In this final article of the Altiris Symantec Management Platform series, I chose to cover computer imaging.
For many admins, imaging has been a blessing and a curse. On one hand, several computers can be imaged at the same time saving hundreds of hours over manually installing the OS and every single software application. On the other hand, a new build has to be created for each and every different computer; laptops, desktops, separate revisions of the same model, all have to have their own specific images.
Yes, there are programs out there including the latest version of Ghost that can create hardware-independent images, however they’re buggy at best and all of the drivers and applications still have to be installed.
SMP computer imaging simplifies and streamlines the process using only a single, generic image for each OS.
SMP uses a PXE based environment utilizing Windows Preinstallation Environment (WinPE), and it takes a phased approach to imaging a device. The summarized steps are as follows:
- PXE into WinPE
- Lay down the generic OS image
- Install drivers and perform tasks in unattended install
- Push software packages based on SMP group
The best part of this process is step four. The package admin has already created all of the software policies and packages needed in the company’s environment and has assigned them to whatever groups need that particular software. It would be redundant and inefficient to install the software after the task has already been completed.
The other great thing about this is the fact that all of the drivers are installed during the unattended install. This however does take a little bit of work. Of course SMP makes it as easy as possible. It is important to note that due to security, Microsoft does not allow unsigned drivers to be installed during an unattended install. An effort does need to be made to locate signed drivers.
Acquiring drivers ^
As I have mentioned, SMP makes it easy to get the drivers from the devices. How? Jobs and Tasks. And a little help from a wonderful freeware program called Double Driver.
Double driver has a command line interface that can be utilized to harvest drivers from a machine. It’s also a stand-alone executable so it does not need to be installed. Therefore, a task can easily be created to copy the exe over and run it all without any impact to the user.
Here I have created a task called Driver Harvest that runs a VBScript. In this script, I copy Double Driver to the remote machine, invoke it, backup the drivers, create a folder with the computer’s model on a remote file share, and copy the newly backed up drivers. I can schedule the easily created task and run it on whatever machines in the environment I want. Simple!
WindowsAIK, ImageX, and WIMs ^
Another freely available software tool that SMP imaging takes advantage of is WindowsAIK. Although covering the usage of this is out of the scope of this article, utilizing WAIK Tools are how the generic Windows images are created. The basic processes for creating the WIM files are as follows:
- Install a Windows OS
- Install any updates required
- Install the Symantec Client
- Run Sysprep
- Boot into WinPE
- Capture the image with ImageX
- Build sysprep
Probably the most important step in the list above is installing the Symantec Client. With it all of the newly imaged machines will immediately check into the SMP server for the first time and start pulling the packages it needs.
The greatest thing about using WIMs is that they can be updated on the fly with the latest Windows patches using basic DISM commands that are not exclusive to Symantec. There is no longer a need to create a new image or waste hours installing all of the newest patches after laying down the image; just update the WIM on Microsoft’s Patch Tuesday.
Deploying the image ^
Deploying the image is as simple as creating another job or task and scheduling it to push to the machines. Just select the WIM file and go.
Alternatively, an admin may choose to create all of their own tasks manually to deploy the image and not use Symantec’s built-in process which would just consist of script files. In this way, there is greater visibility into which step the process has failed on. The most important thing to realize is that SMP is still the product being used to deploy the images. Of course it’s all about preference, but SMP tries to make it as simple and easy to manage as possible.
This concludes the three part series covering Altiris Symantec Management Platform. This is an extremely robust software solution that contains many more features than the handful I have gone over. I encourage all of the readers to experiment with this software as much as possible to see if it’s right for their organization. The customizations and possibilities for this product are practically endless.
Thanks for reading!