K2100 Best Practices
Just wanted to get everyone's opinion on how I'm going about imaging with the K2 and get any pointers to make things easier to manage my images. Right now I am building an image using VM's. After it is fully updated I install all the base applications (i.e. Anti-Virus, 7zip, Greenshot, .Net, Silverlight) and core configurations (i.e. Disable IPv6, Disable UAC, add Firewall Exceptions). I take a screen shot of the image once I'm pleased with it as a "Golden Image." I add my unattend.xml to the proper folder and sysprep the machine. Once it shuts down I boot into the KBE and capture the image. I then apply post actions such as installing the AMP Agent, Office, etc. I deploy machines that test successfully. I get no hiccups and I only have to activate Windows and Office before handing it off to a user. I feel like this is a solid methodology but would like to know if some of you have any pointers to make this better. I'm all ears.....!
-
Thanks everyone for the input. I am sticking with my procedure for the time being but am going to change a few of the installations to Post Install Tasks opposed to having them in the image when captured. Again, thank you all..... - jsunderman 11 years ago
Answers (7)
I do pretty much the same thing except I have everything post install. I let GPOs handle firewall, and UAC. You can also set these in your unattend.xml.
My snapshot has Windows updates turned on. I load the snapshot. Run the updates I need, and then sysprep. In my unattend.xml I have Windows updates turned off so I do not need to worry about turning them back off.
I have three main images that I updated every few months. I want to test copying my unattend.xml to C:\windows\panther as a preinstall to see if I can just have one "Golden Image", but just have separate preinstall tasks for each. I just haven't had time to test this yet.
Seems like a pretty good procedure. I like using VMs to prepare my images as well, keeps from having to tie up hardware resources. I agree with Johnzko, though. We don't include any software in the image unless it's just too complicated to install after the fact. This makes updating which version is installed easier.
The other thing we do different in our organization is we let our K1000 do the "heavy lifting" of app installs. In Healthcare there are a lot of complicated app installs that we could never seem to get to work right as Post Install Tasks. So we use "bread crumbs" in the registry, along with Custom Inventory and Smart Labels to install the needed software from the K1000. The K2000 just lays down the basics: OS image, drivers, K1 agent, and the "bread crumbs". We also use wsusoffline to install updates as a post install task. This way we only have to update the folder that stores the updates, rather than having to capture a whole new image.
I have found out that disabling IPv6 in the master image does no good. the hardware is recreated post sysprep so IPv6 is enabled again. I had to add the disable after the machine comes out of sysprep, doing it as a post task even did not help. I added a run once to run on the machines first boot after post sysprep reboot.
this is my postinstallation line to kill ipv6
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v ipv6kill /d "reg.exe add \"HKLM\SYSTEM\CurrentControlSet\services\Tcpip6\Parameters\" /v DisabledComponents /t REG_DWORD /d 4294967295 /f"
It is not recommened to install anti-virus or any type of agent software (like the K1000) into your golden image.
I'm with johnzko, I install all my software as a PO because that way when I update my golden image I only have to update windows, the other software gets updated in the PO task or a network share so its always up-to-date.
Corey
Lead L3 Enterprise Solutions Consultant, K2000
If my response was helpful, please rate it!