Application Delivery Management
Application Modernization & Connectivity
IT Operations Management
CyberRes
ZENworks Universal Image – from base image to deployment
This article describes our imaging method, from creating the base/universal image to adding driver images and machine specific changes, then creating imaging scripts that will figure out which piece of hardware the image is being restored to and apply the correct imaging files. While this is one way to do it, it is by no means the only way. This is what’s worked for us and I hope it will help someone else out there.
We wanted the base image to be as lean as possible, and use scripting to add any drivers or applications required. Below is an overview of how it should work.
As we are a multi-site company we have to also take into account changes required for each site – these are things like Novell client properties, ZENworks server address, NTP servers and Symantec antivirus groups.
PC type
During the initial XP Setup, press the F5 key when Setup asks you to press F6 for adding mass storage drivers. This is where you specify the HAL to be installed. I chose "Advanced Configuration and Power Interface (ACPI) PC".
HDD size
Handy Hint
Microsoft Best Practices for image deployment suggest that you should use the smallest possible partition size. This will keep the size of the image file reduced and will allow you to deploy the image to machines with smaller hard drives then the original.
Recommended Settings:
Choose to use a 6030MB disk (because it gave me a little breathing room!)
Regional options
Change all regional/keyboard options to English (New Zealand). Remove English (US).
Personalize your Software
Name = a name
Organisation = Company name
Computer name and administrator password
Computer name = COMPANY-IMAGE
No admin password set
Date and Time
Timezone = GMT 12 (Auckland, Wellington)
Automatically adjust clock for daylight savings = ticked
Network settings
Typical settings
Left the default "Workgroup"
Pre-login screens
Turned off windows update
Did not register Windows
User account creation
At the end of the OS install, Windows will prompt you to create a user account for the computer. I created one called "DELETEME" to remind me to delete it before imaging. (see further down)
Post-OS install configuration
Configure login screen
When the installation of the OS has completed successfully and you've booted into Windows, open up the Windows Control Panel and select "User Accounts".
Remove un-needed programs
Start > Control Panel
Run Windows Update
Browse to http://update.microsoft.com and fully update, including a "Custom" update and update these components:
Component
.NET framwork 3.5 SP1
Group Policy preference client side extensions for Windows XP
Root Certificate update
Windows Media Player 11
Microsoft .NET framework 1.1
Configure desktop
Browser | |||
Home page | http://home.niwa.co.nz | ||
Proxy settings | server | proxy.address.co.nz:80 | |
By-pass proxy server for local addresses | TICKED | ||
Advanced | Use the same proxy for all protocols | proxy.address.co.nz:80 | |
Exceptions | Any exceptions |
Windows Explorer settings | |||
View | Status bar | ||
View |
Details | ||
Tools | Folder Options | General tab | Use windows classic folders |
Open each folder in the same window | |||
Double-click to open an item (single click to select) | |||
View tab | Defaults, except: | ||
Untick 'Display simple folder view in Explorer's folder list | |||
Show hidden files and folders | |||
Display the full path in the title bar | |||
Untick 'Hide extensions for known file types' | |||
Untick 'use simple file sharing |
Taskbar and start menu Properties | |||
Taskbar tab | Untick | Lock the taskbar | |
Autohide the taskbar | |||
Hide inactive icons | |||
Tick | Keep the taskbar on top of other windows | ||
Group similar | |||
taskbar icons | |||
Show quick launch | Show the clock | ||
Start menu | Customize | General tab | Large icons |
Number of programs on start menu = 10 | |||
Show IE on start menu, not Email client | |||
Advanced tab | Tick open submenus when I pause over them with my mouse | ||
Untick highlight newly installed programs | |||
List my most recently opened documents |
Start menu items | |||
Control panel as a link Enable drag and dropping Favourites menu Help and support My computer as a link Don't display My Documents Don't display My Music My Network Places Don't display My Pictures Don't display Network Connections Printers and faxes Run command Search Untick Set Program access and defaults Don't display System Administrative Tools |
Quicklaunch icons | |||
Internet Explorer Show desktop Windows Explorer |
Desktop Properties | |||
(ie right-click desktop -> Properties) | |||
Themes | Theme | Windows classic | |
Desktop | Background | none | |
Customise desktop | General Desktop icons | My Computer, My Network Places, Internet Explorer | |
Untick Run desktop cleanup wizard every 60 days | |||
Screen saver | Windows XP screensaver | ||
Wait 10min, tick on resume password protect |
Note: monitor power see power options section below
Control Panel | |||
Power options | (ie Control Panel -> Power Options) | ||
Turn off monitor 30 min | |||
Turn off harddisks 45min |
Power scheme saved as "Company Standard"
Security Center | |||
Change the way security center notifies me | Untick all options |
Windows Firewall | |||
Turn off |
System | |||
Advanced tab | Performance Settings | Adjust for best performance | |
Virtual memory | Change | Custom size: 2048min, 2048max |
Regional and language options | |||
Standards and formats: English | |||
(New Zealand) | |||
Location | New Zealand | ||
Advanced tab | Language for non-unicode programs | English (New Zealand) |
Configure IE search box
Run IE7 (first time after updates above). Chose to change the default search provider and change to Google.
Command prompt
Start > All Programs > Command prompt
Windows Explorer
Repeate for the icon in Start > All Programs
Windows Media Player
Run Windows Media Player, accept all defaults and finish wizard.
Hide My Documents folder between users
Set My Documents to private
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}]
@=""
Configure NTP server
Start > Control Panel
Internet Time tab
Tick "Automatically synchronize with an Internet Time server"
Server = ntp1.server.co.nz
Remove hotfix backups
From \\niwa-bacon\archive\itsupp\setup\winxp\Remove hotfix uninstall information\
copied to niwa-image and ran xp_remove_hotfix_backup.exe
Removed all backup information
Recycle bin
Right-click > Empty
Copy the Administrator profile to Default User
Reboot the computer
Logon to the computer with the username "Deleteme" which was created as part of the Windows setup.
Open "My Computer"
Click on the Windows Start Menu
We will now delete the user profile for "DeleteMe" as follows
Sysprep
Pre-sysprep image
At this point create a pre-sysprep image called basexpB4sp.zmg
Boot from CD (download latest imaging drivers/CD from http://download.novell.com)
Configure sysprep
mp.inf, up.inf are exactly the same except for this line:
up.inf
UpdateHAL=ACPIAPIC_UP,%WINDIR%\inf\hal.inf
mp.inf
UpdateHAL=ACPIAPIC_MP,%WINDIR%\inf\hal.inf
inside mysysprep.inf I have these lines:
GenuineIntel.MP=mp.inf
GenuineIntel.UP=up.inf
AuthenticAMD.MP=mp.inf
AuthenticAMD.UP=up.inf
which mean when mysysprep starts on first boot it detects which type of processor is running and assigns the correct .inf file, which in turn installs the correct hal.
The sysprep.inf already has the masstoragedevices section built, but if you want to rebuild it, in sysprep.inf add these lines to the bottom of the file.
[sysprep]
BuildMassStorageSection=Yes
Then from a command prompt run:
C:\sysprep\sysprep.exe -BMSD
However remember that I have added some new Intel mass storage devices drivers manually - these are located here in the image:
c:\sysprep\drivers\mass
and in sysprep.inf
[SysprepMassStorage]
..
..
PCI\VEN_8086&DEV_2681&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_27C1&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_27C5&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2821&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2829&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2922&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2929&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_3A02&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_3A22&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2682&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_27C3&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_27C6&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_2822&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_282A&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
Remove drivers
Start > Control Panel > System > Hardware tab > Device Manager.
Uninstall the below, select no to any reboot requests.
Run sysprep
I then ran mysysprep.exe and chose:
Post-sysprep image
Created a post-sysprep image called base.zmg
Booted from CD (downloaded latest imaging drivers/CD from http://download.novell.com)
We created a folder ‘drivers’ below the root of our imaging directory to hold all our driver images. Each .zmg file populates the directories below:
\Sysprep\Drivers\
\audio
\chipset
\intelinf
\misc1
\misc2
\misc3
\misc4
\modem
\monitor
\mouse
\nic1
\nic2
\nic3
\scsi
\video
specific to each model of machine, which is found during imaging. See further down for how.
drivers/monitor.zmg Adds ALL drivers for monitors we have to \sysprep\drivers\monitor, that way sysprep can decide which driver to install.
This adds (to C:\temp) the below applications.
These are installed via a runonce.bat file that runs the first time the machine boots after the image is put down. Runonce.bat also calls machine_specific.bat (see step 6). Here’s what the runonce.bat looks like:
REM install Novell Client
start "novell" /wait "%systemdrive%\Temp\491sp4\acu.exe" /U
REM install ZENworks 7 agent
start "zenworks" /wait "%windir%\system32\msiexec.exe" /i "%systemdrive%\ZfDAgent.msi" /qb ADDLOCAL=ALL LOGIN_PASSIVE_MODE=0 STARTUP_APPEXPLORER=1 ZENWORKS_TREE=TREENAME REBOOT=ReallySuppress
REM install Symantec Antivirus (GRC.DAT populated from site\<site>.zmg)
start "sav" /wait "%windir%\system32\msiexec.exe" /i "%systemdrive%\Temp\sav\Symantec AntiVirus.msi" /qb REBOOT=ReallySuppress
REM import novell client properties (file updated by site\<site>.zmg)
reg import "%systemdrive%\Temp\novell_client_properties.reg"
REM import zenworks middle-tier server address (file updated by site\<site>.zmg)
reg import "%systemdrive%\Temp\zenworks.reg"
REM import time server settings (file updated by site\<site>.zmg)
reg import "%systemdrive%\Temp\time.reg"
REM any machine-specific installs to do?
CALL "%systemdrive%\machine_specific.bat"
REM Clean-up
rmdir /S /Q "%systemdrive%\Temp\491sp4"
rmdir /S /Q "%systemdrive%\Temp\sav"
del /Q "%systemdrive%\ZfDAgent.msi"
del /Q "%systemdrive%\Temp\novell_client_properties.reg"
del /Q "%systemdrive%\Temp\zenworks.reg"
del /Q "%systemdrive%\Temp\time.reg"
REM reboot the system
"%windir%\system32\shutdown.exe" -r -t 05 -fREM reboot the system
"%windir%\system32\shutdown.exe" -r -t 05 –f
The registry files that are imported in the above batch file are put in place in the next step.
site/<site>.zmg
Used to edit settings/files on a per-site basis:
This adds files/installs specific to each model of machine (if required). This applies to notebooks usually. The .zmg also adds a machine_specific.bat to %systemroot%, which then gets called during runonce.bat on first boot. An example .zmg for one of our HP Compaq 6930p laptops puts these folders on the PC:
Temp\ati_video
Temp\hp_bluetooth
Temp\quicklaunch
And the machine_specific.bat looks like this:
REM ATI Catalyst Control Center
start "dotnet" /wait "%systemdrive%\Temp\ati_video\NET32\dotnetfx.exe" /q:a /c:"install.exe /q"
start "ati" /wait "%systemdrive%\Temp\ati_video\CCC\setup.exe" /S /V"/qb REBOOT=ReallySuppress"
REM HP Integrated module (Bluetooth stack)
start "bt" /wait "%windir%\system32\msiexec.exe" /i "%systemdrive%\Temp\hp_bluetooth\Win32\BTW.msi" TRANSFORMS="%systemdrive%\Temp\hp_bluetooth\Win32\1033.mst" ALLUSERS=2 /qn
REM HP Quicklaunch buttons
start "hpqlb" /wait "%systemdrive%\Temp\quicklaunch\setup.exe" /s /f1"%systemdrive%\Temp\quicklaunch\setup.iss"
REM cleanup
rmdir /S /Q "%systemdrive%\temp\ati_video"
rmdir /S /Q "%systemdrive%\temp\hp_bluetooth"
rmdir /S /Q "%systemdrive%\temp\quicklaunch"
Sysprep
Sysprep, or System Preparation Utility can be used to prepare an operating system for disk cloning and restoration via a disk image. It can be extracted from the WinXP CD under Support/Tools/deploy.cab.
Once extracted I ran setupmgr.exe and created a fully automated install (see below "mysysprep" for more information about this).
Mysysprep
HAL selection
Sysprep cannot intelligently select the right hardware abstraction layer (HAL) during first boot (after imaging), mysysprep can do just that. Mysysprep detects which type of processor is installed (Intel, AMD, single-core, multi-core) and applies the correct HAL.
i.e. in mysysprep.inf are these lines:
GenuineIntel.MP=mp.inf
GenuineIntel.UP=up.inf
AuthenticAMD.MP=mp.inf
AuthenticAMD.UP=up.inf
If the vendor ID is GenuineIntel and the logical processor count is greater than 1, The answer file mp.inf will be merged to Sysprep.inf. If the logical processor count is 1, the answer file up.inf will be merged.
Intel processors have the vendor ID: GenuineIntel, while AMD processors have AuthenticAMD
up.inf and mp.inf are exactly the same, except for this line
up.inf
UpdateHAL=ACPIAPIC_UP,%WINDIR%\inf\hal.inf
mp.inf
UpdateHAL=ACPIAPIC_MP,%WINDIR%\inf\hal.inf
PC naming
Mysysprep also allows us to name the PC from the BIOS asset tag information. By adding the below to to the sysprep.inf (as well as up.inf and mp.inf) we can have a fully automated install of WinXP that also names the PC as per standard naming conventions.
[UserData]
ComputerName="%AssetTag%"
Editing the PXE menu
go here: \\servername\sys\tftp
Run MEDITOR.exe
Open your menu – if you’ve never edited it it’ll be DEFMENU.MNU
Add a new item “Restore WinXP image”
Put any heading, information and help screens you want
In the command box put:
loadlin.dnx cmds\z_xpimage.cmd
Save the file
Now go to \\servername\sys\tftp\cmds
Here’s what our z_xpimage.cmd looks like:
KERNEL boot/linux
APPEND initrd=boot/initrd vga=0x314 install=tftp://$TFTPIP/boot rootimage=/root PROXYADDR=IP_ADDRESS_OF_SERVER TFTPIP=$TFTPIP splash=silent PXEBOOT=YES mode=2 IMGCMD="runScript.s /bin/xp_image.s"
Editing initrd
copy \\servername\sys\tfp\boot to a temporary directory on a linux machine
mkdir /home/baarsd/boot
cd /home/baarsd/boot
Extract initrd...
mv initrd initrd.gz
gunzip initrd.gz
mkdir work
cd work
cpio -idmuv < ../initrd >/dev/null 2>&1
Now we have initrd extracted to /home/baarsd/boot/work.
From here we can e.g. add script files to /bin - make sure you make the rights the same as the other files in that directory.
chmod 755 xp_image.s
Note: xp_image.s is explained below
Re-create the initrd
cd /home/baarsd/boot/work
find . | cpio --quiet -o -H newc > ../initrd
cd ..
gzip -v9c initrd > initrd.gz
mv initrd.gz initrd
You can then copy the file back to your Zenworks server.
Site selection
Initially we need to detect where the PC is and what ZENworks server to use - e.g.
# Wellington
if [ $PROXYADDR = "192.168.10.1" ]
then
site_path="//$PROXYADDR/arena/zenimages/ "
fi
This sets the site_path variable so the script knows where to look for images.
Base image
With the site found, we can restore the base image.
# Clear the image safe data
zisedit -c
# install the image
img rp $PROXYADDR $site_path/base.zmg
Which also clears the image safe data prior to imaging.
Drivers and machine-specific software
From the imaging command prompt you can do this:
hwinfo --bios
Which gives you information from and about the BIOS of the PC you run it on...so expanding on that:
hwinfo --bios | grep 'Product:'
gives us 3 results (on the dc7800 I tried it on anyway) ... one of which is the model name of the PC
hwinfo --bios | grep 'Product:'
gives
Product: "HP Compaq dc7800 Small Form Factor"
Product: "0AA8h"
so....in a script we can do this
if [ `hwinfo --bios | grep -ic 'Product: "HP Compaq dc7800 Small Form Factor"' = "1"` ]
img rp $PROXYADDR drivers/dc7800.zmg
fi
So with that information we can restore the base.zmg (initial image) then put the drivers specific to that hardware on the PC.
Using the same hardware detection we can expand that to include the restore of the machine-specific software - e.g.
#
# HP 550
#
if [ 'hwinfo --bios | grep -ic "HP 550"' = "1" ]
then
img rp $PROXYADDR $site_path/drivers/550.zmg
img rp $PROXYADDR $site_path/machine-specific/550.zmg
fi
Monitor drivers
img rp $PROXYADDR $site_path/drivers/monitor.zmg
Application images
# add applications to run post-image (ie during first login)
img rp $PROXYADDR $site_path/applications.zmg
Site specific changes
# site specific changes required
# Auckland
if [ $PROXYADDR = "192.168.12.3" ]
then
img rp $PROXYADDR $site_path/site/auckland.zmg
fi
The above script then obviously gets put in the initrd as explained in step 8.