I wrote this when I moved my company from seperate images for each model of PC to a one image for everything, that makes updating individual programs much easier.
The Process
Scripted Installations work by automating the process of creating a new PC everytime. It installs Windows from source media (a DVD uploaded to KBOX) and runs various post installation (scripts and installs that run after Windows has finished installing) that configure the PC and begins to install the programs that need to be on every PC rolling out to new users. Because this is a universal image and will work on a great deal of different vender and machine models a password has been set on the BootManager so only IT staff can deploy these images. Below is a basic layout of the imaging process:
Preinstallation Tasks
These tasks are run in the KBE (KBOX Boot Environment) before the Windows installation kicks off and prepares the hard drive in the following order
Create a single partition
the folllowing runs using DISKPART and creates a single partition on the hard drive for Windows:
select disk 0 clean create partition primary select partition 1 active assign letter=c exit
Format C: as NTFS
This runs as a BAT script to format the C:\ for NTFS
format /q /y /fs:ntfs c:
Install Vista/2008/7 MBR
This installs the Windows Master Boot Record for Windows Vista, Windows Server 2008 and Windows 7
bootsect.exe /NT60 c:
Windows Operating System Installation
Windows 7 is the choosen Operating System for all new PCs and have been uploaded to the KBOX2000. To speed up the installation of Windows along with updates, the source media is slipstreamed with Service Pack 1 and other Windows Updates (using the .msu files direct from Microsoft) to make sure the image is as up to date as possible when it is deployed. This slipstreaming is done once a month after the 3rd week so that the current months updates are included. Also other language updates are removed to make the image smaller and quicker to deploy.
Once this has been slipstreamed (current program used to do this is RT 7 lite v2.6 beta) it is then uploaded to the KBOX2000 using the KBOX Media Manager (this can be downloaded from the KBOX2000) and a scripted Installation is built around it, replacing previous scripted installations
Drivers
The KBOX2000 has a database of drivers for booting into KBE which allows you to deploy the image. Networking and storage controller drviers for the machine model are needed first otherwise it will not be able to boot into KBE.
It also has a database for each Operating System (ranging from Windows 2000 - Windows 7/2008 R2 x86 and x64) where the PC will be able to get any drivers it needs after Windows has been installed. You can find out what drivers are missing for a PC by going into the System Inventory in KBOX and selecting the operating system, and you will get a list of all the drivers and any that are missing are marked with a no entry sign (shown below is a confirmed working driver and a missing driver)
Any drivers that need to be uploaded can be done using the Driver Harvesting Utility or uploaded manually to the Driver share on KBOX2000 by mapping \\ikbox\drivers to a drive letter on your PC. From there you can upload the .inf, .sys, .cat and any other files required for the driver into the relevant OS folder (Windows 7 x64 drivers need to go into the windows_7_x64 folder for example)
Post Installation Tasks
Once Windows has been installed then a splash screen will appear which hides the various programs installing in the background. These programs are run by uploading the .msi or .exe and running a command line to install it. A list of the programs and command lines are written below:
Disable UAC
This needs to be disabled to allow the following programs to install so a registry edit is made to switch this off:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
Join Domain
This runs a .vbs file that is on the KBOX server by default which adds the computer to the domain. It runs the following:
join_domain.vbs <domain> <username> <password>
For security reasons the user details are not listed here. The user that is used is not allowed to login to any PC using Active Directory restrictions and has a random 20 digit password (this is saved in the service account keepass database) and has no rights except to add computers to the domain. This password will be reset each quarter
Activate Windows 7
This runs a .vbs script that already exists in Windows 7 and allows the user to run it beside other switches to activate using a Windows 7 product key
The following line enters in the ENGINE Windows 7 product key:
cscript C:\Windows\System32\slmgr.vbs /IPK xxxxx-xxxxx-xxxxx-xxxxx
and this line activates Windows:
cscript C:\Windows\System32\slmgr.vbs /ato
7Zip 9.20
"7z920.exe" /S
Adobe AiR
AdobeAIRInstaller.exe -silent -eulaAccepted
Adobe Flash Active X (32bit)
install_flash_player_11_active_x_32bit.exe -install
Adobe Flash Plugin (For 3rd party browsers 32bit)
install_flash_player_11_plugin_32bit.exe -install
Adobe Reader X - 10.1.2
AdbeRdr1012_en_US.exe /sAll /rs /l /msi /qb- /norestart EULA_ACCEPT=YES
Bomgar
This has a seperate installer for each x86 and x64 Operating Systems and is a silent installer by default so just the filename is run to kick off the installation:
bomgar-scc-randomdigitsthatfollow.exe
CutePDF
this is actually a part installer as it needs the Ghost Converter installed first. the converter is installed using:
converter.exe /auto
and then the actual PDF writer is installed using:
CuteWriter.exe /verysilent
FileZilla 3.5
FileZilla_3.5.0_win32-setup.exe /S
Gimp 2.6
gimp-2.6.11-i686-setup-1.exe /SP- /SILENT /NORESTART
Google Chrome
This actually uses the enterprise installer that Google distribute to businesses as the normal installation file for consumers cannot install silently
msiexec /i googlechromestandaloneenterprise.msi /qn /norestart
Java 6 Update 31
jre-6u31-windows-i586-s.exe /s ADDLOCAL=ALL IEXPLORER=1 MOZILLA=1 REBOOT=suppress
KBOX K1000 Agent
KInstallerSetup.exe -server=helpdesk.yourdomain.local -ssl_enabled=0 -amp_ssl=0 -display_mode=silent
Mozilla Firefox
"Firefox Setup versionnumber.exe" /silent
Microsoft Office 2007 Standard + SP3
This is actually installed using a .msp file which you can create using the Office 2007 installer (instructions are here) and it is zipped up and uploaded to the KBOX server and the following command line is run:
"setup.exe" /adminfile Office2007Standard.msp
Any updates for Office 2007 (for example Service Pack 3) are put into the Updates folder using the filename extract:path command and added into the zip file and the .msp file notices this and installs them automatically
Skype
msiexec.exe /i SkypeSetup_5.5.0.112.msi /qn /norestart
VLC Media Player 1.1.11
vlc-1.1.11-win32.exe /S /V /qn
If you are using a version of Windows 7 that supports KMS activation (I believe that is only enterprise and ultimate.)
Also for the slip streaming you can use DISM which is part of the Microsoft Windows AIK, which you need for creating the KBEs anyway. More info on using that is at:
http://technet.microsoft.com/en-us/library/dd744559%28v=ws.10%29.aspx - ncsutmf 12 years ago
I have one issue here:
I did not see the 3rd screen shot for the software installation, and windows asked me to login and continue with the installation.
Reason can be that I have placed an built in local account, is this the right way?
xxxxxadmin
Administrators
xxxxxxxxxxx
true
- universelu 12 years ago
Another alternative to Application POs is to use Ninite to manage installations and updates.
K2
http://www.itninja.com/blog/view/how-to-use-ninite-with-the-k2000
K1
https://d8f7mp21btv4f.cloudfront.net/help/ninite-kace-00e272baee8dbc524be2aad8b0d1617f.pdf - Rodrig0 8 years ago