K2000: Windows 7 - how to reduce patching after a build?
Hey,
So after we build a system with our K2000 our techs still have to spend a few hours tweaking and installing updates and other stuff.
Does anyone on here have any good ideas on how to improve this? We are going to roll in several packages they were doing manually but its the windows update that seems to take the largest chunk of time.
Ideally I would like a completely hands off approach.
thanks,
Pierce
Windows 7 SP1 is base image on dell systems
-
One thing I have done is use WHDownloader http://www.majorgeeks.com/files/details/windows_hotfix_downloader.html to inject the windows updates / service packs into the wim file and recreate the ISO to deploy your scripted install with. I did my first slipstreamed OS ISO about this time last year and got every windows 7 update to date at the time. It barely fit on a DVD and had to go to using USB drive for a local install. - akilpatrick 9 years ago
Answers (4)
What I've been doing (Scripted install here) is using WSUS Offline to build a local repository of updates. Every month I run the WSUSOffline updater app and it updates my local cache. Then I run a Batch file off hours that does this:
echo mapping K2000 PETemp Share
net use U: \\K2000IPAddress\petemp K2Password /user:K2Username
echo starting copy process
robocopy E:\wsusoffline\client U:\wsusoffline /s /E /XO /LOG:VK2000.txt
echo disconnecting VK2000 share
net use U: /delete /yes
I have an entry in the batch file that does the same procedure for each of my RSA's as well, so they all have their own little local copy of the offline update cache.
As a post-install task on the K2, I setup the following:
net use T: \\K2orRSAIPaddress\petemp K2Password /user:K2Username
T:\wsusoffline\cmd\doupdate.cmd
Probably not the best way, but it seems to have cut down on the initial lump of installs we used to get the first time a machine connected to an open network.
Comments:
-
I realise this is an old reply, but I liked your approach so I wanted to comment. We have the same issue with our scripted installs. It's become a lot less painful with SSD's, but still, it's painful.
To those suggesting to move to images - that's fine, but the scripted installs are hardware agnostic, easily changes and very flexible. Scripted installs are superior to images in most cases.
The big drawback is the updating process. This has gotten worse as it's been almost 2 years since W7 SP1 arrived (baseline for our installs) so there are hundreds of updates to install afterwards, and we don't have WSUS.
At one point I tried slipstreaming the updates into the Win7 image (used a tool called RT7 Lite), but I found the resulting install was unstable and I didn't trust it enough to put it into production.
Definitely going to give the WSUSOffline approach a crack! - palaris_cpala 9 years ago-
They're not hardware agnostic if you capture them on a VM. - dugullett 9 years ago
I capture all of my images on VMs. Similiar to the link below (even though that post was for Win 8). I build out my Win 7 image, fully patch, and make customizations as needed. I also put my unattend.xml file into the sysprep folder, with a .bat file that runs sysprep with the unattend.xml file (make sure copyprofile=true). Everytime I need to update my image I just load my snapshot, run MS updates, take a new snapshot, and then run my .bat file that syspreps with a shutdown. After that it's a regular image capture.
http://www.itninja.com/blog/view/kace-imaging-capture-uefi-partions-vm-workstation
Silent installs, scripts, scripts and more scripts........
If you do the same thing all the time - Script it. I made it so my team only spends less than 5 minutes per batch of computers that they are rolling out and that is only to give the computer a name.
For instance we want everyone to have Office, AV, Acrobat, 7-zip, CutePDF writer, Join AD in a certain container based on their site, Join their wireless network, Install our K1000 agent, and be sure they are up to date on Windows Updates. To do this I uploaded the latest release of Windows we are utilizing and built scripted installs. I like this better than making an image and capturing it because you are always up to date and it is much easier to make modifications to the image(s)
For the majority of commercial software you can find how to install it silently with the options you want - (msiexec /I package.msi /qn). The other steps involve some leg work and ingenuity, but once you put a little effort into it you will quickly see the benefits.
Here are some cool things:
- Join Computers to AD in a specific container - I have site around the globe and an RSA at each site and when we create an image I want the computer to join the domain for that site. I use this script and pass it the domain, user that can join a computer and the path. https://www.sole.dk/vbscript-to-join-computers-to-domain-with-specific-user-and-avoid-having-to-manually-place-them-in-ad/
- Join computer to Wireless (If it has a wireless) - You use netsh command to export the wireless settings on a computer as shown here - http://community.spiceworks.com/how_to/24989-export-import-wireless-network-info-on-windows-machines - then change the exported XML so the "protected" property is False and enter the un-encrypted passcode. You can take this step further by making a batch file that first checks if there is a wireless adapter in the computer:
ipconfig | findstr "Wireless"
IF %ERRORLEVEL%==0 netsh wlan add profile myprofile.xml
- Install software based on it being a laptop or desktop - Here is a script that detects the computer type - http://blogs.technet.com/b/heyscriptingguy/archive/2004/09/21/how-can-i-determine-if-a-computer-is-a-laptop-or-a-desktop-machine.aspx. I modified it so that after the "Select Case strChassisType" line I had just the portable computer type selected (Case 8,9,10,12,14) and I added a line to run my list of installers that I wanted for just laptops like my vpn client (WshShell.Run "msiexec.exe /i vpnsoftware.msi /qn", 1, True)
- GetComputerName / SetComputerName - http://www.itninja.com/blog/view/get-set-computername. This one is great. With this and all the other scripts the Sys Admin just boots off the NIC, selects the install type and just waits for this one prompt for the computer name then comes back later to find a fully configured computer already named.
- WSUS/ WSUS Offline / K1000 patching / VBScripts as final step - There are a number of ways to help put on all the latest patches. As I mentioned earlier I like to use the latest released Service Pack version of Windows as a base for the scripted install and then add all the patches at the end. Any one of these methods will help you get your newly imaged computers up to date ASAP.
Lastly, make sure everyone who is utilizing your scripts can do the steps manually if needed and knows what the script does. This does not mean they have to be scripting and deployment experts themselves. They just have to have the talent to know what is going on. All to many times I have seen businesses automate things and think they can let trained monkeys run the process. It always ends poorly.