Guide 1

From CloneDeploy
Jump to: navigation, search

.

.

>> This page is not yet complete. Please no not follow this guide yet! <<

.

.

.

Installing the server

  • Make sure there is a DHCP-server on your network
  • Configure the server machine to a static IP
  • Download & Install 1.2.0
  • Download patch 1.2.1 and extract files over the install-folder, replacing all files
  • After installation, use the shortcut to open CloneDeploy
    • Use shortcut or go to: http://server-ip/clonedeploy
    • Use these credentials: clonedeploy / password
    • You'll now get a few 'first steps' where you need to change the admin password and provide the passwords you have set-up (during installation) for the file shares.
  • ProxyDHCP installation: download from the website and extract to c:\cd_proxyd
    • Open config.ini in c:\cd_proxy and make the following modifications:
      • Set the interface to your CloneDeploy server ip in the config.ini
      • Set the next-server to your CloneDeploy server ip in the config.ini
      • If using for Apple computers, update the ip address in apple-root-path to your CloneDeploy server ip in config.ini
      • In the CloneDeploy Web Inteface, select Admin->PXE->Using Proxy DHCP->Yes
      • Create the default global boot files when prompted.
      • Open administrative Command Prompt and issue these commands:
        • cd\cd_proxyd
        • cd_proxyd --debug
        • Tip: If everything works fine later, issue cd_proxyd --install to install it as a service, for now debug mode is better so you can see the actual requests coming in
  • Go back to the web interface, and go to ‘Groups’ (the icon of three servers in the top row) and create a new group. You can create a standard (static) group, where you manually assign computers to, or a smart group where computers are automatically added to based on their computer name. For now, we’ll go with a standard group. Enter a name for the group (eg. ‘Black laptops’) and create the group.

Prepare a template / image

Tip:

The best way to prepare a template image, is to use VMWare or another virtualization product that allows you to create snapshots. This is useful in case the PXE Boot (or USB boot) to capture and image doesn’t work at first; if, after sealing with SysPrep, the computer accidentally boots Windows, you have to “start over” again. Using a virtualization solution allows you the create a snapshot just before sealing the computer. If the next boot doesn’t go from PXE then, you can quickly revert to that snapshot and try again. If you have no idea what this all means just yet, just follow the instructions and everything will be explained along the way. The process is the same for a virtual or physical machine.

·        Create a new virtual machine / get a computer ready

Tip: when using a physical machine, now is the time to figure out how to boot from the network and/or get into the bios/uefi-setup and/or boot menu. Do not try to figure this out later, since it will cause issues if the prepared machine does boot to the ‘sealed’ Windows!

·        Install Windows 7/8/10 on it

·        After the installation, you are greeted with the first ‘welcome to Windows’-screen, asking for things like a username or a network, depending on which version of Windows you installed. This is called the Out-Of-The-Box-Experience (OOBE) and will be referred to as such.

·        On this first screen, don’t enter anything and don’t click Next. Instead, hit Ctrl-Shift-F3 on you keyboard. This will cause the computer to reboot into ‘audit mode’ and log you on automatically as a local administrator. Audit Mode is a special mode used to pre-configure computers and install software and updates as you see fit. When you’re done, you can seal the computer again, and the next time the computer boots up, it will start with the OOBE again.

So, if you’re a store selling pre-installed computers, as soon as the customer turns on the computer at home for the first time, they can choose a computer name, username and time zone and such just as with a new computer. Only the computer will have your own programs pre-installed.

If you’re using CloneDeploy to prepare computers for your school or business, you will not want this to happen and instead pre-configure some things like Windows Activation Key, computername and such and skip much of the OOBE. This is also possible and both options will be explained later.

·        Customize your computer in any way you want;

Tip: on Windows 10 you cannot use the browser EDGE at this time, use Internet Explorer instead. Windows+R > iexplore > OK.

·        I like to use the package manager chocolatey to quickly install much-used programs, but this is not required of course. I’ll explain it here anyway because it’s really easy to use.

o  Install Chocolatey first. Open up a CMD-prompt and enter this:

@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

o  Chocolatey is now installed and ready to use. Issue (on the same command line):

choco feature enable -n allowGlobalConfirmation

This skips all the ‘do you really want to…’-questions.

o  Install some software:

choco install adobereader

choco install vlc

choco install notepadplusplus

choco install paint.net

choco install googlechrome

See https://chocolatey.org/packages for all the available packages

Note that dependencies will also be installed automatically. For example, paint.net requires .net Framework v4.6. This will be automatically downloaded and installed, saving you a lot of time finding and downloading these things manually!

·        Install Windows Updates as you see fit

o  If you need to reboot the computer, use the Sysprep Window that is already open: select ‘Audit Mode’ and ‘Reboot’ and click OK.

·        Download Sysprep Creator, it’s a nice graphical utility that helps you with the sealing process: http://www.scriptingninjas.com/scripts/sysprep_creator/sysprep_creator_installer.exe

Server / Clone Deploy Web interface:

We need to do some clicks on the Clone Deploy web interface now, so please move back to your server and follow these steps.

We need to prepare CD to receive the image of the computer, follow these steps:

·        Go to Images (hard disk icon in the top row), click New. Enter a name and description and click ‘save’ (top right)

·        Click on ‘Profiles’. You see the ‘default’ profile in the list. Click on ‘View’. You get a lot of tabs with all kinds of options. Mostly these are fine. For a complete description of these options, take a look at: http://clonedeploy.org/docs/images/

 

Your template computer:

You now need to go back to your new computer / virtual machine and continue there:

·        Start sysprep_creator_installer.exe you just downloaded

·        Leave the default options checked and click ‘install’

·        At the first screen, the OS is detected automatically. Leave all options to their defaults and click ‘Next’

·        You now get several tabs (Step 1…Step 8). Review each tab and make any changes necessary. All settings you configure here, will be automatically set on the computer after the imaging is complete.

Step 1 is self-explanatory

Step 2: specify a default username and password. This user will be created and will be an admin. Microsoft Updates: select ‘All Microsoft Updates’.

Step 3: Here you can specify a Workgroup or have the computer automatically join a domain

Step 4: Here you probably want to uncheck ‘Disable Windows Consumer Features’.

Step 5: Here you can specify the information that appears on the computer properties screen in Windows

Step 6 and 7: take a look, but you’ll probably leave that as is

Step 8: here you can enter the Windows MAK key to be used for activation, or specify other activation options

·        When done, click ‘create’ and save the file to the desktop

Note: you do not need to copy the unattend.xml to c:\windows\system32\sysprep!

·        Close the Sysprep-tool that may still be running (click CANCEL in the window in the center of your desktop). This is really important, do not skip.

·        Double click on the sysprep_executor file on your desktop.

o   Choose Shutdown - You don't want it to reboot before you capture the image

o   Click browse and navigate to Desktop\unattend.xml (probably don’t need to do this, it will be auto-filled)

(Note: it will be copied to c:\windows\system32\sysprep automatically)

o   If using a Virtual Machine, please create a snapshot now!

o  When you are ready, click "Sysprep" and let it finish.  The system will Shutdown once complete

It is possible you get a checklist of tasks and a ‘quit’ button instead of ‘open’. You need to resolve the items on the checklist first.

o  If there is mention of Windows Defender running, please open a PowerShell Prompt and issue this command:

Set-MpPreference -DisableRealtimeMonitoring $true

Do not worry, after a deploy Windows Defender will re-enable itself.

o  If there is a mention of the Tile Service, the program can fix that itself but only after you have first disabled Windows Defender. Simply restart the program (sysprep_executor) after disabling Windows Defender (with the command above) and it will offer to fix the other issue and reboot first.

After the reboot, start sysprep_executor once more and it will complete now. Make sure to CANCEL the already open sysprep window first!!

And don’t worry: after deploying the image, the Tile Service is up and running again!

Now your template computer has been shutdown and you are ready to capture the image and save it to CloneDeploy!

You now need to boot your computer (or virtual machine) from the network. When using VMWare, you can set a boot delay in the VM options. I recommend 20000 ms. This gives you 20 seconds to hit F12 in order to boot from the network. On physical machines you also usually press F12 to boot from the network. Also, make sure PXE Boot is enabled in the bios/uefi setup.

>>Make absolutely sure the computer does not boot back into Windows! If it does, you need to start over from the start of this paragraph (click on sysprep_creator_installer.exe…).<<

When the computer boots from the network, you are presented with the CloneDeploy Boot Menu:

·        Select Add Computer

·        After a few seconds you will get a prompt log in. Since we only have the administrator account that was set-up during installation of CloneDeploy, we’ll use that account.

Username: clonedeploy

Password: <what you setup earlier>

·        After a few seconds you see this screen:

Specify a name for the computer, for example: Template-Source

·        You now see this:

DO NOT NOT NOT NOT press Enter yet!

·        Go back to your CloneDeploy web interface and take a look at Computers. You should see the computer you just added there.

o  Click on View

o  Select the IMAGE you set-up earlier in the drop-down list

o  Select the default image profile

o  Click Update Computer

·        Now Select Tasks (top row) -> Start Computer Task

o  Click Upload on the Computer you created earlier

o  Boot your Computer from the network again

o  You’ll need to login again using clonedeploy / <password you set-up>

o  The image upload process will start automatically 

Additional tips and suggestions / FAQ:

Not required, but these tips and suggestions might be really useful. These are questions often asked at the forum.

To disable the login prompt during boot

Q: After restarting a machine (we already have an API for that), the deployment waits on:

IP Address: 11.22.33.44

** You Must Be Logged In To Continue **

Username:

How to disable this username prompt?

A: WebUI-admin->security

select which tasks do not require a login, probably want web tasks and on demand, change to no

Next to universal token select generate, then click update security settings

You will be asked to create a new boot menu, select yes, then click create boot files

Automatically change computer name

Q: Getting ready for my first deployment to a lab. I want to name each computer [School Name]-[Room Number]-[Sequential Number]. Can I do this CloneDeploy and sysprep tags? Does the documentation cover this for someone who is clueless? I've looked, but had no luck finding anything but a brief glimpse at sysprep tags.

A: The naming feature works by registering the computers first. Ideally you need to add each computer to clonedeploy with the name that you want, during imaging it will automatically be renamed. This only works when deploying Windows images. Also if you are using a sysprepped image the <computername> field must exist in your sysprep answer file. It doesn't matter what is in it, it will be updated to the computer name. If you are not sysprepping the changes are automatically made to the registry.

Always image a computer when booting from PXE

Q: I have a scenario where I'd like the machine to automatically deploy a certain image when it net-boots. How do I modify the different boot menus to accomplish that?

A: I think a permanent task might be what your looking for. 

Script examples

There may be a better/easier way to do this but this way works for me. Below is a listing of files and directories that I use to accomplish the sysprep, activation of Windows and Office, and domain join. Let me know if you have any questions.

- At the root of C:\, create a directory called Scripts.

- In C:\Windows\Setup\, create a folder called Scripts and then create a file called SetupComplete.cmd. The only thing I have in this file is a command to call my .bat file that does various tasks after reimaging.

- In C:\Windows\System32\Sysprep\, create a file called StartSysprep.bat. This file will first re-arm Office and then start sysprep and when finished, it will shutdown the PC. The re-arm Office command, is configured to re-arm Office 2016. If you have Office 2013 or 2007, you will need to change the path to the .exe that is referenced. Also in this directory you will need to create and store your .xml file for sysprep. You can use Windows System Image Manager to create your .xml. Be sure to include the component to change the computer name and make sure you call your .xml file unattend.xml.

- In C:\Scripts\, create a .bat file called SetupFinalize.bat and a Powershell script called JoinDomain.ps1. The JoinDomain.ps1 file is the file used to actually join the PC to your domain. Be sure to modify it with your domain information. The SetupFinalize.bat has several commands in it that run after the system has been deployed with a new image. One command activates Office, one activates Windows, one calls JoinDomain.ps1, and the rest of the command deletes certain files. Finally, it reboots the PC once joined to domain.

SetupComplete.cmd:

C:\Scripts\SetupFinalize.bat

StartSysprep.bat:

REM **Rearms Office**

"C:\Program Files (x86)\Microsoft Office\Office16\ospprearm.exe"

REM **Starts Sysprep with the unattend.xml file**

sysprep /generalize /oobe /shutdown /unattend:unattend.xml

SetupFinalize.bat:

REM **Activating Windows**

cscript //b C:\Windows\System32\slmgr.vbs /ato

REM **Activating Office**

cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /act

REM **Running Powershell script to join to Domain**

Powershell.exe -ExecutionPolicy Unrestricted -File C:\Scripts\JoinDomain.ps1

REM **Deleting some password sensitive files**

del /Q /F C:\Windows\System32\sysprep\unattend.xml

del /Q /F C:\Windows\panther\unattend.xml

del /Q /F C:\Scripts\Sysprep\unattend.xml

del /Q /F C:\Scripts\JoinDomain.ps1

REM **Rebooting PC**

shutdown /r /f /t 15

JoinDomain.ps1:

$domain = “YourDomainHere”

$user = "UserToUseToJoinToDomain"

$password = “EnterUserPasswordHere” | ConvertTo-SecureString -asPlainText -Force

$username = “$domain name\$user”

$credential = New-Object System.Management.Automation.PSCredential($username,$password)

Add-Computer -DomainName $domain -Credential $credential