Unattended Installation

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

First off, I'm new to this field, so please try to give me the most detailed
information/instructions possible.

As for my question, I'm working in a medium size company 50+ computers where
they currently have to do individual installation each time they build a new
system. I have been asked to try and find out if there is a way to automate
the installation of windows so that the installation is unattended and that
it can be run on a variety of hardware configurations. Could someone please
give me some guidance on this subject?

Thanks,

Daniel
 
Just a little additional question. I was wondering is it possible to not
only automate the windows 2000 workstation installation but also at the same
time, the installation of MSoffice. Ultimately the ideal goal is to be able,
from a boot disk???, turn on the new or old computer and have it
automatically get wiped clean (if it isn't already) and then proceed to
install windows, office and possibly a couple of other routine programs.

Thank you once again for your insight!

Daniel
 
Daniel!

Howdy and welcome to Microsoft Windows! I hope that things go well for you.
Please listen and understand, though, that things are going to be very
frustrating for you along your journey. Things will finally become more and
more clear for you. But that takes time. And that precious thing called
experience. Some people might call it making a ton of mistakes! Hopefully
you will avoid the majority of those mistakes by posting questions in these
newsgroups. I would also S _T_R_O_N_G_L_Y suggest that you go to the
WIN2000.Active_Directory newsgroup as well. Both will be big helps to you.

Anyway, to your questions.

There are actually several answers to your questions. I will try to keep
the number of answers to a minimum as you might become overwhelmed with all
of the possibilities. I will try to keep it all very basic ( remember the
first day of Business School - you learned how to K-I-S-S.... ).

One possibility is to use RIS, or Remote Installation Services. This is
available on WIN2000 and WIN2003 and requires Active Directory, DNS and
DHCP. You would create an image ( usually the i386 folder ) to a shared
folder on the server and then create a RIS Boot Disk. Once you have this
you go to the problem computer, stick in the RIS Boot Disk and reboot.
WIN2000 Pro or WIN XP Pro will be installed on the system. Now, this does
not take care of the deployment of Applications. We will look at that in a
second.

One of the possible limitations of RIS is that there are a limited number of
NICs that RIS supports. Another is that the computer acount will be created
in the default COMPUTERS container. Why is this a problem? The deployment
of applications via GPOs. We will touch on this later. This can be changed
by pre-staging the computer account ( in WIN2000 ) or changing the default
location of the computers ( in WIN2003 ).

One of the major advantages - over the network boot disk - is that you do
not first have to format the hard drive of the workstation. RIS takes care
of that for you....

Another possibility is to use a network boot disk. I really like BART's
Boot Disk. He has a 'modular' boot disk that is really neat. You can
visit his site at http://www.nu2.nu. Patrick over at
http://sourceforge.net/index.php has another boot disk that looks really
neat. It is more Linux based. With a network boot disk you need to have
the 'source' available. This, again, would be in the form of copying over
the i386 folder to a shared folder on a network server. You can even
include the default location of the computer account object with this method
without having to do any of the pre-staging things. Kinda neat.

One of the disadvantages, though, is that you need to have a clean hard
drive. So, you would need to format the hard drive disk first.

You can also use the 'default' CD-ROM Media with a floppy disk that holds
the winnt.sif file ( or the answer file ). All you do is simply create the
winnt.sif file, put it on a floppy disk, drop in the CD-ROM Media in the
CD-ROM Drive and reboot ( just make sure that it is set to boot from the CD
before the HDD ).

Another possibility is to create a bootable CD-ROM that has the OS and some
other applications so that your need to manually install things after this
is minimized.

One of the nice things about these is that you can slipstream the Service
Pack. So, for example, if you are still using WIN2000 you could create an
image ( again, simply copying the I386 folder to a shared network
folder.....well, simply put ) and then 'slipstream' SP4 to it. So, when you
use this image the computer is going to have WIN2000 SP4 installed. This
saves you the time of having to later install the Service Pack. You can
also, through the use of QChain, install a lot of the Critical Updates.....

All of these possible solutions require that you have some sort of 'answer
file'. This answer file give the installation all of the 'answers' to the
'questions' that are asked during a normal installation of WIN2000 or WINXP
Pro. They are really neat. And very flexible.

Then there is always the 'imaging software' - such as Ghost and Drive Image.
I will not speak too much about these other than to say that if you are
going to use them then you need to know about sysprep.

I like RIS and /or the network bootable disk solutions.

You can install a lot of software via Group Policy. MS Office 2000, Office
XP and Office 2003 are perfect candidates for this. This is a whole other
part of Active Directory. For the Office Applications you would need what
is called an 'Administrative Installation' - which you perform via the
setup.exe /a switch. You would then 'install' it to a shared folder on a
server. You can also install non-MS software via Group Policy. The key here
is that there is an .msi file. If you do not have an .msi file then you can
not use Group Policy to deploy the software. But, you can create an .msi
file. Or .zap file.

For Office you can include a transforms file, or .mst file. This allows you
to have multiple Office installations. For example, the people in
Accounting get Outlook, Word and Excel while the people in Finance get
Outlook, Word, Excel and Access. Naturally, the people in Sales do not need
Access so they get PowerPoint instead!

Another very important fact is that when you are creating the packages for
deployment you have to tell AD where the .msi file is ( for example, in
Office 2000 it is data1.msi ). You must use the UNC naming convention (
\\servername\sharename ) when doing this. That is to say that you can not
use any mapped network drive ( T:\office 2000\Office\data\data1.msi ) as the
install will fail.

Daniel, as you can see there are a lot of possibilities. 45 users is very
small. Once you get everything automated your life will be very easy. One
of the wonderful things about deployment of applications via GPO is that
these applications will 'self-heal'. Say one of your users deletes the
WinWord.exe file on his computer. Well, normally MS Word is not going to
work. If Office was deployed via Group Policy there will be no problem (
assuming that the user or computer account object is still in the OU to
which the GPO was linked - aka still falls under the scope of management ).
It is also rather easy to simply 'Service Pack' an application that you have
deployed via GPO. Say you have Office XP. Well, Service Pack 3 is the
latest and greatest. All you need to do is to 'update' the Administrative
Installation Point ( AIP ) and then redeploy the application ( which is as
simple as clicking on one thing ). You can also update the application to
the next version. So, say that your people want to standardize on Office
2003. Simply create another AIP and when you are creating the package just
tell it that you are 'updating' the Office XP GPO. Office XP will be
removed and Office 2003 will be deployed. It is that easy. Well, at least
on paper! I have done it several times.

HTH,

Cary
 
Hello,

First off, I'm new to this field, so please try to give me the most detailed
information/instructions possible.

As for my question, I'm working in a medium size company 50+ computers where
they currently have to do individual installation each time they build a new
system. I have been asked to try and find out if there is a way to automate
the installation of windows so that the installation is unattended and that
it can be run on a variety of hardware configurations. Could someone please
give me some guidance on this subject?

Thanks,

Daniel
Click to expand...

Install windows on a PC. Gather up drivers for all the various machines.
Use Microsoft Sysprep, in conjunction with Norton Ghost :) Gives you a
Image that can be loaded on to a variety of machine types with no Blue
screen o Death :)
 
Cary's post gives you a lot of great information.

Personally, I went down the bootable CD route. I documented the Windows
part (www.willowhayes.co.uk/windows2000/custom.doc), but I've got Office
2000, Outlook 2003, IE6, Acrobat Reader, Citrix ICA client, Flash/Shockwave
and several industry-specific apps fully automated over two CDs.

As Cary says, this stuff does take time to do. I don't know how many CDs
I've got through experimenting. Definitely in the hundreds. At the 50
workstation level, there's probably some benefit to doing this, but don't
think you'll be done in an afternoon. In my experience (with around 250
users at each of three companies), the payback has been immense. Not only
do you free up time that would have been taken babysitting PCs during setup,
you ensure that each PC gets set up exactly the same way every time -- not
the way that whoever set it up felt like diong at the time. It also makes
the PC build self-descriptive. You can see exactly how the PC was built by
inspecting the scripts. That's something you can't do with Ghost images.
Ghost and other disk imaging techniques have their place in larger companies
as a method of speeding up the deployment, but I still recommend building
the initial images using a scripted method before cloning.

You can lift the Windows bit straight from my article, so that should save
you some work. There are several good resources for scripting the
applications. Take a look at www.appdeploy.com for more information. For
more information about doing unattended builds, read the posts over in the
forums at www.msfn.org, especially those by "Gosh" and others. There's some
fantastic stuff there.

For Office 2000 and above, go to the relevant version of the Office Resource
Kit (www.microsoft.com/office/ork) and download the Custom Installation
Wizard from the tools section. This allows you to create a transform (MST)
file that will automate the Office installation.

I actually wrote that article back when NT4 domains were common and we
didn't have facilities such as Group Policy. I'd recommend using Group
Policy over some of the techniques I've documented in that article.

I also don't particularly like the method of installing applications that I
hinted at at the end of the document (that is, using GUIRunOnceEx). I still
use that method, but while it looks very pretty, it's fiddly. Also, when
deploying Outlook 2003 through a GPO, I found that the Outlook 2003
installation interrupted the processing of GUIRunOnceEx, which made the
installation much less unattended that it should be.

Using "start /wait", as I documented, does work, but managing multiple

Also, when it comes to joining the machines to the domain, I have a
recommendation. Create an OU for your managed workstations in Active
Directory (if you have not already done so). Create a global security group
and a user. Place the user into the group and then use the delegation of
control wizard to delgate the ability to create and delete computer accounts
from that OU. Then, in your unattended build, use the netdom utility to
join the PC to the domain and place the machine directly into the OU of your
choice.

It's definitely worth installing the latest version of Internet Explorer in
your unattended build, because it's difficult to update later. I believe
www.appdeploy.com has some information on doing this.

I'd also recommend using Software Update Services (and WUS when it's
released) to do patch management, if you are not already doing so. If you
use a .reg file to modify the registry of machine as they're built, you can
make a workstation immediately go and get updates when the machine is built.

Here are the settings I use to do that

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://susserver"
"WUStatusServer"="http://susserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000004
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RescheduleWaitTime"=dword:00000005
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000002
"UseWUServer"=dword:00000001

While we're talking about registry hacks, here's another couple that I use:

This gets rid of the Welcome dialogue box.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWelcomeScreen"=dword:00000001

This one adds the computer name to the login window, which is useful to see
the name of a computer without logging on and also when the computer has
been locked by a user.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Welcome"=" | %computername%"

Hope this helps. Post back with any questions. There are lots of people
who have been through this before.

Oli
 
Hmm. I seem to have stopped part way through a sentence there. What I
meant to say was:

"Using "start /wait", as I documented, does work, but managing multiple
reboots becomes difficult."

Also, take a look at Patrick J LoPresti's site at
http://unattended.sourceforge.net/ for an alternative, but still good,
method. If I were to redo my unattended build, I'd probably choose
Patrick's method for application installation scripting combined with the
bootable CD method I already use (or quite possibly RIS).

Hope this helps and good luck. Let us know how you get on.

Oli


Oli Restorick said:
Cary's post gives you a lot of great information.

Personally, I went down the bootable CD route. I documented the Windows
part (www.willowhayes.co.uk/windows2000/custom.doc), but I've got Office
2000, Outlook 2003, IE6, Acrobat Reader, Citrix ICA client,
Flash/Shockwave and several industry-specific apps fully automated over
two CDs.

As Cary says, this stuff does take time to do. I don't know how many CDs
I've got through experimenting. Definitely in the hundreds. At the 50
workstation level, there's probably some benefit to doing this, but don't
think you'll be done in an afternoon. In my experience (with around 250
users at each of three companies), the payback has been immense. Not only
do you free up time that would have been taken babysitting PCs during
setup, you ensure that each PC gets set up exactly the same way every
time -- not the way that whoever set it up felt like diong at the time.
It also makes the PC build self-descriptive. You can see exactly how the
PC was built by inspecting the scripts. That's something you can't do
with Ghost images. Ghost and other disk imaging techniques have their
place in larger companies as a method of speeding up the deployment, but I
still recommend building the initial images using a scripted method before
cloning.

You can lift the Windows bit straight from my article, so that should save
you some work. There are several good resources for scripting the
applications. Take a look at www.appdeploy.com for more information. For
more information about doing unattended builds, read the posts over in the
forums at www.msfn.org, especially those by "Gosh" and others. There's
some fantastic stuff there.

For Office 2000 and above, go to the relevant version of the Office
Resource Kit (www.microsoft.com/office/ork) and download the Custom
Installation Wizard from the tools section. This allows you to create a
transform (MST) file that will automate the Office installation.
Click to expand...

<snip>
 
Argon Technology sells a product called Client Management Service (CMS) that
allows you to automate any Windows OS installation. Like, RIS it is
PXE-based. This means that your client computer must initiate a PXE network
boot to get things started.

CMS goes a bit further than RIS by enabling a completely unattended
installations - no end-user interaction or intervention required. You can
also schedule deployment to occur after-hours by using the Remote Wake-UP
( Wake-On-LAN) that most modern computers support.
CMS can also be used to deploy Ghost drive images as well. See
http://www.argontechnology.com/forum/ShowPost.aspx?ThreadId=45


You can download a free 15-day trial version from
http://www.argontechnology.com/cms
 
Daniel said:
First off, I'm new to this field, so please try to give me the most
detailed information/instructions possible.

As for my question, I'm working in a medium size company 50+
computers where they currently have to do individual installation
each time they build a new system. I have been asked to try and find
out if there is a way to automate the installation of windows so that
the installation is unattended and that it can be run on a variety of
hardware configurations. Could someone please give me some guidance
on this subject?
Click to expand...

http://unattended.msfn.org/
and/or
http://unattended.sourceforge.net/
and/or
http://www.appdeploy.com/

Those and some good Google Searches should get you started.
 
Gather up drivers for all the various machines.
Click to expand...

Could you expand on this step?

--

But let me tell you, the slim lazy Homer you knew is dead. Now I'm a
big fat dynamo.

-- Homer Simpson
King-Size Homer
 
Could you expand on this step?
Click to expand...

Windows only gives you limited driver support. You either have to embed
your 3rd party drivers during the build, or waste hours installing them
after windows has finished.

It's far from straightforward; you can't just use "setup.exe" from a
dumb CD, you have to extract the INF files and make damn sure they're
the right ones. Some of the big players like Intel have good
documentation on this, others such as Dell have ZERO documentation.
Sometimes you have to do a PCI scan and then match the INF files to the
vendor IDs. Once you did that you can put them in $oem$ and set your
unattend file accordingly.
 
Windows only gives you limited driver support. You either have to embed
your 3rd party drivers during the build, or waste hours installing them
after windows has finished.
Click to expand...

Thanks for covering that one Gerry. In addition there are some tools you
can use to extract setup files, but as Gerry said, it's a pain in the
butt. Out organization only has about 5 types of computers deployed on
our site at any given time, so when we kick out the lowest speed, then add
one new speed, we don't have much work to do. But the first built was
slow any painful.
 
One trick that works surprisingly often is to drag a setup.exe onto a Winzip
window. Depending on the format of the file, quite often Winzip will get
the files for you. From there, just look for the directory containing the
..inf, .sys and .cat files for the driver.

Another possible method is to double-click the setup file and wait for it to
extract the files for a temp directory without clicking through any
dialogues. Then go and find the temp directory and copy the files out.

Cheers

Oli
 
One trick that works surprisingly often is to drag a setup.exe onto a Winzip
window. Depending on the format of the file, quite often Winzip will get
the files for you. From there, just look for the directory containing the
.inf, .sys and .cat files for the driver.
Click to expand...

WinRAR also tend's to open a few more formats than winzip also. I think
the AI builder comes with some utilities also, available with the norton
package.

Cheers.
 
Hi,

I also find WinZip solves most of these problems, but I find
InstallShield files hard to extract "data1.cab" and all that.

One of the more tricky aspects, is when you are making a build that can
be used on multiple machines where the hardware on newer machines is an
updated version of that which is on older machines. Sometimes you have
to leave the old driver, but sometimes you can supersede it with the
newer one. The only way I know of doing this, is manually parsing
strings in the the INF files to see what supersedes what.
 
Back
Top