Transcript Windows 2000 - OS and Application Management Chris Brew Rutherford Appleton Laboratory J-Lab, HEPiX/HEPNT 30/10/2000

Windows 2000 - OS and
Application Management
Chris Brew
Rutherford Appleton Laboratory
J-Lab, HEPiX/HEPNT
30/10/2000
Outline
• OS Installation
Remote Installation Services
Cloning by Disk Imaging
• Application Installation and Management
Group Policies
• Msi files and WinInstall LE
SMS
Delta Deploy
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 2
OS Installation
• Installing each new computer by hand from a CD
is a dull and lengthy job, taking ~1 hour per
machine
• Microsoft know this and in Windows 2000 have
provided the Remote Installation Service
• Third party suppliers already knew this and most
of the NT4 Cloning packages have been upgraded
to handle Windows 2000. I will talk about one of
these PowerQuest Drive Image Pro
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 3
Remote Installation Service
• Microsoft’s answer to the third party cloning
products
• A network service that runs on the Windows 2000
Server family
• Can create machine with just the base OS or with
pre-installed applications
• Target machines must have a supported network
card or a PXE boot ROM
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 4
RIS Usage
• Image created by running executable (under Windows
2000) from the RIS server after the master is configured
• Target machine boots off floppy or over the network with
PXE
• User provides credentials then selects which image to
install
• Target copies files from the server and installs
• UnAttended.txt files (now called .sif) can be used to
automate the question and answer part of the install
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 5
RIS Pros and Cons
• Pros
• Cons
 Handles the SIDs and
computer names
automatically
 Doesn’t need admin access
to run the client end
 (Fairly) simple to create
images
 Retrofitting updated drivers
into images is apparently
possible
30th October 2000
 Unicast - gets very slow
when installing multiple
computers
 Cannot resize partitions
during the install
 sif file parameters are
limited and arcane
 Retrofitting drivers into old
images is complex, I found
it easier to create a new
image
J-Lab HEPiX/HEPNT Meeting
Slide 6
Cloning by Disk Imaging
• Third party products to copy an NTFS partition to
a new machine have been available for a number
of years, Ghost, Image Cast, Drive Image
• Usually either ignore the SID (not really a
problem under NT4) or provide a utility to scan
the registry and replace it (Doesn’t seem to work
under Windows 2000)
• Microsoft SysPrep tool will remove and then
regenerate the SID on reboot
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 7
Drive Image v4
• Produced by PowerQuest.
• Comes with a bundle of additional utilities:
Partition Magic
PQPrep ‘easy’ interface to MS SysPrep
Delta Deploy network application management
Network boot disk builders
• Licensed on a per machine basis <$10/workstation
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 8
DI4 Usage
• PQPrep tool provides an interface to MS SysPrep
for generation of answer files
• Image is created after booting DOS (remote needs
DOS network drivers, local needs FAT partition)
• Image can then be placed anywhere: network
share, multicast server, CD, zip, jazz…
• Target machine boots DOS and unpacks image
onto the local disk.
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 9
Cloning/DI Pros and Cons
• Quick and Easy
• Multicast lets you do
many at once without
overloading the machine
serving the image
• Image restore can be
interactive, scripted or
controlled from the server
(multicast)
• Can control disk
partitioning during restore
30th October 2000
• Drivers
• Computer Names are auto
generated to be unique and
meaningless
• Need to build boot disks
for all types of network
card
J-Lab HEPiX/HEPNT Meeting
Slide 10
RIS Vs DI4
RIS
Drive Image
• Single machine – 21mins
• Four machines – 48mins
• Support for PXE boot and
a limited number of
network cards
• Client driven
• Single machine – 12mins
• Four machines – 14mins
• Can add manufacture’s
drivers to list of supported
cards
• Server driven
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 11
App Installation and
Management
• Installing the operating system is only the
beginning, even if you can deploy applications
with the OS, you will have to provide new
software, updates/patches to applications and
security fixes during the lifetime of the PC
• Many packages available to do this:
Group Policies
System Management Server
Delta Deploy…
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 12
Group Policies
• Group policies started out as system policies under
NT4 as a method of applying different security
settings to different groups of users
• Were not used much under NT4, they were
difficult to set up and harder to debug if they
didn’t work as expected
• They have been greatly expanded under Windows
2000 and have been integrated with the
intellimirror and msi software install technologies
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 13
msi and Intellimirror
• msi is the new windows installer technology
• At it’s heart is a script used to describe the files,
shortcuts, registry keys, etc. created during the
install
• If the msi package is deployed via a Group Policy,
files are registered with the operation system and
each time the application is run the files are
checked and missing or changed files are replaced
• Cannot modify system files so no good for
installing new drivers
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 14
App Install by Group
Policy
• Policies can be set at OU or Domain level
• Applications can be:
Published – Available for users to install from
Add/Remove Programs
Assigned to users – Available when the user logs in,
installed on first use
Assigned to computers – Installed when the computer
boots
• Apps can be set to uninstall or remain if the policy
is removed
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 15
Group Policies cont.
• When a user logs into a computer many different
group policies might apply, if there are problems it
can be very difficult to isolate what caused an
individual setting
• Group policies can only be used to install
packages that come with an msi file
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 16
WinInstall LE
• Cut down version of WinInstall is supplied with
Windows 2000 Server
• Like the old Resource Kit utility sysdiff it records
changes in files, the registry and ini files but has a
GUI front end and produces an msi file
• Limited by the msi file format
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 17
SMS
• Much more than just a method of
installing/controlling software but even for that
much more configurable that group policies
• Windows 2000 is fully supported under SMS 2.0
SP2 and partially supported by SMS 1.2 SP4
• SMS 2.0 seems to be simpler to understand and
use than 1.0
• Most large sites seem to be planning to use SMS
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 18
Delta Deploy
• Utility comes with Drive Image for installing and
updating client machines
• Two Parts
Monitor/Builder – Watches the changes made during an
install then creates a self contained executable to recreate it
Delta Deploy – Client/Server pair used to push jobs out
to collections of machines
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 19
Delta Deploy cont.
• Client runs as a service on NT/2000 so installs can
be done as a privileged user
• Not limited to deploying software can be used to
update drivers, apply registry hacks, maybe even
service packs
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 20
Summary
• OS Installs
 RIS is good for user “on demand” installs, service can be set up
and left
 Cloning is good for installing a number of machines at once
• Application install and management
 Group policies may work in a small scale environment. For large
sites the extra features of SMS seem to make it the most attractive.
For medium sites third party solutions such as Delta Deploy have
more functionality than GP with less complexity than SMS
30th October 2000
J-Lab HEPiX/HEPNT Meeting
Slide 21