Managing the Unexpected
You have four new sales executives starting in two days, but you're still catching up on a server migration and closing out two computers from terminated employees to comply with Sarbanes-Oxley.
It's a typical day for an IT manager anywhere. But what if you could guarantee that each new machine would get the same security settings and registry edits, plus the standard application suite, by automating machine imaging? Here are some how-to tips on imaging using the Altiris Deployment Solution for Clients (ADSC). I've found that ADSC can reduce installs and configuration changes from two to three hours per computer to just a few clicks.
You can download ADSC (164MB) for free from Altiris along with a 30-day license for testing with 10 clients. You will need either MSDE or SQL Server as your database backend. In my testing and years of usage, MSDE has been more than sufficient to handle as many as 500 clients or more. However, if you require additional features such as advanced scripting and reporting, then SQL Server is for you. Altiris recommends Windows Server 2003 or 2000 as the server platform. Although the software is not processor-intensive, you'll need a minimum of 512MB of RAM or more if you have a large number of clients.
The Altiris Agent, the client for the ADSC, has a very small footprint — utilizing about only 1MB of RAM and an unnoticeable amount of processor time, even when communicating. Every client that you wish to control requires this agent. The ADSC does not care how many computers have agents in your domain, but it will only allow you to concurrently connect up to the licensed amount. You can "bump" agents and wait for spots to keep costs down. However, if you choose to buy enough licenses to match your clients, you can expect to pay anywhere from $30 to $40 per license, depending on volume. Software maintenance is included with each license purchase.
Once you have your database platform selected and installed, unzip and open the .EXE that you downloaded from Altiris. There are three types of installations as well as a wizard: simple, custom (for separating applications from the database server) and component (for multiple deployment servers that report to one database server).
The "simple" install allows you to select where the applications will reside and what domain account you want to use to manage clients. The account you use is very important. I recommend you create an account with Domain Administrator privileges called "altiris." Make sure you set the password on that account to never expire. Do NOT use your account or the account of an actual employee. If they
decide to change their password or leave the company, you will have some painful reconfiguring to do. Alternatively, you can use a local administrator account from your Altiris server as long as the password on that local administrator matches the local administrator password on your client machines. Also, during the installation you will need to point to the location of your license file. (If you are using the demo version, there is an .LIC file in the folder where you extracted your installer. If you purchased this solution from Altiris, they will e-mail you the .LIC file.)
No reboot is required after the server install. You can either access the Console.exe from the server (using your choice of remote access methods) or you can access it via the Web if you are running IIS on the server. I find the Console.exe a faster option.
|Microsoft Office 2003||35 minutes|
|Adobe Acrobat||5 minutes|
|VPN Client||10 minutes|
|Several Active X Plugins||15 minutes|
|Windows XP Service Pack 2||30 minutes|
|Registry edits, security settings and Unnecessary App Removal||25 minutes|
|Time to combine all of the above into the “perfect image” of a company desktop||20 minutes|
|Time required to deploy standard image, including clicking “OK” at all prompts||1 minute|
|Time saved deploying first new machine using ADSC||1 hour, 40 minutes|
|Time saved for each subsequent machine deployed||1 hour, 59 minutes|
Find Some Clients
Configure all of the settings — password protection, server communication intervals and remote PC control — in the client before you push it out. Once that's done, anyone who receives the client will immediately get these settings, eliminating post-
configuration work. The "Remote Agent Installer" lets you "push" the agent to any computer it finds in your domain. New agents will start appearing on your console window, with no need to reboot the clients.
If you've already created the "perfect" sales executive notebook computer (installed the standard suite of applications, configured settings, edited the registry and done any clean up) and you've made an image of it using the Rapid Deploy solution included with the ADSC, you're ready to go. In fact, you've created "perfect" images of all of your field machines. Using the Altiris Bootwiz Creator (also bundled with the ADSC) in conjunction with its Rapid Deploy solution, you make an image of the notebook and store it in your preferred image store location. Use the Boot Disk Wizard (dust off your Win98 CD because you'll need those DOS drivers) to create an Altiris boot disk. Line up the four notebooks on the bench in your lab, hook them up to your LAN, pop an Altiris boot floppy (which knows where to go to pull down the image, and does so automatically) into each and walk away. In half an hour, you'll have four identical notebooks ready to be renamed for your domain and deployed.
Now, let's tackle those pesky terminations. Since these machines already have Altiris agents installed on them, select all six clients at once from the console and select "Quick Disk Image." Schedule the task to run right away or later that night. Altiris will back up each of the machines to a unique .IMG file and store them in a location that you specify. In our case, we have cheap 200GB snap servers whose only worldly purpose is to store PC images. Schedule Altiris to then deploy the "perfect" desktop image back to those machines once they have been backed up.
When it's time to deploy new machines, you can pull the .IMG file for the standard desktop configuration burned to a DVD. The file can be used when ordering new desktops or notebooks from your vendor, such as CDW, who can image them for you with the DVD you supply. Since you remembered to include an Altiris agent in the image for each machine, as soon as they get on your network they will call home. With a simple script in the console, they are on the domain.