Post-Install scripts + changing PC name / joining domain - any way to stage scripts?
We're planning a 1,000 PC roll out for this Summer. We're planning on doing the images with post-installation scripts, so once the machine images, it'll go into windows, change the PC name to the service tag of the machine, reboot, then join the domain, and reboot again. It's been working for us well so far on our current images. However, on this new image we're creating, we want to do things such as Flash, Java, FireFox, etc., as post-install scripts instead of already being on the image so that we can replace the program on the K1000 box with the updated version so the image is always up to date instead of having an image with old Flash, etc.
My question would be - since we need it to rename the PC, reboot, join domain, reboot...how do we get it to install Flash, Java, and all other apps with this as well? Do we do rename PC + join domain last? If we have 10 different software titles set to install as post-install tasks, do we set those first, and will they wait until they all complete before running the rename pc/join domain scripts?
My question would be - since we need it to rename the PC, reboot, join domain, reboot...how do we get it to install Flash, Java, and all other apps with this as well? Do we do rename PC + join domain last? If we have 10 different software titles set to install as post-install tasks, do we set those first, and will they wait until they all complete before running the rename pc/join domain scripts?
0 Comments
[ + ] Show comments
Answers (6)
Please log in to answer
Posted by:
jrscribner
12 years ago
We have used two different methods to set our computer names, first I wrote an AutoIt program which runs as a KBE postinstallation task to collect the BIOS serial number using WMI I then parse a text file to find the matching serial number if found I injects that into the unattend.xml file, if it's not found I prompt the user for the computer name this way the computer has the computername setup as part of the sysprep process. Currently we are rewriting our AutoIt script to get the computer name from the K1000 using a MySQL query, here is someone else s example of how to do it: http://www.itninja.com/question/name-machines-via-k1-with-k2-post-install-script once I finish testing our version I will be posting it for everyone to look at and use.
Posted by:
tekCTRL
12 years ago
What i do here is actually re-name the PC and join to the domain (using post install tasks) and install java, flash, office, silverlight, firefox, chrome etc etc and then reboot when its all done.
Each installation runs as a post install task in the scripted installation for the OS. In our case we have one for Windows 7 x64 and another Windows 7 x86
Heres a little bit on the commands I run as post install tasks:
Disable UAC
This needs to be disabled to allow the following programs to install so a registry edit is made to switch this off:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
Join Domain
This runs a .vbs file that is on the KBOX server by default which adds the computer to the domain. It runs the following:
join_domain.vbs
For security reasons the user details are not listed here. The user that is used is not allowed to login to any PC using Active Directory restrictions and has a random 20 digit password (this is saved in the service account keepass database) and has no rights except to add computers to the domain. This password will be reset each quarter
Activate Windows 7
This runs a .vbs script that already exists in Windows 7 and allows the user to run it beside other switches to activate using a Windows 7 product key
The following line enters in the ENGINE Windows 7 product key:
cscript C:\Windows\System32\slmgr.vbs /IPK xxxxx-xxxxx-xxxxx-xxxxx
and this line activates Windows:
cscript C:\Windows\System32\slmgr.vbs /ato
Adobe AiR
AdobeAIRInstaller.exe -silent -eulaAccepted
Adobe Flash Active X
install_flash_player_11_active_x.exe -install
Adobe Flash Plugin (For 3rd party browsers)
install_flashplayer11-3-181-34.exe -install
Adobe Reader X - 10
AdbeRdr1010_en_US.exe /sAll /rs /l /msi /qb- /norestart EULA_ACCEPT=YES
Google Chrome
This actually uses the enterprise installer that Google distribute to businesses as the normal installation file for consumers cannot install silently
msiexec /i googlechromestandaloneenterprise.msi /qn /norestart
Java 6 Update 31
jre-6u31-windows-i586-s.exe /s ADDLOCAL=ALL IEXPLORER=1 MOZILLA=1 REBOOT=suppress
KBOX K1000 Agent
KInstallerSetup.exe -server=helpdesk.5gs.local -ssl_enabled=0 -amp_ssl=0 -display_mode=silent
Mozilla Firefox
"Firefox Setup versionnumber.exe" /silent
Microsoft Office 2007 Standard + SP3
This is actually installed using a .msp file which you can create using the Office 2007 installer and it is zipped up and uploaded to the KBOX server and the following command line is run:
"setup.exe" /adminfile Office2007Standard.msp
Any updates for Office 2007 (for example Service Pack 3) are put into the Updates folder using the filename extract:path command and added into the zip file and the .msp file notices this and installs them automatically
Each installation runs as a post install task in the scripted installation for the OS. In our case we have one for Windows 7 x64 and another Windows 7 x86
Heres a little bit on the commands I run as post install tasks:
Disable UAC
This needs to be disabled to allow the following programs to install so a registry edit is made to switch this off:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
Join Domain
This runs a .vbs file that is on the KBOX server by default which adds the computer to the domain. It runs the following:
join_domain.vbs
For security reasons the user details are not listed here. The user that is used is not allowed to login to any PC using Active Directory restrictions and has a random 20 digit password (this is saved in the service account keepass database) and has no rights except to add computers to the domain. This password will be reset each quarter
Activate Windows 7
This runs a .vbs script that already exists in Windows 7 and allows the user to run it beside other switches to activate using a Windows 7 product key
The following line enters in the ENGINE Windows 7 product key:
cscript C:\Windows\System32\slmgr.vbs /IPK xxxxx-xxxxx-xxxxx-xxxxx
and this line activates Windows:
cscript C:\Windows\System32\slmgr.vbs /ato
Adobe AiR
AdobeAIRInstaller.exe -silent -eulaAccepted
Adobe Flash Active X
install_flash_player_11_active_x.exe -install
Adobe Flash Plugin (For 3rd party browsers)
install_flashplayer11-3-181-34.exe -install
Adobe Reader X - 10
AdbeRdr1010_en_US.exe /sAll /rs /l /msi /qb- /norestart EULA_ACCEPT=YES
Google Chrome
This actually uses the enterprise installer that Google distribute to businesses as the normal installation file for consumers cannot install silently
msiexec /i googlechromestandaloneenterprise.msi /qn /norestart
Java 6 Update 31
jre-6u31-windows-i586-s.exe /s ADDLOCAL=ALL IEXPLORER=1 MOZILLA=1 REBOOT=suppress
KBOX K1000 Agent
KInstallerSetup.exe -server=helpdesk.5gs.local -ssl_enabled=0 -amp_ssl=0 -display_mode=silent
Mozilla Firefox
"Firefox Setup versionnumber.exe" /silent
Microsoft Office 2007 Standard + SP3
This is actually installed using a .msp file which you can create using the Office 2007 installer and it is zipped up and uploaded to the KBOX server and the following command line is run:
"setup.exe" /adminfile Office2007Standard.msp
Any updates for Office 2007 (for example Service Pack 3) are put into the Updates folder using the filename extract:path command and added into the zip file and the .msp file notices this and installs them automatically
Posted by:
ckubaska
12 years ago
The K2000 can auto name your systems, join the domain and register windows. Then an option would be to have those system automatically go to the K1000 for the software deployments and then you only have one software change to keep up to date. If you want the K2000 to do the software deploys the join and rename would have to be last due to the reboots.
Posted by:
andibogard
12 years ago
We are currently doing this in our environment. Using the breadcrumb method. We are essentially tagging machines during scripted installs to be used with smart labels we've created on the K1000 to pick up those on the tags.In our case, we have a "New Deployment" tag and matching managed installation that installs Java, Flash, Adobe reader and some other programs. As the last post installation task on the scripted install, we install the agent, set the machine to auto login once, add a runonce entry to initiate a check-in at next reboot, then reboot the machine. When the machine reboots, it logs in, runs inventory and starts the install.
See here for a KKE about the breadcrumb method.
K1000 KKE's: https://support.software.dell.com/k1000-systems-management-appliance/kb?k=KKE
See here for a KKE about the breadcrumb method.
K1000 KKE's: https://support.software.dell.com/k1000-systems-management-appliance/kb?k=KKE
Comments:
-
fyi We also remove the new deployment tag at the end of the New Deployment managed installation. - andibogard 12 years ago
Posted by:
spless
12 years ago
We do a naming convention per location and the the KACE training made it sound that it was more difficult to let the K2000 to name the target computer then you going back and manually touch the target computer. Look forward to see how you handle this.
Comments:
-
my machine names are very specific, ass well, and can not be automated. I have sysprep prompt me for a name. then use a command line to join it to the domain later. - RandomITPro 12 years ago
-
I too use this method - andibogard 12 years ago
Posted by:
RandomITPro
12 years ago
Your needs are fairly simple and that offers you a few ways to do each thing. Since you are naming the computer based on the service tag, there are a few script that can harvest the info from the bios.
I would look into doing the following
Sysprep/scripted install names the machine at random
Post installs via k2000 runs a rename script, and joins the domain, then installs k-agent (don't forget .net framework)
Optionally load some registry keys that will auto login the machine a few times.
Let the k1000 pickup the machine and compare software versions/existence and install your flash/adobe/etc. This is were that optional autologins come in as a reboot or two maybe required to force the k1000 to install/let the agent report in.
If your worried about your smart labels hitting existing machines, install a small program as a post install task as a "flag" (I use PDFCreator) In your smart label make the existence of this flag part of the criteria. Then uninstall the flag program.
I would look into doing the following
Sysprep/scripted install names the machine at random
Post installs via k2000 runs a rename script, and joins the domain, then installs k-agent (don't forget .net framework)
Optionally load some registry keys that will auto login the machine a few times.
Let the k1000 pickup the machine and compare software versions/existence and install your flash/adobe/etc. This is were that optional autologins come in as a reboot or two maybe required to force the k1000 to install/let the agent report in.
If your worried about your smart labels hitting existing machines, install a small program as a post install task as a "flag" (I use PDFCreator) In your smart label make the existence of this flag part of the criteria. Then uninstall the flag program.
