ZENworks Universal Image – from base image to deployment

This article describes our imaging method, from creating the base/universal image to adding driver images and machine specific changes, then creating imaging scripts that will figure out which piece of hardware the image is being restored to and apply the correct imaging files. While this is one way to do it, it is by no means the only way. This is what’s worked for us and I hope it will help someone else out there.

Step one: deployment design

We wanted the base image to be as lean as possible, and use scripting to add any drivers or applications required. Below is an overview of how it should work.

Click to view.

As we are a multi-site company we have to also take into account changes required for each site – these are things like Novell client properties, ZENworks server address, NTP servers and Symantec antivirus groups.

Step two: create the base image

PC type

During the initial XP Setup, press the F5 key when Setup asks you to press F6 for adding mass storage drivers. This is where you specify the HAL to be installed. I chose "Advanced Configuration and Power Interface (ACPI) PC".

HDD size

Handy Hint

Microsoft Best Practices for image deployment suggest that you should use the smallest possible partition size. This will keep the size of the image file reduced and will allow you to deploy the image to machines with smaller hard drives then the original.

Recommended Settings:

• • Base Windows XP with SP3
    
    Create a C:\ partition that is 4030MB in size

• • Base Windows XP with SP3 OS Office
    
    Create a C:\ partition that is 6030MB in size

Choose to use a 6030MB disk (because it gave me a little breathing room!)

Regional options

Change all regional/keyboard options to English (New Zealand). Remove English (US).

Personalize your Software

Name = a name

Organisation = Company name

Computer name and administrator password

Computer name = COMPANY-IMAGE

No admin password set

Date and Time

Timezone = GMT 12 (Auckland, Wellington)

Automatically adjust clock for daylight savings = ticked

Network settings

Typical settings

Left the default "Workgroup"

Pre-login screens

Turned off windows update

Did not register Windows

User account creation

At the end of the OS install, Windows will prompt you to create a user account for the computer. I created one called "DELETEME" to remind me to delete it before imaging. (see further down)

Post-OS install configuration

Configure login screen

When the installation of the OS has completed successfully and you've booted into Windows, open up the Windows Control Panel and select "User Accounts".

1. 1. Select "Change the way users log on or off"

1. 1. Uncheck "Use the Welcome screen"

1. 1. Uncheck "Use Fast User Switching"

1. 1. Click "Apply Options"

1. 1. Log off of the computer.

1. 1. Login as Administrator

Remove un-needed programs

Start > Control Panel

• • Add or Remove Programs

• • Add/Remove Windows Components

• • Accessories & Utilities > Games

• • MSN Explorer

• • Network Services

• • Windows Messenger

Run Windows Update

Browse to http://update.microsoft.com and fully update, including a "Custom" update and update these components:

Component

.NET framwork 3.5 SP1

Group Policy preference client side extensions for Windows XP

Root Certificate update

Windows Media Player 11

Microsoft .NET framework 1.1

Configure desktop

• • Moved Windows Explorer shortcut from Start > All Programs > Accessories to Start > All Programs

• • Moved Command Prompt shortcut from Start > All Programs > Accessories to Start > All Programs

• • Deleted Windows Movie Maker from Start > All Programs

• • Deleted Remote Assistance from Start > All Programs

• • Deleted Set Program Access and Defaults from Start > All Programs

• • Deleted Remote Assistance from Start > All Programs

• • Deleted Windows Catalog from Start > All Programs

• • Deleted Windows Update from Start > All Programs

• • Removed File and Settings Transfer Wizard from the Start Menu

• • Removed Tour Windows XP from the Start Menu

Note: monitor power see power options section below

Power scheme saved as "Company Standard"

Configure IE search box

Run IE7 (first time after updates above). Chose to change the default search provider and change to Google.

Command prompt

Start > All Programs > Command prompt

• • Menu > Defaults > Tick Quick Edit Mode

Windows Explorer

• • Right-click the Windows explorer icon on the quicklaunch bar

• • Properties

• • Shortcut tab

• • In the 'target' paste the below in
    %SystemRoot%\explorer.exe /e

Repeate for the icon in Start > All Programs

Windows Media Player

Run Windows Media Player, accept all defaults and finish wizard.

Hide My Documents folder between users

Set My Documents to private

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}]
@=""

Configure NTP server

Start > Control Panel

Internet Time tab

Tick "Automatically synchronize with an Internet Time server"

Server = ntp1.server.co.nz

Remove hotfix backups

From \\niwa-bacon\archive\itsupp\setup\winxp\Remove hotfix uninstall information\

copied to niwa-image and ran xp_remove_hotfix_backup.exe

Removed all backup information

Recycle bin

Right-click > Empty

Copy the Administrator profile to Default User

Reboot the computer

Logon to the computer with the username "Deleteme" which was created as part of the Windows setup.

Open "My Computer"

1. 1. Choose "Tools"

1. 1. Choose "Folder Options"

1. 1. Choose the tab "View"

1. 1. Put a check in the box "Show hidden files and folders"

1. 1. Click "Apply to All Folders"

1. 1. Click OK

1. 1. Close "My Computer"

Click on the Windows Start Menu

1. 1. Right-Click on "My Computer"

1. 1. Chose Properties

1. 1. Choose the tab "Advanced"

1. 1. Under the User Profiles section choose "Settings"

1. 1. Single-click on the Administrator's profile and choose "Copy To"

1. 1. Select Browse, and browse to the folder:
      
      "C:\Documents and Settings\default user"

1. 1. Under the "Permitted to use option click "Change"

1. 1. Type in "Everyone"

1. 1. Click OK

1. 1. Click OK to copy the profile

1. 1. When this has completed reboot and login to the computer with the username "Administrator"

We will now delete the user profile for "DeleteMe" as follows

1. 1. Right-click on "My Computer"

1. 1. Choose "Manage"

1. 1. Expand "Local Users and Groups"

1. 1. Delete the username "DeleteMe"

1. 1. Close the MMC

1. 1. Open Windows Explorer

1. 1. Delete the folder "C:\Documents and Settings\DeleteMe" which is the default user profile that was created.

1. 1. Empty the Windows Recycle Bin

Sysprep

Pre-sysprep image

At this point create a pre-sysprep image called basexpB4sp.zmg

Boot from CD (download latest imaging drivers/CD from http://download.novell.com)

• • img

• • File > Make image > Server

• • Server = IPaddressofserver

• • Filename = //IPaddressofserver/path/basexpb4sp.zmg

Configure sysprep

• • From the Windows XP Sp3 CD, extract the Deploy.cab file located in the Support\Tools folder to C:\sysprep

• • Download, extract and copy mysysprep to C:\sysprep

• • Copy and edit the sysprep.inf, from previous images (there are far too many sysprep options to list here, see the sysprep section later on for some explanation of what we do)

mp.inf, up.inf are exactly the same except for this line:

up.inf

UpdateHAL=ACPIAPIC_UP,%WINDIR%\inf\hal.inf

mp.inf

UpdateHAL=ACPIAPIC_MP,%WINDIR%\inf\hal.inf

inside mysysprep.inf I have these lines:

GenuineIntel.MP=mp.inf

GenuineIntel.UP=up.inf

AuthenticAMD.MP=mp.inf

AuthenticAMD.UP=up.inf

which mean when mysysprep starts on first boot it detects which type of processor is running and assigns the correct .inf file, which in turn installs the correct hal.

The sysprep.inf already has the masstoragedevices section built, but if you want to rebuild it, in sysprep.inf add these lines to the bottom of the file.

[sysprep]
BuildMassStorageSection=Yes

Then from a command prompt run:

C:\sysprep\sysprep.exe -BMSD

However remember that I have added some new Intel mass storage devices drivers manually - these are located here in the image:

c:\sysprep\drivers\mass

and in sysprep.inf

[SysprepMassStorage]
..
..
PCI\VEN_8086&DEV_2681&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_27C1&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_27C5&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2821&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2829&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2922&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2929&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_3A02&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_3A22&CC_0106="C:\sysprep\Drivers\mass\iaAHCI.inf"
PCI\VEN_8086&DEV_2682&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_27C3&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_27C6&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_2822&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"
PCI\VEN_8086&DEV_282A&CC_0104="C:\sysprep\Drivers\mass\iaStor.inf"

Remove drivers

Start > Control Panel > System > Hardware tab > Device Manager.

Uninstall the below, select no to any reboot requests.

• • Disk drives

• • DVD/CD-ROM drives

• • Floppy disk controllers

• • IDE ATA/ATAPI controllers

• • Monitors

• • Network adapters

• • Ports (COM & LPT)

• • Processors

• • ALL "unknown" devices

Run sysprep

I then ran mysysprep.exe and chose:

• • Use mini-setup

• • Detect non-plug and play hardware

• • Shutdown PC
    Reseal

Post-sysprep image

Created a post-sysprep image called base.zmg

Booted from CD (downloaded latest imaging drivers/CD from http://download.novell.com)

• • img

• • File > Make image > Server

• • Server = IPaddressofserver

• • Filename = //IPaddressofserver/path/base.zmg

Step three: drivers.zmg and monitor.zmg

We created a folder ‘drivers’ below the root of our imaging directory to hold all our driver images. Each .zmg file populates the directories below:

\Sysprep\Drivers\
\audio
\chipset
\intelinf
\misc1
\misc2
\misc3
\misc4
\modem
\monitor
\mouse
\nic1
\nic2
\nic3
\scsi
\video

specific to each model of machine, which is found during imaging. See further down for how.

drivers/monitor.zmg Adds ALL drivers for monitors we have to \sysprep\drivers\monitor, that way sysprep can decide which driver to install.

Step four: applications.zmg

This adds (to C:\temp) the below applications.

1. 1. Novell Client v4.91SP4

1. 1. ZENworks agent v7sp1hp6

1. 1. Symantec Antivirus 10.1.6

These are installed via a runonce.bat file that runs the first time the machine boots after the image is put down. Runonce.bat also calls machine_specific.bat (see step 6). Here’s what the runonce.bat looks like:

REM install Novell Client
start "novell" /wait "%systemdrive%\Temp\491sp4\acu.exe" /U

REM install ZENworks 7 agent
start "zenworks" /wait "%windir%\system32\msiexec.exe" /i "%systemdrive%\ZfDAgent.msi" /qb ADDLOCAL=ALL LOGIN_PASSIVE_MODE=0 STARTUP_APPEXPLORER=1 ZENWORKS_TREE=TREENAME REBOOT=ReallySuppress

REM install Symantec Antivirus (GRC.DAT populated from site\<site>.zmg)
start "sav" /wait "%windir%\system32\msiexec.exe" /i "%systemdrive%\Temp\sav\Symantec AntiVirus.msi" /qb REBOOT=ReallySuppress 

REM import novell client properties (file updated by site\<site>.zmg)
reg import "%systemdrive%\Temp\novell_client_properties.reg"

REM import zenworks middle-tier server address (file updated by site\<site>.zmg)
reg import "%systemdrive%\Temp\zenworks.reg"

REM import time server settings (file updated by site\<site>.zmg)
reg import "%systemdrive%\Temp\time.reg"

REM any machine-specific installs to do?
CALL "%systemdrive%\machine_specific.bat"

REM Clean-up
rmdir /S /Q "%systemdrive%\Temp\491sp4"
rmdir /S /Q "%systemdrive%\Temp\sav"
del /Q "%systemdrive%\ZfDAgent.msi"
del /Q "%systemdrive%\Temp\novell_client_properties.reg"
del /Q "%systemdrive%\Temp\zenworks.reg"
del /Q "%systemdrive%\Temp\time.reg"

REM reboot the system
"%windir%\system32\shutdown.exe" -r -t 05 -fREM reboot the system
"%windir%\system32\shutdown.exe" -r -t 05 –f

The registry files that are imported in the above batch file are put in place in the next step.

Step five: site specific changes

site/<site>.zmg

Used to edit settings/files on a per-site basis:

1. 1. Symantec GRC.dat -
      
      copy the correct GRC.dat file into C:\temp\SAV\ so that SAV imports into the right group

1. 1. novell_client_properties.reg
      
      This is imported during the runonce.bat (added in the 'applications.zmg' above) and configures the Novell client for the specific site of that machine.

1. 1. zenworks.reg
      
      add a registry key to set the local ZENworks server

1. 1. time.reg
      
      add a registry key to set the local time server(s) up

Step six: machine-specific/<model>.zmg

This adds files/installs specific to each model of machine (if required). This applies to notebooks usually. The .zmg also adds a machine_specific.bat to %systemroot%, which then gets called during runonce.bat on first boot. An example .zmg for one of our HP Compaq 6930p laptops puts these folders on the PC:

Temp\ati_video

Temp\hp_bluetooth

Temp\quicklaunch

And the machine_specific.bat looks like this:

REM ATI Catalyst Control Center
start "dotnet" /wait "%systemdrive%\Temp\ati_video\NET32\dotnetfx.exe" /q:a /c:"install.exe /q"
start "ati" /wait "%systemdrive%\Temp\ati_video\CCC\setup.exe" /S /V"/qb REBOOT=ReallySuppress"

REM HP Integrated module (Bluetooth stack)
start "bt" /wait "%windir%\system32\msiexec.exe" /i "%systemdrive%\Temp\hp_bluetooth\Win32\BTW.msi" TRANSFORMS="%systemdrive%\Temp\hp_bluetooth\Win32\1033.mst" ALLUSERS=2 /qn

REM HP Quicklaunch buttons
start "hpqlb" /wait "%systemdrive%\Temp\quicklaunch\setup.exe" /s /f1"%systemdrive%\Temp\quicklaunch\setup.iss"

REM cleanup
rmdir /S /Q "%systemdrive%\temp\ati_video"
rmdir /S /Q "%systemdrive%\temp\hp_bluetooth"
rmdir /S /Q "%systemdrive%\temp\quicklaunch"

Step seven: sysprep.inf and "mysysprep"

Sysprep

Sysprep, or System Preparation Utility can be used to prepare an operating system for disk cloning and restoration via a disk image. It can be extracted from the WinXP CD under Support/Tools/deploy.cab.

Once extracted I ran setupmgr.exe and created a fully automated install (see below "mysysprep" for more information about this).

Mysysprep

HAL selection

Sysprep cannot intelligently select the right hardware abstraction layer (HAL) during first boot (after imaging), mysysprep can do just that. Mysysprep detects which type of processor is installed (Intel, AMD, single-core, multi-core) and applies the correct HAL.

i.e. in mysysprep.inf are these lines:

GenuineIntel.MP=mp.inf

GenuineIntel.UP=up.inf

AuthenticAMD.MP=mp.inf

AuthenticAMD.UP=up.inf

If the vendor ID is GenuineIntel and the logical processor count is greater than 1, The answer file mp.inf will be merged to Sysprep.inf. If the logical processor count is 1, the answer file up.inf will be merged.

Intel processors have the vendor ID: GenuineIntel, while AMD processors have AuthenticAMD

up.inf and mp.inf are exactly the same, except for this line

up.inf

UpdateHAL=ACPIAPIC_UP,%WINDIR%\inf\hal.inf

mp.inf

UpdateHAL=ACPIAPIC_MP,%WINDIR%\inf\hal.inf

PC naming

Mysysprep also allows us to name the PC from the BIOS asset tag information. By adding the below to to the sysprep.inf (as well as up.inf and mp.inf) we can have a fully automated install of WinXP that also names the PC as per standard naming conventions.

[UserData]
    ComputerName="%AssetTag%"
	
	

Step eight: Editing the initrd and PXE menu

Editing the PXE menu

go here: \\servername\sys\tftp

Run MEDITOR.exe

Open your menu – if you’ve never edited it it’ll be DEFMENU.MNU

Add a new item “Restore WinXP image”

Put any heading, information and help screens you want

In the command box put:

loadlin.dnx cmds\z_xpimage.cmd

Save the file

Now go to \\servername\sys\tftp\cmds

Here’s what our z_xpimage.cmd looks like:

KERNEL boot/linux
APPEND initrd=boot/initrd vga=0x314 install=tftp://$TFTPIP/boot rootimage=/root PROXYADDR=IP_ADDRESS_OF_SERVER TFTPIP=$TFTPIP splash=silent PXEBOOT=YES mode=2 IMGCMD="runScript.s /bin/xp_image.s"

Editing initrd

copy \\servername\sys\tfp\boot to a temporary directory on a linux machine

mkdir /home/baarsd/boot
cd /home/baarsd/boot

Extract initrd...

mv initrd initrd.gz

gunzip initrd.gz

mkdir work

cd work

cpio -idmuv < ../initrd >/dev/null 2>&1

Now we have initrd extracted to /home/baarsd/boot/work.

From here we can e.g. add script files to /bin - make sure you make the rights the same as the other files in that directory.

chmod 755 xp_image.s

Note: xp_image.s is explained below

Re-create the initrd
cd /home/baarsd/boot/work
find . | cpio --quiet -o -H newc > ../initrd
cd ..
gzip -v9c initrd > initrd.gz
mv initrd.gz initrd

You can then copy the file back to your Zenworks server.

Step nine: imaging script

Site selection

Initially we need to detect where the PC is and what ZENworks server to use - e.g.

# Wellington
if [ $PROXYADDR = "192.168.10.1" ]
then
site_path="//$PROXYADDR/arena/zenimages/ "
fi

This sets the site_path variable so the script knows where to look for images.

Base image

With the site found, we can restore the base image.

# Clear the image safe data
zisedit -c

# install the image
img rp $PROXYADDR $site_path/base.zmg

Which also clears the image safe data prior to imaging.

Drivers and machine-specific software

From the imaging command prompt you can do this:

hwinfo --bios

Which gives you information from and about the BIOS of the PC you run it on...so expanding on that:

hwinfo --bios | grep 'Product:'

gives us 3 results (on the dc7800 I tried it on anyway) ... one of which is the model name of the PC

hwinfo --bios | grep 'Product:'
gives 
Product: "HP Compaq dc7800 Small Form Factor"
Product: "0AA8h"

so....in a script we can do this

if [ `hwinfo --bios | grep -ic 'Product: "HP Compaq dc7800 Small Form Factor"' = "1"` ]
img rp $PROXYADDR drivers/dc7800.zmg
fi

So with that information we can restore the base.zmg (initial image) then put the drivers specific to that hardware on the PC.

Using the same hardware detection we can expand that to include the restore of the machine-specific software - e.g.

#
# HP 550
#
if [ 'hwinfo --bios | grep -ic "HP 550"' = "1" ]
then
img rp $PROXYADDR $site_path/drivers/550.zmg
img rp $PROXYADDR $site_path/machine-specific/550.zmg
fi

Monitor drivers

img rp $PROXYADDR $site_path/drivers/monitor.zmg

Application images

# add applications to run post-image (ie during first login)
img rp $PROXYADDR $site_path/applications.zmg

Site specific changes

# site specific changes required
# Auckland
if [ $PROXYADDR = "192.168.12.3" ]
then
img rp $PROXYADDR $site_path/site/auckland.zmg
fi

The above script then obviously gets put in the initrd as explained in step 8.

References

• • What Is the Preboot Execution Environment (PXE)?

• • Modifying ZENworks Imaging Resource Files

• • Hardware detection - Novell forums

• • Windows XP SP3 is Out - Time to Rebuild Those Base Images!

• • How To Create a Universal Ghost Image Using Sysprep and Mysysprep

• • mysysprep