP, build a machine with fresh copy of Win7 installed.
Customized the User Profile before Imaging, then copy to the Default Profile.
We decided to keep our Images small, based on how few machines had similar software selections. No apps installed before Sysprep
Left Aclient/Altiris Agent off image before Sysprep. (Would install later on using SetupComplete.cmd)
Image capture choices… RDeploy (works in Linux, and Windows PXE) Ghost (Windows Only, did not support Win7 till SP4) ImageX (Was not an option in SP3, now included in SP5)
We chose RDeploy, as we wanted to deploy the image using faster Linux PXE boot.
Image Build (continued)
ISTA’s Image prep is as follows…1. Install Win7 (no drivers/apps)2. Customize Default User Profile3. Capture Image, label “Before Sysprep”4. Copy Sysprep tools onto machine.5. Extract & Create Unattend.XML file6. Copy Unattend.XML file to USB FlashDrive7. Run Sysprep /generalize /oobe /shutdown8. Capture Image, label “Sysprep”Now Customize the Unattend.XML file & Test your
image.
Staging
\\<ServerName>\USMTDATA$ - Z:\\<ServerName>\Deploy - G:\\<ServerName>\Deploy\Images\\<ServerName>\Deploy\Apps\\<ServerName>\Deploy\Drivers\\<DSServerName>\eXpress – I:\\<DSServerName>\eXpress\WAIK\Tools_v2
Deployment Process
We will walk thru the Zero-Touch deployment in detail.
Archive User Data…
REM USMT 4.0 - ScanState
ECHO Mounting Drive...net use z: \\<ServerName>\usmtdata$
ECHO Running ScanState...z:\x86\Scanstate.exe z:\captures\%computername% /o /vsc /c /i:z:\x86\migdocs.xml /i:z:\x86\migapp.xml /l:z:\captures\%computername%\scanstate.log /ue:30 /ui:<DomainName>\*
ECHO Unmounting Drive...net use z: /delete
Deploy Windows 7 x64 Image
Deploy Windows 7 x64 Image (continued)
@echo offREM Driver Install ScriptECHO Driver Install Script
REM Find Current ModelSet model="%#!computer@model_num%"ECHO %model%REM pause
REM Get Production NameIf %model%=="0G868N" set retrieve=E6400If %model%=="0U695R" set retrieve=E6400If %model%=="0K42JR" set retrieve=E6410If %model%=="0D8H24" set retrieve=E4310If %model%=="0D517D" set retrieve=760If %model%=="0R230R" set retrieve=760If %model%=="0D441T" set retrieve=980
ECHO Copy Over Driver files...rem mkdir c:\drivers.\Rdeploy\windows\firm.exe -recurse copy G:\7x64\%retrieve% prod:\drivers
Deploy Windows 7 x64 Image (continued)
REM Start Service ModeECHO Injecting Drivers into Image...".\WAIK\Tools_v2\x86\Servicing\Dism.exe" /Image:C:\ /logpath:C:\dism.log /add-driver:C:\drivers /recurse
ECHO Copying the new AClient files....\Rdeploy\windows\firm.exe copy .\Agents\AClient\dagent_x64.msi prod:\Windows\System32\dagent.msi
ECHO Preparing the Unattended Setup Files...
REM Tokenizing the Unattend File...REM ReplaceTokens .\Sysprep\unattend.xml .\temp\%ID%.xml
REM Copying the Tokenized Unattend File....\Rdeploy\windows\firm.exe copy .\temp\%ID%.xml prod:\Windows\System32\Sysprep\unattend.xml.\Rdeploy\windows\firm.exe copy .\temp\%ID%.xml prod:\Windows\Panther\unattend.xml.\Rdeploy\windows\firm.exe copy prod:\Windows\System32\Sysprep\unattend.xml prod:\unattend.xml
REM Copying the SetupComplete File....\Rdeploy\windows\firm.exe copy .\Sysprep\setupcomplete.cmd prod:\Windows\Setup\Scripts\SetupComplete.cmd
Set Firewall Exceptions
@ECHO OFFREM Set Windows Firewall Exceptions...
netsh firewall set service type = FILEANDPRINT mode = DISABLE >>%windir%\system32\AltirisFW.logecho Simple File Sharing turned off on: %DATE% %TIME%>>%windir%\system32\AltirisFW.log
netsh advfirewall set allprofiles state off >>%windir%\system32\AltirisFW.logecho Firewall Exceptions Completed on: %DATE% %TIME%>%windir%\system32\AltirisFW.log
:end
Install Altiris Agent
Install Office 2010 x64
Restore User Data
REM USMT 4.0 - LoadState
ECHO Mounting Drive...net use z: \\<ServerName>\usmtdata$
ECHO Running ScanState...z:\amd64\Loadstate.exe z:\captures\%COMPUTERNAME% /i:z:\amd64\migdocs.xml /i:z:\amd64\migapp.xml /l:z:\captures\%COMPUTERNAME%\loadstate.log
ECHO Unmounting Drive...net use z: /delete
Customize Desktop@ECHO OFFREM Customizing End-User Desktop...
REM Copying Desktop Shortcuts...IF NOT EXIST "%SystemDrive%\Users\Public\Desktop" GOTO ENDECHO Deleting Old Desktop Shortcuts...DEL "%SystemDrive%\Users\Public\Desktop\*.lnk"ECHO Copying Desktop Shortcuts...XCOPY /Y "\\<ServerName>\Deploy\Utilities\x64\Icons\*.ico" "%SystemRoot%\System32\"XCOPY /Y "\\<ServerName>\Deploy\Utilities\x64\Links\*.lnk" "%SystemDrive%\Users\Public\Desktop\"
REM Installing Drive Mapping and Backup Script(s)...ECHO Installing Drive Mapping and Backup Script(s)...XCOPY /Y "\\<ServerName>\Deploy\Utilities\x64\Scripts\*.vbs" "%SystemDrive%\Users\Public\"XCOPY /Y "\\<ServerName>\Deploy\Utilities\x64\Scripts\*.xml" "%SystemDrive%\Users\Public\"
REM Applying Registry Fixes...ECHO Applying Registry Fixes...REGEDIT /S "\\<ServerName>\Deploy\Utilities\x64\Registry\general.reg"REGEDIT /S "\\<ServerName>\Deploy\Utilities\x64\Registry\7zip.reg"
:END
Exceptions
For those software packages that were unique to several machines, we created network install jobs
Those jobs were listed under the “Software” folder, so the Desktop Analyst could include it into his jobs
After-Thoughts
Don’t rush project!Give your users ample opportunity to experience Windows 7
before they are upgradedTrain your Staff, then train User baseFor legacy applications, consider using SVS or APP-V for
application virtualization (we did not have enough time!)Schedule the upgrade around any Hardware Refresh efforts,
or Lease returnsCheck internal website compatibility with Internet Explorer
8!!!DON’T run your Deployment Server on a VM!DON’T forget to update to the latest Service Pack!
We started on SP3, and had lots of problems. It wasn’t until SP5 that everything worked out as planned!
References
About MED-V..http://
technet.microsoft.com/en-us/library/ee872305.aspx
Why XP Mode & MED-V are not long-term solutions
http://redmondmag.com/articles/2011/04/19/microsoft-panel-offers-windows-xp-migration-tips.aspx
Creating a Windows 7 Self Updating Hardware Independent Image…
https://www-secure.symantec.com/connect/articles/creating-windows-7-self-updating-hardware-independent-image-using-deployment-solution-69sp4
THANK YOU FOR YOUR TIME!!!