Difference between revisions of "Client Setup"
m (→Image Capture) |
m (→Image Capture) |
||
Line 269: | Line 269: | ||
NOTE: setting a Windows 7 OStype, will clone a 512 bytes MBR: at the boot the system will show the string GRUB and then will hang! | NOTE: setting a Windows 7 OStype, will clone a 512 bytes MBR: at the boot the system will show the string GRUB and then will hang! | ||
− | With this configuration, after the image | + | With this configuration, after the image capture, in the directory '''/images''' of the fog server there should be a directory with the name selected for the image containing: |
* d1.mbr (the MBR: should be 32256 bytes) | * d1.mbr (the MBR: should be 32256 bytes) |
Latest revision as of 03:18, 8 July 2016
Contents
- 1 Absolute Basics
- 2 Common Steps for Any OS Installation
- 3 Single Image Machines
- 4 Dual boot Images
- 5 Hardware-Independent Images
Absolute Basics
When using FOG all clients should be setup to have PXE boot as the first boot device. This allows imaging tasks to be deployed without visiting the client computer, while only slowing down the boot process by a few seconds.
If you are following this guide straight through, it is a good idea to test a capture on a spare computer rather than testing it on your master image after doing all the steps below, just in case of complications.
Deciding on an Image Strategy
FOG's strength is the flexibility to adapt to your environment needs. As an example lets say you have 20 of one computer model and 20 of another. You need to support both groups of machines and wish to use FOG to host images for both the machines.
There are two ways to do this.
- Create an image for a specific computer (useful if you have 10+ more of the same model computer)
- Create a hardware independent image (useful if you have many different models of computers in your environment)
Example: Your environment has 20 Dell Optiplex 760 Machines. Your environment also has 20 Lenovo ThinkCentre M91p Machines.
Since FOG allows you to group your host and apply the same image to all host in that group, it might be better for you to create a standard Dell Image and a seperate Lenovo Image. However if you have 5+ machines with different models, it might be time to create a Master Image that covers the hardware for ALL your machines. These are known as Hardware Independant Images or Master Images. They are also known as Golden Images. Regardless of the name used, they all mean the same thing. An image that works on any machine/hardware.
Common Steps for Any OS Installation
Always Start with a Clean Hard Drive
Even if your drive is brand new from the Factory, it is recommended to wipe the drive before you install an OS on it. This is considered a best practice and has several reasons for doing so.
Reasons for Wiping a Hard Drive
Brand New Hard Drives
Even if the drive is brand new from the factory in an unopened box, you should wipe it. In 2007 an incident was reported where 1800 brand new hard drives were shipped from the manufacturer with a virus already on the drive. While the likelihood of hard drives being infected from the manufacturer is extremely small, wiping a drive with a single pass only takes a few minutes and can save you much heart aches in the future. It is also a good way to test the drive to make sure it's not a bad drive from the factory. Most hard drives that have a factory defect will die within the first few months of use. If the drive fails during the wipe, you normally can return it to the store in a timely manner and get a new one.
Used Drives
Deleting partitions or doing a soft format isn't enough. Some virus and malware components can survive a full disk format. They place themselves in un-used disk areas (eg: counting backwards from the last logical block of the drive geometry.) Even though they cannot execute themselves until specifically called, a re-infection could allow them to access previously-saved information, such as keylogger data or other personal information.
Wiping a Drive
Wipeing a Hard drive can take a long time depending on the size of the drive! On average a 160gb SATA hard drive can take an hour to wipe. Writing a single pass of data (random or not) is plenty sufficient to remove all traces of a program or malware. In fact, the Gutmann method has been called useless by the creator of the method [1] as his paper was misinterpreted. Thirty Five passes are not needed in modern drives.
Windows 7
Open a Command Line as Administrator Type: format /p:1 <Drive Letter> Replace <Drive Letter> with E:\ or which ever drive you wish to format. This will zero-out all bits on a disk.
UNIX/Linux
Open a Shell prompt as root or a user with sudo rights on Ubuntu/Debian based machines
Simple Wipe
Fedora: dd if=/dev/zero of=/dev/sdX
Ubuntu/Debian Based dd if=/dev/zero of=/dev/sdX
Replace sdX with the driver leter you wish to wipe This will zero-out all bits on the disk
Random Wipe
Fedora: dd if=/dev/random of=/dev/sdX
Ubuntu/Debian Based dd if=/dev/random of=/dev/sdX
Replace sdX with the driver leter you wish to wipe This will zero-out all bits on the disk
FOG
FOG has a built-in utility that can do this as well. Be sure to use Normal Wipe as Fast Wipe only zeros out the first few sectors of a disk (Master Boot Record and Partition Table). A Full Wipe is not necessary to remove data from a disk. It is reserved for the most extreme cases.
DBAN
DBAN is another tool you could use to wipe a drive. It is available as a bootable ISO (or put on a USB drive if you wish[2]) and can wipe many drives at the same time. It supports all types of wipes. Either Zero, Random, 7 Pass, or even 35 Pass.
Here is an article on DBAN: DBAN (Darik's Boot and Nuke)
Single Image Machines
Install Windows
- Set the BIOS to your preferred SATA mode. Legacy and AHCI work very well. Intel (fake) RAID has caused problems.
- After wiping your hard drive, install Windows as normal on the machine you wish to make the image for.
- During installation, select Custom(Advanced) to open the disk partitioner and delete any existing partitions.
- Click Next to continue with Unallocated space. Do not manually create partitions unless absolutely necessary. Doing so may break FOG's ability to manage Windows.
Install Updates
Be sure to perform all updates. Windows often requires multiple reboots and visits to update.microsoft.com until everything reports as up-to-date. Note that Windows may attempt to push additional software through the update channel such as Windows Live and Silverlight. Decide what you want on your platform before accepting additional software. It is recommended you at least explore the custom updates section as many times there are updated drivers for your hardware.
Install Software
Any software that are constantly updated such as Adobe Products (reader/flash), Java or anything that has the possiblity of being out-of-date. Should be installed using other means AFTER the image is made. This will save space as well as keep security risk to a minimum. Execptions should be made for large applications or time-consuming software such as Microsoft Office Suite.
- Install any software that is necessary for client management.
- For example, install the FOG Service. Don't forget to place your customized version of hostnamechange.dll in the FOG programs folder.
- Install other enterprise tools you need such as SCCM or Atriris services.
Setup a Default Profile
In order to have the same settings for all new profiles on the machine such as desktop shortcuts you should setup a default profile. Note: The default profile is different from the all users profile. All Users are only for profiles already created. Any new profile will be generated by using the default profile.
Windows XP
- Create a new profile
- Setup the profile as you wish - Shortcuts/Desktop Image
- Log out of this profile and log in to the administrator profile.
- Copy the profile: Right-click My Computer > Properties > Advanced > User Profiles. Select the profile you edited and choose to Copy it to the Default Profile folder under Documents and Settings.
- Ensure permissions are correct: Under Permitted to use, click Change, click Everyone, and then click OK.
You may wish to see MS KB 168475 and MS KB 959753 for details.
Windows 7
This is handled by Sysprep. You can use the <CopyProfile>true</CopyProfile> in your unattend.xml file.
Remove Unnecessary Software/Files
It is recommended you remove any software that is not used. You can use a cleaner program such as ccleaner to remove unnecessary files. Other things you can remove to save image size space are:
- shrinking/turning off system restore.
- removing hotfix uninstaller folders
Firewall Exceptions
- Run these in Administrative Command Prompt(cmd) on the host to allow communication between the FOG Client Service installed on the Host and the FOG Server
- Past setups suggested disabling the firewall and is less secure
netsh advfirewall firewall add rule name="Fog Client" dir=in action=allow program="C:\Program Files\FOG\FOGService.exe" netsh advfirewall firewall add rule name="Fog Service" dir=in action=allow program="C:\Program Files\FOG\FOGServiceConfig.exe" netsh advfirewall firewall add rule name="Fog Tray" dir=in action=allow program="C:\Program Files\FOG\FOGTray.exe"
Before Running Sysprep
Make a Pre-Sysprep an Image
It is recommended that you make a system image using FOG BEFORE YOU SYSPREP! Sysprep does alot of changes, and takes a long time. It is useful to make an image of the drive the way it is now incase something happens during the sysprep process. It is also nice to have a pre-sysprep image available when it comes time to update the systems image. You can deploy the pre-sysprep image to the computer and then update windows or install new software etc. without having to redo this entire process!
Before Running Sysprep
Other steps to consider are:
- Run Chkdsk /f /p prior to imaging
- Defrag the drive
- Make sure 2gb of disk space is free or the NTFSresize will fail
- Make sure the FOG service is installed and properly configured
- Update your hostnamechange.dll file
- For *Windows 7 ONLY*: FOG Prep
- (Both of the above are available from your FOG server: FOG_Server_IP_or_Hostname/fog/client/)
- pasted from notes: (Some of these are best handled at the enterprise-level (Group Policy) rather than maintaining them on the image.)
Enable Admin account Set admin PW Disable UAC Disable Sidebar objects? My Computer, IE, Recycle Bin, Documents on Desktop Change Home page Delete Start Menu Items Run Media Player Disable System Restore Disable Hybernation - delete Hyberfile.sys disable Virtual Memory - delete pagefile.sys Firewall: Allow Fog Client Exceptions Disable Windows Defender Disable automatic updates Security Center - Warnings Disable Windows Welcome Screen Don't show this message - IT Information Bar Power Options HAL Drivers set correctly within Device Manager (Advanced Configuration and Power Interface (ACPI) Show "Run" and "Printers" in Start menu Windows Updates up-to-date Enable Remote Desktop Enable Remote Assistance Show Hidden Files Disable Hidden Files Remove/Delete other Windows Accounts Delete Recent Items Empty Recycle Bin Copy Creation Profile to Default profile Defrag Disk Clean up Chkdsk OS partition bcdedit /set {bootmgr} device boot bcdedit /set {default} device boot bcdedit /set {default} osdevice boot
- Set up "creation" profile exactly how user profiles will be.
- Select option to copy profile to Default profile during Sysprep
- Rather than enabling Admin account as described above, disable built-in Administrator account - create custom named Administrator account and Set password
Windows 7: Add NetDOM*
- As of FOG 0.28 this is no longer required.
Both: Download Sysprep - don't use included version
Run Sysprep
Windows XP
<content needed>
Windows 7
<content needed>
Dual boot Images
This part is referred to the installation of the master PC to be cloned, in the following working environment:
- Fog 0.32 - http://www.fogproject.org/
- The installation of the server has been accomplished using the official wiki infos
- The installation will be performed on Dell Optiplex 960
- The desired system is a dual boot
- Windows 7
- Ubuntu (12.04 alpha at the moment, final installation will be done on Ubuntu 12.04 LTS)
PC configuration
The needed partitions are:
- Windows 7 (about 100M)
- Windows 7 (the all system)
- linux swap
- linux home
The disk is partitioned in 4 primary partitions, the installation sequence is:
- Windows installation (Seven will setup 2 partition)
- Manual disk resizing/partitioning to add a swap and the linux partition (formatted as ext3)
- Ubuntu installation
NOTE: FOG use partimage, so the selected partition type must be compatible with partimage
Windows Seven
No particular modifications (i.e. see the relevant part on installing a standalone Windows 7)
Linux Ubuntu
The installation is a standard Linux installation, but the default grub is not supported (see also http://www.ehu.es/es/web/instalaciones/fogehu/-/wiki/main/conocimiento#Despliegue_de_im%C3%A1genes_con_Ubuntu_11.04), so we downgrade to grub-legacy:
apt-get install -y grub cp NEWmenu.lst /boot/grub/menu.lst cp ${DATA_DIR}/wallpaper-asid-640x480.xpm.gz /boot/grub/wallpaper-asid-640x480.xpm.gz grub-install /dev/sda
where the NEWmenu-lst is:
timeout 10 # Pretty colours color cyan/blue white/blue #splashimage splashimage=(hd0,3)/boot/grub/wallpaper.xpm.gz title GNU/Linux Ubuntu root (hd0,3) kernel /boot/vmlinuz-3.2.0-14-generic-pae root=/dev/sda4 ro quiet splash initrd /boot/initrd.img-3.2.0-14-generic-pae title Windows 7 rootnoverify (hd0,0) chainloader (hd0,0)+1 quiet savedefault boot
The partition naming and kernel filenames are related to a particular installation: you need to check them. Here we setup a custom grub wallpaper: it is an XPM image, 640x480, 14 colors.
Image Capture
The image capture needs to be set as:
- Single disk, multiple partitions
- OStype Linux
The option Single disk, multiple partition will manage to capture/deploy all the partition of the disk. The OStype setted to Linux will copy a 32256 bytes MBR.
NOTE: setting a Windows 7 OStype, will clone a 512 bytes MBR: at the boot the system will show the string GRUB and then will hang!
With this configuration, after the image capture, in the directory /images of the fog server there should be a directory with the name selected for the image containing:
- d1.mbr (the MBR: should be 32256 bytes)
- d1p1.img
- d1p2.img
- d1p4.img
there are 1 file for partition, with the exception of the swap partition.
Hardware-Independent Images
Making a Hardware Independent Image, is very similar to making a Single Machine Image with a few very important differences.
Understanding HAL
HAL (Hardware Abstraction Layer) is very similar to the Kernel in *nix systems.
Windows XP and HAL
Not using the correct HAL will lead to a BSOD on your computers or give you a huge performance hit. Luckly you can tell Windows XP (via sysprep) to update the HAL on the fly.
Windows XP typically uses one of 3 HAL types.
- Advanced Configuration and Power Interface (ACPI)
- ACPI Uniprocessor PC
- ACPI Multiprocessor
Updating HAL with Sysprep.inf
You can update the HAL dynamically by adding this to your Sysprep.inf under the [unattended] section
UpdateUPHAL = “ACPIAPIC_UP,%WINDIR%\Inf\Hal.inf” UpdateUPHAL = “ACPIPIC_UP,%WINDIR%\Inf\Hal.inf” UpdateUPHAL = “MPS_UP,%WINDIR%\Inf\Hal.inf”
As a General rule it is best to create your image using a machine (or virtual machine) using a single processor (ACPI Uniprocessor PC). Using a Muti-core processor might yield unexpected results even when using the UpdateUPHAL lines in the sysprep.inf file.
Windows Vista,7 and Beyond
As of Windows Vista you don't need to worry about HAL's due to the /generalize switch. When you use this switch with sysprep Windows will automatically take care of updating the HAL during the sysprep process!
Install Wipe / Install / Setup
At this point you should: For help with these steps refer to the Single Image Directions above.
- Wipe The Hard Drive
- Install Windows
- Install Large Software Packages
- Install other Enterprise software (such as FOG Client)
- Install Windows Updates
- Setup Default Profile
- Remove Unnecessary Software/Files
Changing the IDE Controller to Standard
Windows XP Only If using Windows 7 you can skip this step. To help make the image more compliant to other hardware, you should change the IDE controller to the standard driver included with Windows XP. To do this:
- Open Computer Management (right click My Computer Select Manage)
- Locate the IDE ATA/ATAPI Controllers
- Expand
- Right Click on the IDE Controller
- Select Update Driver
- If asked to search online select No, not this time.
- Select install from a list or specific location (advanced)
- Select Don't Search, I will choose the driver to install
- Make sure "Show Compatible Hardware" is checked
- Select the Standard Dual Channel PCI IDE CONTROLLER
- Next
- Finish
- Reboot
This will allow Windows to boot on the target machines, then the new hardware wizard will take over and detect the correct controller card for that machine.
Loading Drivers
Mass Storage Drivers
To make a truly hardware independent image it is recommended you load all the mass storage drivers in your image. To include every mass storage driver needed for any machine you could use driver packs.
Other Drivers
You should also include all other drivers for all your other machines. These drivers should include VGA Drivers, Network Drivers, Sound Drivers and any other drivers you might need for those systems.
Before You Sysprep
Make a Pre-Sysprep an Image
It is recommended that you make a system image using FOG BEFORE YOU SYSPREP! Sysprep does alot of changes, and takes a long time. It is useful to make an image of the drive the way it is now incase something happens during the sysprep process. It is also nice to have a pre-sysprep image available when it comes time to update the systems image. You can deploy the pre-sysprep image to the computer and then update windows or install new software etc. without having to redo this entire process!
Run Sysprep
Windows XP Sysprep Guides
Vernalex Sysprep Guides offer some great advice on this subject. You should pay particular attention to the mass storage devices part of the guide as this is crucial to makeing the image work with your hardware. It is recommended to build the mass storage section before running sysprep.
You should also read Microsoft KB Article 302577 on sysprep
Windows XP
Run Sysprep.exe and tick mini-setup and detect plug and play hardware. Click Reseal.
Windows 7
<content needed>
Take a Post-Sysprep Image
TEST THIS IMAGE Before use in a production environment. Your first try might not work, you might be missing drivers that you will have to add. This is why it is recommended to make a Pre-Sysprep Image. It might take a few trys before all the drivers needed are loaded. When all is done right, it's worth the time as you will have an image that works on ANY HARDWARE!
If the image works fine on one type of computer, try others to make sure its truely hardware independant. If it works well, this is the image you should use when deploying to your target machines.