Enterprise Microsoft Q&A: Hello for Buttprint

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Enterprise Microsoft Q&A: Hello for Buttprint

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

I have a user that needs an individual login script. Is it kosher to put the script and accompanying registry file in sysvol or should I make a share?

e: this user doesn't have access to any of our other shares.

Quebec Bagnet fucked around with this message at 19:00 on Oct 30, 2010

# ¿ Oct 30, 2010 18:54

Adbot: ADBOT LOVES YOU

# ¿ Apr 25, 2024 17:44

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

I have a number of machines in MDT that belong to multiple roles. Nothing fancy there. However, in role A (which applies to most machines) the MachineObjectOU is specified, and in role B (which only applies to certain machines) a different MachineObjectOU is specified because those machines need to appear somewhere different in the directory.

How do I guarantee that MDT will read settings from role B? Is it the order of roles in the list in the machine properties window?

# ¿ Feb 24, 2011 07:08

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

spog posted:

I've got a question about MDT

As I understand it, the official process is:

1) add a default image to MDT
2) add appropriate task sequences
3) deploy to a reference machine
4) capture an image of this reference machine
5) create new deployment share using this captured image
6) create new task sequence
7) deploy to new machines

I think I must be missing something pretty basic here: why perform 4-6?

4 is a checkbox selection in MDT, so it seems to be the Right Way, but to me it just looks like you are making extra work. What am I missing?

I've been skipping 1-3 and just installing straight from a Windows disc and customizing that, but I haven't needed a fresh start in a while :shobon:

Ideally you would skip 3-5 and have all your software as packages, which is something I'm going to try and set up for next semester along with putting the default profile on the network (we rely on creating it on the reference machine). That could also be useful for our terminal server environment, we could just run the apps as a task sequence and get an identical loadout.

# ¿ Feb 24, 2011 19:25

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

Anybody have experience deploying Adobe Creative Suite? I have it working by specifying --mode=silent to the installer, but is it there a quiet or passive mode that shows the progress bars? It's a little annoying to only have the MDT window up while that's running.

# ¿ Mar 25, 2011 21:17

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

lol internet. posted:

CS5? This spits out a custom installer/msi.

http://www.adobe.com/devnet/creativesuite/enterprisedeployment.html

Might work for older versions. I think I used it for InCopy CS4.

Then just msiexec /i installer.msi /qn /norestart

CS4. Thanks for that, I'll be sure to give it a try.

# ¿ Mar 26, 2011 16:51

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

What about WPKG? It seems like the sort of tool that fills the 60-PC niche for a very attractive price. I've been considering using MDT to automate the initial deployment, then WPKG to keep it up to date. Is that a reasonable plan? I've been using Group Policy for the more irritating items (Flash, Java) but it's only so powerful.

Of course you have to consider that your WPKG and MDT databases are completely separate, but I'm starting to wonder if it could be a "good enough" solution for smaller setups.

# ¿ Apr 10, 2011 06:21

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

Cpt.Wacky posted:

I'm not familiar with MDT, but I'd say keep your OS deployment separate from your software installation and updating. MDT and WPKG should work very well that way, each doing what they're best at.

I've been using WPKG for at least a year now for about 125 workstations and it works very well. The catch is that I'm using it on XP, and I've heard of some issues with Vista/7, mostly to do with people wanting to install updates on shutdown. Apparently Vista/7 doesn't allow any process to delay shutdown. If you're going to use it on VIsta/7, take a look at wpkg-gp too.

I use Clonezilla to load a base sysprepped image that prompts for PC name and joins the domain automatically. Then one batch file to set a few local group policies like pointing to the WSUS server, and another batch to install the WPKG Client and start the service. WPKG installs everything else with only one reboot for Office 2k3.

I used Unattended for a while but I'd recommend against it now. The current latest release is 4.8 from April 2009. In order to boot on recent hardware you have to get 4.9 RC4 from February 2010, and it's has a bug where you have to type in the kernel in the bootloader because someone messed it up when packaging. Development seems to be slow and small.

Take a look at WPKG if you can't afford SCCM. The wiki has ready to use stuff for all the popular applications, and it's not hard to configure new installers once you understand how WPKG works. I'm happy to answer any questions about it, and their mailing list is reasonably good too.

Is WPKG suitable to perform initial deployment on a blank OS image in such a way that I can guarantee the presence and availability of packages that need to be installed?

Looking over their wiki - am I correct in thinking that I should be able to run wpkg.js /synchronize at the end of my MDT deployment to install everything? I have two environments (one XP, one 7) that are created by installing the default OS image from the disc and then the applications, which right now is completely automated by MDT.

I also have a third environment that uses a customized Windows 7 image deployed over MDT and is protected by a Deep Freeze-like program. I suppose there that I could periodically unprotect machines, update, and reprotect.

# ¿ Apr 12, 2011 03:20

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

spog posted:

So, you have a KMS key (that presumably was supplied on the paperwork when you signed up for Volume Licensing) and you have to manually install that key on the KMS Host using slmgr. That allows MS to activate the KMS host via the net and gives it the authority to activate n number of clients.

When you put your volume key into slmgr, it activates the host and downloads that info from Microsoft. It takes like 2-3 minutes to enter the key because there's all that processing.

quote:

When you start up a Enterprise version of Win7, it already has the generic KMS Client keys built in and it activates automagically through the srv in DNS

Not necessarily, we were using an Enterprise MAK until very recently. Incidentally, our KMS key is listed as being able to activate all Professional and Enterprise editions, but I don't know if that's true of all keys. You have to put in the correct client key for the edition you're running.

quote:

With the KMS service, you can only configure the port number it uses - but not much else except add other OS/editions to the list that it supports.

My understanding is that you do so by importing new keys, I'm not sure if it's possible to add new products to an existing key a la carte - I don't think it would be, because Server 2008 R2 is a different class of key from 7, but we haven't tried yet.

# ¿ Apr 12, 2011 16:12

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

adaz posted:

You buy the absolute cheapest OEM copy of windows available for those PCs and then when you get the PCs image them with 7 enterprise or whatever you bought.

Why not buy systems with no OS like N-series Dells?

# ¿ Jul 1, 2011 01:05

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

Makes sense I guess - we're academic and we just have N-series OptiPlexes and a KMS that activates any Professional or Enterprise variant. Don't really know the details (someone else is our licensing wizard) but it works for us. :shobon:

# ¿ Jul 2, 2011 05:40

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

Swink posted:

Can anyone help me perfect my MDT deployment?

The issues I'm having are at the beginning, WinPE prompts me for a timezone, I want to get rid of that.

Then right at the end, it prompts for a PC name and product key. If possible I want to be able to enter the PC Name at the very start, and completely skip over the product key. Is that possible to do? My customsettings looks like this:
code:
[Settings]
Priority=Default
Properties=MyCustomProperty
 
[Default]
SkipBDDWelcome=YES
SkipWizard=YES
OSInstall=YES
SkipDomainMembership=YES
 
SkipTaskSequence=YES
TaskSequenceID=DEPLOY

SkipLocaleSelection=YES
KeyboardLocale=en-AU
UserLocale=en-AU
UILanguage=en-AU
SkipTimezone=YES

SkipApplications=NO

SkipDeploymentType=YES
DeploymentType=NEWCOMPUTER
JoinDomain=HA
DomainAdmin=ADMINISTRATOR
DomainAdminDomain=HA
DomainAdminPassword=
SkipAppsOnUpgrade=YES
 
SkipBitLocker=YES

SkipCapture=YES
  
SkipComputerBackup=YES
SkipFinalSummary=NO
 
SkipProductKey=YES
SkipSummary=YES
SkipTimeZone=YES
TimeZoneName=AUS Eastern Standard Time
 
SkipUserData=YES
SkipProductKey=YES
OverrideProductKey=YES

Don't set OverrideProductKey, I believe that MDT is interpreting "YES" to be the actual key, which is obviously not valid. Not sure about the time zone but IIRC there's different formatting of the zone's name between XP and Vista, maybe that's throwing you off?

# ¿ Nov 11, 2011 09:20

Adbot: ADBOT LOVES YOU

# ¿ Apr 25, 2024 17:44

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

It might be less effort to forcibly remove the DC from the domain and seize the FSMO roles onto another DC.

# ¿ Nov 24, 2012 01:41

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Enterprise Microsoft Q&A: Hello for Buttprint