Deployment Solution™ 6.8 - Symantec SSL Certificates Support

Deployment Solution™ 6.8 - Symantec SSL Certificates Support
ALTIRIS®
Deployment Solution™ 6.8
Deployment and Migration Guide
Notice
Altiris Deployment Solution 6.8
© 1996-2006 Altiris, Inc. All rights reserved.
Document Date: August 29, 2006
Information in this document: (i) is provided for informational purposes only with respect to products of Altiris or its subsidiaries (“Products”),
(ii) represents Altiris' views as of the date of publication of this document, (iii) is subject to change without notice (for the latest
documentation, visit our Web site at www.altiris.com/Support), and (iv) should not be construed as any commitment by Altiris. Except as
provided in Altiris' license agreement governing its Products, ALTIRIS ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS
OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A
PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. Altiris assumes no
responsibility for any errors or omissions contained in this document, and Altiris specifically disclaims any and all liabilities and/or obligations
for any claims, suits or damages arising in connection with the use of, reliance upon, or dissemination of this document, and/or the
information contained herein.
Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the
Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or
implied, by estoppel or otherwise, to any foregoing intellectual property rights.
No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express
written consent of Altiris, Inc.
Customers are solely responsible for assessing the suitability of the Products for use in particular applications or environments. Products are
not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications.
*All other names or marks may be claimed as trademarks of their respective companies.
Altiris Deployment Solution 6.8
2
Contents
Part I: Planning and Installing Your Deployment System . . . . . . . . . . . . 11
Chapter 1: About Altiris® Deployment Solution™ Software . . . . . . . . . . . . . . . . . . . . . . 12
Why Use Deployment Solution? .
How Deployment Solution Works
Architecture . . . . . . . . . . . .
Deployment Server . . . .
Deployment Database . .
Deployment Share . . . .
Management Consoles .
Automation Tools . . . . .
Deployment Agent . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
12
13
13
14
14
14
15
15
15
Chapter 2: Deployment System Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Database Requirements . . . . . . . . . . . . . . . . . . . . . . . . . .
Agent Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Step 1: Create a Services Account . . . . . . . . . . . . . . . . . . .
Step 2: Get Access to Install an SQL Server Database . . . . .
Step 3: Gather Automation Operating System Install Files . .
Step 4: Obtain a License File . . . . . . . . . . . . . . . . . . . . . . .
Step 5: Install .NET and MDAC. . . . . . . . . . . . . . . . . . . . . .
Step 6: Start IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Simple or Custom Install? . . . . . . . . . . . . . . . . . . . . . . . . .
Simple Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Custom Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Microsoft Syprep Support . . . . . . . . . . . . . . . . . . . .
Remotely Install Deployment Agent . . . . . . . . . . . . . . . . . .
Post-Installation Configuration . . . . . . . . . . . . . . . . . . . . . . . . .
Step 1: Create Domain Join and Deployment Share Accounts
Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment Share Read/Write Account . . . . . . . . . . . . .
Step 2: Configure Your Deployment System . . . . . . . . . . . .
Add Your Domain Join Accounts . . . . . . . . . . . . . . . . . .
Enable Security and Add Administrators . . . . . . . . . . . .
Grant Console Rights to Administrators . . . . . . . . . . . . .
Grant Database Rights to Administrators . . . . . . . . . . . .
Configure the Public Database Role. . . . . . . . . . . . . . . .
Configure Deployment Server . . . . . . . . . . . . . . . . . . .
Step 3: Install the Deployment Agent . . . . . . . . . . . . . . . . .
Step 4: Configure Automation . . . . . . . . . . . . . . . . . . . . . .
Step 5: Configure PXE Server . . . . . . . . . . . . . . . . . . . . . .
What Should I Do Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
17
17
17
17
18
19
21
22
22
22
22
22
22
22
23
23
23
23
23
24
24
24
25
26
26
27
27
27
28
28
28
Chapter 3: Deployment Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
About the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Altiris Deployment Solution 6.8
3
Installing the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Remote Agent Installer (Windows Only) . . . . . . . . . . . . .
Step 1: Get Local User Rights (admin$ Share) . . . . . . . . . . . . .
Step 2: Run the Remote Agent Installer . . . . . . . . . . . . . . . . .
Using a Script, E-Mail Link, or Manual Installation (All Platforms) . . .
Step 1: Provide Users Access to the Agent Installation Program .
Step 2: Create the Input File for a Silent Install . . . . . . . . . . . .
Step 3: Run the Installation Program . . . . . . . . . . . . . . . . . . .
Agent Auto Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
29
29
30
30
30
30
30
31
31
31
Part II: Booting Computers to Automation . . . . . . . . . . . . . . . . . . . . . . . 32
Chapter 4: What is Automation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 5: Automation Boot Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Which Automation Boot Method Should I Use? .
PXE. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Automation Partitions . . . . . . . . . . . . . . .
Boot Media (DVD/CD, USB Device, Floppy)
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
35
35
36
36
Chapter 6: Automation Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Which Automation Operating
DOS . . . . . . . . . . . . . .
Windows PE . . . . . . . . .
Linux . . . . . . . . . . . . .
System Should I Use?
................
................
................
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
38
38
39
39
Chapter 7: Installing and Configuring Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring Automation Operating Systems . . . . . . . . . . . .
Obtaining and Installing Windows PE, Linux, or DOS. . .
Adding Additional Files . . . . . . . . . . . . . . . . . . . . . . .
Adding Mass Storage Drivers for Windows PE. . . . .
Configuring Automation Boot Methods . . . . . . . . . . . . . . .
Configuring PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Automation Partitions . . . . . . . . . . . . . . .
Configuring Boot Media (DVD/CD, USB device, Floppy) .
Deploying Automation to Managed Computers . . . . . . . . . .
Using Automation Partitions or Boot Media . . . . . . . . .
Using PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
40
40
41
42
42
43
43
44
44
44
45
Chapter 8: Setting Up PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
What is PXE? . . . . . . . . . . . . . . . . . . . . . . .
Why Use PXE? . . . . . . . . . . . . . . . . . . . . . .
PXE Services and Architecture . . . . . . . . . . .
How PXE Works . . . . . . . . . . . . . . . . . . . . .
Part 1: DHCP Request and PXE Discovery
Part 2: PXE Bootstrap . . . . . . . . . . . . . .
PXE Planning and Installation. . . . . . . . . . . .
Enabling PXE on Managed Computers . . .
Installing and Configuring DHCP. . . . . . .
How Many PXE Servers Do I Need?. . . . .
Number of Client Connections . . . . .
Network Speed. . . . . . . . . . . . . . . .
Physical Layout of your Network. . . .
Altiris Deployment Solution 6.8
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
46
46
47
48
49
49
50
51
51
51
51
51
51
4
PXE Request Routing.
Installing PXE Servers . . .
Configuring PXE Settings . . . .
PXE Settings . . . . . . . . . . . .
Shared vs. Local. . . . . . .
Session Timeout . . . . . . .
DHCP Server Options . . .
Boot Integrity Services . .
Boot Options . . . . . . . . . . . .
Shared vs. Local. . . . . . .
PXE Redirection . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
52
52
52
53
53
53
53
53
54
54
54
Part III: Using Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Chapter 9: Deployment Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Computers. . . . . . . . . . . . . . . . .
Jobs . . . . . . . . . . . . . . . . . . . . .
Creating Jobs and Tasks . . . . . . .
Context Menus (Right-click). . . . .
Find a Computer in the Database
Using Lab Builder . . . . . . . . . . .
Computer Import File . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
56
56
57
57
57
58
60
Part IV: Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Chapter 10: Securing Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Deployment Server Accounts . . . . . . . . . . . . . . . . . . . .
Service Account . . . . . . . . . . . . . . . . . . . . . . . . . .
Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . .
Deployment Share Read/Write Account . . . . . . . . . .
Deployment Administrator Accounts . . . . . . . . . . . . . . .
Role and Scope Based Security . . . . . . . . . . . . . . .
Deployment Console Security. . . . . . . . . . . . . . . . .
Manage By Exception . . . . . . . . . . . . . . . . . . . . . .
Rights and Permissions . . . . . . . . . . . . . . . . . . . . .
Grant Rights to Administrators . . . . . . . . . . . . .
Grant Permissions to Administrators . . . . . . . . .
Permission Rules . . . . . . . . . . . . . . . . . . . . . . . . .
Database Security . . . . . . . . . . . . . . . . . . . . . . . . . . .
Required Database Rights . . . . . . . . . . . . . . . . . . .
Rights Required to Install . . . . . . . . . . . . . . . .
Rights Required for the Services Account. . . . . .
Rights Required for Deployment Administrators .
Configuration of the Public Database Role . . . . .
Securing Communication. . . . . . . . . . . . . . . . . . . . . . .
Deployment Agent Authentication. . . . . . . . . . . . . .
Key Authentication . . . . . . . . . . . . . . . . . . . . .
Encrypted Communication and Agent Security . . . . .
Keyboard Locks in Automation . . . . . . . . . . . . . . . .
Appendix A: Remote Agent Installer Rights . . . . . . . . . .
Appendix B: Task Passwords . . . . . . . . . . . . . . . . . . . .
Appendix C: Managing Key-Based Agent Authentication .
Backing up the Server Private Key . . . . . . . . . . . . .
Enabling Key-based Authentication with Redirection .
Altiris Deployment Solution 6.8
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
163
164
165
165
166
167
167
167
168
168
168
168
168
169
169
171
173
173
174
174
174
176
176
177
177
178
178
179
5
Chapter 11: Capturing and Deploying Disk Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
What is a Disk Image? . . . . . . .
Imaging in Deployment Solution
How Imaging Works . . . . . . . . .
File Systems . . . . . . . . . . .
Partitions. . . . . . . . . . . . . .
Partition Size . . . . . . . .
Spanning Media . . . . . . . . .
Multicasting . . . . . . . . . . . .
How Multicasting Works
HTTP Imaging . . . . . . . . . .
Capturing Images. . . . . . . . . . .
Deploying Images . . . . . . . . . .
Post-Imaging Configuration . . . .
Managing Images . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
180
180
180
180
181
181
181
182
182
182
182
182
182
183
Chapter 12: Migrating Application Data and User Settings . . . . . . . . . . . . . . . . . . . . . 184
Chapter 13: Software Packaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Why Use Software Packaging? . . . . . . . . . .
Overview of the Software Packaging Process
Setting up a Reference Computer . . . . . . . . . . .
Accessing Wise SetupCapture . . . . . . . . . .
Capturing a Software Package . . . . . . . . . . . . .
What Can I Capture?. . . . . . . . . . . . . . . . .
The Capture Process . . . . . . . . . . . . . . . . .
Customizing a Software Package . . . . . . . . . . .
Distributing a Software Package . . . . . . . . . . . .
Appendix A: Migrating From RapidInstall . . . . . . . . .
Appendix B: Windows Installer Format Explained . . .
Advantages of Windows Installer . . . . . . . .
Appendix C: SetupCapture Guidelines . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
185
185
186
186
186
186
187
187
187
187
187
188
190
Chapter 14: Deploying Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Writing a Script . . . . . . . . . . . . . . . . . . . . .
Server Scripting Commands . . . . . . . . .
Retrieving Database Values Using Tokens
Running Scripts on the Server . . . . . . . .
Reporting Errors . . . . . . . . . . . . . . . . . . . . .
DOS/CMD Error Handling. . . . . . . . . . . .
Visual Basic Error Handling . . . . . . . . . .
Linux Shell Error Handling . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
193
193
194
195
195
196
197
198
Chapter 15: Creating an Image Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . 199
Why Use an Image Distribution Framework? . . . . . .
PXE Redirection . . . . . . . . . . . . . . . . . . . . . . . . . .
What if I Am Not Using PXE? . . . . . . . . . . .
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Distribution Framework . . . . . . . . . . . . .
Step One: Set Up Local Image Stores . . . . . . . .
Step Two: Replicate Images . . . . . . . . . . . . . .
Step Three: Configure the Server Lookup Utility.
Create a Configuration . . . . . . . . . . . . . . .
Create a Server Lookup File . . . . . . . . . . .
Altiris Deployment Solution 6.8
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
199
200
200
200
200
200
201
201
201
201
6
GetSRV.EXE Parameter Descriptions . . . . . . . . .
Step Four: Create a Boot Disk Creator Configuration
Modify Mapdrv.bat to call Getsrv.bat. . . . . . . . .
Deploy the Boot Configuration . . . . . . . . . . . . .
Step Five: Distribute an Image . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
202
202
203
203
203
Chapter 16: Deploying and Managing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Server Management Features . . . .
Server Deployment Options . . . . . .
Managing Server Blades . . . . .
Managing New Server Blades . .
Hewlett-Packard Server Blades
Virtual Bays . . . . . . . . . . . . .
Dell Server Blades . . . . . . . . .
Fujitsu-Siemens Server Blades .
IBM Server Blades . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
204
205
206
207
207
208
208
209
209
Part V: Operating System and Platform Reference . . . . . . . . . . . . . . . . 210
Chapter 17: 64-bit Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
64-bit Job Conditions and Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
64-bit PXE Boot Images & Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Adding Files to a Boot Disk Creator Configuration for 64-bit. . . . . . . . . . . . . . . . . . . . . . . . . 211
Chapter 18: Linux and Unix Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
ADLAgent . . . . . . . . . . . . . . . . . . . . . .
Installing and Configuring ADLAgent .
Distributing Software . . . . . . . . . . . . . .
Imaging Linux and Unix Filesystems . . . .
Linux Bootloaders. . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
212
212
212
212
213
Chapter 19: Managing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Supported Thin Client Manufacturers
Thin Client Operating Systems . . . . .
Windows XP Embedded (XPe) . .
The Enhanced Write Filter . .
Using the EWFMGR Utility . .
Windows CE .NET . . . . . . . . . . .
Linux . . . . . . . . . . . . . . . . . . .
Licensing Thin Clients . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
215
215
215
216
217
218
218
218
Part VI: Reference: Deployment Solution Help Files . . . . . . . . . . . . . . . 219
Part VII: Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Part VIII: Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Chapter 20: Command-Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Job Utilities. . . . . . . . . .
Job Export Utility . . .
Job Import Utility . . .
Create Job Utility . . .
Schedule Job Utility .
Altiris Deployment Solution 6.8
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
373
373
374
375
377
7
Import Computer Utility . . . . . . . . . . . . . . . . . . . . . . .
axengine.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . .
Aclient.exe Command-line Switches . . . . . . . . . . . . . . .
Aclient.inp Parameters . . . . . . . . . . . . . . . . . . . . . . . .
ADLAgent.config Parameters . . . . . . . . . . . . . . . . . . . . . . .
AClient.config Parameters . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment Agent for DOS Command-line Switches . . . . . . .
Bootwork.exe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment Agent for DOS Install (Bwinst.exe) Switches
Keyboard and Screen Lock Utility (Kbdsclk) Switches . . .
Deployment Server Install Switches . . . . . . . . . . . . . . . . . .
Silent Install Options. . . . . . . . . . . . . . . . . . . . . . . . . .
Simple Install Entries . . . . . . . . . . . . . . . . . . . . . .
Custom Install Entries . . . . . . . . . . . . . . . . . . . . . .
Add Component Entries . . . . . . . . . . . . . . . . . . . . .
Client BIOS Settings for Wake-On LAN and PXE . . . . . . . . . .
Command-line Switches for the Pocket PC Agent . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
378
378
379
379
380
383
387
399
399
401
403
406
406
407
408
410
411
411
Appendix A: Tokens: Dynamic Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Finding the Right Token Value . . . . . . .
Creating Unique Files Using Tokens. . . .
Tokens . . . . . . . . . . . . . . . . . . . .
Token Replacement Template Files .
Template File Rules. . . . . . . . .
The Token Replacement Process . . . . . .
Custom Tokens. . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
415
416
416
416
417
417
418
Appendix B: Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
General Error Messages . . . . .
Client Error Messages . . . . . . .
Communication Error Messages
Critical Error Messages . . .
Memory Error Messages . . . . .
Partition Error Messages . . . . .
Installer Return Codes . . . . . .
SVS Return Codes . . . . . . . . .
SVS Import Return Codes . . . .
SVS Export Return Codes . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
421
423
424
424
426
427
428
433
436
438
Appendix C: System Jobs for Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Imaging . . . . . . . . . . . . . . . . . . . . . . . .
Create Disk Image . . . . . . . . . . . . . .
Distribute Disk Image . . . . . . . . . . . .
Simple Tests . . . . . . . . . . . . . . . . . . . . .
DIR Command at DOS . . . . . . . . . . .
DIR Command at Windows . . . . . . . .
Distribute RapidInstall Package . . . . .
Migrations . . . . . . . . . . . . . . . . . . . . . . .
Capture User Application Settings. . . .
Capture User Desktop Settings. . . . . .
Capture User Microsoft Office Settings
Capture User Printer Settings. . . . . . .
Misc Jobs. . . . . . . . . . . . . . . . . . . . . . . .
Altiris Deployment Solution 6.8
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
441
441
441
441
441
441
442
442
442
442
443
443
443
8
Install Office XP from Mapped Drive . . . . . . . . .
Install Office XP from UNC Source . . . . . . . . . .
SQL 2000 Unattended Install . . . . . . . . . . . . . .
SQL 2000 Unattended Install Using a RIP . . . . .
Copy WLogevent to Client . . . . . . . . . . . . . . . .
Install MSI 2.0 Runtime. . . . . . . . . . . . . . . . . .
Repair Office XP . . . . . . . . . . . . . . . . . . . . . . .
Restart Computer . . . . . . . . . . . . . . . . . . . . . .
Shutdown Computer . . . . . . . . . . . . . . . . . . . .
Start SQL Server Service. . . . . . . . . . . . . . . . .
Stop SQL Server Service . . . . . . . . . . . . . . . . .
Uninstall Office XP . . . . . . . . . . . . . . . . . . . . .
Wake up Computer . . . . . . . . . . . . . . . . . . . . .
Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distribute Software. . . . . . . . . . . . . . . . . . . . .
Install Altiris Pocket PC Agent . . . . . . . . . . . . .
Scripted OS Installs . . . . . . . . . . . . . . . . . . . . . . .
Create W2K Install Disk Image (Target HD). . . .
W2K Scripted Install (Target HD) . . . . . . . . . . .
Create RH7 Install Disk Image (Network) . . . . .
Create RH7 Install Disk Image (Target HD) . . . .
RH7 Scripted Install (Network). . . . . . . . . . . . .
RH7 Scripted Install (Target HD) . . . . . . . . . . .
Create RH8 Install Disk Image (Network) . . . . .
RH8 Scripted Install (Network). . . . . . . . . . . . .
Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Send Email if Disk Space Low (Linux) . . . . . . . .
Logevent Script (Linux) . . . . . . . . . . . . . . . . . .
Restart HTTPD Service (Linux) . . . . . . . . . . . . .
Move Computer to Default Container (Windows)
Move Computer to Specific OU (Windows) . . . . .
Send Error Email (Windows) . . . . . . . . . . . . . .
Server-side Embedded VBScript (Windows) . . . .
WLogevent CMD Script (Windows) . . . . . . . . . .
WLogevent VB Script (Windows) . . . . . . . . . . .
XP Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disable Enhanced Write Filter. . . . . . . . . . . . . .
Enable Enhanced Write Filter . . . . . . . . . . . . . .
Distribute RapidInstall Package . . . . . . . . . . . .
Agent Update. . . . . . . . . . . . . . . . . . . . . . . . . . . .
SVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
444
444
445
445
446
446
446
446
446
447
447
447
447
447
448
448
448
448
450
451
452
452
453
454
454
455
455
456
456
456
456
457
457
457
458
458
458
458
458
459
459
Appendix D: Network Ports Used by Deployment Solution. . . . . . . . . . . . . . . . . . . . . . 460
PXE MTFTP . . . . . . . . . . . . . . . . . . . . .
PXE Manager and PXECfg Service . . . . . .
Deployment Web Console (Web Console)
DB Management (Middle Man) . . . . . . . .
Deployment Server. . . . . . . . . . . . . . . .
Deployment Console (Win32 Console). . .
Deployment Agent on Windows (AClient)
Deployment Agent on Linux . . . . . . . . . .
Client/Server File Transfer Port . . . . . . .
RapiDeploy Ports . . . . . . . . . . . . . . . . .
Altiris Deployment Solution 6.8
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
461
461
462
463
463
464
464
465
465
466
9
Appendix E: Deployment Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Appendix F: Windows Registry Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Accessing Registry Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Keys in the Options Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Key in the Security Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Appendix G: Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Appendix H: Managing Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
LAN Switch Support List . . . . . . . . . . . . . . . . . . . .
Using Deployment Solution Switch Add-On . . . . . . .
Adding a Switch Device . . . . . . . . . . . . . . . . . .
Discovering a Device. . . . . . . . . . . . . . . . . . . .
Deleting a Device . . . . . . . . . . . . . . . . . . . . . .
Viewing and Setting Device Properties . . . . . . .
Setting the VLAN for a Switch Port . . . . . . . . . .
Assigning Connectivity to a Switch Port . . . . . . .
Command-line Parameters . . . . . . . . . . . . . . .
GUI Tools . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment Solution Switch Add-On (Command Line
Command-line Examples . . . . . . . . . . . . . . . . .
.......
.......
.......
.......
.......
.......
.......
.......
.......
.......
Options)
.......
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
480
480
481
482
482
482
482
483
484
484
485
486
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Altiris Deployment Solution 6.8
10
Part I
Planning and Installing Your
Deployment System
Altiris® Deployment Solution™ software is designed to meet deployment, management,
and migration needs for small, medium and large organizations with diverse topologies
and varying computer management requirements. This section provides steps for
installing Deployment Solution components, but also includes system architecture
details and discusses planning strategies to install and optimize your Deployment
Solution system.
Altiris Deployment Solution 6.8
11
Chapter 1
About Altiris® Deployment Solution™ Software
Why Use Deployment Solution?
Deployment Solution provides a suite of tools to quickly install operating systems and
software. Deployment Solution leverages a number of Altiris technologies to provide
extensive management capabilities:
Altiris Technology
Description
RapiDeploy Imaging
Capture and deploy computer images using PXE,
DVDs, CDs, or USB drives.
Scripted OS Installation and
Sysprep Integration
Perform automated scripted operating system
installations using sysprep.
PC Transplant Personality
Migration
Migration of user data and application settings to
new hardware and operating systems.
Software Virtualization and
Software Distribution
Deploy, activate, and manage SVS layers, and
install other software packages.
Wise Package Studio and Wise
SetupCapture
Build and capture custom installation packages
using the latest Windows Installer technology.
Script deployment engine
Remotely execute Visual basic and Linux shell
scripts.
In addition, the following technologies are integrated with the features of Deployment
Server to provide comprehensive deployment and migration:
Deployment Server Feature
Description
Task-sequencer
Management tasks provided by Deployment
Server can be grouped and executed in order,
enabling you to perform complex management
operations in a single job.
Computer groups
Computers can be organized into multiple groups
to simplify job deployment. Drag and drop a
computer group onto a job and the job runs on all
computers in the group.
Dynamic insertion of database
values (tokens)
Scripts, sysprep configuration files, and other
values can use tokens to retrieve database values
at run time.
Computer discovery
Quickly install the Deployment Agent on large
numbers of Windows computers using the
Remote Agent Installer.
Altiris Deployment Solution 6.8
12
Deployment Server Feature
Description
Inventory
Managed computers are inventoried for software
and hardware, and conditions and filters can be
created based on this inventory. For example, a
distribute software task could check the operating
system and distribute the correct software
version.
Extensive supported platforms
Support for 32- and 64-bit architecture, servers,
blades, thin clients, and Itanium, running
Windows and Linux operating systems.
Power control, Wake-on-lan
Managed computers can be started or shutdown
remotely.
How Deployment Solution Works
Architecture
Before installation, you should become familiar with the different components of a
Deployment System and how these components interact. The following diagram
provides an overview of the Deployment System components:
Altiris Deployment Solution 6.8
13
Depending on the needs of your environment, multiple Deployment System components
can be installed on the same computer. A single dedicated server could host your
Deployment Server, Share, Database, Management Consoles, and PXE Server.
Deployment Server
The central component of a Deployment System, Deployment Server manages the
Deployment database, manages communication between the different components, and
schedules jobs to run on managed computers.
Deployment Database
The Deployment database provides the back-end datastore, and stores details about the
computers, groups, and jobs in your Deployment System. Most of the time, you do not
need to interact directly with the database.
Deployment Share
The Deployment Share stores all files, such as installation programs, disk images, and
SVS layers, that you want accessible to managed computers.
This share can reside on your Deployment Server or on another computer, and is often
replicated to different locations to provide better access, especially in distributed
networks or when sharing large files.
Altiris Deployment Solution 6.8
14
Management Consoles
Deployment Solution provides three management consoles:
z
Deployment Console: A Windows application that provides complete access to
Deployment System administration.
z
Deployment Web Console: A Web application that provides browser-based
administration. This console can be executed remotely using any web browser, and
has built-in tools to manage multiple Deployment Servers.
z
Deployment Tab in the Altiris Console: This interface is integrated into the Altiris
Console to provide integrated management with other Altiris Solutions. Its features
are the same as the Deployment Web Console.
Automation Tools
Automation is to the pre-boot environment loaded by Deployment Server to perform
tasks which need to happen outside of the normal operating system. If you have ever
used a disk imaging utility, or booted a computer using an installation CD, you are
probably familiar with running computers in a similar environment.
Deployment Solution provides several tools to boot computers to this environment and
supports several automation operating systems.
Deployment Agent
This agent runs on managed computers to report inventory, run software and scripts,
perform power control, and boot the computer into automation.
A Remote Agent Installer is provided to quickly install the agent on multiple Windows
computers. Linux computers can install the agent using startup scripts and other
automated processes.
Altiris Deployment Solution 6.8
15
Chapter 2
Deployment System Installation
A company with 1000 or fewer managed computers typically installs all Deployment
System components on a single, dedicated computer. Then, depending on the number of
clients and remote locations, additional PXE servers and file shares are added.
The following diagram contains an example of this configuration:
In this configuration, all managed computers connect to the Deployment Server located
at headquarters to report inventory and receive job assignments. This allows computers
to be grouped across your organization regardless of their physical location.
When imaging, jobs can be assigned at headquarters, then computers can receive boot
images from a local PXE server and access disk images on a local file share. This can
greatly reducing the strain on your link to headquarters while still providing central
management. Software installations and SVS archives can be stored and accessed
locally as well.
Altiris Deployment Solution 6.8
16
For example, all computers belonging to developers can be grouped accordingly. You can
then assign a software installation job to the developers group and development
computers at each location receive the software.
Other Configurations
Some companies use a similar configuration with the Deployment Database hosted on a
central SQL server. Larger organizations with thousands of computers might install
multiple, independent Deployment Systems at different locations.
Since the Deployment Share and PXE server components do not typically consume many
resources, they are usually left on the Deployment Server computer regardless of the
configuration you choose.
Server Requirements
z
At least one dedicated server-class computer to host your Deployment Server,
Deployment Share, Deployment database, and PXE server. Additional computers
can be added to host any components you want to offload.
z
The computer hosting your Deployment Server needs a dedicated IP address.
z
Deployment Server is supported on Windows 2003 and 2000 Server operating
systems.
See the release notes for specific versions and service pack information.
Database Requirements
z
The Deployment Database requires Microsoft SQL Server 2000 SP3 or 2005, running
on a Windows 2000 or 2003 computer.
Installing the Deployment Database on the same computer as your Deployment Server
provides increased performance, but is not required.
See the release notes for specific versions and service pack information.
Agent Requirements
The Deployment Agent requires network connectivity and around 5 MB of disk space,
and is available for Windows, Linux, and Unix.
See the release notes for specific versions and service pack information.
Preparing to Install
This sections lists the tasks you need to complete before you install Deployment
Solution.
z
Step 1: Create a Services Account (page 18)
z
Step 2: Get Access to Install an SQL Server Database (page 19)
z
Step 3: Gather Automation Operating System Install Files (page 21)
z
Step 4: Obtain a License File (page 22)
z
Step 5: Install .NET and MDAC (page 22)
z
Step 6: Start IIS (page 22)
Altiris Deployment Solution 6.8
17
Step 1: Create a Services Account
Create the account you want to use to run the services and connect to the database. For
security reasons, we don’t recommend using an existing administrator account which
might posses rights beyond those needed by Deployment Server. If using a domain-level
account, the account should not be part of a group, and should not posses interactive
login privileges.
If your Deployment Database, Server, and Share will be installed on the same computer,
create a local account on that computer.
If your Deployment Database or Share will be on a different computer than your
Deployment Server, create a domain-level account, or create local accounts with the
same credentials on each computer hosting a Deployment Solution component.
Example:
If your SQL Server is on another computer and you are not using a domain-level
account, create a local account with the same credentials on your SQL Server computer.
The same thing applies if your Deployment Share is going to be hosted on another
computer.
To Create A Services Account:
1.
On each computer where you will be hosting a Deployment System component, click
Start > Administrative Tools > Computer Management.
2.
Browse to Local Users and Groups, and add a new User:
The process for creating domain-level accounts is similar. This is the only account that
needs to be created before you install.
Altiris Deployment Solution 6.8
18
Step 2: Get Access to Install an SQL Server Database
During installation, Deployment Solution creates a new SQL Server database. To do this,
the services account you created in the previous section must be granted rights to
create new databases on your SQL Server.
Database create rights can be granted temporarily, then revoked after the database is
created, though this account must retain ownership rights to the database after
installation.
1.
Open Enterprise Manager and connect to your SQL Server.
2.
Browse to Security > Logins:
Altiris Deployment Solution 6.8
19
3.
Altiris Deployment Solution 6.8
Add a new login, and provide the services account you created in the previous
section:
20
4.
Click the Server Roles tab, and enable Database Creators:
5.
Click OK and verify that the login was added.
MSDE Database Engine
Optionally, in smaller installations, you can use the MSDE database engine instead of
SQL Server. This is typically not recommended due to the lack of database management
tools.
If you decide to use MSDE, we recommend downloading the version provided by Altiris
at http://www.solutionsam.com/Solutions/6_0/MSDE2000sp3a.exe. This version is
usable by Deployment Solution immediately after installation and requires no additional
configuration on your part. MSDE must be installed on the same computer as the
Deployment Server component.
Step 3: Gather Automation Operating System Install Files
If you are ready to install an automation operating system, this can be done when you
install Deployment Solution. If you are new to Deployment Solution and are unfamiliar
with automation, we recommend skipping this step and installing automation operating
systems later.
Altiris Deployment Solution 6.8
21
Step 4: Obtain a License File
For evaluation, you can use the integrated 7-day license, or you can use the 30-day 10node trial license that is sent automatically when the software is downloaded. If you
have purchased a license, you need to have the .lic license file available during
installation.
Step 5: Install .NET and MDAC
Your Deployment Server computer requires .NET 1.1 and MDAC v2.7 SP1 or later. This
software is available on the Microsoft download site.
Step 6: Start IIS
If IIS is running during the Deployment Solution installation, the Deployment Web
Console is installed automatically.
Installing
After you have completed the steps outlined in Preparing to Install (page 17), launch
setup.exe. If you need clarification during any of the installation steps, click Help.
After Deployment Solution is installed, you have the option of enabling sysprep support
and remotely installing the Deployment Agent.
Simple or Custom Install?
If you plan to install your Deployment Server, Database, and Share on the C:\ drive of
the same computer, select the Simple install. Otherwise, select Custom.
Simple Install
z
Installs to C:\.
z
Installs each of the each of the Deployment System components (with the exception
of the Deployment Agent) on the computer where the install was launched.
z
Lets you to install a single automation operating system (more can be added later).
Custom Install
z
Installs to a drive other than C:\.
z
Lets you select a computer other than the computer the install was launched from to
install each Deployment System component. If you select to do this, certain values
regarding the installation are stored in the local Windows registry. This simplifies
adding components or installing add-ons such as the Altiris packaged WinPE.
z
Lets you select a custom name and instance for the Deployment Database.
z
Lets you select a different computer to host the Deployment Share. If you plan on
doing this, you must create the share and grant the account you created in Step 1:
Create a Services Account (page 18) full control before installation.
z
Lets you install multiple automation operating systems (more can be added later).
Altiris Deployment Solution 6.8
22
Enable Microsoft Syprep Support
If you plan on using Sysprep, provide the location of the deploy.cab file for the operating
systems for which you want to enable Sysprep. These are located on your Windows
installation CDs.
This can be done later by running setup.exe and selecting Component Install.
Remotely Install Deployment Agent
After the installation completes, you have the option of Remotely installing the
Deployment Agent.
Unless you are familiar with Deployment Solution and the Remote Agent Installer, we
recommend you do not install the Agent at this time. A full discussion of Deployment
Agent Rollout is contained in Deployment Agent Installation (page 52).
Post-Installation Configuration
This section contains the tasks you should perform after installation to complete the set
up of your Deployment System:
z
Step 1: Create Domain Join and Deployment Share Accounts (page 23)
z
Step 2: Configure Your Deployment System (page 24)
z
Step 3: Install the Deployment Agent (page 27)
z
Step 4: Configure Automation (page 28)
z
Step 5: Configure PXE Server (page 28)
Step 1: Create Domain Join and Deployment Share Accounts
After installation, we recommend creating some additional accounts. These accounts are
different than the accounts used by the people who are going to manage computers.
These accounts are not tied to users, and should not possess interactive login or any
rights beyond what is recommended here.
The domain join account is used to join or re-join computers to a domain after imaging
or initial deployment. The Deployment Share read/write account is used to access this
share from the automation environment.
Domain Join Accounts
Create a separate domain-level account for each domain in which you
manage computers, granting the rights recommended in the following
table:
Rights
Description
Domain
Grant privileges to add computer to domain.
Altiris Deployment Solution 6.8
23
Deployment Share Read/Write Account
Create this account on the computer hosting your Deployment Share,
granting the rights in the following table:
Rights
Description
File System
Grant read/write privileges to your Deployment share.
Step 2: Configure Your Deployment System
The majority of tasks you perform in your Deployment System use the Deployment
Console.
To open the Deployment Console:
1.
Click Start > Programs > Altiris > Deployment Solution > Console.
Add Your Domain Join Accounts
If you are using accounts to join computers to a domain you need to provide the account
credentials.
1.
Altiris Deployment Solution 6.8
In the Deployment Console, click Tools > Options > Domain Accounts.
24
2.
Provide the accounts you created in Step 1: Create Domain Join and Deployment
Share Accounts (page 23).
Enable Security and Add Administrators
By default, the Deployment Console can be used on your Deployment Server by any
user who possesses rights to log in and run applications. This works well in situations
where you already have policies in place to control server access, and you have a group
of administrators who will have full access to deployment functionality.
If you want to provide more granular access to configuration options, jobs, and
computers, you can enable security.
To Enable Security:
You must add at least one user or group to enable security.
1.
In the Deployment Console, click Tools > Security.
2.
Add a new user or group. We recommend clicking AD Import and importing Active
Directory groups, as this simplifies rights management. The first user or group
added is granted administrator rights. Each additional user or group after the first
are granted no rights and must be assigned rights explicitly.
3.
Security is automatically enabled after a user or group is added.
Additional users or groups can be added using this same method.
Altiris Deployment Solution 6.8
25
Grant Console Rights to Administrators
1.
In the Deployment Console, click Tools > Security.
2.
Select a user or Group and click Rights.
3.
Enable the rights you want granted. For a more complete discussion, see Securing
Deployment Solution (page 163).
Grant Database Rights to Administrators
Each Administrator with console access must be granted public rights to your
Deployment Database. The best way to do this is by assigning public access to the
Active Directory groups containing your Deployment administrators.
This prevents you from manually granting this access to individual administrators as
they are added or removed from Deployment management responsibilities.
1.
Open Enterprise Manager and connect to your SQL Server.
2.
Browse to Security > Logins.
3.
Add each user or group that will manage computers using Deployment Solution.
4.
For each user or group, on the Database Access tab, grant the public role for the
eXpress database:
See Securing Deployment Solution (page 163) for additional security options and for an
overview of the role and scope-based security integrated in Deployment Solution.
Altiris Deployment Solution 6.8
26
Configure the Public Database Role
If your SQL Server has non-standard restrictions on the Public role, Altiris provides a
tool to correctly configure this role for the Deployment Database. We recommend
performing this procedure if you have security enabled.
1.
On your Deployment Sever computer, browse to C:\Program
Files\Altiris\eXpress\Deployment Server\TechSup\Windows.
2.
Launch the DSDBSecurity.exe utility.
3.
Provide the name of your database server, and optionally, provide SQL
authentication credentials.
4.
Click Connect.
5.
After connection, click Set Role Permissions. A dialog box displays confirming that
the role permissions have been set:
Configure Deployment Server
The Deployment Server Configuration Utility lets you configure advanced settings for the
Deployment Server component.
You can stop, start, or restart the Deployment Server services, update the services
account, and configure additional options. You do not need to perform any configuration
at this time, though you should become aware of the configuration options provided.
To Open the Deployment Server Configuration Utility:
1.
Click Start > Programs > Altiris > Deployment Solution > Configuration.
Step 3: Install the Deployment Agent
The Deployment Agent needs to be installed on all computers you want to manage using
Deployment Solution.
See Deployment Agent Installation (page 29).
Altiris Deployment Solution 6.8
27
Step 4: Configure Automation
If you plan on imaging computers or deploying computers using scripted installs you
need to configure your automation environment.
See Booting Computers to Automation (page 32).
Step 5: Configure PXE Server
Preboot Execution Environment (PXE) is an open industry standard which enables
computers to boot remotely using a network card.
To learn more about PXE and to find out if you can leverage PXE in your environment,
see Setting Up PXE Server (page 46).
What Should I Do Next?
After your Deployment System is set up and you are familiar with the basics, the Best
Practices section contains a number of topics which provide details on the specific
computer management features of Deployment Solution:
z
Capturing and Deploying Disk Images (page 180)
z
Hardware Independent Imaging (page 167)
z
Scripted Installs and Sysprep (page 161)
z
Software Packaging (page 185)
z
Deploying Scripts (page 192)
Altiris Deployment Solution 6.8
28
Chapter 3
Deployment Agent Installation
The Deployment Agent runs on managed computers to perform local management tasks
as directed by Deployment Server. Some of these tasks include:
z
Software installations
z
SVS layer management
z
Script execution
z
Remote control
z
Inventory and configuration
If you plan on doing more than computer imaging or scripted installations, you should
install the Deployment Agent on managed computers. Without installing the Deployment
Agent, you can still boot computers to automation using PXE, embedded partitions, or
boot media to perform some tasks without installing the Deployment Agent.
The Agent simplifies these tasks by automatically restarting the computer and
controlling when to boot the embedded partition, but it is not required.
About the Deployment Agent
The Deployment Agent can be installed in the production environment of all the
computers you want to manage. Additionally, the Deployment Agent is automatically
included in each of the automation boot configurations you create using PXE,
automation partitions, or boot media.
There are two versions of the Deloyment Agent:
z
AClient - Windows
z
ADLAgent - Linux, Unix, Solaris
References in this document to the Deployment Agent refer to both versions; references
to AClient or ADLAgent refer to the specific executable.
Installing the Agent
There are two standard methods to install the Deployment Agent on multiple
computers:
z
Using the Remote Agent Installer (Windows Only) (page 29)
z
Using a Script, E-Mail Link, or Manual Installation (All Platforms) (page 30)
Using the Remote Agent Installer (Windows Only)
Pros: Browse your network to quickly select computers, monitor installation status in
real time, retry failed installations.
Cons: Requires Local User rights on each computer.
Altiris Deployment Solution 6.8
29
Step 1: Get Local User Rights (admin$ Share)
To initially install the Agent on managed computers, you need an account with Local
User rights. You only need access to this account when performing the one-time Agent
installation, so either use your domain administrator, a domain account with local user
rights, or any other account with local rights. After the agent is deployed, you no longer
need access to this account.
To determine whether you have sufficent rights, browse to:
\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the
Deployment Agent. If you can access this share you have sufficent rights.
Step 2: Run the Remote Agent Installer
In the Deployment Console, click Tools > Remote Agent Installer. If you need
clarification during any of the installation steps, click Help.
Using a Script, E-Mail Link, or Manual Installation (All
Platforms)
Pros: You do not need Local User rights to install if you have individual logged-in users
initiate the install, works for Linux and Unix computers.
Cons: Not as automated as the Remote Agent Installer, troubleshooting will likely
require direct intervention.
The remaining installation methods are grouped together because they do essentially
the same thing: Execute the Agent installation while providing a configuration file for a
silent install.
Step 1: Provide Users Access to the Agent
Installation Program
The Agent installation programs are stored in the Agents folder on your Deployment
Share. Copy this file to a location where your users will have access.
For security purposes, we do not recommend granting any users direct rights to your
Deployment Share, especially if you are storing software or computer images on this
share.
Tip:
If you are managing 32- and 64-bit computers, you can install the 32-bit agent on both
hardware types. After connecting, the 64-bit computers will automatically update to the
64-bit version.
Step 2: Create the Input File for a Silent Install
To configure new computers using a silent install, you can specify an input file containg
configuration settings.
Windows computers installing Aclient use aclient.inp file. Linux and Unix computers
installing ADLAgent use adlagent.conf. Details on the options are contained within each
file, and are also described in Command-Line Switches (page 373).
Altiris Deployment Solution 6.8
30
When modifying adlagent.conf, make sure you use a text editor that properly handles
Unix-format line endings.
Configure each file and place a copy with the Agent installation program.
Optionally, for Windows computers, you can use the Force Deployment Agent Settings
on New Computers feature to reduce the amount of configuration you need to perform in
the input file. When this is enabled, the Agent receives global settings you have
specified when it connects for the first time.
To Force Agent Settings on New Computers:
1.
In the Deployment Console, click Tools > Options.
2.
Click the Agent Settings Tab and check Force new agents to take thise default
settings.
3.
Click the Change Default Settings button to define default settings.
Step 3: Run the Installation Program
On each computer, you need to run a command similar to the following:
\\myshare\AClient.exe aclient.inp -install
or
./adlagent
To run this, you could:
z
Have users copy and paste it into the Windows run dialog, or send the link in an email message.
z
Place it in a startup script
z
Execute it remotely using Telnet or SSH
Agent Auto Update
The Deployment Agent has the ability to update itself to a newer version automatically,
and is set to update computers in batches to prevent network overload. This greatly
reduces the effort required when upgrading.
See the Release Notes for specific information on Agent upgrades.
Troubleshooting
See the following article on the Altiris KnowledgeBase:
18248
Remote Agent Installer Fails for AClient
Additional articles can be found by searching the KnowledgeBase.
Altiris Deployment Solution 6.8
31
Part II
Booting Computers to Automation
Deployment Solution has the ability to perform work on computers before the normal
operating system loads. To do this, a managed computer is booted into an environment
where it can communicate with your Deployment Server to perform tasks.
This preboot environment is called automation. In order to perform image capture and
deployment, scripted installs, or execute certain scripts, you must implement a way to
boot computers into this environment.
This section provides the information you need to configure a boot method, including
PXE, and select an operating environment for automation tasks.
Altiris Deployment Solution 6.8
32
Chapter 4
What is Automation?
Deployment Solution uses two modes to manage computers:
Automation
Automation is to the pre-boot environment loaded by
Deployment Server to perform tasks which need to
happen outside of the normal operating system.
If you have ever used a disk imaging utility, or booted a
computer using an installation CD, you are probably
familiar with running computers in a similar
environment.
Production
The normal operating system of the computer.
Production tasks include software installation and
personality capture.
Several of the tasks you perform to manage your network can be completed in the
production environment. However, other tasks, primarily imaging, must be performed
before the operating system boots. In Deployment Solution, this pre-boot environment
is called the automation environment, or booting into “automation mode”.
The following table contains a list of Deployment Solution tasks and the environment in
which they execute:
Production Tasks
Automation Tasks
Distribute Software
Create Disk Image
Capture Personality
Distribute Disk Image
Distribute Personality
Scripted OS Install
Get Inventory
Run script
SVS
Copy File to
Modify Configuration
Power Control
Run script
In order to manage computers in automation, you must select a method to boot
computers to automation, then decide which operating to use in the automation
environment.
Deployment Solution provides support for a broad range of boot methods and
automation operating systems; this section helps you decide which works best for your
environment.
In order to set up automation, you must make the following decisions:
z
Altiris Deployment Solution 6.8
Which Automation Boot Method Should I Use? (page 35)
33
z
Altiris Deployment Solution 6.8
Which Automation Operating System Should I Use? (page 38)
34
Chapter 5
Automation Boot Methods
Which Automation Boot Method Should I Use?
Deployment Solution supports a broad range of methods to boot computers into the
automation pre-boot environment: PXE, automation partitions, or boot media (CD/DVD,
USB device, or floppy).
This section provides an overview of the available boot methods to help you select the
method that works best for your environment, and contains the following:
z
PXE (page 35)
z
Automation Partitions (page 36)
z
Boot Media (DVD/CD, USB Device, Floppy) (page 36)
PXE
Pre-boot Execution Environment (PXE) is an industry standard developed to boot
computers using a network card. PXE can boot computers regardless of the disk
configuration or operating system installed, and doesn’t require any files or
configuration settings on a client. After PXE boot is turned on in the BIOS, a computer
can communicate with your DS PXE server to receive automation jobs.
PXE provides a number of advantages, especially when you are using the initial
deployment features of DS, which enables you to remotely deploy an image to a
computer which has no software installed.
Example: the receiving department of your company could have PXE enabled on their
subnet. When a new computer arrives, a technician could quickly unpack and plug the
computer into the network, and possibly enable PXE boot if it was not enabled by the
manufacturer.
When this unknown computer contacts the Deployment Server, it is assigned an initial
deployment job, which could image the computer with the corporate standard image,
install additional packages, then power off the computer. The computer is now ready for
delivery with minimal effort.
PXE also provides an advantage if you need to use multiple automation OSs in your
environment. Since the image containing the automation OS is downloaded when a task
is executed, different OS environments can easily be assigned to different tasks.
At the same time however, this can be a disadvantage if you are using an OS with a
large footprint, such as Windows PE, since the entire image must be downloaded each
time you run an automation task. If you often run automation jobs, especially on several
computers simultaneously, embedding the automation OS on the disk is faster and
significantly reduces network traffic.
It is also possible to use PXE for initial deployment, then install an automation partition
as part of the deployment. In this case, you could use the initial deployment features of
PXE for arriving computers, then install an automation partition in case you need access
to automation at a later time.
Altiris Deployment Solution 6.8
35
This configuration does not require PXE in your general network environment, but still
provides access to the automation environment without physical access.
When using the DOS automation environment, PXE provides an additional advantage:
multicast boot. This enables your PXE server to simultaneously boot up to 100
computers in a single session to perform automation work.
Although multicast imaging is supported in WinPE and Linux, multicast PXE booting is
not provided in WinPE and is not supported in Linux. That means that after each
computer has booted to automation, an imaging task can be multicast, but you cannot
use multicast to boot these computers.
Automation Partitions
An automation partition is a sector of your hard disk drive partitioned and managed by
DS. This partition contains the automation operating system and the files needed to
contact your Deployment Server, and must be present on each managed computer.
The biggest advantage to an embedded partition is that it does not require PXE, yet it
still enables you to boot into automation remotely. The biggest disadvantages to
embedded partitions are that they consume space on the drive, they require an existing
partition on the drive, and they must be manually installed from a disk on Linux and
Unix OSs.
Another drawback, depending on your configuration, might be the fact that only one
automation OS can be installed to a managed computer that is using an automation
partition. If you have tools that are supported only in DOS, this might limit you to DOS
for all automation tasks on a particular managed computer.
Automation partitions have an additional advantage in some configurations. Optionally,
you can create a different type of automation partition, called a hidden partition, to store
an image (or other files) locally.
This provides advantages in environments where computers need to be re-imaged often
or in environments where there is limited bandwidth or network connectivity. Since the
image is stored locally, the time needed to create and restore images is greatly reduced
and network traffic is significantly reduced as well.
Boot Media (DVD/CD, USB Device, Floppy)
Generally, the biggest drawback to boot media is that it forces you to physically access
the managed computer. However, if you are managing smaller numbers of computers or
do not plan to access the automation environment often, it might be a good choice. Also,
if you have employees with the ability and access to boot their own computers using
disks you provide, this could also be a good solution.
Boot media has some configuration limitations though. Deployment Solution is designed
to manage computers remotely, even in the automation mode, and several tasks and
jobs require access to both the production operating system and the automation
environment.
Example:
An imaging operation first captures configuration details from the production operating
system before booting to automation to capture the image. After imaging, this
configuration is restored.
Because of this, it is often difficult to schedule a job, then coordinate booting the
managed computer to the right environment at the right time. If you assign a job which
Altiris Deployment Solution 6.8
36
requires booting into automation mode, the boot disk must be present at the right time
to boot automation. If a complex job requires access to the production environment
during this time, the BIOS will most likely continue to boot to automation until the boot
media is removed. If this job, or a subsequent job, requires automation access again,
the boot media must be re-inserted.
To avoid these issues, some customers load the automation operating system, the
RapiDeploy imaging executable, and the image on bootable physical media. They then
boot a computer, execute the necessary commands, then provide the required image
files. In this circumstance, the remote management capabilities of Deployment Server
are not being used, so the process is more manual, but it does not require network
access.
This works especially well when managing thin clients or other computers where all
necessary files can fit on a single disk or USB device.
Altiris Deployment Solution 6.8
37
Chapter 6
Automation Operating Systems
Which Automation Operating System Should I Use?
After you have selected a method to boot computers into automation, you need to
decide which operating system you want to use. In the past, MS DOS was the only
supported option. Deployment Solution now supports Windows PE, Linux, MS DOS, and
FreeDOS.
This section provides an overview of the available automation OSs so you can find an
environment (or environments) that suit your needs.
An important thing to note is that the automation environment you use is not
constrained by the production OS on the computer. All of the DS automation tools
support these OSs, so you can perform DS automation tasks in any OS (Linux
computers can be imaged from DOS, Windows computers can be imaged from Linux,
and so on).
You might even use two automation OSs for different tasks within the same job.
Example: you might use a vendor-supplied tool to perform a BIOS update in DOS, then
boot to Windows PE or Linux to perform an imaging task.
When you set up your test environment, you might want to run automation jobs in
multiple OSs to see if one performs better in your environment.
The following sections contain an overview of the automation operating systems:
z
DOS (page 38)
z
Windows PE (page 39)
z
Linux (page 39)
Although you can use these environments to perform a wide-variety of management
using scripts and other tools, support for these environments is limited to the task
performed by Deployment Solution.
DOS
DOS is still used often today as a pre-boot environment, though new technologies have
emerged that might better suit your environment, such as Windows PE.
The largest roadblocks most companies face when using DOS are access to drivers that
support modern hardware, and security concerns. DOS still performs well for several
tasks though, and can be a good choice if you have the proper driver support.
DOS typically requires only around 1 MB of space.
DOS provides an additional advantage in a PXE environment. When performing an
automation task on multiple computers, the PXE server can use multicast to boot
automation, which enables large numbers of managed computers to boot DOS
simultaneously.
Altiris Deployment Solution 6.8
38
Windows PE
Windows PE (Windows Pre-boot Environment) is the next generation boot environment
for Windows computers. Windows PE provides several advantages over DOS, including
better driver support (Windows PE uses the same drivers used by the other modern
versions of Windows), increased speed, and generally more functionality.
Windows PE typically requires around 150 MB of space.
The biggest drawbacks are its size, which causes increased boot time, especially when
booting over the network using PXE, and its licensing requirements. Additionally, clients
using Windows PE require at least 256 MB of RAM.
Linux
Linux provides an alternate pre-boot environment to DOS or Windows PE. Many vendors
provide gigabit and wireless drivers for Linux that are not available in DOS.
Linux typically requires around 10 MB of space.
Linux can be a good choice if you do not want to license MS DOS or Windows PE, but you
need updated driver support.
Altiris Deployment Solution 6.8
39
Chapter 7
Installing and Configuring Automation
This section explains:
z
Configuring Automation Operating Systems (page 40)
z
Configuring Automation Boot Methods (page 42)
z
Deploying Automation to Managed Computers (page 44)
Configuring Automation Operating Systems
The following sections guide you through installing and configuring the automation
operating systems supported by Deployment Solution.
Obtaining and Installing Windows PE, Linux, or DOS
Automation operating systems are installed using the Boot Disk Creator, which is
available in the Deployment Console by clicking Tools > Boot Disk Creator.
The following files are required to install the listed automation operating system:
WindowsPE
Windows PE 2005 installation CD. Currently, Windows
PE is available to volume licensing customers through
Microsoft. See http://www.microsoft.com/licensing/
programs/sa/support/winpe.mspx for information on
obtaining Windows PE.
Windows 2003 Server SP1 installation CD.
Linux
The Linux 32 and 64-bit and FreeDOS preboot
environments are available on the Deployment Solution
for Clients or Servers download page at http://
www.altiris.com/Download.aspx.
Click the Linux and FreeDOS Automation Environment
link and save the file. Browse to the downloaded file
when prompted during the installation, or when adding
preboot operating systems using the Boot Disk Creator.
MS DOS
A Windows 98 installation CD (Windows 98 SE is
preferred), and the proper licensing to use this on the
intended computers. Files are copied from the win98
folder from this installation CD.
FreeDOS
The FreeDOS preboot environment is contained in the
same file as the Linux preeboot, see the Linux
instructions for details. For additional information on
FreeDOS visit www.freedos.org.
To install
1.
Altiris Deployment Solution 6.8
In Deployment Console, click Tools > Boot Disk Creator.
40
2.
In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems.
3.
Click Install and complete the wizard, providing the files listed in the previous table
when prompted.
For complete details on this process see the Boot Disk Creator help.
Adding Additional Files
Occasionally, you might need to make additional files available within an automation
environment, such as utilities or mass storage drivers. These files can be added to every
automation configuration of a specific type, or to select configurations only. This is
determined by the location you add the files in Boot Disk Creator:
Altiris Deployment Solution 6.8
41
The following example provides an overview of this process.
Adding Mass Storage Drivers for Windows PE
1.
Select either the Windows PE Additional Files folder, or a specific Boot Disk Creator
configuration.
2.
Right-click and select add > Folder. Using this add folder command, create the
following path: i386\system32\diskdrivers
3.
Within the diskdrivers folder, create the necessary folders to contain your drivers.
The folders you add should contain a txtsetup.oem file, and at least one *.sys file,
and possibly additional files. You must also ensure that any sub-folders specified by
txtsetup.oem are included, and that the [defaults] section references the proper
device driver (some textsetup.oem files might support multiple devices and drivers,
and the proper device must be specified in the [defaults] section).
The diskdrivers path is for adding mass storage drivers. If you are adding different
driver types, you might need to modify this path.
Configuring Automation Boot Methods
When pre-boot tasks need to be performed, DS sends a message to the client computer
to restart in the automation environment. This includes a shutdown command issued
from DS, and a modification to the MBR if using an automation partition.
After the managed computer reboots, the automation environment is loaded from PXE,
an automation partition, or from boot media. The deployment agent then contacts the
Deployment Server.
After a connection is established, the Deployment Server sends the client computer its
assigned jobs and tasks. After the automation tasks run, a status message is sent to the
Altiris Deployment Solution 6.8
42
Deployment Server indicating that all work is complete. The Deployment Server then
sends a message that the client computer should reboot back to the Production
environment (the MBR is then restored when using automation partitions).
The following sections guide you through the process of setting up PXE, automation
partitions, or media to boot your computers into the automation mode:
z
Configuring PXE
z
Configuring Automation Partitions
z
Configuring Boot Media (DVD/CD, USB device, Floppy)
Configuring PXE
PXE is a server-based technology, and requires additional components on your DS
server, and possibly other computers. Setting up and configuring PXE is covered in detail
in a separate document, PXE in Deployment Solution.
Configuring Automation Partitions
DS provides two types of automation partitions:
Embedded
Partition
A small embedded section installed on the production
partition of a managed computer which contains the
automation OS. Depending on the OS, the size varies
from 5 to 200 MB (you specify the size when the
partition is created based on recommendations).
Hidden Partition
A larger partition installed on the hard drive of a
managed computer to contain not only the automation
OS, but to provide room to store images and other files.
This partition is not normally viewable in the production
OS.
An embedded partition doesn’t create an actual disk partition, it reserves space on an
existing partition by marking the sectors on the disk as unusable. The target drive must
have an existing partition before an embedded partition can be installed.
A hidden partition creates an actual disk partition, but this partition is hidden from
normal view within the production system, though it is still viewable by FDISK or by an
administrator. The partition is listed as a non-DOS partition.
When a computer using an automation partition is assigned jobs, the Master Boot
Record (MBR) of the computer is modified to boot to this hidden partition. After the work
is completed, the MBR is restored to the previous configuration.
Hidden partitions are very useful for computers which are imaged often, such as those in
a test lab or provided for general use (such as a hotel or a library). After the visiting
person is done using this computer, you may want to quickly re-image to ensure that the
next visitor finds the computer in good working order. In these circumstances, a hidden
partition enables you to quickly restore an image without needing access to a high
bandwidth network.
Automation partitions can be installed using an installation package deployed from DS
(windows only), or installed from a CD, USB device, or floppy. This is different than
using boot media to access automation, because the automation partition media is used
once per computer to install, then the partition is used to perform tasks.
Altiris Deployment Solution 6.8
43
Using boot media to access automation doesn’t leave any files on the computer, but the
media must be used each time you want to access automation.
Configuring Boot Media (DVD/CD, USB device, Floppy)
Creating and using boot media is a straightforward process. Boot media boots a
managed computer to automation without leaving any files on the computer, and can be
installed to DVDs, CDs, USB devices, or floppy disks.
Boot media is created directly from the Boot Disk Creator utility.
Deploying Automation to Managed Computers
Automation partitions and boot media configurations are created using the Boot Disk
Creator utility. PXE configurations are created using the PXE configuration utility.
This difference is due to the way in which the automation OS is deployed to the
managed computer. Automation partitions and boot media use install packages or boot
disks, while PXE uses a configurable menu to provide boot options, with each option on
the PXE menu linked to a specific automation configuration.
This section contains guidelines to create PXE, automation partitions, or boot media
configurations and deploy these configurations to managed computers.
Using Automation Partitions or Boot Media
1.
Install the automation OSs you want to use, as explained in Obtaining and Installing
Windows PE, Linux, or DOS.
2.
In Boot Disk Creator, Create a new configuration. The wizard is accessed by clicking
File > New configuration.
This configuration contains the automation OS files, network drivers, IP address of
your server, and other settings which control how the managed computer
communicates with your Deployment Server.
This configuration does not specify how this automation configuration is installed.
This is done using the Create Boot Disk wizard, which is launched automatically
after you create a configuration.
Altiris Deployment Solution 6.8
44
3.
The Create Boot Disk wizard provides three options:
Create an automation
partition install
package
Creates an executable, or configures a CD, USB
device, or floppy to install the automation
environment. This process is executed once per
device. After that, the computer uses the files from
the automation partition.
Select this if you are using automation partitions.
For managed linux computers, you need to use a
CD, USB device or floppy because not executable is
provided for this platform.
Create an automation
boot disk
Configures a CD, USB device, or floppy with the
files necessary to boot a computer to automation
mode. After booting, the computer executes any
automation work previously scheduled, or waits for
work to be assigned.
Select this if you are using boot media to boot
computers to automation. None of these files are
installed, so the media must be used each time you
need to access automation.
Create a network boot
disk
Configures a CD, USB device, or floppy with the
files necessary to boot to a prompt.
This is useful if you have management task you
need to perform that doesn’t require interaction
with DS, as your Deployment Server is not
contacted in this scenario. None of these files are
installed to managed computer.
4.
After selecting how you want to install automation, complete the wizard.
See the Boot Disk Creator help for additional details.
You can also uninstall an automation partition using an install package, or configure a
CD, USB device, or floppy from Boot Disk Creator.
Using PXE
1.
Install the automation OSs you want to use, as explained in Obtaining and Installing
Windows PE, Linux, or DOS.
2.
In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services >
PXE Configuration Utility), create a new menu item to correspond to the
automation configuration you want to install.
3.
Click Create Boot Image to launch the configuration wizard. This wizard is identical
to the wizard used when creating configurations for automation Partitions or boot
media.
When this option is selected from the PXE menu, the necessary files are loaded, the
job is performed, then the computer boots to the production OS. None of these files
are saved on the managed computer, they are downloaded each time the computer
boots to automation.
4.
Altiris Deployment Solution 6.8
Provide any additional configuration options, then click Save.
45
Chapter 8
Setting Up PXE Server
What is PXE?
Preboot Execution Environment (PXE) is an open industry standard which enables
computers to boot remotely using a network card.
PXE uses standard network protocols to establish a communication channel between a
computer and a PXE server during the boot process. Using this channel, a PXE server
sends an execution environment to the computer so that work can be performed in a
pre-boot state.
In Deployment Solution, this pre-boot state is called the automation environment, and
DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An
overview of the automation boot methods and environments is contained in a separate
document, Deployment Solution: Automation Preboot Environments.
An advanced, tightly integrated PXE environment is provided with Deployment Solution.
Deployment Solution leverages PXE to provide the following advantages:
z
When a managed device needs to boot into automation, Deployment Solution
restarts the computer and notifies the PXE server. PXE server then boots the
computer into the automation environment indicated in the Deployment Solution job
automatically.
z
PXE can perform an initial deployment of a new system by checking to see if a
computer exists in Deployment Solution.
z
All PXE configuration is done using the PXE Configuration Utility from the
Deployment Solution console, enabling you to remotely configure all PXE servers in
your network.
Why Use PXE?
PXE is used in Deployment Solution to perform two tasks:
z
Boot managed computers into the automation environment
z
Perform initial deployment of new managed computers
How you implement PXE is partially dependent on what you plan to do with it. Many
organizations use PXE only on a subnet in a receiving department to deploy corporate
images and initial configuration of new computers. After this computer is assigned to a
user, PXE is not used in the normal production environment.
This limits the extent of the PXE environment, but prevents you from accessing the
automation environment to capture images and perform other automation-only tasks.
Other companies which often use automation select PXE because it leaves no footprint
on the managed computer, and has several other advantages such as image
multicasting and tight Deployment Solution integration.
Altiris Deployment Solution 6.8
46
Regardless of how broadly you implement PXE, Deployment Solution provides tools and
services to simplify management of PXE in your environment. This section contains the
following topics providing an overview of PXE in Deployment Solution:
z
PXE Services and Architecture
z
How PXE Works
PXE Services and Architecture
PXE services use a tiered-architecture which enables you to provide global settings and
boot options shared across all PXE servers, then override configuration and expand boot
options on a local level.
Boot options and PXE settings can be applied to a shared configuration. This shared
configuration is inherited by all PXE servers in your environment. Each PXE server still
has its own specific configuration, so you can override settings and add additional boot
options as needed.
New services have been provided to replicate settings and data automatically, making it
unnecessary for you to individually configure each PXE server.
The following table contains an overview of the PXE services:
Service
Description
PXE Manager
z
Provides all boot options and configuration settings
for each PXE server in your environment.
z
Interfaces with the PXE Config Utility to replicate data
and apply PXE configuration.
z
Manages all communication between your
Deployment Server and your PXE servers.
The PXE Manager Service is installed on your Deployment
Server regardless whether or not you have also installed a
PXE server.
z
Interfaces with PXE Manager to receive data and
configuration.
z
Configures, starts, and stops the additional PXE
services on the PXE server.
PXE Server
z
Provides the PXE listener and proxy DHCP to respond
to PXE requests and send the location of bootstrap
files.
MTFTP
z
Sends bootstrap files to managed computers using
TFTP.
PXE Config Helper
The PXE Manager service interacts with Deployment Server, PXE Helper service, and the
PXE config utility to perform centralized PXE management:
Altiris Deployment Solution 6.8
47
On each individual PXE server, the PXE Server service and the MTFTP service are
installed to perform the work of a PXE server. These services are configured, started and
stopped by the PXE Config Helper service. Clients connect directly to these services
during the PXE boot process:
How PXE Works
Before a computer can boot over a network, it needs two things: an IP address to
communicate, and the location of a PXE server to contact for boot instructions.
The following sections outline the PXE boot process:
z
Part 1: DHCP Request and PXE Discovery
z
Part 2: PXE Bootstrap
Altiris Deployment Solution 6.8
48
Part 1: DHCP Request and PXE Discovery
Request and Receive an IP Address
Initially, the boot agent directs the execution of normal DHCP operations by
broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local
physical subnet to discover a DHCP server.
Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating
their server IP.
When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet
that includes its MAC address and the IP address of the selected DHCP server. The
DHCPREQUEST also contains option 60 to identify the client as a PXE client.
PXE Option 60
DHCP allows clients to receive options from the DHCP server indicating various services
that are available on the network. A number of standard and custom options are
available that can convey a vast amount of information to DHCP clients. Option 60 deals
specifically with PXE related services. Both PXE clients and servers use option 60 to
convey specific information about the PXE services they need or are providing.
Contacting the PXE Server
All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a
different server, the IP address they offered is reclaimed. The DHCP server providing the
accepted offer supplies a DHCPACK packet to the client to acknowledge the client’s
receipt of its IP.
During this process, the Altiris PXE server monitors the wire for DHCPREQUEST packets
with an option 60 (PXE client). When a packet is recognized, the clients MAC address is
used to find any pending automation work in Deployment Server. If no automation work
is required, the PXE server does not respond to the client and it boots normally.
If there is work to do, the PXE server responds with its address using a DHCPACK with
option 60.
At this point, the client has received a DHCPACK containing an IP address, and a
DHCPACK with option 60 containing a PXE server. If the PXE server is located on the
same server as DHCP, both are contained in the same DHCPACK packet.
Part 2: PXE Bootstrap
Now the client is ready to contact the PXE server for boot files. After this request, clients
are provided a boot menu containing all of the boot options the PXE server can provide.
Most of the time, the correct boot option has already been selected by Deployment
Server, so this transparent to the client.
After the selection is made, the client requests the necessary boot files using MTFTP.
This consists of a .0 and a .1 file.
The .0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the
BIOS interrupt vectors, interrupt structures and hardware information tables to make
the RAM disk function exactly like a typical floppy disk. This file then copies the .1 file
byte by byte into the newly created RAM disk.
Altiris Deployment Solution 6.8
49
The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and
additional files which ultimately provide the automation environment on the managed
computer.
The following diagrams contain a basic outline of this process:
PXE Planning and Installation
This section contains an overview of the PXE deployment process, in the following
sections:
z
Enabling PXE on Managed Computers
z
Installing and Configuring DHCP
z
How Many PXE Servers Do I Need?
z
Installing PXE Servers
Altiris Deployment Solution 6.8
50
Enabling PXE on Managed Computers
Each computer you plan to manage using PXE must have PXE boot enabled (sometimes
called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea
to apply the latest BIOS updates, especially if your network card is integrated on the
motherboard.
Deployment Solution also supports Wake on Lan to power on managed computers
remotely. If this is enabled, a Wake on Lan signal is sent to the managed computer if the
device is powered off (disconnected from Deployment Server) when a job is scheduled
to start.
Installing and Configuring DHCP
DHCP is an integral part of the PXE process, and must be installed and configured in
order to use PXE. A DHCP server is not provided with Deployment Solution, you must
obtain, install, and configure this component separately.
After DHCP is set up and your PXE servers are installed, you need to configure how your
PXE servers interact with the DHCP server. This is done using the PXE Configuration
Utility.
How Many PXE Servers Do I Need?
Number of Client Connections
PXE servers do not typically require a lot of resources. By using multicast, a single PXE
server can deploy a DOS boot image to up to 100 computers at a time, and not consume
any more resources than it would deploying a single image. If you are using WinPE or
Linux however, multicast boot is not available.
Usually a single PXE server in a specific location is enough if you either use multicast to
deploy images or spread out your image capturing jobs to be in line with the capabilities
of your server. Additional PXE servers can easily be added if necessary.
Network Speed
Since the majority of the resources on a PXE server are used transferring files over the
wire, the faster the network, the more work a single PXE server can do. A single PXE
server on a gigabit network can capture and deploy several times as many images over
a period of time than even multiple servers on a slower network.
Physical Layout of your Network
Your PXE configuration might be set up according to the physical layout of your network.
If you have three offices in different locations, it might make sense to install a PXE
server at each location to reduce traffic and resolve routing issues (see PXE Request
Routing).
In these configurations, the deployment share can be mirrored to a local server, and
images are usually taken from and restored to local file servers. See “PXE Redirection”
on page 54 for an example of this type of configuration.
Altiris Deployment Solution 6.8
51
PXE Request Routing
PXE clients use broadcast packets to find DHCP and PXE services on a network, and
multicast packets (MTFTP) to transfer files. These packet types can present challenges
when planning a PXE deployment because most default router configurations do not
forward broadcast and multicast traffic.
Because of this, either your routers need to be configured to forward these broadcast
and multicast packets to the correct server (or servers), or you need to install a PXE
server on each subnet.
Routers generally forward broadcast traffic to specific computers. The source subnet
experiences the broadcast, but any forwarded broadcast traffic targets specific
computers.
Enabling a router to support DHCP is common. If both PXE and DHCP services are
located on the same computer, and DHCP packet forwarding is enabled, you shouldn’t
have any problem transferring broadcast packets.
If these services are located on different computers, additional configuration might be
required.
If you are going to forward packets, make sure your router configuration allows DHCP
traffic to access the proper ports and IP addresses for both DHCP and PXE servers.
Once the broadcast issues are resolved, the routing of multicast traffic must be
considered. Multicasting leverages significant efficiencies in transferring files but also
introduces challenges similar to broadcast packet forwarding. Like the broadcasting
solution, routers can be configured to support multicast traffic between PXE Clients and
PXE Servers.
Please consult the documentation provided by your router vendor for additional
information on packet forwarding.
Installing PXE Servers
After you have determined the PXE needs of your network, you must to determine
where to install these PXE servers.
A PXE server can be installed on your Deployment Server, on your DHCP server, on
another server in your network (such as a file server), or as a standalone server. You can
also use a combination of these (for example, a PXE server on your Deployment Server
and your DHCP server).
The actual installation process is straightforward. You can install a PXE server at the
same time as you install Deployment Solution, or you can install one later by running
the installation program and selecting the add additional components option.
After these servers are installed an running, they are configured using the PXE
Configuration Utility. See the following section.
Configuring PXE Settings
All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is
used to create and modify two things:
z
Altiris Deployment Solution 6.8
Global and local configuration settings. These settings include timeout values,
replication and logging options, and so on.
52
z
Boot options. Each boot option corresponds to a specific configuration which
includes an operating system, network and other drivers, utilities, mapped drives,
and so on.
This section contains a brief overview of selected PXE configuration and boot options.
For complete details, see the help for the PXE Configuration Utility.
PXE Settings
Shared vs. Local
Deployment Solution provides a PXE settings hierarchy enabling you to provide shared
and local PXE configuration values. All PXE servers inherit the shared values unless they
are overridden on the local server.
Session Timeout
The PXE configuration utility connects the PXE Manager service on Deployment Server.
To make sure your changes are not overwritten by another instance of the PXE
Configuration Utility, only one instance of PXE config is allowed to connect to PXE
manager at any given time.
If you attempt to launch PXE Configuration when another instance is running, you
receive an error. To prevent you from being completely locked out for extended periods
(for example, an instance is inadvertently left open on another computer), a timeout has
been added which terminates a connection after 30 minutes of inactivity after someone
else attempts to connect.
This timeout only applies if someone else is attempting to launch PXE Configuration. If
no other connections are attempted, the timeout is never enabled and your session
remains active.
DHCP Server Options
For most circumstances, you want option 1. If you have DHCP installed on your
Deployment Server but it is not active, Deployment Server might still attempt to
communicate with that instance. This is changed by selecting option 3. If you are using
a 3rd party DHCP server which automatically sends the client 60 message, select option
2.
Boot Integrity Services
PXE is potentially vulnerable to hackers, especially in security-conscious business and
government settings not willing to risk network boot ups unless safeguards are in place.
For example, it is important ensure that the boot image comes from a trusted source
and has not been tampered with in transit. You can also designate and enforce which
boot images can be installed on selected groups of platforms. Boot Integrity Services
(BIS) addresses these security needs.
BIS enhances the network boot environment by providing mechanisms to validate the
source and integrity programs and data downloaded over the network prior to the time
an operating system is installed. Using BIS firmware built into the client computer, BIS
can validate (before executing a boot image) that the image came from a trusted source
and was not tampered with en route.
Altiris Deployment Solution 6.8
53
Deployment Server supports the BIS technology. However, the BIS support from Altiris
is only applicable when the computers being managed also supports BIS. Even if BIS is
configured from the Deployment Server console, BIS will not work unless the physical
computer supports it. At the present time, there are very few computers that support
BIS.
Boot Options
Boot options are the boot configurations provided to a client by a PXE server. Each boot
option has a corresponding automation operating system, network drivers, and other
settings.
Shared vs. Local
Deployment Solution provides a PXE boot option hierarchy enabling you to provide
shared and local PXE boot options. Shared boot configurations are available on all PXE
servers, while local boot options are available on a specific PXE server.
PXE Redirection
Lets you redirect a global PXE menu option to a local PXE menu option. Redirection
settings are not available globally, they are always specific to an individual PXE server.
This is due to the role redirection plays in your PXE environment.
Consider the following example:
You manage computers in three locations: Two offices in Ontario, and one office in
Alberta. To limit transfer between each site, each office has a local PXE server, and a file
server with a mirror of the deployment share. This enables clients at each location to
contact the local PXE server to boot, then use the local deployment mirror to access the
network tools and to store images.
You need to create a job to capture an image of each managed computer on Friday
evening, once a month. To create this job, you add an imaging task, select a PXE boot
option, then set the schedule. Simple, right?
Hold on. If you select the same PXE boot option for each office, you are going to have
problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress,
and stores captured images on alb1\images. The two Ontario offices use the ont1 and
ont2 servers respectively.
You could go ahead and create three global configurations and three different jobs, but
that is confusing and could potentially cause problems if the wrong selection is made. If
you took this route, on each PXE server, two of the three global configurations could
potentially cause problems (they are mapped to drives in remote offices). Since you
enjoy avoiding problems, what you really need is a way to select a single global
configuration for a job, then update it based on the location of the PXE server.
This is exactly what redirection does. You create a global configuration named, for
example, “Imaging Environment”. Then, on each PXE server, you create a local
configuration for each office with the correct server mappings.
The “Imaging Environment” global option is then redirected to the local option, and the
process is simplified. Now the imaging job can be applied to all computers at once,
simplifying the process and reducing the chance of errors.
Altiris Deployment Solution 6.8
54
Part III
Using Deployment Solution
This section provides feature identification and basic procedures for deploying and
managing computers using Altiris® Deployment Solution™ software.
Altiris Deployment Solution 6.8
55
Chapter 9
Deployment Basics
Deployment Solution provides a graphical, object-based interface to mange computers.
After you have installed the Deployment Agent and the computer has connected, the
computer can be managed using the Deployment Console.
Computers
Each computer and computer group in your environment is represented in the
computers pane:
Computers can be dragged into a group, or automatically assigned to a group when the
agent is installed. Computers can belong to only one group.
When a new computer connects, it is placed in the New Computers group.
Jobs
Jobs contain a sequence of tasks to perform work on managed computers. For example,
a job might be “install and activate Winzip 10.” This job might have a condition
specifying that it should only execute on Windows XP computers with 500 MHZ or
greater processors.
Altiris Deployment Solution 6.8
56
Each job that can be assigned to a computer or computer group is represented in the
jobs pane:
Computers are assigned jobs by dragging and dropping computers onto a job. Jobs can
also be scheduled by right-clicking and selecting the Job Scheduling Wizard.
Creating Jobs and Tasks
Jobs are created by adding one or more tasks to a job. Tasks include things like create
disk image, distribute software, manage SVS layer, and run script.
These tasks run sequentially and can trigger other events, such as a stop job or execute
other job depending on the return code of the task.
Context Menus (Right-click)
In the Deployment Console, you can right-click almost any object for a context-specific
list of management options.
For example, if you right click a computer or group, you are given the option of viewing
computer details or job history, remote controlling or opening a chat session, renaming,
power control, and several other options.
Find a Computer in the Database
This search filter allows you to type a string and query specified database fields for
specific computer properties. You can search for user or computer names, licensing or
location information, or primary lookup keys: MAC address, serial number, asset
number, or UUID. This search filter queries property values displayed in the Computer
Properties on page 150 pages.
Altiris Deployment Solution 6.8
57
Click <CTRL> F or click the Find Computer button on the console
toolbar to search the Deployment Database for computers by property
settings.
The computers that match the search will be highlighted in the
Computers pane.
1.
In the Search For box, type all or part of the computer’s property values that you
would like to search for. This alpha-numeric string will be compared with specified
database fields.
2.
In the In Field box, select the field that you want to search in the Deployment
Database.
Example: to find a computer by searching for its IP address, type the address in
Search For field and then select IP Address from the In Field drop down list.
Name
BIOS name of the computer.
Computer Name Deployment Solution name of the computer.
MAC Address
Example: 0080C6E983E8.
IP Address
Example: 192.168.1.1.
ID
Example: The computer ID. 5000001.
Serial Number
Serial number installed in BIOS. A primary lookup key.
Asset Tag
Asset number in BIOS. A primary lookup key.
UUID
A primary lookup key.
Registered User Name entered when OS was installed.
Product Key
Product Key for the operating system.
Logged On User Name of user currently at the computer.
Physical Bay
Name
The actual bay number. Example: 7x.
The computer you are looking for will be displayed and highlighted in the Computers
window in the console.
Note
This search is not case-sensitive and allows wildcard searches using the *.
Using Lab Builder
Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a
classroom or lab environment.
Click the Lab Builder button on the console toolbar or click File > New >
Lab Builder to set up jobs specifically created for managing multiple
computers in a lab environment.
Altiris Deployment Solution 6.8
58
You can set up jobs to:
z
Create Disk Image
z
Deploy Lab
z
Restore Lab
z
Update Configuration
z
Upload Registries
Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs
under a folder (which you name) located under the Lab folder. All of the tasks in the
jobs have been assigned default paths and file names that allow them to use the same
images and configuration information, registry data, etc. It is suggested that you do not
change the file names and paths. If you change the default settings (Example: changing
the image name), you must change it in all of the jobs where the image is used.
To use Lab Builder
1.
Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder.
2.
Enter the name of the lab setup.
Note
The lab name must be unique because the program creates a default image file
name based on the name, and the image file name must be unique. The default
image name is synchronized in all of the lab jobs, so if you change the name later
you must change it in all the jobs that use the image.
3.
Enter a lab description to help you differentiate the lab from others. This field is
optional. Click OK. This is optional.
4.
Identify an image in the Create Disk Image job.
5.
Set computer names and addresses in the Update Configuration job.
The following information describes the default jobs. To run one of these jobs, simply
drag it to the computer or computer group that you want it applied to.
Create Disk Image. This job uploads an image of a computer to the server and an
image name is created automatically based on the lab name. However, there is no actual
image in the job until you drag the image source computer to this job.
Deploy Lab. This job has three default tasks: Deploy image, Apply configuration
settings, and Back up registry files. The image that is uploaded using the Create Disk
Image job is deployed when you use this job. The configuration settings you specify in
the Update Configuration job are applied to the computers, and then the computer
registry files are uploaded to the Deployment Server.
Restore Lab. This job restores the image and registry files to a computer where a lab
was previously deployed. You can quickly get a computer running again by restoring the
lab on that computer.
Update Configuration. This job allows you to set unique configuration information
(such as computer names and network addresses) for client computers. When a lab is
deployed, each computer has an identical image, but not the same configuration
settings. This means you don't have to visit each computer to reset IP addresses and
other settings when you deploy an image.
Upload Registries. This job backs up computer registry files to the Deployment Server.
Altiris Deployment Solution 6.8
59
Computer Import File
Use the following format to import new computers from a text file. You can easily create
a computer import file by entering data in the provided Microsoft Excel spreadsheet
(ImportComputers55.xls) located in the Samples folder of the Deployment Share.
z
A semicolon as the first character denotes comment lines.
z
Quotes around fields are optional.
z
Leaving the job name blank will not assign the computer to any job.
z
Leaving the start time blank will make an entry in the job for the computer, but will
not schedule it for a specific time.
z
Only the Name field is required.
z
Quotes around fields are optional.
You can populate your computer database using the format provided below. The Import
Computers text file can then be imported into Deployment Solution using the File >
New Computer > Import or File > Import/Export > Import Computers.
Tips for creating a new computers import file
z
When using Boolean references, do not use quote marks. These fields are marked
with a B: 1=On/True and 0=Off/False.
z
For some fields, this input format supports multiple IP Addresses, delimited by a “;”
(semicolon) within the field. These fields are marked with a “(;)”.
Example: the gateway field could read, 30.11.11.2, for a single IP address
or, 30.11.11.2;30.11.11.3;30.11.11.4, to support three IP addresses.
z
All fields (up to and including “site”) must be present in the file, but all data except
for “Name” is optional.
z
To use optional fields for multiple network adapters, the preceding fields are
required. Example: to use Nic3 fields, all fields for Nic2 are required.
z
For Deployment Server to read the import text correctly, make sure there is a final
hard return at the end of the file.
Format for the New Computers text file
Outlined below is the field order for the database input. Fields marked “(ignored)” are
not used by version 5.5 and later, but are included to support previous versions.
;Name,MAC Address 1,Serial Number,Asset Tag,Computer Name,Domain(B),Domain/
Workgroup Name,Domain Controller Name(ignored),DHCP(B),IP
Address(;),Netmask(;),Gateway(;),Preferred DNS(;),Alternate DNS,Alternate 2
DNS,Preferred WINS,Alternate WINS,Hostname,Domain Suffix,Use Preferred
Tree(B),Preferred Server,Preferred Tree,Netware User,NDS Context,Run
Scripts(B),User,Organization,Key,Password Never Expires(B)(ignored),Cannot Change
Password(B)(ignored),Must Change Password(B)(ignored),Username(ignored),Full
Name(ignored),Groups(ignored),Password(ignored),Contact,Department,Email,Mailstop
,Phone,Site,Computer Group,Job,Job Start Time,NIC2 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC3 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Altiris Deployment Solution 6.8
60
Suffix,NIC4 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC5 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Suffix,NIC6 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC7 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Suffix,NIC8 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix
Example Import File
DB Computer
1,00a0c95c2640,6X18FHGZP21P,6X18FHGZP21P,Computer1,1,Altiris,,1,,,,,,,,,computer
1h,altiris.com1,1,server1,tree1,user1,context1,1,John Doe,"Altiris, Inc.",12345-OEM1234567-12345,,,,,,,,John Doe,Engineering,[email protected],111,(801) 8051111,Lindon,Test Group,Test Job,12/31/2001
17:30,00a0c95c2641,0,172.25.10.180,255.255.0.0,172.32.0.4,172.32.0.1;172.32.0.7,
172.32.0.4,altiris.com2,00a0c95c2642,1,,,,,,altiris.com3,00a0c95c2643,0,1.1.1.1;2.2.2
.2,255.255.255.255;255.255.255.0,1.1.1.2;2.2.2.1,3.3.3.3;4.4.4.4,5.5.5.5;6.6.6.6,alti
ris.com4,00a0c95c2644,1,,,,,,altiris.com5,00a0c95c2645,0,1.1.1.1,2.2.2.2,3.3.3.3,4.4.
4.4,5.5.5.5,altiris.com6,00a0c95c2646,1,,,,,,altiris.com7,00a0c95c2647,0,5.5.5.5,4.4.4
.4,3.3.3.3,2.2.2.2,1.1.1.1,altiris.com8
Altiris Deployment Solution 6.8
61
Managing from the Deployment Console
Deployment Solution provides both Windows and web user interface consoles to deploy and manage
computer devices across local or wide area networks. As an IT administrator, you can manage all
computer devices from one of these Deployment consoles:
The Deployment Console is a Windows-based console with complete deployment and management
features, including remote control, security, PXE server configuration, image editing, and other
deployment utilities and features. See “Deployment Console Basics” on page 62.
The Deployment Web Console provides basic deployment and management functionality from a web
browser, including the ability to remotely access and manage computer devices, build and schedule
jobs, and view multiple Deployment connections.
Deployment from the Altiris Console combines management and reporting features across multiple
Deployment Server systems and lets you integrate additional web applications in the client and
server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, Patch
Management and Application Metering solutions.
To launch the Deployment Console, double-click the icon on the desktop, or
click Programs > Altiris > Deployment Server > Console.
Features of the Deployment Console. The Windows console for Deployment Solution provides
standard Computers, Jobs, and Details panes to drag and drop icons, view properties, and identify
state and status of Deployment objects. In addition, the Deployment Console also includes a
Shortcuts and Resources view and provides the tools, utilities and features required for complete
computer resource management. See “Deployment Console Basics” on page 62.
Set Program Options. From the Tools > Options dialog box, you can set preferences for each
Deployment Server system. See “General Options” on page 69.
Set Security. From the Tools > Security dialog box, you can set security rights and permissions for
all Deployment consoles. See “Security in Deployment Solution” on page 73.
Connecting to other Deployment Server systems. Connect to other Deployment Server
connections from your current Deployment Console and manage computers beyond your current
network segment or site. See “Connecting to Another Deployment Server” on page 77.
Customize the Tools menu. You can add commands to the Tools menu to open commonly-used
deployment programs and utilities. See “Extending the Tools Menu on the DS Console” on page 67.
Deployment Console Basics
The Deployment Console is your main portal to Deployment Solution. It is a feature-rich Win 32
program with real-time access to computer resources, deployment jobs, and package files, each
represented with distinct icons to identify status and settings. From the Deployment Console you can
build simple or complex deployment jobs, assign them to a computer group, and then verify
deployment execution.
Altiris® Deployment Solution™ Help
62
Because the Deployment Console can reside on its own computer, you can have multiple consoles
running from different locations. The Deployment Console only needs to be running while making
assignments or viewing information about the managed computers. You can turn on the console, run
management tasks, and then turn off the console.
Scheduling information is saved in the Deployment Database and tasks are executed at their
scheduled time. If an assignment to a managed computer is made from two different consoles at
approximately the same time, the computer will be assigned those tasks in the order they are
received. See “Console options” on page 70 to set refresh intervals for the Deployment Console.
Features of the Deployment Console
Like all Deployment consoles, the Deployment Console is divided into several panes to organize
computers, deployment jobs, and software packages and scripts. It gives you a graphical view of
your network and provides features to build jobs, drag-and-drop icons to schedule operations, store
and access jobs and packages, and report the status and state of all of your computer resources. The
Deployment Server includes three main panes, plus toolbars, wizards, shortcuts, and utility
programs.
Computers pane
Use this area to view and select managed computers for the Deployment Server system. You can
select and right-click a computer in the Computers pane to run “Remote Operations Using
Deployment Solution” on page 108, or view “Computer Properties” on page 105. You can also
create computer groups to organize collections of similar computers.
Create Computer Groups by clicking Computer Groups on the toolbar, or rightclicking in the Computer pane and selecting Groups. Click View > Show
Computers to display only computer group icons and not the individual
computers.
When a computer or group is selected, the Details pane displays a list of computers in the group and
provides basic information about each computer. The Filter detail bar displays in the Details pane
that helps to view computers by a set criteria. When a computer is selected, you can view the
computer status in the Details pane, including a list of jobs that have run or are scheduled to run on
the computer, and the status of each job.
To get more details about all of the tasks that have run on computers, click Status Detail. Status detail
displays a more detailed breakdown of all of the processes the job has executed and a status message
indicating what has been completed.
You can also import new computers from a text file or add security rights and privileges for a
specified computer or group of computers. See “Managing Computers” on page 80 for complete
information about setting up, importing, and managing computers from the Computer pane.
Jobs pane
Use this area to create and build jobs with specific deployment tasks. You can select and right-click
a job in the Jobs pane when Building New Jobs or running the New Job Wizard. You can also import
new jobs from a text file or add security rights and privileges for a specified job or collection of jobs.
Set up folders to organize and access jobs in a way that makes sense to you. Create a new folder by
right-clicking in the Jobs section and select the New Folder option. You can also create folders by
selecting File > New > Folder.
Altiris® Deployment Solution™ Help
63
Click View > Jobs View to show or hide the Jobs pane.
When a job is selected, then the Details pane displays a list of computers in the folder and gives basic
information about each job, such as its state and status. It also shows the computers or computer
groups to which the job is assigned.
•
The Conditions detail bar is also displayed, allowing you to assign jobs to computers. See
“Setting Conditions for Task Sets” on page 129.
•
In System Jobs, folders are created to store jobs that are created when running operations from
the console.
Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when you drag an MSI,
RIP, or other package files from the Resources view to a specific computer or group, see the
“Shortcuts and Resources View” on page 64.
Image Jobs.
Jobs are placed in this folder when you create a Quick Disk Image.
Restoration Jobs.
Jobs are placed in this folder when you run a Restoring a Computer from its
Deployment History job.
From the Jobs pane you can drag job icons to computer icons to execute jobs, such as creating
images, deploying computers, changing configurations, or installing software. Once a job is created,
you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled
to run a particular time, or saved for a later time. See “Building and Scheduling Jobs” on page 124
for complete information about setting up, importing, and managing computers from the Jobs pane.
Details pane
The Details pane
Shortcuts panes.
extends the user interface features when working in the Computers, Jobs, or
•
When you select a computer in the Computers pane, the Details pane changes to a Filters area (if
you click a group icon) and displays the status of all jobs assigned to the selected computer.
•
When you select a job icon in the Jobs pane, the Details pane displays information about the job
to set up conditions, order tasks, and add, modify, or remove tasks.
•
When you select a computer or computer group in the Computers pane, the Details pane displays
information about a computer, including IP address, MAC address, and status.
•
When you select a batch file, you can click Modify to update the file.
•
When you select a hard disk image file (.img), the Details pane displays a description of the
image file, plus information about the included partitions.
•
When you click on package files, the Details pane displays the title, description, version, creation
date, and platform of a RIP or Personality Package.
Shortcuts and Resources View
The Shortcut and Resources pane provides easy access to the computers and job objects identified in
the console and the software packages stored in the Deployment Share. In the Shortcuts view, you
can drag computers, computer groups, jobs, and job folders to organize and access commonly-used
console objects. In the Resources view, you can identify and assign package files.
Altiris® Deployment Solution™ Help
64
Click View > Shortcuts to open the Shortcuts and Resources pane. You can drag
the jobs and computer icons to this pane. Click Resources in the Shortcuts and
Resources view, or click View > Resources or CTRL+R to open a filtered list of
packages residing on the Deployment Share.
The Shortcuts view provides quick links to view and access computers, jobs and packages. It can act
as a palette of Deployment Solution icons to drag to other working panes in the console, or storage
to save commonly-used jobs and computer icons.
The Resources view let you see a filtered view of the package files—MSI files, RIPs, image files,
Personality Packages, and other resource packages—stored in folders in the Deployment Share.
From the Resources view, you can drag packages directly to computers in the Computers pane to
deliver software. This automatically creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the
Jobs pane. The Resources view lets you identify packages assigned to each job and assign those
packages to create new jobs.
Using Resources Directly
If you do not want to create a shortcut to a resource but still want to use a resource to assign work to
a computer, you can move the resource to a designated computer. To do so:
1
Enable the Shortcut view.
2
Click the Resources button at the bottom of the Shortcut window.
3
Browse to the selected resource and drag it to the appropriate computer.
You can create a new script file from the Resources view, and use it directly to schedule it on a
computer. See “Creating New Script Files” on page 156.
See “Console options” on page 70 for options to set refresh intervals for Resources view.
Toolbars and Utilities
The toolbars and menus on the Deployment Console provides major features and utility tools to
deploy and manage computers from the console. From the Main toolbar, you can create new jobs and
computer accounts and run basic deployment tasks. On the Tools toolbar, you can launch
Deployment Solution administration tools and package editing tools. It also includes buttons to
quickly run commonly used Remote Operations Using Deployment Solution.
Deployment Solution Utility Tools
The Deployment Console lets you open utility programs from the Tools menu or from the Tools
toolbar. You can launch Deployment Solution administration tools (Boot Disk Creator, PXE
Configuration, Wise SetupCapture and Remote Agent Installer) and package editing tools (Wise
MSI Editor, PC Transplant Editor, and Image Explorer) from the toolbar.
Administration tools
Boot Disk Creator. Use this tool to create boot disk configurations, and automation and
network boot media to image client computers. The Boot Disk Creator can maintain several different
boot disk configurations for different types of network adapter cards. See Altiris Boot Disk Creator
help.
Altiris® Deployment Solution™ Help
65
PXE Configuration. After installing the Altiris PXE Server, you can create and modify
configurations, which make up the boot menu options that display on client computers. This is
another solution to boot computers to automation. See the Altiris PXE Configuration help.
Remote Agent Installer. Remotely install the Deployment Agent on client computers from
the console. This utility lets you push the agent installation to client computers from the Deployment
Console.
Carbon Copy. Remotely control managed computers to view and troubleshoot problems
from the Deployment Console. This utility provides comprehensive remote access features beyond
the Remote Control feature accessed by right-clicking a computer or computer group from the
Deployment Console.
Package Editing Tools
PC Transplant Editor. Use this tool to edit a Personality Package to add or remove data. See
the PC Transplant help located in the Deployment Share.
Image Explorer. After a disk image is saved to the Deployment share, this tool lets you view
and manage data in the image file. You can edit and split an image, create and index, and more. See
the Altiris Image Explorer help file located in the Deployment Share.
Wise MSI Editor. Edit MSI packages generated from the Wise Setup Capture tool or other
MSI files used to distribute software and other files.
SVS Admin Utility. Create, import, and manage virtual software layers. See Software
Virtualization Solution on page 66.
Software Virtualization Solution
Altiris® Software Virtualization™ solution (SVS™) is a revolutionary approach to software
management. SVS places applications and data into managed units called virtual software packages.
Using SVS you can activate, deactivate, or reset applications to avoid conflicts between applications
without altering the base Windows installation.
The SVS Admin Utility is part of Altiris® Software Virtualization™ solution (SVS™). It creates,
imports and manages virtual software layers, which are part of the packages. For information on
installing and using the SVS Admin utility, see the Software Virtualization Solution Reference
Guide.
For information on the integration of the SVS Admin utility with Deployment Solution, see Using
SVS Admin Utility with Deployment Solution on page 66.
Using SVS Admin Utility with Deployment Solution
On a Deployment Solution computer, you can capture application and data files. The installed
application, data files, and settings are captured into the virtual software layers.
Altiris® Deployment Solution™ Help
66
The Deployment Solution computer should have a clean installation of the Windows operating
system. The computer should not have any background processes or programs running that can be
captured into the layers. Your base computer should not be running an antivirus program or any
other computer management program. If possible, the computer should not have an active Internet
connection.
You can create layers on a virtual computer. (See “Managing the SVS Layer” on page 145.) This
lets you disconnect a computer from the network and reset the computer after each capture. This
ensures that you have a clean operating system.
You can also distribute RIPs, .MSI files, scripts, personality settings, and other package files to
computers or groups. See Distributing Software (page 143) .
Extending the Tools Menu on the DS Console
You can add commands to the Tools menu on the Deployment Console to quickly access additional
management applications. This allows easy access to applications commonly used with Deployment
Solution.
Commands are added by modifying or adding new INI files. You can insert commands to the root
ATools.ini file for the main menu or add new INI files to create submenus. Place both types of
INI files in the same directory where the Deployment Console executable (eXpress.exe) is located
(the default location is the Program Files\Altiris\ eXpress\Deployment Server).
You can add up to eight menu items to the main menu, and eight menu items for each submenu.
These INI fields are included for each application added to the “Tools > Altiris Tools” menu:
[Application name or submenu declaration]
MenuText=<the application name displayed in the menu>
Description=<the name displayed when you mouse over the menu item>
WorkDir=<directory set as default when executable is run>
Executable=<path to the executable files>
The ATools.ini file extends the main Tools menu on the console. This sample file contains one
submenu, Web Tools, and two additional menu items, Notepad, and Netmeeting. The INI files are
located in the Deployment Share.
[Submenus]
Web Tools=wtools.ini
[Notepad]
MenuText=Notepad Editor
Description=Simple Editor
WorkDir=.
Executable=C:\WINNT\notepad.exe
[NetMeeting]
MenuText=NetMeeting
Description=NetMeeting
WorkDir=.
Executable=C:\Program Files\NetMeeting\conf.exe
Altiris® Deployment Solution™ Help
67
Another Tools INI file is named wtools.ini. It is a submenu file referenced by the main ATools.ini file.
On the main menu this is titled “Web Tools” (see Tools.ini) and contains two applications, Explorer
and Acrobat.
[Explorer]
MenuText=Explorer
Description=Windows Explorer
WorkDir=.
Executable=C:\Program Files\Internet Explorer\explorer.exe
[Acrobat]
MenuText=Acrobat Reader
Description=Acrobat Reader
WorkDir=.
Executable=C:\Program Files\Adobe\Acrobat\acrobat.exe
Computer Filters and Job Conditions
Use this dialog box when Creating a Computer Group Filter to filter only the specified computers in
a computer group, or when Setting Conditions for Task Sets when running a job only on the specified
computers in a group.
Creating Conditions to Assign Jobs
You can Set Conditions on a scheduled job to run only on the computer devices that match a defined
criteria. As a result, you can create a single job with tasks defined for computers with varying
properties, including OS type, network adapters, processors, free disk space, and other computer
properties. You can then create task sets for each job that will apply only to the computers matching
those conditions.
Click a job in the Jobs pane. The Condition feature will open in the Details pane. Click
Setup to add new conditions or edit existing conditions. When you are setting conditions
to schedule a job, select from a list of predefined database fields or create custom tokens
that key on other fields in the database.
Creating Custom Tokens
You can also create custom tokens to set conditions based on the database fields not provided in the
available preset conditions. in the Conditions dialog box. For example, select User Defined Token
from the drop-down list in the Fields box. Select contains in the Operation field, and enter Milo in the
Value field. In the Token field, enter the following custom
token:%#[email protected]_os_user%.This filters out only the jobs with the registered license user
named Milo. The job runs only on the computers that meet the specified criterion.
Default Filters
Filter Name
Description
Active Computers
Displays all the active computers.
Inactive Computers Displays all the inactive computers.
Altiris® Deployment Solution™ Help
68
Default Filters
Filter Name
Description
Computers With
Failed Jobs
Displays all the computers where jobs have failed to execute.
Windows 98
Displays only the computers with Windows 98 operating systems.
Windows 2000/
2003
Displays only the computers with Windows 2000, or 2003 operating systems.
Windows XP
Displays only the computers with Windows XP operating systems.
Windows CE
(PDAs)
Displays only the computers with Windows CE operating systems.
Linux
Displays only the computers with Linux operating systems.
Windows XP
Embedded
Displays only the computers with Windows XP Embedded operating systems.
Windows CE .NET Displays only the computers with Windows CE .NET operating systems.
Pocket PC (PDAs) Displays only the Pocket PC computers.
Creating a Computer Group Filter
For Computer Filters, this dialog box lets you display and list all computers in a group according to
a specified criteria. For example, you can create a filter to view all the computers in a particular
group that have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter,
you can then view all the computers that meet the specified criteria in the Details pane of the
Deployment Console.
Click a computer group in the Computers pane. The Filter feature is displayed in
the Details pane for the selected computer group. Click Setup to add new filters,
or modify, and delete existing computer filters.
To create or modify a computer filter
1
Click the All Computers group or any other computer group.
2
On the Filter bar in the Details pane, click Setup > New to create a new filter.
Or
click Setup > Modify.
3
Type a name for the filter, and click Add. The Filter Definition screen will be displayed.
4
Define the conditions you want to filter.
Click the Field box to see a list of computer values stored in the Deployment Database. Select a
computer value and then set the appropriate operation from the Operations list. In the Value box
enter an appropriate value for the selected database field.
For example, you can choose Computer Name as the Field, Contains as the Operation, and Sales as
the Value.
5
Repeat to include other conditions. Click OK.
General Options
Use Program Options feature to set general options for Deployment Solution. Click Tools > Options
to view the Program Options dialog box.
•
Console options (page 70)
•
Global options (page 70)
Altiris® Deployment Solution™ Help
69
•
Task Password options (page 71)
•
Domain Accounts options (page 71)
•
RapiDeploy options (page 72)
•
Agent Settings options (page 72)
•
Custom Data Sources options (page 72)
Console options
Set basic console features for miscellaneous refresh actions and warning messages.
Scan resource files for changes every ____ seconds. Specify how frequently (in seconds) the
Deployment Console updates its view of package files in the Resources view, see “Shortcuts and
Resources View” on page 64.
Warn user when no tasks are assigned to the 'default' condition. When a job is assigned to computers
and the Default condition has no tasks assigned, then a message box is displayed. The job has no
secondary default tasks assigned if a computer in the group does not meet the primary conditions.
See “Setting Conditions for Task Sets” on page 129.
Refresh displayed data every ____ seconds. Refresh the display of data accessed from the Deployment
Database. This lets you refresh console data at defined intervals rather than updating every time the
Deployment Console receives a command from the server, which can be excessive traffic in large
enterprises.
Global options
Set global options for the Deployment Server system.
Delete history entries older than _____ days. Specify the number of days an entry is kept in the history
until it is deleted. Enter any number between 1 and 10,000. If you don’t select this option, log entries
will remain in the history.
Remove inactive computers after ____ days. Specify
the number of days you want to keep inactive
computers in the Deployment database before they are deleted. The default value is 30 days, but any
number between 1 and 10,000 is valid.
Synchronize display names with computer names.
Automatically update the displayed name of the
managed computer names in the console when the client computer name changes. If this option is
not selected, changes to the computer names will not be reflected in the console. Synchronization is
off by default. The names do not have to be synchronized for the Deployment Server to manage the
computer.
Reschedule failed image deployment jobs to immediately retry.
Immediately retry a failed image
deployment job. The program continues to retry until the job succeeds or until the job is cancelled.
Client/server file transfer port: _____.
Specifies a static TCP port for file transfers to the clients. The
default value is 0 and causes the server to use a dynamic port. This setting is useful if you have a
firewall and need to use a specific port rather than a dynamically assigned port.
Automatically replace expired trial licenses with available regular licenses. Allows Deployment
Solution to automatically assign a permanent license to the computer after the trial license expires.
Be careful when using this option. Make sure that you do not give a permanent license to computers
that you do not want to manage after their trial license expires.
Display Imaging status on console. Displays the status of the imaging job on the Deployment Console.
Remote control ports. Specifies ports for using the Remote Control feature. You have the option to
enter a primary port address and a secondary port address (Optional).
Altiris® Deployment Solution™ Help
70
Primary lookup key. Specifies the lookup key type used to associate a new computer with a managed
computer. The options are Serial Number (SMBIOS), Asset Tag (SMBIOS), UUID (SMBIOS), or MAC
Address.
Sysprep Settings.
This lets you enter global values for Sysprep. See “Sysprep Settings” on page 71.
Sysprep Settings
View and configure the Sysprep settings for the Deployment Server.
OS Product Key tab
In the OS Product Key tab, select the suitable operating system from the Operating System
drop-down list. After you select the operating system, a list of all product keys for the
selected operating system is displayed. Select an operating system from the Operating System
drop-down list, and click Add to type the Product Key. You can type up to 29 characters for
the Product Key. The new product key is added to the list of Available keys of the selected
OS.
To modify a product key, select the product key to be modified, and click Edit. To remove a
product key, select the product key to be deleted, and click Remove.
Note: If the product key is being used by another task, you are not allowed to delete the
product key. You are prompted with a message stating that the product key is being used by
another task.
Task Password options
The password for administrators and users changes after a certain number of days, according to
network policies and for security reasons. In such a scenario, the password becomes invalid and all
jobs and tasks using the user name whose password changes need to be modified to use the new
password. The Task Password option provides administrators with a simple option to manage all
password changes from a centralized location.
This feature lets you set or change user passwords from a central location, so you can modify the
password for tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture
Personality when creating or modifying jobs. However, this tab is visible only to administrators and
select users who have been granted the appropriate privileges.
The Status field displays the results of password updates. Example: User A’s user name and
password is used in ten tasks. If you want to update the password for these ten tasks, you can do so
through the Task Password option. After the password is updated, the Status field displays the
message: Password for 10 tasks updated.
Domain Accounts options
This single sign-on feature retrieves the administrator (or user with administration rights) name and
password for each domain, allowing you to avoid logging on for each managed computer when
completing imaging and configuration jobs.
Click Add to enter the Domain name. The Add Domain account displays. Enter the name of the
selected domain and provide the administrator credentials. Click OK. The administrator name and
domain will be listed in the Domain Accounts list box.
Note: To enter the administrator user name for a Windows XP domain, you need to add both the
domain name with the user name. For example, instead of entering just the user name jdoe, you
need to enter domainName\jdoe.
Altiris® Deployment Solution™ Help
71
RapiDeploy options
This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server,
allowing you to deploy images to a group of computers simultaneously, download an image from a
file server, or access a local hard drive, and manage the imaging of several client computers
concurrently.
Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter
driver, you can enter a range of IP addresses when using the multicasting feature to speed computer
deployment and management. Deployment Server accesses the range of computers using the defined
IP pairs and avoids retrieving the computers through the port and OS layers.
However, because some network adapter cards do not handle multiple multicast addresses, you can
also identify a range of ports to identify these computers. On the first pass Deployment Server
accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server
accesses the selected computers using the port numbers or higher level operating system ID's.
Note: Multicasting images is not supported when using the UNDI driver on PXE, and will be
disabled on the client.
Click Reset to set the default values.
Agent Settings options
These are the default agent settings for new computers. Click Change Default Settings to change
Windows Agents Settings for Windows and DOS. Set Deployment Agent Settings for new computer
accounts or set Deployment Agent Settings for DOS for new computers.
These default settings are applied only for new client computers that have never connected to the
Deployment Server, and have no information stored in the Deployment Database. These settings are
not for the existing managed computers nor are these settings applied when setting properties using
the Remote Agent Installer.
When the Deployment Agent connects, Deployment Server verifies if the computer is a new or
existing computer. If the client computer is new and if the Force new agents to take these default
settings option is selected, then the Deployment Agent on the client computer receives the default
settings established in the Options > Agent Settings dialog box. If the computer is recognized as an
existing managed computer, then it uses the existing agent settings. The same process occurs for
automation agents if the Force new Automation agents to take these default settings option is selected.
Force new agents to take these default settings.
Select this option to force the default settings when
adding a new computer.
Force new Automation agents to take these default settings.
Select this option to force the default
settings when adding a new automation agent connects.
Custom Data Sources options
This option lets you set up credentials to authenticate to external Deployment Databases and other
Microsoft SQL Server databases to extract data using custom tokens. Click Add to enter an
administrator alias and other login information for the Microsoft SQL Server (or MSDE) hosting the
desired Deployment Database.
The information required to create a custom data source entry are listed below:
Alias.
The alias name you would like to use when referencing the external SQL database.
Server.
The name of the external SQL database server or IP address.
Database.
The name of the external database from which you want to extract data.
Use Integrated Authentication. This option tries to authenticate to the external database using the
domain account you are currently logged on as.
Altiris® Deployment Solution™ Help
72
User name and Password. When the integrated authentication is not being used, you must provide
a user name and password to authenticate to the external database.
Click Allowed Stored Procedures to modify the existing list. See “Allowed Stored Procedure List”
on page 73.
Allowed Stored Procedure List
Click Allowed Stored Procedures to identify the stored procedures from the selected custom data
source. You can then select from the list of available stored procedures in the data source. This
allows you to call stored procedures outside of the Deployment Database (express database) using
custom tokens within scripts or answer files.
Virtual Centers
You can keep a list of all VMware Virtual Center web services. The hosts and virtual computers
from each Virtual Center that have corresponding computers in the Deployment Database will be
displayed in the computer tree. These virtual computers display under Virtual computers node in the
Computer pane.
Click Add on the Virtual Center page, and enter the Server host name, display name, and user name.
You can also set up a password for the selected user.
Security in Deployment Solution
Deployment Solution provides a security system based on associating job and computer objects with
user and group permissions, allowing IT personnel to be assigned to different security groups to
manage operations on specific computer groups or job folders. Each security group can then perform
only a defined scope of deployment operations on each computer group or job folder. Additionally,
each user can be assigned rights to access general console features.
Note: Security rights and permissions set in one console is enforced in all Deployment consoles.
To set general security rights, click Tools > Security and add a user name and
password. You can create users and groups and set scope-based rights.
To set feature-based permissions for specific computers or jobs, select the object
in the console, right-click and click Security.
See also
Best Practices for Deployment Solution Security (page 73)
Enabling Security (page 74)
Setting Permissions (page 77)
Groups (page 75)
Rights (page 76)
Best Practices for Deployment Solution Security
Deployment Solution is based on defining groups of users and groups of computers and jobs, and
then associating one with another. Altiris recommends that you first create user groups based on
administration duties or access to levels of deployment operations. Example: you will most likely
set up a group with full Administrator rights. This group will have access to run all operations on all
computers using all types of jobs. No permissions need to be set on each computer group or job
folders for the Administrator group because they have full rights to all features and resources.
Altiris® Deployment Solution™ Help
73
However, you can also set up a Technician group that has only basic access and permissions limiting
deployment operations. This will prohibit members of the group from re-imaging the Server
computer group or scheduling Distribute Disk Image jobs. You can explicitly Allow or Deny the
group from running these operations for each computer group in the Computers pane or each job
folder in the Jobs pane.
After creating the Technician group, you can limit their rights to set General Options and then set
permissions on each computer groups and job folder for the group. You can select the computer
group, right-click it and select Permissions. Then select the group name in the left pane, and click
Allow or Deny for a list of deployment operations. Example: you can select the Deny checkbox for
Restore, Schedule Create Disk Image, and Schedule Distribute Disk Image.
Additional groups can be created with different rights and permissions depending on the needs and
responsibilities in the IT team. If users are assigned to multiple groups, the Evaluate Permission and
Evaluate Rights features will sort and display effective permissions and rights.
Enabling Security
You can enable security by first creating a group with Administrator rights, adding a user to the
Administrator group, and then selecting Enable Security.
Note: When the Administrator Right is selected, you do not need to select any other rights because
the Administrator Right implies that all other rights are selected.
1
Click Tools > Security.
The Security dialog box displays.
2
Click Manage User Groups tab and click Add. The Add User Group dialog box displays.
3
Select the authentication type. You can choose to add a DS group or a group from the Active
Directory. To add groups from Active Directory, see “Adding groups from the Active Directory”
on page 75.
4
Click DS Group
Note: The Browse button is disabled for Local Group.
5
Type a name and description in the Add User Group dialog box. Click OK.
The group name displays in the window.
6
Select the new group name and click Rights.
7
Select Administrator in the Rights dialog box. This assigns complete rights and permissions to
the group. Click OK, and click Close.
8
On the main Security dialog box, click Manage Users tab, and click Add.
The Add User Account dialog box displays.
9
Select the authentication type. You can choose to add a DS user or a user from the Active
Directory. To add users from Active Directory, see “Adding users from the Active Directory” on
page 75.
10
Click DS User in the Add User Account dialog box.
Note: The Browse button is disabled for DS User.
11
Type user name, full name, and password. Retype the password, and provide a description for
the user. Click OK.
12
Select the user name in the main Security dialog box. Click the Rights button.
13
Click the name of the new Administrator group in the Groups window. This assigns the new user
to the new group with Administrator rights. Click OK.
Note: You can assign the user Administrator rights directly, but assigning users to groups is
advised. See “Best Practices for Deployment Solution Security” on page 73.
14
Now that you have a user with administrator rights, select the Enable Security box.
Altiris® Deployment Solution™ Help
74
Security is now enabled. You can now create users and groups and assign permissions to computer
groups and job folders.
Adding users from the Active Directory
You can add users from the Active Directory.
1
In the main Security dialog box, click Manage Users tab, and click Add.
2
Click AD User in the Add User Account dialog box.
3
If you know the user name, type it in the User name box, or click Browse to select user from the
Active Directory.
The password field is deactivated as the user is being added from the Active Directory.
Note: You can add only one user at a time. To import users, see “Importing users from the Active
Directory” on page 75.
4
Type a description for the user in the Description box.
5
Click OK.
Importing users from the Active Directory
You can also import users from the Active Directory. In the main Security dialog box, click Manage
Users tab, and click AD Import to open a standard Windows Active Directory dialog box. Add users
from Active Directory, not groups. The users are added to the Deployment Database. However, you
still need to assign the users to security groups with appropriate rights and permissions.
Note: When logging on with the imported AD account, Deployment Solution accessed the Windows
Active Directory server to validate the user password.
Evaluate Rights
Click Evaluate Rights to identify the combined rights of the selected user and its user group(s). This
feature identifies effective rights for each user by resolving any possible conflicts between multiple
group settings.
Groups
Assign the user to previously created groups. If you are enabling security, you can assign the user to
a group with Administration rights.
To add groups, from the Security dialog box, click the Manage User Groups tab, and click Add. Select
the authentication type, and then type the required details. You can view the members of any group
by clicking the group in the Manage User Groups dialog box and clicking View Members.
See also “Best Practices for Deployment Solution Security” on page 73, and “Enabling Security” on
page 74.
Adding groups from the Active Directory
You can add users from the Active Directory.
1
In the main Security dialog box, click Manage User Groups tab, and click Add.
2
Click AD Group in the Add User Group dialog box.
3
If you know the group name, type it in the Name box, or click Browse to select the group from
the Active Directory. A list of groups, along with their descriptions, display in a new dialog box.
Select a group from the list, and click OK.
4
The Name, Domain, and Description gets automatically filled. However, you can modify the
description. Click OK.
The newly added group displays in the main Security dialog box.
Altiris® Deployment Solution™ Help
75
Importing groups from the Active Directory
You can also import users from the Active Directory. In the main Security dialog box, click Manage
User Groups tab, and click AD Import to open a standard Windows Active Directory dialog box. Add
groups from Active Directory. You can choose a domain from the Domain List, and select a group
from the displayed list. The group is added to the Deployment Database. However, you still need to
assign the users to security groups with appropriate rights and permissions.
DS Authentication
If the user is already in the DS database, and it tries to access the Deployment Console, then
Deployment Server checks the authentication with the logged on user, and upon matching does not
prompt for user credentials. Similarly, if a group has already been added in the DS database, and if
a system logged-on user, who is a part of the AD group, tries to access the Deployment Console,
then Deployment Server does not prompt for credentials.
Rights
This dialog box lets you set general rights for a user or group. To verify, add or change the rights
assigned to each console user, use the following steps:
1
From the Security screen, select a user and click Rights.
2
From the Set Rights For window, click the Rights tab.
3
Select the checkbox for each right that you want to grant.
4
After selecting all applicable rights, click OK to save your changes.
A brief explanation of each Deployment Server right that can be assigned is detailed below:
Administrator. Lets user access to all features available on the Deployment console. You must
have Administrator rights to enable security. See “Enabling Security” on page 74.
Options Console. Lets you set Console options. If this checkbox is selected, you can set the view
and set the console options.
Options Global. Lets you to set Global options. If this checkbox is selected, you can view and set
the global options.
Options Domain Accounts.
Lets you set Domain Accounts options. You can view and set the
domain accounts option.
Options RapiDeploy.
Lets you set RapiDeploy options. You can view and set the RapiDeploy
options.
Options Agent Settings.
Lets you set Agent Settings options. You can view and set the agent
settings.
Options Custom Data Sources. Lets you create Custom Data Sources options. You can view,
create, and set database aliases.
Manage Rejected Computers.
Lets you view Rejected Computers in Deployment Solution and
change status.
Refresh Clients. Lets you Refresh Deployment Solution clients. You can use
clients <CTRL +F5> feature to disconnect and reconnect client computers.
the View > Refresh
Allow scheduling on All Computers. Lets you schedule jobs on All Computers. If you have
administrator rights, then by default you have the rights to schedule job on all computers,
irrespective of the checkbox state. You can grant this right to a specific user or a group.
Import/Export. Lets you import and export jobs and import computers as well. See “Importing and
Exporting Jobs” on page 156 and “Importing New Computers from a Text File” on page 84.
Options Task Password. Lets you centrally update passwords for users and groups so they can
access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture
Personality when creating or modifying. You must have administrative rights to access this
option. See “Task Password options” on page 71.
Use PXE Configuration Utility. Lets
you use the PXE Configuration Utility.
Options Virtual Centers. Lets you view and add options for Virtual Centers. See “Virtual Centers”
on page 73.
Altiris® Deployment Solution™ Help
76
Setting Permissions
Set permissions for jobs, job folders, computers, and computer groups. See “Best Practices for
Deployment Solution Security” on page 73 for additional design tips.
1
Right-click on a computer group or job folder (or individual computers and jobs) and select
Permissions. The Object Security dialog box displays.
2
Click the Groups tab and select a group name. Or click the User tab and select a user name.
3
From the list in the right pane, select if you want to Accept or Deny permission to run the
operations on the selected computers or job objects. These permissions include access to Remote
Operations Using Deployment Solution and features for scheduling Deployment Tasks.
4
Select the Allow or Deny checkbox to explicitly set security permissions for these Deployment
Solution features for the selected objects.
Note: Administrators have access to all objects with unrestricted rights and permissions. You
cannot explicitly deny permissions to computer or job objects for users with administrator rights.
5
To assign permissions to multiple groups, click Set permissions on all child objects to assign the
values without closing the dialog box.
6
Click Close.
Note: You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers
pane without selecting a job or computer object.
Permission Rules
Permissions received through different sources may conflict with each other. The following
permission rules determine which permissions are enforced:
•
Permissions cannot be used to deny the user with Administrator console rights access to use
any console objects or features.
•
User permissions take precedence over Group permissions.
•
Deny
•
Permissions do not flow down an object tree. Instead, the object in question looks in the
current location, and then up the tree for the first permission it can find and uses the same.
•
If a console user does not have permissions to run all of the tasks the job contains, the user is
not allowed to run the job.
overrides Allow. When a user is associated with multiple groups, one group could be
allowed a permission at a particular level while the other group is denied the same
permission. In this scenario, the permission to deny the privilege is enforced.
Evaluate Permissions
Click Evaluate Permissions to identify the combined permissions of groups and containers with
contrasting permissions. This feature identifies effective permissions for each object by resolving
any possible conflicts.
If a job includes multiple tasks and one of the tasks does not have sufficiently assigned permissions,
then the whole job fails due to lack of access permissions.
Note: Permissions to schedule jobs also allows a user to delete jobs in the Details pane after a job
runs. For example, if a job contains errors and does not run, then no other jobs can be scheduled. The
user must delete the job before scheduling a new job.
Connecting to Another Deployment Server
From the Deployment Console you can connect to other Deployment Servers on your LAN and
manage computers beyond the network segment that you are currently logged on to. Opening a
connection requires that you connect to the Deployment Database of the preferred Deployment
Server connection using the ODBC Data Source Administrator.
Altiris® Deployment Solution™ Help
77
Click File > Connect to or press CTRL+O to open the Connect to Deployment Server
dialog box. Enter requisite information to connect to the external Deployment
Server connections using an ODBC driver.
Note: Although you are accessing another connection (another Deployment Database), Windows
remembers the last place you browsed to, which would be the Deployment Share of the previous
Deployment Server connection. You need to browse to the new connection’s Deployment Share to
access its shared folder containing its RIPs, images, executables, and other resources.
Connecting to a new Deployment Database
1
Click New.... The Define Connection Information dialog box displays.
2
Enter a name for the connection to be opened.
3
Establish an ODBC data source.
a
Click ODBC Administrator.
b
Click the System DSN tab, and then click Add.
c
Select the SQL Server driver source and click Finish.
d
In the Create a New Data Source to SQL Server dialog box, enter a name and description for
the data source.
e
If an entry for your server already exists, select it from the menu. Otherwise, enter the name
of the server hosting your remote SQL server in this box. Click Next.
f
Click Next in the Create a New Data Source to SQL Server dialog box to accept the default
settings.
g
Select the Change the Default Database to: checkbox and then select eXpress from the menu.
Click Next.
h
Click Finish. The specifications for the ODBC data source displays.
i
Click Test Data Source... to verify that the source is reachable.
j
Click OK. You will return to the main ODBC Data Source Administrator dialog box with
your new data source listed in the System DSN tab. Click OK.
4
Using the menu in the ODBC Data source name dialog box, select the new Data Source name
you just created.
5
In the Installation Directory path field enter the full UNC path (or path using any locally mapped
drive) to the directory of the required Deployment Server, for example:
\\SalesServer\express or H:
6
Click OK.
Rejected Computers in Deployment Solution
When an unwanted managed client computers attaches to your Deployment Solution system, you
can right-click the computer in the Computers pane and select Advanced > Reject Connection. You
can view these rejected computers by clicking View > Rejected Computers.
The rejected computers are prohibited from being active in the Deployment Database. They are
identified and rejected by their MAC address.
You can remove computers from the Rejected Computers list by selecting it and clicking Accept
Computer(s). This allows the computer to attach again and be managed by the Deployment Solution
system.
Altiris® Deployment Solution™ Help
78
Refresh Deployment Solution
You can refresh the Deployment Console by clicking View > Refresh Console (or pressing <F5>) to
update data from the Deployment Database. You can also click View > Reset Client Connections (or
press Ctrl+<F5>) to disconnect and reconnect all managed computers in a Deployment Server system.
When you refresh the managed client computers, you are asked if you want to disconnect all
computers. Click Yes. This tells the Deployment Agent to shut down and restart. It also creates
additional network traffic when all computers connect and disconnect. By refreshing the managed
client computers, you ensure that you are viewing the current status and state of all computers
resources in your system.
Altiris® Deployment Solution™ Help
79
Managing Computers
From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage
all computer resources across your organization, including desktop computers, notebooks,
handhelds, network and web servers, and network switches. You can quickly modify any computer’s
configuration settings or view its complete management history. Or you can take on big projects,
like completely re-imaging the hard drive, restoring software and migrating personality settings for
a whole department. You now have management of all your computer resources available from a
Windows or web console from any location.
All computer resources can be accessed and managed as single computers or organized into
computer groups with similar hardware configurations or deployment requirements, allowing you to
run deployment jobs or execute operations on multiple computers simultaneously. You can use
search features to locate a specific computer in the Deployment Database, or set filters to sort
computers by type, configuration, OS, or other criteria.
Manage with Computer icons. Major computer types are identified by a computer icon in the
console, with a listing of scheduled jobs and operations associated with each computer. In the
Deployment Console, you assign and schedule deployment jobs to computers or groups by dragging
the computer icon to a job in the Jobs pane, or vice versa. See “Viewing Computer Details” on
page 81.
Computer icons displays in the Computer pane of the Deployment console where
they can be organized into groups. To assign and schedule a computer in the
Deployment Server Console, drag a computer icon or group icon to a job icon.
Add new computers. Deployment Solution lets you add new computer accounts and set
configuration properties for new computers before they are recognized by the Deployment Server
system. Preset computer accounts will automatically associate with new computers when they start
up, or can be associated with pre-configured computers. See “Adding New Computers” on page 82.
Click the New Computer button on the console to create a new computer account.
You can also click File > New > Computer or right-click in the Computers pane
and select New Computer.
When the new computer starts up you can assign it a preset account.
Click the New Group button on the console to add a new group in the Computers
pane of the Deployment console. You can also click File > New > Computer Group
or right-click in the Computers pane and select New Group.
Deploy to groups of computers. Organize computers by department, network container, hardware
configuration, software requirements, or any other structure to meet your needs. You can then
deploy and provision computers on a mass scale. To filter computers in a computer group to
schedule jobs only to the appropriate computer types, see “Computer Filters and Job Conditions” on
page 68.
Configure Computer Agents. See the property pages for modifying Deployment Agent settings.
See “Deployment Agents” on page 92.
Altiris® Deployment Solution™ Help
80
View and configure computer properties. You can modify computer settings for each computer
from the console. See “Computer Configuration Properties” on page 85. Or you can view the
Computer Properties page for detailed access to a computer’s hardware, software, and network
property settings. See “Computer Properties” on page 105.
Run remote operations from the console. Perform operations quickly in real-time from a
Deployment console. Restore a computer to a previous state, configure property settings, send a file,
remote control, chat, set security, run deployment jobs or select from additional management
commands. See “Remote Operations Using Deployment Solution” on page 108.
Build and schedule jobs. Build deployment jobs with one or more management tasks to run on
selected computers. Create jobs and add tasks, then assign the job to computer groups. Jobs can be
organized and assigned for daily tasks or to handle major IT upgrades. See “Building and Scheduling
Jobs” on page 124.
Manage Handhelds. Deployment Solution manages handheld computers (PDAs). See
“Deployment Agents for Pocket PC” on page 100.
Manage Servers. Deployment Solution also manages network or web servers to administrate highdensity server farms or server network resources across your organization. See the Deployment
Solution Reference.
Viewing Computer Details
In Deployment Solution, a computer resource is identified in the console with a distinctive icon to
display the computer type — Windows desktop or notebook, handheld, server, or Linux OS — and
its current status. These computer icons change to convey the state of the computer, such as the log
on status, server waiting status, or user with a timed license status. You can also view the status of
the jobs assigned to the selected computer in the Details pane of a Deployment console (see
“Viewing Job Details” on page 124).
The following is a sample list of computer icons displayed in each Deployment console, identifying
computer type and state.
Managed Computers
Computer connected to the Deployment Server with a user logged in.
Computer connected to Deployment Server but the user is not logged on.
Computer with a time-limited user license and a user logged on.
Computer not currently connected to the Deployment Server but known to the
Deployment Database.
A pre-configured with values defined in advance using the New Computer feature. As
soon as the computer connects and the Deployment Server recognizes the new
computer and changes the icon. See “Adding New Computers” on page 82.
A managed computer waiting for user interaction before running deployment tasks.
This icon displays if the Workstations checkbox is selected in Initial Deployment. See
“Sample Jobs in Deployment Solution” on page 159.
A master computer is identified as a computer used to broadcast images to other client
computers.
Altiris® Deployment Solution™ Help
81
Managed Computers
A connected handheld computer.
A managed server connected to the Deployment Server with a user logged on.
Additional icons identify different states of server deployment.
A managed Linux computer connected to the Deployment Server with a user logged on.
Additional icons identify different states of Linux computer deployment.
Blade Servers - physical view
Physical view of Rack/Enclosure/Bay components for high-density server
systems. These icons display as physical representations to allow management
of different levels of the server structure. In addition, server icons identify
logical server partitions. See “Bay” on page 107 for properties and rules to
deploy Rack/Enclosure/Bay servers.
Computer Groups
Select the New Computers or All Computers group to run jobs or operations for these
default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar
computer types or to list computers of similar departments or locations. Click the New
Group button or select New > Computer Group to create a new group.
See also “Deployment Agents” on page 92.
Adding New Computers
Computers can be added to the Deployment Database using three methods:
•
Install the Deployment Agent. If you install the Deployment Agent to a computer with the
operating system already installed, then the computer will be added automatically to the
Deployment Database at startup. New computers with the Deployment Agent installed will be
added to the All Computers groups (unless otherwise specified in the Deployment Agent
configuration). You can then move the computer to another group if desired.
•
Use Initial Deployment to configure and deploy new computers booting to automation.
Starting up a new computer with the Automation Agent lets you image the hard drive, assign IP
and network settings, distribute personal settings and software, and install the Deployment Agent
for new computers. Using Initial Deployment you can associate new computers with preconfigured computer accounts. These newly configured computers display in the New Computers
group. See Sample Jobs in Deployment Solution (page 159) .
•
Create or import computer accounts from the Deployment console. You can add new
computers using the New Computer feature or import computers using a delimited text file. You
can pre configure computer accounts by adding names and network settings from the console.
See “Creating a New Computer Account” on page 83.
Altiris® Deployment Solution™ Help
82
About New Computers
When a new computer starts up, if Deployment Server recognizes the MAC address provided in a
New Computer account or import file, it will automatically associate the user account at startup with
the New Computer icon. If this value is not provided, then the computer will be displayed as a preconfigured computer account, allowing you to associate it to a new computer.
The New Computer icon displays for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.
A pre-configured computer account icon displays if specific hardware data
(MAC Address) is not known. As soon as the computer starts up and is
associated with a pre-configured computer account, then Deployment Server
recognizes the new computer and the icon changes.
A pre-configured computer account can be associated with a new computer using the Initial
Deployment feature. You can create multiple pre-configured computer accounts and then associate
the account with a new computer when it boots to automation. At startup, the configuration settings
and jobs assigned to the pre-configured computer account can be associated with the new computer.
Pre-configured Computer Account
Deployment Solution provides features to create a pre-configured computer account to pre-define a
computer’s configuration settings and assign customized jobs to that computer even if you do not
know that computer's MAC address. This type of computer is known as a pre-configured computer
account.
Pre-configured computer accounts offer a great deal of power and flexibility, especially when you
need to deploy several computers to individual users with specific needs. The pre-configured
computer account saves your time because you can configure the computer before it arrives on site.
You can set up as much configuration information (computer name, workgroup name, and IP
address, for example) that you know about the computer and apply it to the new computer as it comes
online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer
using customized images, MSIs and RIPs based on a user's specific needs.
Example: a user might request Windows 2000 with Office 2000 and virus scanning software
installed on the new computer. The user also might request that his or her personality (customized
user settings, address books, bookmarks, familiar desktop settings) be migrated from the old system.
You can build any job, including any of the available tasks, and assign it to a pre-configured
computer account.
When the new computer finally arrives, you will be ready to deploy it because you have done all the
work ahead of time. Boot the client computer to automation (, and the new computer will connect to
the server and become a managed computer. Then you can perform an Initial Deployment, or run a
deployment imaging job on the new computer.
Creating a New Computer Account
You can create computer accounts for individual computers or for computer groups. When creating
new accounts for computer groups, you can automatically assign new names and associate them with
existing computer groups or the New Computer group.
Click the New Computer button on the console to create a new computer account.
You can also click File > New > Computer or right-click in the Computers pane
and select New Computer.
Altiris® Deployment Solution™ Help
83
To create a new computer account
1
Click Add.
2
Enter names and configuration settings for each new computer account using the Computer
Configuration screens. See “Computer Configuration Properties” on page 85 for a description of
the configuration settings.
Note: If you do not enter a MAC address, the computer you create or import will become a
virtual computer.
3
Click Import to add new computers from a delimited text file (see “Importing New Computers
from a Text File” on page 84). This is optional.
4
Click OK.
A pre-configured computer account icon displays in the Computers pane.
When a new computer starts up, you can assign it to this preset account.
To create and associate multiple computer accounts
You can create computer accounts and automatically assign predefined names. These computer
accounts can then be associated with computers in a selected computer group.
1
Select a computer group, including the New Computers group (empty groups cannot access
features). Right-click and select the Configure command.
2
Enter names and configuration settings for each new computer account using the Computer
Configuration screens. See “Computer Configuration Properties” on page 85.
3
Click the Microsoft Networking category and click the Define Range button. This is optional.
a
In Fixed Text box, type a base computer name. Example: enter Sales.
b
Type a numeral or letter in the Range Start box to add to the Fixed Text name. This will create
a unique name for a group of computers starting with the specified character. The range of
numerals and letters will be assigned to the computer name. Example: enter 3.
c
Select Append to add the range of numerals after the computer name. Clear the checkbox to
add names before the computer name.
The example computer names will begin with Sales3 and end with Sales7.
d
Click OK.
4
Click the Associate button. You can now associate computers in a group (including the New
Computers group) with the multiple computer accounts.
5
Click OK.
Importing New Computers from a Text File
You can import computer configuration data using delimited text files (.txt, .csv, or .imp files) to
establish multiple computer accounts in the Deployment Server database. This file contains all
configuration data for a new computer, including all settings displayed in the Computer Properties
of a selected computer.
1
Click File > Import/Export > Import Computers.
A dialog box will open allowing you to select import files. These files can have txt, csv, or imp
extensions.
2
Select the import file. Click Open.
If a correctly formatted computer import file is selected, then a message box displays, informing
you that the computer import is complete and identify the number of computers added. Click OK
on this message box.
New computers will display as pre-configured computer accounts in the Computers area of the
console (as single computers or in groups), and any jobs imported from the import file will be
listed in the Jobs area.
Altiris® Deployment Solution™ Help
84
Note: Jobs can be added to the import file. They can be created and associated with the new
computers.
If the computer import file is incorrectly formatted, a warning displays, stating that the computer
import file is incorrect.
3
Edit computer settings by selecting a computer from the list and clicking the Properties button.
4
The Computer Properties sheet opens to edit or add values not set in the import file, such as
computer name, TCP/ IP settings, user name, and other configuration settings.
5
Click OK.
The imported computers displays in the Computers pane of the Deployment console.
You can also import a computer to be placed in a sub-folder in the Computers pane and create a job
to be associated with the imported computer. See the sample import file for additional information.
Referencing the Sample Import File
When creating an import file, use either the ImportComputers55.txt file or the
ImportComputers55.xls file in the Samples folder of the Deployment Share. The
ImportComputers55.txt file provides a sample import template you can access to test the Import
feature. The ImportComputers55.xls file is a Microsoft Excel spreadsheet that lets you add
values to each identified column and then save the file as a delimited TXT file to import to the
Deployment Database. The sample import file places a computer (DB Computer 1) in a computer
group (Test Group) and adds a job (Test Job) that is associated with the imported computer.
Note: Altiris Deployment Solution 5.5 and later use the 5.5 format for importing computers.
Previous versions of Deployment Solution use the 4.0 format.
Deploying New Computers on a Mass Scale
If you need to deploy large numbers of computers (100 to 5,000), consider using a barcode scanning
system to collect user information (names, OS and application needs) and computer information
(MAC address, serial numbers, asset tags). You can save this information to a file, which can then
be imported into the New Computers List View. Depending on the number of incoming computers, the
amount of information you have about those computers, and the needs of individual users, you can
use either the pre-configured computer account method (best for smaller numbers of new computers)
or the Initial Deployment job (best when deploying generic setups by departments or groups).
If you are using an import file, make sure you know primary lookup key. This is the piece of
information that Deployment Server needs to set up a unique computer. The primary lookup key can
be Serial Number, Asset Tag, UUID, or MAC address.
Computer Configuration Properties
These computer property settings can be viewed, set, and modified when performing the following
computer management operations:
•
Adding New Computers (page 82) .
•
Modifying Configuration (page 148) . Create or edit property settings in a deployment job.
•
Sample Jobs in Deployment Solution (page 159) configuration settings.
Click the configuration group icons to set additional computer property values. After you edit these
computer property settings, the computer will be restarted so that the changes can take effect.
Computer Configuration Properties
General Configuration Settings
Set the most important value from this property sheet. It
includes the name of the computer in Deployment
Solution, the NetBIOS name of the computer, the MAC
address and other settings.
Microsoft Networking Configuration Set the Windows name of the computer and the
Settings
Workgroup or Domain settings.
Altiris® Deployment Solution™ Help
85
Computer Configuration Properties
TCP/IP Configuration Settings
Set the TCP/IP addresses for one or more network
adapters.
NetWare Client Configuration
Settings
Set Novell Directory Services client logon options.
OS Licensing Configuration Settings Set the registered user name and view the hashed
installation license key for the installed operating system.
User Account Configuration Settings Set the local Windows user account values.
General Configuration Settings
The General category provides access to important property settings that are also
listed in other configuration categories. Click other category icons to view and
set additional configuration properties.
Field
Description
Name
Provides a name that displays in the Deployment console (not the BIOS name
of the computer).
Note: The Name box will be disabled for multiple computer configuration.
MAC address
The unique identification address of the network adapter.
Serial Number
The serial number of the computer’s motherboard.
Asset Tag
The asset tag of the computer, if available.
Computer Name
The Windows name of the computer.
IP Address
Current IP address of the computer. Multiple IP addresses are listed in this
box.
Registered User
The name of the user who registered the operating system software
License key
The hash value rendered from the OEM key or 25-digit license key required
when installing the operating system.
User name
The user name for the local Windows user account.
Full name.
The full name for the local Windows user account.
Password
The password for the local Windows user account.
See also “Computer Configuration Properties” on page 85.
Microsoft Networking Configuration Settings
Enter the computer name and workgroup or domain property settings for the
managed computer. If you are using Active Directory, you can add computers to
a domain and a specified organizational unit (OU).
Use Sysprep to generate unique SIDs. This can be done by manually running the utility or selecting
this feature while installing the Deployment Agent.
Altiris® Deployment Solution™ Help
86
Field
Description
Computer Name
This is the NetBIOS name for the computer. The name must be unique in the
network and is limited to 15 characters.
Note: The Computer Name box will be disabled for multiple computer
configuration.
Define Range
Click to create a sequential range of computer names. You can identify a root
name and automatically increment its associated number. This option is
available when selecting groups of computers.
Note: When setting name ranges, do not set names using multiple Modifying
Configuration tasks and then assigning the names by Setting Conditions for
Task Sets. If you set up two separate name ranges to be assigned by separate
conditions, then the computer names will increment irrespective to the base
name.
Workgroup
Click and enter the name of the workgroup to place the managed computer.
Domain
Enter either the fully qualified domain name, the DNS domain name, or the
WINS domain name. You can enter the fully qualified domain name (for
example, mjones.yourcompany.com), and specify the organizational unit
(OU) using this format: OU/newOU/users. The complete entry to place the
computer in the users OU is the following:
mjones.yourcompany.com/OU/newOU/users
internal.myServer.org/New Corporate Computer OU/Mail Room/
Express Mail Servers
Altiris® Deployment Solution™ Help
87
Field
Description
Computer Name
Range
For new computers, set a range of names for multiple new computers:
• Fixed text. Enter the text portion of the name which you want associated
with each computer, for example: Marketing.
•
Range start. Enter a whole number to add to the fixed text, for example: 1.
•
Append. Select this checkbox to add the range after the fixed text in the
computer name. If you clear this box then the number will be added as a
prefix to the fixed text.
•
Result.
•
Associate. Click to match new computer accounts with new computers.
After setting the fixed text and a range of numbers to automatically
generate computer names for new computer accounts, you can associate
the new computer accounts with new computers logging in to the network.
Select any Target Computer and associate it with an Available Name.
Click Auto Assign to generate all listed target computers with all available
computer names.
View an example of the selected names that will be assigned to
each computer, for example: Marketing...Marketing6.
See also “Computer Configuration Properties” on page 85.
Use Token for
computer name
Select the checkbox to specify the computer name using tokens. Selecting this
option enables the Select Token combo box and disables the Define Range
option.
Note: This option is applicable for multiple computers and not for single
computers.
Select Token: You can select one of the six tokens from the drop-down list.
• %NAME%- Complete computer name.
•
%NICyMACADDR%- MAC address of the computer with NIC specific
number. Selecting this option enables the NIC Number option. You need
to specify the NIC number, which ranges from 1-8.
•
%SERIALNUM%- Serial number from SMBIOS.
•
%NODENAME%- First 8 characters of actual computer name.
The NIC Number textbox is visible for NIC number input; the default value is 1.
TCP/IP Configuration Settings
Enter TCP/IP settings for one or more network adapters. Click Advanced to setup
IP interfaces, DNS, and WINS. For computer groups, click Associate to assign
a range of pre-defined IP addresses.
Altiris® Deployment Solution™ Help
88
Field
Description
Host name
The DNS name of a device on a network. The name is used to locate a
computer on the network.
Network Adapter
A list of all network adapters installed in the selected computer.
The network adapter with the lowest bus, device, and function number will be
the first listed (NIC0 - zero based). If the bus, device, and function
information cannot be determined for a network adapter, it will be enumerated
in the order it is detected.
When configuring multiple network adapters, make sure that one network
adapter is not using an Intel Universal NIC driver (commonly called UNDI
driver) to connect to Deployment Server. If one network adapter uses the
native driver and one uses an UNDI driver, then your computer will display
twice in the console.
• Add. Enter new settings for additional network adapters installed on the
client computer.
You can add “virtual” network adapter settings to send a job to a computer
group containing computers with varying numbers of network adapters. If
a computer in the group has only one network adapter, then it will be
configured only with the IP settings listed first. If IP settings are provided
for additional network adapters not present in the computer, then they will
be disregarded.
•
MAC Address. The MAC address is a unique number assigned to the
network adapter by the manufacturer. You are unable to change this
number. The MAC address displays in this box when viewing computer
configuration settings. This box is shaded when creating a Modify
Configuration task.
•
DNS connection Suffix.
Enter this to add domain suffixes to the root
address.
•
Use DHCP to obtain an IP address.
Select this to obtain an address from a
DHCP server.
•
Assign a static IP address.
Select this to set common static IP address
values.
See also “Computer Configuration Properties” on page 85.
Reboot After
Configuration
To restart the computer after configuration.
TCP/IP Advanced Options - IP interfaces
IP Interfaces (Linux and Winodws type only). Click Add to set named interfaces for this network
adapter. Use this tab to add TCP/IP addresses to an existing network adapter card on Linux or a
Windows operating system.
Common IP Information
Field
Description
IP Address
Add or modify an IP address common to all interfaces.
Subnet mask
Enter the appropriate subnet mask.
Altiris® Deployment Solution™ Help
89
Linux Specific
Field
Description
Interface Name
Establish Linux-specific IP interface settings. Make sure you use the “eth”
syntax when naming new interfaces, for example: eth0:1 or eth0:new
interface.
Broadcast Address Enter the Broadcast address for the specified IP interface.
Interface State
The default value of the interface state is Up, which denotes that the named
interface is operating. You can shut down the named interface by selecting
Down.
See also “Computer Configuration Properties” on page 85.
TCP/IP Advanced Options - Gateway
View Gateway addresses. Click Modify a edit an existing IP address. Use the Up and Down arrows to
move an address to the top of the list, which acts as primary address. Review all selection by clicking
the TCP/IP button on the Configuration page.
Field
Description
Gateway
Add additional gateways for this network adapter.
DNS
DNS Server Address:
Add additional Domain Naming Servers (DNS) for this
network adapter.
Append these DNS Suffixes (in order): Add the name of the Domain Suffix, and
then use the Up and Down arrows to set the DNS suffix search order.
WINS
Add additional WINS settings for this network adapter. Select Enable or
Disable NetBIOS over TCP/IP, or Use NetBIOS settings from DHCP server for this
network adapter.
Note: Windows 98 operating systems do not allow editing this information.
The Deployment Console will disable the edit feature on those types of clients.
See also “Computer Configuration Properties” on page 85.
Static Routes
This displays the static route information for the computer you are viewing.
See also “TCP/IP Advanced Options - Static Routes” on page 91.
TCP/IP Advanced Options - DNS
Click Add to set a new DNS address.
DNS Server Address:
Add additional Domain Naming Servers (DNS) for this network adapter.
Add the name of the Domain Suffix, and then use the Up and
Down arrows to set the DNS suffix search order.
Append these DNS Suffixes (in order):
TCP/IP Advanced Options - WINS
Click Add to set a new WINS address.
Add additional WINS settings for this network adapter. Select Enable or Disable NetBIOS over
TCP/IP, or Use NetBIOS settings from DHCP server for this network adapter.
Note: Windows 98 operating systems do not allow editing this information. The Deployment
Console will disable the edit feature on those types of clients.
Altiris® Deployment Solution™ Help
90
TCP/IP Advanced Options - Static Routes
Field
Description
Destination
IP address of the destination Deployment Server.
Netmask
Subnet mask.
Gateway
Additional gateways required to reach the destination server.
Interface
IP address for the interface over which the destination can be reached.
Metric
Cost associated wit the route
Flags (Linux)
Enter the flag associated with a linux specific OS. Possible flags include:
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
Ref (Linux)
Number of references to this route.
Use (Linux)
Count of lookups for the route.
NetWare Client Configuration Settings
Set Novell NetWare client values for a new or existing computer. Select whether
you want to log in directly to a NetWare server or to a NetWare tree in the Novell
Directory Service (NDS). You can then specify the preferred tree, server name,
and NDS context.
Field
Description
Ignore NetWare
settings
Select to disregard all Novell NetWare client settings for this computer.
Preferred server
Click and enter the name of the NetWare server, for example: \\OneServer.
This is the primary login server for the NetWare client.
Preferred tree
Click and enter the name of the NDS tree.
NDS User name
Click and enter the name of the user object for the NetWare client.
NDS Context
Click and enter the organizational unit context for the user.
Run login scripts
Select this option to run the NetWare client login scripts.
See also “Computer Configuration Properties” on page 85.
Altiris® Deployment Solution™ Help
91
OS Licensing Configuration Settings
Enter or view the license information for your Windows operating system
software (Windows 98, 2000, XP, and 2003 Servers).
Field
Description
Registered user
Enter the name of the registered user.
Organization
Enter the name of the Organization.
License key
Enter the alpha-numeric license key. This is the hash value rendered from the
OEM key or 25-digit license key required when installing the operating
system.
See also Computer Configuration Properties (page 85) .
User Account Configuration Settings
Set up local user accounts for the newly imaged computer or when running a
configuration task. Enter a user name, full name, and password, then set standard
Windows login options.
Field
Description
User name
The user name for this local Windows user account.
Full name
The full name for this local Windows user account.
Password
The password for this local Windows user account.
Confirm Password Confirm the password for the local Windows user account.
Groups
Specify the Windows groups that this user will belong to as a commadelimited list, for example: Administrators, Marketing, Management
User must change
password at next
logon
Select to force the user to change the password after setting the configuration
properties.
User cannot change Prohibit the user from changing their password at any time.
password.
Password never
expires.
Select to maintain the user password.
See also “Computer Configuration Properties” on page 85.
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each
computer in the Deployment Server system. Deployment Agents are provided for various computer
types, including Windows, Linux, DOS, and PPC Handhelds.
Altiris® Deployment Solution™ Help
92
To set or modify Deployment Agent settings from the Deployment Server
Console, right-click a computer or group and select Change Agent Settings then
click Production or Automation.
To set or modify agent settings for new computers, click Tools > Options, then
click Agent Settings. For handhelds, tap the Pocket PC Client icon in the system
tray and select Properties.
The following Deployment Agents reside on the client computer and communicates with
Deployment Server.
Deployment Solution Agents
Deployment Agent on Windows The Deployment Agent runs on Windows computers,
including desktops, notebooks, and servers. See “Deployment
Agent Settings” on page 94.
Deployment Agent on Linux
This Deployment Agent runs on Linux workstations and
servers. See “Deployment Agent Settings” on page 94.
Automation Agent
The Automation Agent is used when you create configurations
to boot client computer to automation. This is done through
Boot Disk Creator. See Boot Disk Creator Help and Install
Automation Partition (page 116) .
Deployment Agent on Pocket PC This Deployment Agent runs on the host computer for a
handheld running the Pocket PC operating system. See
“Deployment Agents for Pocket PC” on page 100.
Deployment Agent on Pocket PC This agent runs on the handheld computer.
Deployment Agent on CE .NET
This agent runs on the HP T5000 computer devices running the
CE .NET 4.2 operating system. See “Deployment Agent for
CE .NET” on page 103.
Notification Server Client
The NS client is an Altiris agent that runs on computers
supported by Notification Server. This agent runs on the
Deployment Server computer when running Deployment
Solution on Notification Server.
Deployment Server Agent
This agent runs on the Deployment Server computer when
running Deployment on Notification Server.
Install Deployment Agent to add a managed computer
When a Deployment Agent is installed on a computer, it will search across the network for a
Deployment Server to attach to. When a Deployment Server is located by the Deployment Agent,
then the client computer will be added as a record to the Deployment Database.
When the Deployment Agent for Windows is running on a computer, the user will see
a small icon in the system tray. When the icon is blue, then the client computer running
the Deployment Agent is connected to the Deployment Solution system.
When the Deployment Agent for Windows icon is clear, it shows that the client
computer is not connected to the Deployment Solution system. The agent may be
configured incorrectly, the Deployment Server is down, or other network problems
exist.
Altiris® Deployment Solution™ Help
93
Automatically update to newer version of Deployment Agent
At times, Altiris may update versions of the Deployment Agent to enhance features. For best
performance, it is suggested that all managed computers run the latest version of the Deployment
Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server,
the managed computers will automatically update the Deployment Agent.
1
From the computer where Deployment Server is installed, click Start > Programs > Altiris >
The Deployment Server Configuration utility will open.
Deployment Solution > Configuration.
2
Click Options.
3
Click Transport.
4
Select the Automatically update clients option.
Deployment Agent Settings
You can set the default agent settings for when new client computers are added to the system that
the Deployment Server will manage.
or modify properties settings for the Production or Automation Agent by, or the Automation Agent.
To set or modify agent settings in the Deployment Server Console for Windows or
Linux clients, right-click the computer and select Change Agent Settings > Production
Agent Settings.
• To set or modify agent settings for the Deployment Agent, click Tools > Options.
•
Click the Agent Settings tab.
•
Select the Force new agents to take these default settings checkbox to set the
Deployment Agent setting for all new computers.
•
Click each agent setting tab to set properties.
•
Click OK.
To view or modify settings from the Windows client, right-click the Deployment
Agent icon in the system tray (or double-click the client icon in the system tray and
click Properties).
When the client agent is first started, the agent establishes a connection to the Deployment Server
using the following general steps:
1
The agent service is started and initialized.
2
A TCP socket is created.
3
A connection is made to the Deployment server.
4
The agent is updated, if required.
5
A basic inventory of the client is sent to the Deployment Server.
After the initial connection process is complete, no additional data needs to be sent to or from the
Deployment Server for the client agent to remain connected.
Note: If no Deployment Solution traffic is sent to the Deployment System agent, the TCP/IP
protocols send an occasional watchdog packet (approximately every 24 hours) to ensure that the
connection is still valid.
Deployment Agent Properties
Right-clicking the Deployment Agent icon gives you access to the following options:
View status. Bring up the Altiris Client Service box to observe the current status of the
Deployment Agent. You can also see computer name, deployment server connected to, IP
address, multicast address, and MAC address. You can also watch Deployment Agent
communicate with the Deployment Server. Clicking the Properties button will allow you to edit
the Deployment Agent properties. Passwords will protect this option.
Altiris® Deployment Solution™ Help
94
About. Display the version and licensing statement for Deployment Agent. Passwords have no
effect on this option.
View log file. View the Deployment Agent log file, if you have chosen the option to create a log
file. Passwords have no effect on this option.
Clear log file. Clear
the log file that has been created.
Shutdown for imaging.
Make an image of a computer without using a job. This will make the
required preparatory changes to the computer before an image is made. Failure to do this will
break the reconfiguration phase when deploying the image using a job. Passwords will protect
this option
Change Name in Console. Change how this computer is listed in the deployment server console.
This option does not change the NetBios name of the computer or the name of the computer in
the database, but only changes the name of the computer displayed in the Computers window.
Passwords will protect this option.
Remove.
Uninstall Deployment Agent from the computer. Passwords will protect this option.
Exit.
Stops all Deployment Agent services from running but does not uninstall Deployment
Agent. Deployment Agent will load normally the next time you boot the computer. Passwords
will protect this option.
User Properties. Quickly go to the User Properties page to view or make changes. Passwords will
protect this option.
Admin Properties. Quickly go to the Admin Properties page to view or make changes. Passwords
will protect this option.
Show Network Interfaces. View what network cards are in your computer. Passwords will protect
this option.
The following configuration properties (organized using tabs in the dialog box) are included in the
dialog box.
Production Agent Settings
Production Agent Settings
Server Connection
Log File
Access
Proxy
Security
Startup/Shutdown
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the
Deployment Agent will connect to the Deployment Server you selected to configure.
Address/Hostname.
Port.
Enter the IP address or NetBIOS name of the Deployment Server computer.
Enter the port number communicating with the Deployment Server.
Enable key-based authentication to Deployment Server. Select
this option to require that the client
computers that are trying to connect to the Deployment Server. This helps keep rogue computers
from connecting to unauthorized Deployment Servers.
Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast
address if they are on the same segment as the Deployment Server or if multicast is enabled on the
network routers. Ensure that the multicast address and port match those set up on the Deployment
Server. Try using defaults on both the client and Deployment Server if you are having problems
connecting.
Altiris® Deployment Solution™ Help
95
Managed computers should use the Deployment Server IP address if multicasting is disabled on the
network routers or if they are not on the same network segment as the Deployment Server. The port
number must match the number set on the Deployment Server. Otherwise, your clients will not be
able to connect.
Server Name.
Port.
Enter the NetBIOS name of the computer running the Deployment Server.
Enter the port number distributing the multicast address.
Multicast Address. Enter
the group multicast address.
TTL. Specifies the number of routers the multicast request is allowed to pass through.Change this
setting if you need to find a Deployment Server that is more than 32 routers away (default setting)
or if to restrict the search to a smaller number of routers, making it easier to find the closest
Deployment Server.
Refresh connection after idle. Select the Refresh Connection after idle checkbox and then set the
refresh time by seconds, minutes, hours, or days. The Deployment Server will close the connection
after the specified time and immediately try to re-open the connection. This will force clients to
realize the network is down.
The default checking is of 28800 seconds or 8 hours. It is recommend keeping this setting above
28800. Do not set this option too low--reconnecting to the Deployment Server increases bandwidth
when connecting. If this option is set too low you can run into problems where it takes longer for
your clients to connect than to refresh their connections.
Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by
selecting this option, which will save bandwidth when running deployment tasks on slower
connections.
Access
Set these commands to control how the client handles requests from the server.
Allow this computer to be remote controlled. Select to allow the administrator to remote control the
selected computer. The default setting is to NOT allow the computer to be remote controlled.
Prompt the user before performing actions.
Shutdown and Restart. Select for the user to be prompted before shutting down or restarting the
computer. This feature overrides the Power Control option from the Deployment Server to Force
applications to shut down without a message.
Copy file and Run command. Select for the user to be prompted before running a program or executing
file copy commands
Remote Control.
Select for the user to be prompted before running the Remote Control commands.
You can set a default time before running or aborting the commands. Select the time for the user to
respond and then either continue with the operation or abort the operation.
Time to wait for user response. If one of the Prompt the user before perform actions is selected and the
user is not at the computer to respond, you need to decide whether to continue or abort. Select the
amount of time you want to wait for a response, and then select one of the following:
•
Continue the operation.
•
Abort the operation.
Click to continue without receiving a response from the user.
Click to not continue without receiving a response from the user.
Select when the Deployment Server is denied access to the Deployment Agent. Select the days and then
set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set
a password so that the user on the client computer can only view and modify the User Properties of
the Altiris Client Settings on the managed computer.
Altiris® Deployment Solution™ Help
96
Select to ALLOW encryption from this
managed client computer to the Deployment Server. This allows encrypted data transmissions
between the Deployment Server and the Deployment Agent on the client computer. If selected, then
the client computer can connect (but is not required to connect) using encryption.
Encrypt session communication with Deployment Server.
To enable encryption protocols, you must open the Deployment Configuration tool and select the
Transport tab. Select the Allow encrypted sessions with the servers checkbox to allow Deployment
Server to transmit using encryption protocols.
Require encrypted session with any servers. Select to require encryption between the managed client
computer and the Deployment Server. If this option is selected and the option to allow encryption in
the Deployment Configuration tool is not selected, then the Deployment Server will not
communicate with the Altiris Client on the managed client computer.
Note: Selecting encryption options will slow down the communication path between the agent and
the Deployment Server.
Select to allow users on the managed computer to
access the Admin properties only if they enter the set password. If the box is selected and the user
does not know the password, then they will only have rights to open the User Properties, which
includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog box.
Password protect Admin properties from user.
•
Enter the password in the Password field and reenter the password for confirmation in the
field.
Confirm Password
Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer.
If you hide the icon then you will be required to run AClient.exe -admin to view and modify the
complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system,
allowing you to save different types and levels of information to the log files. You can save a text
file with log errors, informational errors, and debugging data using this dialog box.
If the log exceeds the specified size then older data will be dropped from the files. You can maximize
the size of the log file to save all selected data.
Save log information to a text file.
Click to save information to a log file.
File name. Enter the name and path of the log file. The default is to save the log file to the \Program
Files\Altiris\AClient\AClient.log file.
Maximum size.
Enter the maximum number of bytes for each log file.
Log errors.
Select this option to save only the errors returned when running a job or operation
between the Deployment Server and the Deployment Agent.
Log informational messages.
Select this option to save a list of procedural steps run on the client
computer.
Log debugging information. Select this option to list comprehensive debugging information in the text
file.
Use this tab to save the Deployment Agent log file. By default, the option Save log information to a
is cleared. Select it to enter a file name for the log and the maximum size for the log file.
text file
Note: If the log exceeds the specified size then older data will be dropped from the files, so it is
recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake
On LAN packets from the Deployment Server. Setting the managed computer as a proxy client
computer will forward or re-create the multicast packets. A managed client computer set up as a
Altiris® Deployment Solution™ Help
97
multicast proxy will simply act as a Deployment Server and advertise the server’s name and IP
address through multicasting. Or you can set the managed computer as a proxy to send Wake On
LAN packets.
Set these options to control how the managed computer will act as a proxy agent, identifying the type
of traffic this managed computer will forward from the server.
Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN
packages.
Forward Deployment Server discovery multicast packets. Select
if you want to advertise the
Deployment Server to client computers on another LAN segment or if the client computer is on the
other side of the router.
Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed
computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed
computers to delay jobs until after system startup.
Specify the Windows boot drive. Specify the drive that the client computer will boot from. The default
is C:
Force all programs to close when shutting down. Select this option to shut down applications when
using Power Control features. The user will still be prompted to Abort or Continue the shutdown.
Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of
managed computers with the time of the Deployment Server.
Prompt for a boot disk when performing automation jobs.
Select this option to prompt for a boot disk
while doing any automation jobs.
Advanced
Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication.
Select this
option to disable the direct disk access for Automation communication.
Deployment Agent for Linux
The Deployment Agent for Linux is agent software that runs on managed Linux computers. The
agent collects and sends data from the managed computer to the Deployment Server system,
executes deployment tasks sent from the server, installs packages, and runs management processes
as directed from a Deployment console. See “Installing Deployment Agent on Linux” on page 292
for additional information.
A Linux managed computer is identified in the Deployment console by unique Linux icons
reflecting deployment and process status, allowing you to deploy and manage computers just like
the Deployment Agent for Windows, with the following exceptions:
Supported Features of Client Software for Windows and Linux
Deployment Task
Deployment Agent for
Windows
Deployment Agent for
Linux
Create Disk Image
Yes
Yes
Distribute Disk Image
Yes
Yes
Scripted OS Install
Yes
Yes
Distribute Software
Yes
Yes
Capture Personality
Yes
No
Distribute Personality
Yes
No
Altiris® Deployment Solution™ Help
98
Supported Features of Client Software for Windows and Linux
Change Configuration
Yes
Yes
Run Script
Yes
Yes
Copy File
Yes
Yes
Shutdown/Restart
Yes
Yes
Deployment Agent Settings for DOS
You can configure property settings for the Automation Agent for specified computers or computer
groups. You can remotely maintain important agent settings and update settings as required from the
console.
To set or modify agent settings for a specific computer, right-click the computer
icon and select Change Agent Settings > Automation Agent in the Deployment
Server Console.
To set or modify agent settings for ALL computers, click Tools > Options, then
click Agent Settings > Change Default Settings.
When a new client computer connects, it will receive the default agent settings from Deployment
Server for drive mappings, authentication, and LMHost entries. Each client computer will still have
the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot
Disk Creator.
Automation Agent Settings include the following property settings:
Drive Mappings (page 99)
Authentication (page 99)
Network (page 100)
Drive Mappings
Set drive mappings used by the Deployment Agent for DOS to access hard disk image files and other
packages from a specified network drive. It is required that the F Drive be mapped to the Deployment
Share. You can also map other file server directories when storing large numbers of image files or
deployment packages.
Drive Mapping.
Enter the drive letter and volume of a shared folder, for example:
F: \\WebDeploy\Image files.
Note: You must select a shared folder in this field. From the browse window you are allowed to
select any type of folder, but the Deployment Agent for DOS will only map to and access files
from a shared folder.
Path.
Enter a UNC path.
See also “Deployment Agents” on page 92.
Authentication
Provide the login credentials that Deployment Agent for DOS requires to map network drives. The
associated credentials for each network drive must have the rights that the Deployment Agent for
DOS requires administrative rights to access files.
Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Deployment
Agent for DOS will use to log on as to map the network drives.
Altiris® Deployment Solution™ Help
99
User name. Enter the user name of the user that the Deployment Agent for DOS will log on as to map
the network drives.
Password.
Enter the password.
Confirm Password.
Retype the password for confirmation.
See also “Deployment Agents” on page 92.
Network
These settings allow you to match the IP address with the computer name, as maintained in the
LMHosts file in the Deployment Agent for DOS partition.
1
Click Add. The Add LMHosts Entry dialog box will open.
2
Enter the Computer Name. Enter the name of a computer to associate with an IP address.
3
Enter the IP Address.
or
Click the Lookup IP button. This will automatically populate the field with the IP address of the
entered computer name.
4
Click OK.
See also “Deployment Agents” on page 92.
Deployment Agents for Pocket PC
Using the Pocket PC Agent, Deployment Solution manages handheld computers running the Pocket
PC operating system 2000 or later, and ARM processors.
To set or modify agent settings for the Pocket PC Agent on the host computer (to
manage in a cradle, attached cable, or wireless NIC), double-click the Pocket PC
Agent icon in the system tray. See “Pocket PC Agent” on page 102.
To set or modify agent settings on the Pocket PC Client on the handheld
computer, tap the Pocket PC Agent icon in the system tray of the handheld. See
“Pocket PC Client” on page 103.
Managing Handhelds from a Deployment Console
When a handheld has the Pocket PC Client installed, the handheld is installed in the Deployment
Server Database and displays as a unique computer in the Deployment Server console (see “Viewing
Computer Details” on page 81):
A blue arrow indicates an active connection for the handheld device.
A grayed icon indicates an inactive connection for the handheld device.
Like all other managed computer in the Deployment Server system, you can perform remote
operations on the handheld from a Deployment console (see “Remote Operations Using Deployment
Solution” on page 108) and inventory properties.
Altiris® Deployment Solution™ Help
100
Gather and report inventory. Gather inventory information, such as applications, services, devices,
TCP/IP, hardware, and more.
View computer properties. Gather basic properties such as installed applications, devices, device
type, and basic configuration information.
Set configuration properties. Configure TCP/IP information and computer name. Many of the
normal configuration options do not apply to the Pocket PC.
File Copy. Download files to the local device file system. If the file transfer is interrupted, it will be
able to resume the file transfer where it left off.
Software Delivery. Send EXE files or CAB files to be launched or installed on the Pocket PC.
Time Synchronization. Synchronize the handheld’s date and time with the Deployment Server.
Remote Control. Perform any task on the handheld from the Deployment Server Console as if you
were physically working on the handheld. Control a single client or group.
Reboot. Reboot HP iPAQs from the Deployment Server Console. At this time, this feature is
unavailable on other handhelds.
Name/Location/Email/Phone user settings. Set the owner information. If you choose the
advanced option in the console to prompt for these items, the user on the Pocket PC will not be
prompted, but instead the items will be taken from the owner information.
Not all management tasks are available when managing handhelds. These tasks are currently NOT
available for handhelds:
•
Create Quick Disk Image
•
Change Client Settings
•
Power Control
Note: The reboot option works on HP iPAQs, but not others.
If you select an unsupported task, you will receive an error stating that the feature is not available
for handhelds.
See also “Connections to the Handheld” on page 101, “Pocket PC Agent” on page 102, and “Pocket
PC Client” on page 103.
Connections to the Handheld
You can connect your handheld to a host computer using the connect cable and/or the cradle shipped
with your handheld device. Or if you have a network adaptor for your handheld, you can connect
directly with the Deployment Server from the handheld computer so it will be managed like any
other client computer on the network.
When you install the Pocket PC Agent (PA) on a host computer, it will automatically install the
Deployment Client on the handheld. This lets you run jobs and update inventory data when the
handheld is “docked” to the host computer. The Pocket PC Agent uses Microsoft ActiveSync on the
host computer to communicate between the Pocket PC Client (PC) on the handheld and the
Deployment Server. ActiveSync provides the IP stack that the Pocket PC Agent uses to
communicate with the handheld.
Altiris® Deployment Solution™ Help
101
Many handhelds support direct network connections through a modem or LAN adapter. Handhelds
with a direct connection to the network can then be managed by Deployment Server. The Pocket PC
Client will first try to connect to a Pocket PC Agent. If that fails, it will try to connect directly to the
Deployment Server.
Important: The Pocket PC Client on a handheld using a cradle and ActiveSync 3.1 cannot directly
communicate with the Deployment Server and must use the Pocket PC Agent. However, if using
ActiveSync 3.5, the Pocket PC Agent is not required once the Pocket PC Client is installed. The
Pocket PC Agent is still useful for installing the Pocket PC Client onto the handheld, loading the
client, and managing client settings.
See also “Deployment Agents for Pocket PC” on page 100.
Pocket PC Agent
You can configure the Pocket PC Agent settings on the host computer. For a list of command-line
options when executing the PPCAgent.exe, see Command-line options for the Pocket PC Agent in
Deployment Solution Reference Guide.
To view or configure the Pocket PC Agent properties
1
Double-click the Altiris Pocket PC Agent icon in the system tray of the host computer. The status
of the connection between the handheld and the host computer will be displayed.
2
Click Properties.
3
Select the General tab and modify settings.
Hide Tray icon. Select to not place the Pocket PC Agent icon in the host computer’s system tray.
If selected, you can view the status and properties windows by launching the ppcagent.exe
program in C:\Altiris\PPCAgent\PPCAgent.exe (default location).
4
Select the Transport tab and modify settings.
Pocket PC Agent Properties
Agent Port.
This is the port that the Pocket PC Agent is listening on for Pocket PC connections.
The agent port is updated each time the handheld connects.
Pocket PC Client Properties
Set server IP and port equal to AClient. If you are running from a cradle or cable, select this option.
Let me specify the server IP and port.
If the handheld is connected directly to the network, enter
the IP address of Deployment Server.
Set Pocket PCs server IP and port upon cradle connection. Select this option to assign the handheld
the entered IP address and port number each time the handheld connects through the agent.
5
Click OK.
The host computer may require you to restart.
See also “Deployment Agents for Pocket PC” on page 100.
Altiris® Deployment Solution™ Help
102
Pocket PC Client
You can the set properties on the Pocket PC Client program running on the handheld computer by
clicking the Pocket PC Client icon in the system tray.
To view or configure the Pocket PC Client properties
1
From the handheld, tap the Altiris Pocket PC Client icon in the system tray.
2
Tap Properties.
3
Tap the General tab and select if you want to synchronize time settings with Deployment Server.
4
Tap the Security tab to select options to be prompted before running actions on the handheld.
5
Tap the Transport tab to view or change settings (see settings details below).
6
Click OK.
To restart the Pocket PC Client
1
Tap Start > Programs > File Explorer.
2
Tap My Device.
3
Tap Windows > StartUp > AClient.
If the handheld is attached to the cradle, you can restart the Pocket PC Client by restarting the Pocket
PC Agent or by reconnecting the handheld to the cradle.
See also “Deployment Agents” on page 92.
Deployment Agent for CE .NET
Deployment Solution manages Hewlett-Packard T5000 computer devices running the
Windows CE .NET 4.2 operating system. These computer devices ship with the Deployment Agent
for CE .NET already installed and will display in the Deployment Console as managed computers
when attached to the network.
The Deployment Agent performs the following limited tasks on the Windows CE .NET platform:
•
•
•
•
•
•
•
•
•
•
•
Modify Computer Configuration (the computer name and TCP/IP Setting only)
Distribute software (.cab and .exe files)
Execute and run scripts (DOS and WIN batch files) *no VBS support
Copy files and directories
Create disk images
Distribute disk images
Remote Control clients (24 bit color depth only. No chat or send file features)
Power Control (restart/shutdown/wake up jobs)
Set computer properties
Create conditions to run jobs and filter computers
Modify client properties via Windows and Linux agent settings
Additional features included with other Deployment Agents are not supported in the Deployment
Agent for CE .NET.
To install the Deployment Agent for CE .NET if deleted
If the Deployment Agent for CE .NET is deleted on the managed computer, it can be installed from
the Deployment Server \ Agents \ CEAgent folder in the Deployment Share.
From the managed computer you can then access the Deployment Share and launch the file to install
the agent. Example: type this command from the client computer:
\\<computer name>\express\Agents\CEAgent\CEClient_6.1.xxx.exe -install
Altiris® Deployment Solution™ Help
103
Notes for Deployment Agent for CE.NET
The default image on a CE .NET Thin Client with 32 MB of flash RAM leaves 4 MB free disk space.
When trying to install an embedded automation package using the Distributing Software task, you
may get the following Error 112: Not enough disk space for package.
•
If you select Start > Settings > Control Panel > System > Memory tab and move the slider to allow
more than half of the memory to be allocated to Storage Memory, then you will be able to execute
a job that copies an embedded automation package to the \Temp folder on the CE .NET device
and execute a Windows Run Script task containing Start \Temp\<Embedded BootWorks
Package.exe>. This will install the Automation Agent and leave 1 MB of free disk space on
the device. If the slider shows less than half the memory available allocated to Storage Memory,
then Windows CE may not restart.
•
Another option for freeing up additional disk space is to uninstall the pre-installed HP
applications, allowing you to free up to as much as 10 MB of disk space. This lets you install an
embedded automation package through a Distribute Software task. Again, if the slider is not
placed around the middle of the Memory tab, then an Error 112 may occur.
See also Deployment Agents (page 92) .
Managing Client Connections
The following utilities are provided for managing transmissions between the Deployment Server and
Deployment Agents running on the managed client computers.
Reset a Client Connection
Resetting the connection that a managed computer has with the Server simply disconnects and
reconnects the computer. This is useful for troubleshooting or if you suspect there is a bad
connection.
To reset a client connection, right-click a computer and click Advanced > Reset connection. When the
computer disconnects, its icon will turn gray. The computer should then reconnect and its icon color
will return to its original active status color.
Reject or Retrieve a Rejected Computer
If a computer that you do not want to manage connects to your Deployment Server, you can reject
it. This removes the unwanted computer from the Computers pane in the console. Further attempts
by the computer to connect will be denied. Although the computer is not deleted, any history or
schedule information associated with the computer is deleted.
1
Right-click the computer you want to reject from connecting to the Deployment Server.
2
Click Advanced > Reject Connection.
3
Click OK.
Rejected computers are stored in a Rejected Computers list. Select View > Rejected Computers to
view this list.
Accept a Previously Rejected Computer
If you now want to accept a previously rejected computer, you can retrieve it and reconnect it to the
Deployment Server.
1
Click View > Rejected Computers.
2
From the list, select the computer you want to retrieve.
3
Click the Accept Computer(s) button to remove the computer from the rejected list (this doesn’t
delete the computer, just removes it from the list of rejected computers).
4
Click Yes to confirm the action, then click Close.
This client computer may now be managed from within the Computers pane. Connection requests
from this client computer will now be allowed.
See also “Deployment Agents” on page 92.
Altiris® Deployment Solution™ Help
104
Computer Properties
View and edit the computer properties for each managed computer.
View and edit computer properties by double-clicking a computer icon in the
pane, or right-clicking and selecting Properties, or clicking the icon
in the toolbar.
Computers
General
Services
Hardware
Devices
Drives
Location
Network Configuration
Bay
TCP/IP
Lights-Out
Applications
General
View or change the name of the computer as it displays in the console. You can
view the following: logged in user names, operating system installed, name of
the Deployment Server, whether or not an automation partition is installed,
version of the Altiris Windows Client, and other client information.
See also “Computer Configuration Properties” on page 85.
Hardware
View processor make and type, processor count, RAM installed on the
computer, display configuration, manufacturer, model, product name, MAC
address of each network adapter installed, serial number, asset tag, UUID, and
whether or not Wake On LAN and PXE are installed and configured.
See also “Computer Configuration Properties” on page 85.
Drives
View information about each drive on the computer. If you have multiple drives,
you can select a drive from the list box to view its settings, such as capacity,
serial number, file system, volume label, and number of drives installed.
See also “Computer Configuration Properties” on page 85.
Altiris® Deployment Solution™ Help
105
Network Configuration
View Microsoft Networking, Novell Netware settings, and user information for
the selected managed client computer.
See also “Computer Configuration Properties” on page 85.
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards
(up to eight) for the selected computer. Click Change to open the configuration
window allowing you to modify settings (see “Configuring Computers” on
page 110).
See also “Computer Configuration Properties” on page 85.
Applications
View the applications that are installed on the computer, including description,
publisher, version number, product ID, and systems components.
See also “Computer Configuration Properties” on page 85.
Services
View the services installed on the computer as well a description, start type, and
path for each service.
See also “Computer Configuration Properties” on page 85.
Devices
View the devices installed on the computer, including display adapters, disk
drives, ports, storage volumes, keyboards, and other system devices.
See also “Computer Configuration Properties” on page 85.
Altiris® Deployment Solution™ Help
106
Location
View and edit user-specific properties such as contact name, phone number, e-mail
address, department, mail stop, and site name. As the administrator, you can enter
this information manually or you can let the user populate this screen using Prompt
User for Properties.
See also “Computer Configuration Properties” on page 85.
Bay
View location information and other properties for Rack / Enclosure / Bay
components for high-density and blade servers. Set rules for automatic redeployment of blade servers based on physical location changes. This
property is available only to systems using blade servers.
Server Deployment Rules
From the Bay property page, you can select rules to govern actions taken when a new blade server
is detected in a selected bay. These rules are described below:
Rule
Action
Re-Deploy Computer
Restore a blade server using deployment tasks and configuration settings
saved from the previous server blade in the bay. This lets you replace new
blades in the bay and automatically run deployment tasks from its deployment
history. (See “Restoring a Computer from its Deployment History” on
page 109.)
All deployment tasks in the bay's history will be executed starting from the last
Distributing a Disk Image task or Scripted OS Install task, or from any script
(in a Run Script task) with this command: rem deployment start.
Run Predefined Job
The server will process any specified job. Select a job to run automatically
when a new server is detected in the bay.
Ignore the Change
This option lets you move blades to different bays without automatically
running jobs. The server blade placed in the bay is not identified as a new
server and no jobs are initiated. If the server existed in a previous bay, the
history and parameters for the server are moved or associated with the new
bay. If the server blade is a new server (never before identified), then the
established process for managing new computers will be executed.
Wait for User
Interaction
(default) No job or tasks are performed (the Deployment Agent on the server
blade is instructed to wait). The icon on the console changes to reflect that the
server is waiting.
See also “Computer Configuration Properties” on page 85.
Lights-Out
View information about the remote management hardware installed on the
selected computer (most often a server) used to power up, power down and
restart the computer remotely, or to check server status. You can also enter the
password for the remote management hardware by clicking Password.
Altiris® Deployment Solution™ Help
107
Note: This feature is currently only available for selected HP Integrated Lights Out (ILO) and
Remote Insight Lights-Out Edition (RILOE) features.
See also “Computer Configuration Properties” on page 85.
Remote Operations Using Deployment Solution
The Operations menu in the Deployment console provides a variety of commands to remotely
manage all computers in your site or network segment. Some operation commands, such as Restore,
automatically create and schedule deployment jobs and place them in the Systems Jobs folder in the
Jobs pane. Other commands, like Chat or Remote Control, open utility programs to access and
remotely manage computers.
Open the computer operations menu by right-clicking a computer icon in the
pane, clicking Operations on the menu bar, or clicking the icons in the
toolbar.
Computers
Computer Operations
Restore
Reconfigure your computer to a former state. Select from a list of
previous deployment tasks and select to restore only the ones you want.
See “Restoring a Computer from its Deployment History” on page 109.
History
View, print, delete, and save to file a history of deployment tasks. See
“Viewing a Computer’s History” on page 110.
Configure
Set network and local configuration properties for each computer,
including computer name, IP address, domains, Active Directory
context. See “Configuring Computers” on page 110.
Quick Disk Image
Select a computer and image its hard disk. This will create and store the
image to distribute now or later. See “Quick Disk Image” on page 110.
Power Control
Wake up, restart, shut down, and log off remotely. See “Power Control”
on page 110.
Remote Control
Open a remote control window directly to a selected client computer.
Investigate problems directly from your console. See “Remote Control”
on page 111.
Execute
Type and run commands remotely. See “Execute” on page 114.
Copy File to
Copy selected files, directories, or entire directory structures and send
them to the selected computer(s). See “Copy File to” on page 152.
Chat
Start an individual chat session with one or more selected client
computers. Communicate actions or query for symptoms during
administration. See “Chat” on page 114.
ADVANCED >
Clear Status
Clear computer status as shown in the title bar of the List View.
Prompt User for
Properties
Query the user for personal information. This feature sends a form to the
user to fill out. See “Prompt User for Properties” on page 115.
Reset Connection
Disconnect and reset the connection between Deployment Server and
the Deployment Agent on the selected computer.
Install Automations
Embed automation partitions onto the selected computer’s hard disk to
enable a managed computer to run automation tasks.
Altiris® Deployment Solution™ Help
108
Computer Operations
Get Inventory
Update property settings for a selected computer. These inventory
settings can be viewed in “Computer Properties” on page 105. Select it
to ensure that you have the latest inventory of the computer.
Set the timeout value in the General tab of the Deployment Server
Configuration utility (in the Control Panel).
Reject Connection
Refuse communication with the selected computer.
Install BIS Certificate
Install a BIS certificate for the selected computer.
Remove BIS
Certificate
Remove a BIS certificate from the selected computer.
Apply Regular License
Apply a permanent license if a client computer is using a time-limited
license or requires an updated license.
New Job Wizard
Open this to schedule deployment jobs for the selected computer. See
“New Job Wizard” on page 125.
New Group
Click to create a new computer group in the Computers pane.
New Computer
Create a new computer account. See “Adding New Computers” on
page 82.
Rename
Assign the computer or group a new name in the console. Right-click a
computer or group to edit in the Computer pane.
Delete
Delete a computer, a computer group, or any combination of computers
and groups from the database.
Change Agent
Settings
Update property settings for the Deployment Agent running on selected
computer(s). See “Deployment Agents” on page 92.
Security
View security settings for the selected computer(s). See “Security in
Deployment Solution” on page 73.
Properties
View computer configuration and network properties. See “Computer
Properties” on page 105.
Restoring a Computer from its Deployment History
Occasionally it is necessary to restore a computer to its original settings based on operations or
deployment jobs previously executed on the computer. A computer’s past deployment history is
displayed in the Restore Computer dialog box, where you can restore a computer by selecting tasks
displayed from its history file. You can then rerun the deployment tasks to restore the computer.
Restore a computer by right-clicking a computer icon in the Computers pane and
selecting Restore, clicking Operations > Restore on the menu bar, or clicking the
icon in the toolbar. You can restore a computer using Remote Operations Using
Deployment Solution or by creating and scheduling a job using the New Job
Wizard.
1
Right-click a computer and click Restore.
The Restore Computer dialog box will open with a list of previous tasks with checkboxes.
2
Click the Show only list box and select only the type of tasks that you want displayed. Click the
Since list box to filter tasks by date. This is optional.
3
Click Next to view a summary of tasks selected to reschedule.
4
Click Next to schedule the job (See “Scheduling Jobs” on page 130).
5
Click Finish.
When you finish this computer operation, a new job displays in the Jobs pane of the Deployment
console under the System Jobs > Restoration Jobs folder. The job name will have a generic format of
Restore: <computer name>.
Altiris® Deployment Solution™ Help
109
Viewing a Computer’s History
You can view a history of deployment tasks for a specific computer. Users who do not have
administrative privileges or the permissions to delete a computer’s history, will not have access to
this option.
1
Right-click a computer and click History.
The History of <Computer Name> dialog box will open with a list of previous tasks, including
when the task was scheduled, its deployment status and other deployment information.
2
Click Save As to save the file as a TXT or LOG file. This is optional.
3
Click Print to print the History file. This is optional.
4
Click Delete to delete the History file. Click Yes to the confirmation message.
5
Click Close.
See also “Remote Operations Using Deployment Solution” on page 108.
Configuring Computers
From the Operations menu you can enter and modify configuration settings for computers. See
“Computer Configuration Properties” on page 85 for complete information about configuration
settings.
1
Right-click a computer and click Configure.
The Computer Configuration Properties dialog box will open.
2
Set basic configuration values in the General configuration group (default view).
3
Click other configuration group icons in the left pane to set additional values.
4
Click OK.
See also “Remote Operations Using Deployment Solution” on page 108.
Quick Disk Image
This computer operation creates a disk image of the selected computer. This option is a quick and
easy way to create a disk image of a selected managed computer from the Deployment console.
To run a disk image job you must have an automation partition installed on the client computer, or
it is PXE-enabled and can boot to automation by connecting to a PXE Server.
1
Right-click a computer and click Quick Disk Image.
The Schedule Computers dialog box will open. See “Scheduling Jobs” on page 130.
2
Schedule the job to run immediately or at a later time. You can also click the option to not
schedule the job (this option places the job in the working area and will not run until you
manually drag it to a selected computer and reschedule it).
3
Click OK.
When you finish this computer operation, a new job displays in the Jobs pane of the Deployment
console under the System Jobs > Image Jobs folder. The job name will have a generic format of
Create Image: <computer name>.
See also “Remote Operations Using Deployment Solution” on page 108.
Power Control
This computer operation lets you wake up a computer, restart a computer, shut down, or log off as
the current user for a selected managed computer. You can also power a computer on if Wake-OnLan is supported.
Altiris® Deployment Solution™ Help
110
Restore a computer by right-clicking a computer icon in the Computers pane and
selecting Power Control, clicking Operations > Power Control on the menu bar, or
clicking the icon in the toolbar.
1
Right-click a computer and select Power Control.
A secondary menu will open with these options:
Power Control options
Wake up
The Wake Up feature is hardware-dependent and is only available for inactive
computers. Select this command to start a computer that has been turned off.
Notes:
Your operating system and network adapter must be capable of recognizing
and processing the wake-on-lan packets. Non-embedded network adapters
must be properly configured. Example: 3Com NICs have an extra header
cable that enables Wake on LAN. Check the documentation that came with
your network adapter for more information about Wake-on-LAN.
For NICs and operating systems that support Wake-on-LAN Power
Management features, you need to go to Properties of the network adapter
driver and select the Power Management tab. Click the Allow this device to bring
the computer out of standby option for this device to bring the computer out of
standby status.
Note: Some computers have to enable this feature in their BIOS.
Restart...
Click to reboot the selected managed computer. Select Force Applications to
close without a message box to restart immediately without prompting the user.
Shut down...
Click to shut down the selected managed computer. Select Force Applications
to shut down immediately without prompting
the user.
to close without a message box
Log off...
Click to log off of the selected managed computer. Select Force Applications
to close without a message box to log off immediately.
2
Select a Power Control option. A Confirm Operation dialog box will open. Select the Force
application to close without a message box to shut down users without a warning. If you do not
select Force application to close without a message, the user will be prompted to save any work
before the power operation is continued.
3
Click Yes.
See also “Remote Operations Using Deployment Solution” on page 108.
Remote Control
Remote Control is a computer management feature built in to the Deployment Server Console. It lets
you control all types of computers to view problems or make immediate changes as if you were
sitting at the managed computer’s screen and using its keyboard and mouse.
When a managed computer is being remote controlled, the Deployment Agent
icon in the managed computer’s system tray flashes alternate icons.
Remote Control also provides Chat, Copy File to, and CTRL+ALT+DEL features
to assist in administrating managed computers from the console.
Note: You cannot disable the flashing eye icon while the computer is being remote controlled.
Altiris® Deployment Solution™ Help
111
Before you can remote control a managed computer:
•
The managed computer must have the Altiris Agent for Windows installed and properly set up.
•
The client must have the appropriate Proxy option checked in Altiris client properties.
•
The client and Deployment Server Console must be able to communicate to each other through
TCP/IP.
To remote control a managed computer
1
Right-click a computer and click Remote Control.
This opens the Remote Control window displaying the managed computer’s screen.
Note: If the selected managed computer does not allow a remote control operation, you can
change this client setting using the Remote Control options in the Change Agent Settings
command. The default setting is to not allow remote control of the managed computer. See
Deployment Agent “Proxy” on page 97 options.
2
From the Remote Control window you can execute the following commands:
Remote Control options
Toolbar
Chat
Click to open a chat session with the selected managed computer. This starts
a chat session between the console computer and the managed computer. The
chat session opens a chat window that lets you send messages back and forth
between the Console and the managed computer. If you are controlling
multiple computers in a single window and start a chat session, the chat
session is only between the Console and the master client.
Refresh
Click to update the screen view of the managed computer.
CTRL+ALT+DEL
Click to select restart or logon options for the managed computer.
Note: The managed computer must be running Windows 2000/XP/2003 and
have the keyboard and mouse driver installed for this feature to be available.
Send File
See “Send Files during Remote Control” on page 112.
Toggle Control
Click to change between control access of the managed computer (default) or
view access only of the managed computer.
Control menu
Disable Input from
the Client
Click to prohibit the user of the managed computer from using the keyboard
or mouse during the remote control session.
Close Window
Click to close the remote control window of the managed computer.
View menu
Refresh
Click to refresh the view of the screen.
Fit to Window
If this option is selected, the client display image becomes the same size as the
Remote Control window. If not, the image is the size of the client display.
Color Depth
See “Remote Control Properties” on page 113.
Properties
See “Remote Control Properties” on page 113.
3
To end a Remote Control session, click Control > Close Window in the Remote Control window.
Send Files during Remote Control
Click to send files to the managed computer being remotely controlled. Enter the name of the source
file to be copied and the destination path on the managed computer. Select required compression and
encryption options.
If you are controlling multiple clients within a single window, this dialog will send a file to the
master client only.
Source filename.
Enter the name of the file to be sent.
Altiris® Deployment Solution™ Help
112
Destination path.
Compress Data.
Encrypt Data.
Enter the path where you want the file to reside on the managed computer.
Select to compress the file during the copy process to decrease network traffic.
Select to encrypt data package for security.
You can also drag entire folders from the Console computer to the remote control window, which
will copy the files to the remote client computer.
Remote Control Properties
Color Depth. Click to specify the color depth (number of colors) used by the Remote Control window.
This setting applies only to the Remote Control window at the console, not the display of the
managed computer. There is no benefit to setting a color depth on the Remote Control window
greater than that of the managed computer. The benefit of lower colors is improvement in speed.
Use specific image resolution.
Click to specify the width and height of the image that represents the
client display.
Update interval. Select to specify how often the image in the Remote Control window is updated (in
milliseconds). The more frequently the display is updated, the more bandwidth is required.
Only update foreground window.
Select to refresh only the selected window in the remote control
session.
Set Remote Control Permissions
Deployment Solution provides multiple features for ensuring privacy and security when a managed
computer is remotely controlled. Before a managed computer can be remotely controlled, the
Remote Control preferences on the Deployment Agent for Windows must be set to allow remote
control access.
You can also lock the keyboard and mouse of the managed computer or provide a message to the
user asking for permission to initiate a remote session. This provides an opportunity for the user to
allow or reject the request. In certain environments, such as a lab or classroom, using a prompt to
ask for permission might not be preferred.
To remotely set security options on each managed computer, use Change Agent Settings from the
console or open Properties on the Deployment Agent on the client computer (you must access Admin
properties).
1
After opening the Deployment Agent property page, select the Remote Control tab.
2
Select Allow this computer to be remote controlled to provide access from the Deployment Server
Console.
3
To lock the user from using the keyboard and mouse during a remote control session, select the
Enable keyboard and mouse driver box. This is optional.
This option works only on Windows 2000/XP/2003.
Important: After selecting this option (either enabling or disabling the keyboard and mouse) you
must restart the managed computer. This can be done using a Power Control operation.
4
5
If you want the user to be prompted before a remote control session begins, click the User
Prompts tab.
a
Under the Choose the commands you would like to be prompted before executing options, select
the Remote Control commands option.
b
Specify the number of seconds that you want the prompt to wait. Also, specify what will
happen after the prompt time is up. Click either Continue the operation or Abort the operation.
Click OK.
Altiris® Deployment Solution™ Help
113
Start Multiple Sessions
You can manage multiple computers using the Remote Control feature. However, the more
computers you include in the session the larger the bandwidth over the network.
•
Open a separate Remote Control window for each managed computer. Right-click each
computer and select Remote Control. A new window will open for each selected computer.
•
Open a Remote Control window for a group of managed computers. Right-click a computer
group icon and select Remote Control.
The Remote Control Options dialog box will open with options to Control each client separately in
its own window or to Control all clients together. If you select to control clients separately, then
individual windows will open for each computer. If you select to control clients together, then
you will be asked to select a master computer.
The master computer is the computer that displays in the Remote Control window, however all
actions taken from the console will also run on the other computers in the group. All computers
in the group should be similar in configuration to work properly.
Note: If you are controlling multiple computers in a single window, you can send a file only
between the console and the master client. If you want to send a file to multiple clients at the
same time, use the Copy File to feature (see “Copy File to” on page 152.)
6
To end a Remote Control session, click Control > Close Window.
See also “Remote Operations Using Deployment Solution” on page 108.
Execute
Send a command from the Deployment console as if you were entering a command from the
command-line prompt on the client computer.
Execute a command to a client computer by right-clicking a computer icon in the
pane and selecting Execute, clicking Operations > Execute on the
menu bar, or clicking the icon in the toolbar.
Computers
1
Type a command that you would like executed on the remote computer(s) selected, or select from
a list of previously run commands. Example: type regedit to open the Registry on the
computer.
2
To run the command as another user on the managed computer, click the User button and enter
the user name and password.
User Account
Use this dialog to run a script using another local user account. You can log in with another user
name and password with rights to run an execute command.
Run with default security credentials.
This option runs with the current user credentials. This is the
default option.
Run with the following credentials.
Click this option to log on with another user name and password.
See also “Remote Operations Using Deployment Solution” on page 108.
Chat
You can communicate with managed computers using the Chat text messaging system. From the
Deployment Server Console, select an individual computer or a group of computers to open an
individual chat session with each logged-in user.
Altiris® Deployment Solution™ Help
114
Open text messaging with a user by right-clicking his or her computer icon in
the Computers pane and selecting Chat, or clicking the icon in the Remote
Control window.
1
Open a chat session. The Chat with <computer name> window will open identifying the computer
you are sending messages to.
2
Type a message in the lower text box.
3
Click Send or press <Enter>.
The exchange of text messages displays in the upper text box.
See also “Remote Operations Using Deployment Solution” on page 108.
Prompt User for Properties
This feature allows an administrator to prompt a user for computer location and user information.
The information supplied in this form displays in the Location properties in the Computer Properties
dialog.
To prompt a user for location properties
1
In the Computers pane of the Deployment Server Console, right-click a computer and click
Advanced > Prompt User for Properties. You can also select a computer and click on the Prompt
User for Properties icon in the toolbar or click on Operations > Prompt User for Properties.
A dialog box will open in the Deployment Server Console with a list of properties.
2
Select the properties to prompt the user. The properties selected in this dialog box will be active
on the property form sent to the user, allowing the user to type information for the selected
properties.
Note: All properties will be selected by default; you must deselect the properties you don’t want
included when the client is prompted.
3
Click OK.
The properties form displays for the logged-on user of the computer, asking for location
properties.
When the user enters information and selects OK, the Location properties in the computer
properties fields will be updated for the selected computer. If the user changed the computer
name, then the name in the Computers pane of the Deployment console will also change. These
settings are stored directly to the Deployment Database.
See also “Chat” on page 114 and “Remote Operations Using Deployment Solution” on page 108.
Altiris® Deployment Solution™ Help
115
Install Automation Partition
When the Deployment Server sends a deployment job to client computers, tasks within the job can
be assigned the default automation pre-boot environment, or one of DOS, Linux, or Windows PE.
With an embedded (recommended) or hidden automation partition installed on the client computer’s
hard disk, deployment jobs can run automatically.
You can have multiple tasks within a deployment job, and each task can be assigned to run in a
different automation environment, depending on the task and end result you want. The following list
are automation tasks that you can add to deployment jobs.
•
•
•
•
Run script
Create disk image
Distribute disk image
Scripted OS install
During the Deployment Server installation, the Pre-boot Operating System page displays for you to
select a default pre-boot operating system, which is used by Boot Disk Creator to create the
configurations that boot client computers to automation. You can install additional pre-boot
operating system files through Boot Disk Creator. See Boot Disk Creator Help.
If you are running PXE Servers, you do not need to install an automation partition on each client
computer’s hard disk. When the Deployment Server sends a deployment job, PXE-enabled client
computers search for a PXE Server to receive the boot menu options and the boot menu files that are
required to boot to automation. See Automation Pre-boot Environment in the Deployment Server
Reference Guide.
To install an automation partition
1
Right-click a computer and click Advanced > Install Automation Partition.
2
Select the pre-boot operating system environment you want to install from the drop-down list.
3
Click OK.
The Automation Agent you selected installs as an embedded partition on the client computer’s
hard disk. After the installation completes, the client computer reboots automatically. You can
now run automation-specific deployment tasks this computer.
Change Agent Settings
This feature lets you modify most of the agent settings for a selected computer or computer group.
You can set properties for the Production Agent (Deployment Agent), or for an Automation Agent.
To change agent settings
1
From the Computers pane, right-click a computer and select Change Agent Settings.
2
Select either Production Agent or Automation Agent.
3
Edit the properties settings.
4
Click OK.
Deploying and Managing Servers
Deployment Solution provides additional features to remotely install, deploy and manage network
and web servers. From the Deployment Server Console, you can configure new server hardware,
install operating systems and applications, and manage servers throughout their life cycle. And
because servers are mission-critical, you can set up a system to quickly deploy new servers or
automatically re-deploy servers that have failed. Features like rules-based deployment, support for
remote management cards, and quick server restoration from a deployment history give you new
tools to manage all servers throughout your organization.
Altiris® Deployment Solution™ Help
116
Servers are identified in the Computer pane with distinctive server icons. Like all
managed computer icons, the icons change to identify the status and state of the
computer, such as user logged on or Server Waiting.
Note: Servers are recognized by their operating system (such as Windows 2000
Advanced Server, Windows Server 2003, or any Linux OS), multiple processors, and
specific vendor server models.
Manage Servers from the Console. The Deployment Server Console includes features specifically
designed for deploying and managing servers, such as enhanced task logging and history tracking
features to let you recall administrative actions and quickly redeploy mission-critical servers.
Set Server-specific options. Servers are essential to any organization and require special planning
and management strategies. Deployment Server provides server-specific features to automatically
deploy new servers and maintain existing servers. See “Server Deployment Options” on page 118.
Server Management Features
Deployment Server provides various features for deploying and managing servers. These features
are supported for client and handheld computers as well, but are essential in deploying servers.
Server icons. The Deployment consoles display icons to identify servers across the network. Like
other computer icons in the console, server icons can be selected to view server properties or assign
specific jobs and management tasks
Icon
Description
Indicates a server is active and a user is logged on.
Indicates a server is disconnected from the console.
Indicates a server is in a waiting state.
Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft
Windows and Linux servers. Follow steps to create answer files and set up OS install files using a
wizard. See “Scripted OS Install” on page 138.
Support for multiple network adapter cards. Because servers may require more than one network
interface card, Deployment Server provides property pages to access and configure multiple network
adapters remotely from the console. See “TCP/IP Configuration Settings” on page 88.
Synchronized server date and time. Deployment Server automatically sets the server’s date and
time after installing or imaging (as part of the configuration process). Deployment Agents include
an option to disable this feature (it is off by default).
Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to
DOS multiple times when configuring and deploying a clean server. Deployment Server also lets
you view and debug each step in the deployment script, and track each job to provide a history of
tasks for redeploying a server.
Altiris® Deployment Solution™ Help
117
Server Deployment Options
Deployment Server includes features to automatically reconfigure and redeploy new servers. If you
are using Initial Deployment to automatically re-image new servers or run installation scripts, you
can (1) safeguard against mistaken disk overwrites, or (2) run automatically for every server not
identified as a managed computer in the database. These contrasting settings are based on polices
that you define for managing servers in your organization.
Example: if you rely on PXE to boot the new server and you want to deploy new servers
automatically without halting the process, you must change the default settings in the PXE
Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed
(or waits a set time before proceeding) to avoid erroneous re-deployment, you need to set the options
in the Advanced section of Initial Deployment.
Halt the Initial Deployment of Servers
When a server boots from the PXE server or from Automation (if the option is set), Deployment
Server recognizes it as a new computer and will attempt to configure the computer with Sample Jobs
in Deployment Solution. Initial Deployment includes a feature to prohibit servers from being
deployed automatically.
1
Click Initial Deployment and select Properties.
2
Click the Advanced tab.
3
Click the Servers checkbox and click OK.
Initial Deployment will not run for any computer identified in the console as a server.
Change PXE Options for Initial Deployment
If installing a server using a PXE Server, the server will attempt to install but will not run
automatically using default settings. It will wait until a boot option is selected from the client
computer. You can change the default setting in the PXE Configuration Utility to allow Initial
Deployment to run automatically and not sit at the prompt.
1
2
Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility.
Click the DS tab.
3
Select a pre-boot operating system from the Initial Deploy boot option drop-down list.
4
Click Execute Immediately.
Initial Deployment will run automatically for every identified server.
5
Click Save.
6
Click OK.
Clear BootWorks Prompt for Remote Install
When you run a deployment job on a computer where the Deployment Agent has been remotely
installed, a message displays stating that no BootWorks partition or PXE stamp is found. The
message will stay open until the user clicks OK on the message dialog, which delays executing the
scheduled job as part of an automated redeployment process. To fix this delay:
1
Select Tools > Options.The Altiris Program Options dialog will open.
2
Select the Agent Settings tab.
3
Select the Change Default Settings button.
4
Select the BootWorks tab.
5
In the lower section, select Never prompt me from the list.
Altiris® Deployment Solution™ Help
118
6
Click OK.
Following these steps will assure that the BootWorks message will not come up and things will move
forward when a job is scheduled.
Managing Server Blades
Deployment Solution lets you manage high-density server blades with Rack/Enclosure/Bay (R/E/B)
hardware and properties. From the Deployment Console you can deploy and manage these spaceefficient server blades using the physical view to assign jobs to the Rack, Enclosure, or Bay level of
the server cluster, or you can manage each server blade directly from the logical view. See “Bay” on
page 107 for properties and rules to deploy Rack/Enclosure/Bay servers.
Using Deployment Solution, you can employ “rip and replace” technology that lets you insert a new
server blade and automatically configure and deploy it exactly like the previously installed server
blade, allowing you to replace any downed server and get it back on line quickly. Altiris provides
fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images,
software, data, and patches are applied to the new server from the history of jobs assigned to the
previous server blade.
Managing New Server Blades
Deployment Solution lets you automatically deploy, configure and provision new server blades
using a variety of features, including Sample Jobs in Deployment Solution, and Server Deployment
Rules.
New Server Blades in Newly Identified Bays
When new blades are identified in a Bay that has not been used previously (if it has been used
previously then the Bay object will be identified in the physical view), then both the Initial
Deployment and Virtual Bays features can be set up to automatically run configuration tasks and
deployment jobs.
To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid
Deployment Pack installations of Deployment Solution.
Initial Deployment set up: Clear the Servers checkbox in the Advanced dialog box.
If both new computer features are set up and a new server blade is installed in a Bay not previously
identified by the Deployment Server, then the Create Virtual Bay feature will execute and Initial
Deployment will not execute.
New Server Blades in Identified Bays
If a new HP server blade is installed in an identified Bay (one that has already had a server blade
installed and is visible from the Deployment Console), then both Sample Jobs in Deployment
Solution and Server Deployment Rules can be set up. However, when both are set up then the Server
Deployment Rules will execute and Initial Deployment will not execute.
Virtual Bays
Hewlett-Packard blade servers now have a Virtual Bay feature that lets you pre-assign deployment
jobs to the Rack, the Enclosure, or to a specific blade server in the Bay. Any HP blade server can
have predefined deployment jobs and configuration tasks associated with it to execute automatically
upon installation. (This feature requires that the Hewlett-Packard Rapid Deployment Pack is
installed.) The Virtual Rack/Enclosure/Bay icons will change from virtual icons to managed server
icons in the Deployment console as live blade servers are inserted and identified by Deployment
Solution.
Rack name.
Enter or edit the name of the Rack.
Enclosure name.
Enter or edit the name of the Enclosure.
Altiris® Deployment Solution™ Help
119
Enclosure type.
Select the type of HP server blade from the list.
Initial Job. Select an existing job to run when the pre-configured computer account is associated with
a new server blade.
Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade
is installed.
Note: If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and then if
another model of server blade with an enclosure containing fewer bays is connected (such as the
BLp-class with 8 bays), then the excess virtual bays will be truncated automatically. Conversely, if
you create Virtual Bays with fewer bays (8) and then install an enclosure with additional bays (20),
you will need to recreate the virtual bays in the enclosure (right-click the enclosure name in the
physical view and click New Virtual Bays).
See also “Managing New Server Blades” on page 119.
Hewlett-Packard Server Blades
Hewlett-Packard high-density blade servers can be deployed and managed from the Deployment
console. The following HP server blades are supported:
HP Proliant™ BL e-Class
HP Proliant™ BL p-class
Proliant™ BL 10e
Proliant™ BL 20p
Proliant™ BL 10e G2
Proliant™ BL 20p G2
Proliant™ BL 40p
HP blade servers allow you to employ all features provided in the Deployment Console when you
install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/rdp), including
the Virtual Blade Server feature. The name of each Rack for an HP Server is displayed along with
the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the
server blade and displayed in both the physical and server views within the Computers pane of the
Deployment console.
For HP blade servers in the physical view the Rack name can be a custom name in the console, with
all subordinate Enclosures and Bays also identified. Example:
<rackName>
<enclosureName>
<bayNumber>
See also “Server Management Features” on page 117 and “Server Deployment Options” on
page 118.
Dell Server Blades
Dell high-density blade servers can be deployed and managed from the Deployment console. All
Dell Rack Servers are supported by Deployment Solution, but the server blades can also be managed
from the physical view in the Rack/Enclosure/Bay view. The following servers are supported:
Dell Rack Servers
Dell Server Blades
All PowerEdge™ rack servers
PowerEdge™ 1655MC
For Dell blade servers in the physical view, the Rack name will always be Dell. All subordinate
Enclosures and Bays are identified with custom names under the Dell rack name. Example:
Dell
<enclosureName>
<bayName>
Altiris® Deployment Solution™ Help
120
See also “Server Management Features” on page 117 and “Server Deployment Options” on
page 118.
Fujitsu-Siemens Server Blades
Fujitsu-Siemens high-density blade servers can be deployed and managed from the Deployment
console. All Fujitsu-Siemens Rack Servers are supported by Deployment Solution, but the server
blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The following
servers are supported:
Fujitsu-Siemens Rack Servers
Fujitsu-Siemens Server Blades
All Primergy™ rack servers
Primergy™ BX300 blade servers
For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be FujitsuSiemens. All subordinate Enclosures and Bays are identified with custom names under the FujitsuSiemens rack name. Example:
Fujitsu-Siemens
<enclosureName>
<bayName>
See also “Server Management Features” on page 117 and “Server Deployment Options” on
page 118.
Note: If you have Fujitsu-Siemens Server blades managed by the Deployment Server, ensure that
the SNMP service is running on the Deployment Server. Also, if the Deployment Server is installed
on a Win2k3 server, ensure that the security is set correctly to receive traps from remote computers.
By default, Deployment Servers cannot receive traps from remote computers.
IBM Server Blades
IBM high-density Blade Centers can be deployed and managed from the Deployment console. All
IBM blade servers are supported by Deployment Solution, but the server blades can also be managed
from the physical view in the Rack/Enclosure/Bay view.
For IBM blade servers in the physical view, the Rack name will always be IBM. All subordinate
Enclosures are identified with custom names under the IBM rack name and Bays are identified by
number. Example:
IBM
<enclosureName>
<baynumber>
See also “Server Management Features” on page 117 and “Server Deployment Options” on
page 118.
Find a Computer in the Database
This search filter lets you type a string and query specified database fields for specific computer
properties. You can search for user or computer names, licensing or location information, or primary
lookup keys: MAC address, serial number, asset number, or UUID. This search filter queries
property values displayed in the “Computer Properties” on page 105 pages.
Altiris® Deployment Solution™ Help
121
Click <CTRL> F or click the Find Computer button on the console toolbar to
search the Deployment Database for computers by property settings.
The search begins at the top of the computer list and highlights the computer
name in the Computers pane when a match is found. Press F3 to find the next
computer that matches the search criteria until there are no more results, or the
end of the computer list is reached.
1
In the Search For box, type all or part of the computer’s property values that you would like to
search for. This alpha-numeric string will be compared with specified database fields.
2
In the In Field box, select the field that you want to search in the Deployment Database.
Example: to find a computer by searching for its IP address, type the address in Search For field
and then select IP Address from the In Field drop down list.
Name
BIOS name of the computer.
Computer Name
Deployment Solution name of the computer.
MAC Address
0080C6E983E8, for example.
IP Address
192.168.1.1, for example.
ID
The computer ID. 5000001, for example.
Serial Number
Serial number installed in BIOS. A primary lookup key.
Asset Tag
Asset number in BIOS. A primary lookup key.
UUID
A primary lookup key.
Registered User
Name entered when OS was installed.
Product Key
Product Key for the operating system.
Logged On User
Name of user currently at the computer.
Physical Bay Name
The actual bay number: 7x, for example.
The computer you are looking for will be displayed and highlighted in the Computers window in the
console.
Note: This search is not case-sensitive and allows wildcard searches using the *.
See also “Computer Filters and Job Conditions” on page 68.
Using Lab Builder
Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a classroom or lab
environment.
Click the Lab Builder button on the console toolbar or click File > New > Lab
Builder to set up jobs specifically created for managing multiple computers in a
lab environment.
You can set up jobs to:
•
Create Disk Image
•
Deploy Lab
•
Restore Lab
•
Update Configuration
Altiris® Deployment Solution™ Help
122
•
Upload Registries
Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs under a
folder (which you name) located under the Lab folder. All of the tasks in the jobs have been assigned
default paths and file names that allow them to use the same images and configuration information,
registry data, etc. It is suggested that you do not change the file names and paths. If you change the
default settings (example: changing the image name), you must change it in all of the jobs where the
image is used.
To use Lab Builder
1
Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder.
2
Enter the name of the lab setup.
Note: The lab name must be unique because the program creates a default image file name based
on the name, and the image file name must be unique. The default image name is synchronized
in all of the lab jobs, so if you change the name later you must change it in all the jobs that use
the image.
3
Enter a lab description to help you differentiate the lab from others (optional). Click OK. This is
also optional.
4
Identify an image in the Create Disk Image job.
5
Set computer names and addresses in the Update Configuration job.
The following information describes the default jobs. To run one of these jobs, simply drag it to the
computer or computer group that you want it applied to.
Create Disk Image.
This job uploads an image of a computer to the server and an image name is
created automatically based on the lab name. However, there is no actual image in the job until you
drag the image source computer to this job.
Deploy Lab.
This job has three default tasks: Deploy image, Apply configuration settings, and Back
up registry files. The image that is uploaded using the Create Disk Image job is deployed when you
use this job. The configuration settings you specify in the Update Configuration job are applied to
the computers, and then the computer registry files are uploaded to the Deployment Server.
Restore Lab. This job restores the image and registry files to a computer where a lab was previously
deployed. You can quickly get a computer running again by restoring the lab on that computer.
Update Configuration.
This job lets you set unique configuration information (such as computer
names and network addresses) for client computers. When a lab is deployed, each computer has an
identical image, but not the same configuration settings. This means you don't have to visit each
computer to reset IP addresses and other settings when you deploy an image.
Upload Registries.
Altiris® Deployment Solution™ Help
This job backs up computer registry files to the Deployment Server.
123
Building and Scheduling Jobs
A job represents a collection of predefined or custom deployment tasks that are scheduled and
executed remotely on selected client computers. You can build jobs with tasks to automatically
create and deploy hard disk images, back up and distribute software or personality settings, add
printers, configure computer settings, and perform all aspects of IT administration. Jobs can be run
immediately for a specific computer, or stored and scheduled for daily or long-term administrative
duties on multiple computer groups.
Job icons display in the Jobs pane of the Deployment console. To assign and
schedule a job in the Deployment Console, drag the job icon to selected computer
icons. Job status icons also display in the Details pane of the Deployment Console
to indicate various deployment states. See “Viewing Job Details” on page 124.
The New Job Wizard guides you through common deployment and management jobs. It is an easy
way to set up new users or migrate users to new computers, create and distribute images of
computers on the network, distribute software packages, restore computers, and more.
Jobs include one or more Deployment Tasks. You build jobs by adding tasks to a job and then
customizing the task for your specific needs. You can add tasks to capture and distribute images,
software packages, and personality settings. Or you can write and run a script task, or run scripted
installs, configure settings, copy files and back up registry settings. You can also modify existing
jobs by adding, modifying, copy and pasting, or deleting tasks to fit your needs. See “Building New
Jobs” on page 128.
Set conditions on jobs to run only on computers with properties that match the criteria that you
specify. You can build one job to run on different computer types for different needs, and avoid
mistakes by ensuring that the right job runs on the right managed computer. See “Setting Conditions
for Task Sets” on page 129.
Initial Deployment lets you run predefined jobs and configuration tasks on new computers when
they start up. You can automatically deploy new computers by imaging and configuring TCP/IP,
SIDs, and other network settings and then installing basic software packages. See “Sample Jobs in
Deployment Solution” on page 159.
Sample jobs are installed with Deployment Solution and display in the Samples folder of the Jobs
pane. You can run many sample jobs as they are, or you can set environmental variables. See
“Sample Jobs in Deployment Solution” on page 159.
Viewing Job Details
As jobs are assigned, scheduled and executed, it is helpful to know specific details about their status
and assignments. The Deployment Console provides job icons to show state and status of the job in
the Details pane:
•
Job status icons that update to display the state of the job in running deployment tasks. These
icons are graphical symbols in the Deployment console used to identify the status of an assigned
job.
Altiris Deployment Solution Help
124
.
Indicates that a job is scheduled to run on a computer or computer group.
Indicates that a job is in progress.
In the Details pane, indicates that a job has executed successfully.
Indicates that a job is associated with a computer or group of computers but is not
scheduled.
Indicates error conditions when individual tasks run.
•
A description of the job, if available. You can also use the Add or Modify buttons in the main
window to edit the description as well.
•
If a job defines error conditions when individual tasks run, the Status field displays any errors
incurred and the tasks that completed successfully.
•
Job Schedule details. This is the job's run time, beginning when the job started and ending when
it completed successfully.
•
The currently applied conditions displayed in a list box with a Setup button to add conditions to
different task sets for different computer properties within a job. Conditions specify
characteristics that a computer must have before the job will execute. See “Setting Conditions
for Task Sets” on page 129.
•
A list of tasks assigned to the job and task descriptions are also be displayed. Change the order
of the task execution with the arrow buttons. Tasks are executed in the order they are listed. See
“Deployment Tasks” on page 132.
•
Features to add, modify, and delete tasks for each job.
•
A list of assigned computers and its deployment history.
To sort jobs or computer details, just point and click on the category in the Details bar. Example:
click the Status column heading to organize and display the progress status of the job.
See also “Viewing Computer Details” on page 81.
New Job Wizard
The New Job Wizard provides integrated features to build, assign, and schedule common
deployment jobs. It helps you build the most common jobs, and guides you through additional steps
to assign and schedule the jobs to selected computers. It lets you quickly build image files and deploy
new computers, distribute software packages, migrate users, and more.
Note: When a software package or deployment job are scheduled to run on client computers, users
will see the Altiris Client Service Message dialog display, warning them that a job is about to
execute. If a user clicks the Abort button when the message displays, an event is logged to the client's
history so that Deployment Solution administrators know when users abort a scheduled event.
Altiris Deployment Solution Help
125
Create a new job by clicking the New Job Wizard button on the Deployment
Console, clicking File > New > Job Wizard, or right-clicking in the Jobs pane of the
Deployment Console and selecting New Job Wizard. The New Job Wizard will
open to guide you through basic deployment jobs.
1
Select a job option:
Create an image. This wizard guides you through the steps required to create an image of a
computer’s hard disk and schedule the job. See “Creating a Disk Image” on page 134.
Deploy and configure computers. This wizard guides you through the steps required to lay down
a new disk image on a selected computer and then install software and personality settings. See
“Distributing a Disk Image” on page 135.
This wizard guides you through steps required to install software
packages. You can set conditions, select packages, assign to computers, and schedule the job.
See “Distributing Software” on page 143.
Deploy software packages.
Restore a computer. This wizard guides you through the steps required to restore a computer to a
known working state by re-imaging the hard drive and reinstalling software packages,
personality settings, and defining configuration values. This option reschedules jobs saved in
each managed computer’s history record, which contains all deployment tasks previously
processed. See “Restoring a Computer from its Deployment History” on page 109.
This wizard guides you through the steps required to move a computer hard
disk image, applications, and personality settings from a source computer to a destination
computer. You can perform one or more migration operations using provided options.
Migrate computers
2
Give the job a unique name. You can type a name with up to 64 characters.
3
Follow the steps in each wizard to create a job (some New Job wizards build multiple jobs).
After creating a job, it will display in the Jobs pane of the Deployment console with deployment
tasks listed in the Tasks list for each job selected.
Note: You cannot define return codes when using the New Job Wizard. See “Building New Jobs”
on page 128 to build customized jobs and set up return codes.
See also “Modifying Tasks in a Deployment Job” on page 154.
Migrating Computers
From the New Job Wizard you can select Migrate computers to quickly distribute hard disk images,
software, and settings from a user’s current computer to a new computer. You can image a new
computer’s hard disk with a new operating system and then install software and personality settings.
Or perform different levels of migration to distribute only software or to simply capture and
distribute personality settings to the new computer.
Migrate one computer to another separate computer
Click this option to migrate a user from a source computer (old computer) to another destination
computer (new computer). Capture personality settings, distribute a new hard disk image, distribute
software and then redistribute the saved personality settings from the source computer to the new
destination computer.
Click the option alone to migrate only personality settings to one or more computers. Additionally,
select Prepare destination computer with a disk image to distribute a disk image to the new computer
and select Install software packages prior to applying the personality on the destination computer to
install software packages on the new computer.
Note: This option will create two jobs that will display in the Jobs pane: Job (Capture) and Job
(Distribute).
Job (Capture) includes a Capture Personality Settings task (see “Capturing Personality Settings” on
page 146) to capture the personality of the source computer and a Modify Configuration task to
rename the source computer to avoid naming conflicts (see “Modifying Configuration” on
page 148). The source computer will be named computerName (Old).
Altiris Deployment Solution Help
126
includes a Deploy Image task (see “Distributing a Disk Image” on page 135) if
selected, a Modify Configuration task to update settings to the destination computer, and one or
more Install Package tasks to update software (if selected) and migrate personality settings (see
“Distributing Software” on page 143).
Job (Distribute)
Migrate the same computer to another operating system
Click this option to upgrade the operating system on a computer and then reinstall personality
settings and software packages on the same computer. It will create jobs and tasks to capture the
personality settings, distribute a new disk image, distribute software packages, and then migrate the
personality settings.
Click the option alone to deploy a disk image and migrate personality settings to the computer.
Select Install software packages prior to applying the personality on the destination computer to install
software packages on the computer.
Note: This option will create two jobs that displays in the Jobs pane: Job (Capture) and Job
(Distribute).
Job (Capture) includes a Capture Personality Settings task (see “Capturing Personality Settings” on
page 146) to capture the personality of the source computer.
Job (Distribute) includes a Deploy Image task (see “Distributing a Disk Image” on page
135) and one
or more Install Package tasks to update software, if selected (see “Distributing Software” on
page 143).
Simply capture the personality of the computers
Click this option to capture and save, but not distribute, the personality settings of the selected
computer(s). You can choose a personality template and save Personality Packages to the
Deployment Share, allowing you to distribute these personality settings later to new computers.
Note: This option will create a single job with a Capture Personality Settings task (see “Capturing
Personality Settings” on page 146).
See also “New Job Wizard” on page 125.
Selecting Computers in the New Job Wizard
The New Job Wizard provides steps to select and assign computers to the jobs created in the wizard,
rather than requiring you to create a job and then assign it to computers when Building New Jobs.
The jobs created in the New Job Wizard display in the Jobs pane, and can be saved and assigned to
other computers at a later time. You can also schedule jobs for the specified computers in the wizard
(see “Scheduling Jobs” on page 130).
Apply Computers to a Job
When deploying software in the New Job Wizard, you can select computers to assign the
Distributing Software job created in the wizard. You can also select an option to simply store the job
and use it at another time without scheduling the job. Regardless of the scheduling option selected,
the job will display in the Jobs pane to use at another time.
New Computers.
Open an Adding New Computers dialog box to create new user accounts to assign
the job.
See also “Scheduling Jobs” on page 130.
Associating Destination Computers
Use this dialog box to associate source computers with destination computers when migrating
personality settings. Depending on the computers selected in the previous Select Computers dialog
box, you can migrate personality settings captured from the source computers to new destination
computers.
Altiris Deployment Solution Help
127
Right-click a computer in the Source column to replace it with another source computer. Right-click
a computer in the Destination column to replace it with another destination computer and assign it to
a new source computer. To automatically assign multiple computers, click Automatic to assign
source computers with destination computers using an alpha-numeric order. The associated
computers will share personality settings after running the jobs.
See also “Migrating Computers” on page 126.
Setting up Conditions in the New Job Wizard
The New Job Wizard also provides steps to set up conditions, a step usually performed
independently for each job during its build phase. Setting conditions lets you run selected tasks only
on computers matching defined criteria (see “Setting Conditions for Task Sets” on page 129).
Click Setup conditions for this set of tasks to open the Define Conditions dialog box from the New Job
Wizard.
Install Software Packages
The New Job Wizard provides steps to install software packages to the selected computer(s). You
can install any type of software to the managed client computer, including MSIs, RIPs, and
Personality Packages. If the selected package is not a RIP or Personality Package, then a message
box will open asking if you want to continue (See “Distributing Software” on page 143 for additional
information).
Summary of Options
After selecting options in the New Job Wizard, you can view a summary of job names, assigned
computers, conditions, and other selected choices. To change any options, click Back to return to
previous dialog boxes. Click Finish to complete the steps in the wizard.
See also “New Job Wizard” on page 125 and “Job Scheduling Wizard” on page 129.
Building New Jobs
A job can be a single task to distribute software or change computer property settings, or a job can
be a series of tasks sequenced to migrate hard disk images, set post-installation TCP/IP and SID
values, and install software packages and personality settings.
Create a new job by clicking the New Job button on the Deployment Console.
Click File > New > Job, or right-click in the Jobs pane of the Deployment Console,
and select New Job. You can modify jobs by double-clicking the job or rightclicking, and then selecting Properties. Add tasks to each job using the Add button.
1
Create a new job. Enter a unique name and description for the job. You can type a name with up
to 64 characters.
A new job will be added to the Jobs pane in the Deployment console. You can group and
organize jobs, and then access and apply them to computers or computer groups from an index
of prebuilt jobs.
2
Set conditions to apply the job to specified computers meeting defined criteria. Order multiple
conditions to run jobs on computers that match the first applicable condition. See “Setting
Conditions for Task Sets” on page 129. This is optional.
3
Click Add to add open a list of possible deployment tasks to add to each job. See “Deployment
Tasks” on page 132.
4
Set task options using the provided wizards.
Altiris Deployment Solution Help
128
After you complete the steps to create a task, it will be added to the task list box. Click Add to
add another task. Use the arrow buttons to change the order of execution of the tasks in the Task
list box.
Tasks are executed in the order that they display in the task list. As a result, make sure you do
not run a task that will override previous tasks. Example: list Distribute Disk Image above
Distribute Software or Distribute Personality, allowing the hard disk to be imaged before installing
applications and settings.
5
Set Return Codes. The last action in each task wizard lets you set return codes for each
deployment task. See “Setting Up Return Codes” on page 157. This is optional.
6
After adding tasks, click OK.
7
To schedule the job, drag it to a computer or computer group. The Schedule Jobs dialog box will
open. See “Scheduling Jobs” on page 130.
See also “Importing and Exporting Jobs” on page 156.
Job Scheduling Wizard
The Job Scheduling Wizard provides features to assign jobs to selected computers and computer
groups, and to then schedule the jobs to run without using a mouse. This new feature meets Section
508 requirements to improve disability access and allows integration of voice activation software
and other user interface features.
Select Job(s)
Select the job(s) or group(s) of jobs to assign to computers or computer groups. Use the SHIFT and
CTRL keys to select multiple jobs or job folders. Click Next.
Select Computer(s) or Computer Groups
Select the computer(s) or group(s) of computers to assign the jobs selected in the previous dialog
box. Use the SHIFT and CTRL keys to select multiple computers or groups. Click Next.
New Computers.
Click this button when Adding New Computers.
Setting Conditions for Task Sets
Setting conditions on a job lets you run selected tasks only on computers that match defined criteria.
As a result, you can create a single job with tasks defined for computers with varying properties,
including OS type, network adapters, processors, free drive space and other computer properties.
You can then create task sets for each job that will apply only to the computers matching those
conditions.
Note: The default condition (named default) has no parameters or values associated with it. If this
is the only condition that a job contains, then the tasks associated with the default condition will
always work on all of the computers to which the job is assigned. Default condition is like having
no conditions.
In addition, if a task is associated with the default condition the task will always execute when a
computer does not meet any other conditions associated with this job.
1
Select a job in the Jobs pane of the Deployment Console.
2
Click Setup next to the Condition box. A menu will open with options to create a New condition,
Modify a condition, or Delete a condition.
To reorder conditions, click Order and reorder them using the Up or Down buttons. See “Order
Condition Sets” on page 130.
3
Click New in the menu to open the Condition Settings dialog box. Enter a name for the condition
up to 64 characters.
Altiris Deployment Solution Help
129
4
Click Add to open the Condition dialog box.
Click the Field list and select a data field heading from the list. You can define conditions based
on common client features such as operating system, software and hardware version, hard drive
space, OS language, RAM, and other characteristics.
Click Operation and select a compare statement. In the Value box, type a string to search for in
the selected database field. You can set conditions based on computer properties stored in fields
in the Deployment Database. Example: you might want to set a condition to match a particular
asset tag, Altiris agent version, or IP address. You can use wildcard characters and AND/OR
operators.
5
To set up custom conditions based on custom tokens, select User Defined Tokens from the Field
list.
6
Click OK.
The task set you create displays in the Task list for each condition. When you select a new condition,
the tasks for that condition display.
You can set Condition A to distribute the XPImage.img file to Windows XP computers using a
Deploy Image task. You can then set Condition B to distribute the W2KImage.img file to Windows
2000 computers using another Deploy Image task. When the job is applied to a computer group, the
conditions will be evaluated for each computer and the appropriate task will execute on the
appropriate computer.
Note: When using User Defined Tokens to set conditions for some client property values, you may
be required to use the decimal value rather than the hex value. Example: when setting conditions
based on the NICS table on the nic_device_id and nic_vendor_id columns, you are required to use
decimal values.
See also “Deployment Tasks” on page 132.
Order Condition Sets
By specifying and ordering different sets of conditions, you can determine when a task executes
based on defined computer properties. Each condition is processed in sequence until the computer
matches the condition defined within a set. If the computer does not meet any of the defined
conditions, it will run the default condition. Once a match is found, the set of tasks for this condition
set is processed.
See also “Setting Conditions for Task Sets” on page 129.
Scheduling Jobs
After a job has been created, and it has been assigned to multiple computers or computer groups. The
Schedule Job dialog box will open automatically, allowing you to schedule the job to run
immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected
from the Jobs pane of the Deployment Console are scheduled in the order they were selected, even
across multiple Deployment Servers.
To schedule a job
1
Drag a job to a computer or computer group. The Schedule Job dialog box will open.
2
In the Schedule Job dialog box, click the Job Schedule tab. The options are as follows:
•
Do not schedule. This option lets you apply jobs to computers but does not run the job until
you return to the Schedule Job dialog box and set a run time.
•
Run this Job immediately. This
•
Schedule this Job. This option lets you type the date and time to run the job at a specified time
and date. To run it at regular intervals, specify a time and date to repeat.
•
Repeat this job every x.
option lets you run the job now.
A job can be scheduled to execute by minute(s), day(s), hour(s),
week(s).
Altiris Deployment Solution Help
130
•
Allow this job to be deferred for up to x. A job can be deferred when the server is busy executing
other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to
five minutes.
•
Schedule in batches of x computers at y minute intervals.
This option lets you schedule
computers in batches to maximize efficiency.
3
Click the Computer(s) Selected tab. This is a list of computers, their associated group, and IP
address that the job is scheduled to run.
4
Click the Job(s) Selected tab. This displays the job name and folder is located in the Jobs pane.
Use the UP and Down arrow to change the order of the scheduled jobs.
5
Click OK.
Note: The Schedule Job dialog box is the same for Rescheduling Jobs, New Job Wizard, and Job
Scheduling Wizard.
To reschedule a job
1
From either the Computers or Jobs panes in the Deployment console, select a job or computer
that has been previously scheduled.
A job icon displays in the Details pane identifying the computers assigned or the name of the job.
2
Select the job icon, click the scheduled computers in the Details pane, right-click and then click
Reschedule.
If you selected a computer icon, click the job icon in the Details pane, right-click and then click
The Schedule Jobs dialog box will open.
Reschedule.
3
To immediately start a scheduled job that has not yet run, right-click the job icon and select Start
Now.
4
To stop a repeating job, right-click the job in the Details pane and click Discontinue Repeat. At
this point you need to schedule a new time to run the job or click the Do not schedule option.
To remove computers from a scheduled job
You can complete this task by removing a job assigned to a computer or removing a computer
assigned to a job.
1
Click a job in the Jobs pane.
2
Click a computer in the Details view and press Delete or right click the job(s) and select Delete.
To remove tasks from a job
You can remove tasks assigned to a job by double-clicking the job and opening the Job properties
dialog box. (Edit features will also open in the Details view of the Deployment Console when you
select the job from the Jobs pane).
1
Select one of the assigned tasks in the Task list.
2
Click Delete.
To remove scheduled jobs from a computer
1
Click the computer.
2
Select the scheduled job in the Details window, and press Delete or right click the job(s) and
select Delete. To remove multiple jobs, hold down the SHIFT or CTRL key while you select the
job(s), then press Delete or right click the job(s) and select Delete.
The icon for a scheduled job is yellow.
To run a job immediately from the Resources view
If you have a batch file, image file, RIP, MSI, or executable file assigned to a job or stored in the
Deployment Share, then these files and packages will be displayed in the Resources view (see
“Shortcuts and Resources View” on page 64). You can drag these files and packages from the
Resources view to a computer or computer group to automatically create and run a job (or you can
drag computers to a file or package in the Resources view). A job will be created automatically for
each assigned package in the Systems Jobs > Drag-n-Drop folder.
Altiris Deployment Solution Help
131
See also “Building New Jobs” on page 128 and “Modifying Tasks in a Deployment Job” on
page 154.
Deployment Tasks
A task is an action of a job. Jobs are built with tasks. Each task is executed according to its order in
the task list contained in a job. You can resize the task pane by dragging the bottom pane (horizontal
bar) that separates the task list and the scheduled computer list of the Deployment Console. This lets
you view a greater number of tasks in a deployment job without using the scroll bar to navigate up
and down.
The Deployment Console has multiple tasks available from the Add menu, including:
Create a disk image from a reference computer and save the image file (IMG or
EXE files) for later distribution. See “Creating a Disk Image” on page 134.
Create Disk Image.
Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or create a disk
image from a reference computer on the network and simultaneously distribute it (IMG or EXE) to
other managed computers on the network. See “Distributing a Disk Image” on page 135.
Scripted OS Install. Run scripted (unattended) installs using answer files to install computers
remotely over the network. See “Scripted OS Install” on page 138.
Distribute RIPs, MSI files, scripts, personality settings and other package files
to computers or groups. See “Distributing Software” on page 143.
Distribute Software.
Manage the SVS Layer.
Instantly activate, deactivate or reset layers and completely avoid conflicts
between applications, without altering the base Windows application. See “Managing the SVS
Layer” on page 145.
Capture Personality. Capture the personality settings of a selected computer on the network using the
PC Transplant software. PC Transplant ships as a part of Deployment Server. See “Capturing
Personality Settings” on page 146.
Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid
Altiris packages and assign passwords and command-line switches to Personality Packages. See
“Distributing Personality Settings” on page 147.
Modify Configuration. Modify the IP address, computer and user name, domains and Active Directory
organizational units, and other network information and computer properties. See “Modifying
Configuration” on page 148.
Get Inventory. This lets you gather inventory information from client computers to ensure that the
deployment database is up-to-date with the latest computer properties. See “Get Inventory” on
page 149.
Create custom commands using scripts to perform jobs outside the bounds of the pre
configured tasks. Use the Run Script dialog box to select or define a script file to run on specified
computers or groups. See “Run Script” on page 149.
Run Script.
Copy File to. Copy a file from the Deployment Share or another source computer to a destination
computer. See “Copy File to” on page 152.
Perform power control options to restart, shutdown, power off, and log off. See
“Power Control” on page 154.
Power Control.
Tasks are listed for each job in the task list box. Each task will execute according to its order in the
list. You can change the order using the up and down arrow keys.
Supported Live Task Types
Following is the list of the live tasks supported for the x64, IA64, and SPARC platforms.
Altiris Deployment Solution Help
132
Table 1: Supported Live Task Types
Task
x64
IA64
SPARC
Restore Computer
Yes
Yes
Yes
History
Yes
Yes
Yes
Configure
Yes
Yes
Yes
Quick Disk Image
Yes
Yes
Yes
Power Control: Wake Up
Yes
Yes
Yes
Power Control: Restart
Yes
Yes
Yes
Power Control: Shutdown
Yes
Yes
Yes
Power Control: Log off
Yes
Yes
No
Remote Control
Yes
No
No
Execute
Yes
Yes
Yes
Copy File
Yes
Yes
Yes
Chat
No
No
No
Advanced: Clear Computer Status
Yes
Yes
Yes
Advanced: Prompt User for Properties
Yes
Yes
No
Advanced: Reset Connection
Yes
Yes
Yes
Advanced: Install Automation Partition
Yes
Advanced: Get Inventory
Yes
Yes
Yes
Advanced: Reject Connection
Yes
Yes
Yes
Advanced: Uninstall Windows Agent
Yes
Yes
No
Advanced: Install BIS Certificate
No
No
Yes
Advanced: Remove BIS Certificate
No
No
Yes
Advanced: Apply Regular License
Yes
Yes
Yes
New Job Wizard
Yes
Yes
Yes
New Group
Yes
Yes
Yes
New Computer
Yes
Yes
Yes
Rename
Yes
Yes
Yes
Delete
Yes
Yes
Yes
Change Agent Setting
Yes
Yes
Yes
Permissions
Yes
Yes
Yes
Job Scheduling Wizard
Yes
Yes
Yes
Altiris Deployment Solution Help
133
Creating a Disk Image
This task creates an image of a computer’s hard disk and then saves the image as an .IMG or .EXE
file.
Create an image file using the New Job Wizard or adding the task when Building
New Jobs. You can distribute the disk image file using the Distributing a Disk
Image task. This task will run Altiris RDeploy.exe from the console to capture
and migrate hard disk images.
Note: To create an image of a computer, you must boot to DOS, Linux or Windows PE. This
requires that you set up PXE Server or install automation partition.
1
Enter a path and file name to store the disk image file. You can store image files to access later
when a managed computer is assigned a job that includes the image file.
The default file name extension is IMG. Saving image files with an EXE extension makes them
into self-extracting executable files (the run-time version of RapiDeploy is added in the file).
2
Click Local image store if you want to store the image file outside of the Deployment Share file
structure to avoid a warning message. If this option is not marked, and you have not specified a
Deployment Share path, you will be shown a warning message indicating this and reminding you
that your automation process must be configured to use the path indicated in the Name field. You
can still save your image to a location outside the Deployment Share file structure even when
this option is not marked. This option just eliminates the warning message. This option is often
used when storing images locally on the managed computer’s hard drive or to an additional
server being used to store images.
When storing images locally on the managed computer's hard drive. Be sure to enter the path
relative to the managed computer (Example: c:\myimage.img). When you store an image locally
on a managed computer instead of a file server, you save server disk space and reduce network
traffic
Prerequisite: To store images locally on the managed computer’s hard drive, you must have a
hidden automation partition installed on the managed computer's hard disk with the required disk
space to hold the images you want to store.
Caution: When imaging computers where images are stored on the managed computers hidden
automation partition, do not use the option to remove the automation partition unless you want
to clear all images from the computer.
3
Enter an image description (optional) in the Description field to help identify the image.
4
Select Prepare using Sysprep to use sysprep to prepare system for imaging. Then, click the
Sysprep Advanced Settings button. See “Advanced Sysprep Settings for Creating a Disk Image”
on page 135.
5
Select the operating system from the Operating System drop-down list.
Note: Click Add new to go to the Sysprep Settings dialog and select the OS Information.
6
Select the product key from the Product Key drop-down list.
7
Select the required pre-boot environment from the Automation pre-boot environment (DOS/
Windows PE/Linux) drop-down list to perform the Create Disk Image task in selected pre-boot
environment. By default, the DOSManaged Boot Option type is selected.
8
Click Advanced to select Media Spanning and additional options. See “Create Disk Image
Advanced” on page 135. This is optional.
9
Click OK (if you are using the New Job Wizard) or click Next.
10
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
11
Click Finish. The task displays in the Task list for the job.
Troubleshooting Tip: If an imaging Job fails on a managed computer, the Deployment agent
configuration page appears on the client. This screen displays a prompt, to confirm if the user
wants to configure the client or restore the original settings. Select Cancel > Restore Original
Settings on the client screen.
Altiris Deployment Solution Help
134
See also “Deployment Tasks” on page 132.
Advanced Sysprep Settings for Creating a Disk Image
You can use the Advanced Sysprep Settings dialog to specify Sysprep mass storage device support.
By default, the Enable mass storage device support using built-in drivers option is selected.
Disable mass storage device support. When this option is selected, the Sysprep.inf file contains the
section [Sysprep] with the key value pair as BuildMassStorageSection = No.
Enable mass storage device support using built-in drivers. When this option is selected, the Sysprep.inf
file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = Yes.
Enable mass storage device support using the following: When this option is selected, the Sysprep.inf
file contains the section [SysprepMassStorage] and is appended by contents of the file mentioned in
the Mass storage section file field. You can also copy the drivers directory mentioned in the Mass
storage drivers field.
Create Disk Image Advanced
RDeploy Options
RDeployT is the default imaging executable. This facilitates the imaging of thin client computers.
Graphical Mode (RDeploy). Select
Text Mode (RDeployT). Select
this checkbox to run the RDeploy in a GUI mode.
this checkbox to run the RDeploy in a text mode.
Media Spanning
Maximum file size.
The Maximum file size supported is 2 GB. To save an image larger than 2 GB,
Deployment Server will automatically break it into separate files regardless of your storage capacity.
From the Maximum file size list, select a media type.
Specify ___ MB.
If the preferred type is not on the list, enter the file size you want in the field.
Additional Options
Do not boot to Production. Select this option to create an image of the hard disk while booted to DOS
without first booting to Windows to save network settings (TCP/IP settings, SID, computer name,
etc.). If you select this option, these network settings will not be reapplied to the computer after the
imaging task, resulting in network conflicts when the computer starts up.
Compression.
Compressing an image is a trade-off between size and speed. Uncompressed images
are faster to create, but use more disk space.
Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to
create a larger compressed image file with a faster imaging time. The default setting is Optimize for
Speed.
Note: Configuration restoration after imaging a compressed drive is not supported for this release.
Additional command-line switches.
You can add command-line switches specifically for the
RapiDeploy program to execute imaging tasks. See the Command-line Switches in the Deployment
Solution 6.8 Deployment and Migration Guide.
Distributing a Disk Image
Distribute an image (.IMG) or executable (.EXE) file to managed computers to lay down a
previously created hard disk image.
Altiris Deployment Solution Help
135
Distribute a hard disk image using the New Job Wizard or adding the Distribute
Disk Image task when Building New Jobs. You can create the disk image file
using the Creating a Disk Image task. This task will run Altiris RDeploy.exe
from the console to capture and migrate hard disk images.
Note: If you deploy a Windows image over a Linux computer or a Linux image over a Windows
computer, then you need to change the path of the Deployment Agent for Windows log file.
1
Click Select a disk image file to select a stored image file. This lets you set down a new image file
from a previously imaged computer. This is a common way to distribute an image file. Enter the
name of an existing image file.
Select Local image store if you stored the image file on the client computer’s hard drive. With
local image store, the image file is stored on a partition on the computer being imaged.
Consequently, the server cannot validate the image when a local image store is used.
If you want to image a source computer on the network, click Select a computer on the network.
Enter the name and location of the source computer to both create an image and distribute the
newly created image file.
This option saves an image of a selected computer’s hard disk in its current state each time the
job executes. You can schedule the job to image a specified computer every time it runs, allowing
the image to be updated each time.
Note: Network mapping must exist on the source computer before imaging. UNC paths are not
supported in DOS.
Select the Save the disk image as a file while distributing option to save the newly created image
file to a specified disk drive. If you use a reference computer as the image source, you can also
choose to save the image as a file for later use. Select the checkbox to save the image and type
in or browse for the location where you want to store the file.
2
Select Prepared using Sysprep to use sysprep to prepare system for imaging. Then, click the
Advanced Sysprep Settings button. See “Advanced Sysprep Settings for Distributing a Disk
Image” on page 136.
3
Select the operating system from the Operating System drop-down list.
Note: Click Add New to go to the Sysprep Settings dialog and select the OS Information.
4
Select the product key from the Product Key drop-down list.
5
Click Automatically perform configuration tasks after completing this imaging task to reboot the
computer and push the configuration settings to the imaged computer.
6
Click Advanced to resize partitions and set additional options. See “Distribute Disk ImageResizing” on page 137. Click OK.
7
Select the required pre-boot environment from the Automation pre-boot environment drop-down
list to perform the Distribute Disk Image task. The option reported by the PXE Manager is the
default pre-boot environment option.
8
Click OK (if you are using the New Job Wizard) or click Next.
9
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
10
Click Finish.
See also “Deployment Tasks” on page 132
Advanced Sysprep Settings for Distributing a Disk Image
You can generate the Sysprep.inf file for the Distribute Disk Image task, depending on the option
selected in the Advanced Sysprep Settings dialog.
Use default answer file. When this option is selected, the Deployment Server generates the
Sysprep.inf file depending on the data present in the database.
Altiris Deployment Solution Help
136
Use the following answer file. When this option is selected, the Deployment Server picks up the
contents of the file mentioned in the Sysprep answer file textbox and then prepares the Sysprep.inf
file from it.
Distribute Disk Image-Resizing
By default, whenever you deploy an image, you have the option to resize the partition to take
advantage of the available disk space. Drive Size gives you information about the size of the image,
so you can determine if you need to change partition sizes. Minimum indicates the amount of space
the image will use on the target computers. Original indicates the image source disk size.
Fixed Size.
Select this option and enter the desired partition size.
Percentage.
Select this option and enter the percentage of free space that you want the partition to
occupy.
Min.
View the minimum size of the partition.
Max.
View the maximum size of the partition.
Note: FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can
be sized smaller than the minimum value). HP partitions remain a fixed size.
Distribute Disk Image-Additional Options
This option lets you specify operations for existing Automation Agents and OEM disk partitions.
The options are as follows: leave the partition as it is, remove, or replace the existing partitions. If
the image file does not contain any information for an automation or OEM partition, the option will
default to Leave the client’s existing Automation or OEM partition as it is.
RDeploy Options:
Graphical Mode[RDeploy]. Click this option if you want to choose the imaging executable as RDeploy.
Text Mode[RDeployT]. Click this option if you want to choose the imaging executable as RDeployT.
Text Mode or RDeployT is the default choice.
Automation Partition:
Leave the client's existing BW partition as it is. If
the image file contains no automation partition
information, by default, this option is selected. The automation partition will remain unchanged
when distributing disk images.
Delete the client's Automation partition [-nobw]. Select
this option if you want to delete the existing
Automation partition from client computers.
Replace the client's existing BW partition from image file [-forcebw]. Select this option if you want to
replace the existing automation partition on the client computer with the automation partition from
the image file.
OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition
information, by default, this option is selected. The OEM partion will remain unchanged when
distributing disk images.
Delete the client's OEM partition [-nooem]. Select
this option if you want to delete the existing OEM
partition from client computers.
Replace the client's existing OEM partition from image file [-forceoem]. Select this option if you want to
replace the existing OEM partitions on the client computer with the OEM partition from the image
file.
Altiris Deployment Solution Help
137
Additional Command line switches. You can add command-line switches specifically for the
RapiDeploy program that runs imaging tasks. See the Altiris RapiDeploy Product Guide located in
the Docs folder of the Deployment Share.
Note: The checkdisk command-line switch should not be used from a Deployment console. The
post-configuration task will fail after an image restore.
See also “Deployment Tasks” on page 132.
Scripted OS Install
The Scripted OS Install task performs remote, automated, and unattended operating system
installations over the network using answer files to input configuration and installation-specific
values. Scripted installs allow you to deploy server and client computers across the network from
installation files, and then perform post-installation configuration tasks. You can run scripted installs
for Windows or Linux computers.
Important: Scripted Install requires either an automation boot disk or PXE Server. Using embedded
automations will cause the selected image (DOS, Linux, Windows PE) to load and then halt. It will
not allow the scripted install to run.
When running a Scripted OS Install task, you can identify the type of OS to install for supported
languages, run the scripted install, and update with service pack installations. This task provides
easy-to-use features to create an answer file for each scripted installation.
Scripted installs are flexible in performing post-configuring tasks, but much slower and bandwidth
intensive. Complete network and web server installation and configuration tasks profit most from
scripted installs.
Windows. Use complete unattended install features to copy Windows OS source files quickly to the
Deployment Share and easily create an answer file. Configured OS install sets can then be reused to
build and run scripted install jobs as needed. See “Scripted Install for Windows” on page 138.
Linux. Run scripted install jobs to remotely install different versions of Linux. You can customize
sample scripted install jobs installed with the Deployment Server system and create a kickstart
answer file to remotely run a scripted install. See “Scripted Install for Linux” on page 143.
Scripted Install for Windows
1
After selecting Add > Scripted OS Install, click the Windows option.
2
Select the type of Windows operating system to install. See “Select OS Version and Language”
on page 139. Click Next.
3
Select the required pre-boot environment from the Automation - PXE or BootWorks environments
drop-down list to perform the Distribute Disk Image task in selected
pre-boot environment. The option reported by the PXE Manager is the default pre-boot
environment option.
(DOS/Windows PE/Linux)
4
Select source files. Click the list to select Windows OS source files already copied to your
Deployment Share. See “Installation Source Files” on page 140.
5
Click Add New from the list to set up new OS installation files. See “Operating System-Source
Files” on page 140.
Click OK after entering a unique name and the path to the OS installation source files. The source
files will be copied over to the Deploy folder in the Deployment Share directory. The first source
files added will be given a generic name of WinOS001, with additional OS source folders named
Altiris Deployment Solution Help
138
to WinOS002, WinOS003 and so on. Service Pack source files will also be stored as an
WinSP00x.img file.
This process could take a few minutes. Because the installation source files are copied over to
the Deployment Share, when running subsequent scripted installs you will not need to add new
source files for this version of Windows. They can be selected from the list of installation source
files. See “Installation Source Files” on page 140.
Note: When importing Scripted Install jobs, you must edit the job files to point to the installation
source files on the new Deployment Server system. This requires you to run the Scripted Install
for Windows wizard and modify the path and name of the folder for the Installation Source Files
for the exported jobs. This is required for both the main installation and service pack installation
files. See also “Importing and Exporting Jobs” on page 156.
6
After the source files are copied, select the newly created OS source name from the Installation
Source Files list. Click Next.
7
Click to distribute a DOS disk image (default), or continue without distributing a DOS image and
partition and format the hard disk of the destination computer using custom scripts or setup
utilities. Click Advanced to set partition size, delete hidden partitions or set RapiDeploy
command-line parameters. Click Next. See “Operating System-Source Files” on page 140.
Note: Before running a scripted install, you must install DOS. However, DOS is not required if
you are using your own scripts or utilities to partition and format the client computer.
8
Import an answer file to the Deployment Database. See “Import an Answer File” on page 141.
Click Next.
9
Create the Answer file. See “Answer File Setup” on page 141. Click Next.
10
Set command-line switches for cmdlines.txt files and for the WINNT installation program. See
“Command-line Switches for Scripted Install” on page 142. Click Next.
11
View and modify the Deployment Agent for Windows configuration file from the dialog box.
See “Deployment Agent Settings for Scripted Install” on page 142. Click Next.
12
View summary of selected options. See “Scripted Install Summary” on page 142. Click Next.
13
Set up return codes for the Scripted Install task. See “Setting Up Return Codes” on page 157.
Click Finish.
See also “Scripted OS Install” on page 138.
Select OS Version and Language
Identify the operating system version to run in a scripted install. The selected version and language
must correspond to your Windows installation files.
We support multiple languages for the following Deployment Solution utilities.
•
Boot Disk creator
•
Image Explorer
•
PXE Configuration Utility
•
Remote Client Installer
•
Control Panel Applet
•
DS Info
•
PW Util (Password utility)
•
Switch Management
Select the OS version. Select the Windows operating system you want to install from the list. Click
Template if you want to install another version or language of a Windows operating system not
provided in the list.
Select the OS language. Select the language version of the
operating system to install. The language
must correspond to the OS source files. If you selected the Template option, then only the
Multilingual language option can be selected (this is a generic language option).
Altiris Deployment Solution Help
139
Automation (Pre-boot Environment). Select the required pre-boot environment from the Automation
(Pre-boot Environment) drop-down list. The option reported by the PXE Manager is the default preboot environment option.
List of supported multiple languages
•
German
•
French
•
Spanish
•
Japanese
•
Simplified Chinese
See also “Scripted Install for Windows” on page 138.
Installation Source Files
If you copied installation files to the Deployment Share for previous scripted installs, then the name
of this install source configuration displays in the list box for each OS type and language. To create
new source configuration sets for additional OS installs, select Add new source files from the list box.
Select or add new OS source files. Select the assigned name for each OS source configuration in the
list, or select Add new source files from the list to create a new install task. Previous scripted install
jobs will create a WinOS00x.img file in the Deploy directory of the Deployment Share.
The Operating System-Source Files dialog lets you identify the version of Windows install files and
enter the path to the files (on the CD or other medium).
Select or add new service pack source files. Run service pack updates immediately after installing the
operating system during the scripted install process. Previous scripted install jobs will create a
WinSP00x.img file.
See also “Scripted Install for Windows” on page 138.
Operating System-Source Files
Name OS source configuration, identify path and automatically copy Windows installation files to
the Deployment Share.
Enter a unique name for the OS source files.
Enter a name for the OS source configuration files to
assign an alias to associate with the install files for a specific OS version and language.
Enter path to OS source files.
Enter the path to the I386 folder on the CD where the Windows
installation programs and support files are stored. Example: browse to the CD drive and select
I386\WINNT.exe. Click Open.
The Windows OS identified previously in the Installation Source Files dialog box must match the
source files selected here. If the name and language of the OS does not match the installation files,
then you will receive an error.
Click OK and the files will copy from the source CD (or other volume) to the Deployment
Server\Deploy directory in the Deployment Share. This process will take a few minutes.
Enter a short description. Enter a description of the Windows OS source configuration, for example:
W2K Advanced Server SP3 English. This is optional.
See also “Scripted Install for Windows” on page 138.
Partition and Format Disk
Select a DOS disk image to distribute to the client computers before starting the Windows scripted
install. A DOS image is provided in the Images directory in the Deployment Share (default path in
the Name field).
Altiris Deployment Solution Help
140
Select a DOS disk image. Click this option to distribute a DOS image from the Deployment Share.
The Deployment Server system includes a DR DOS image file that is selected by default. You can
create your own MS DOS image from your Windows 98 CD and build a job.
Advanced. Select advanced options to set the size of the partitions, or to remove hidden partitions
and add command-line switches. See “Create Disk Image Advanced” on page 135 and “Distribute
Disk Image-Resizing” on page 137.
Continue without distributing DOS image. Click this option to not install a DOS image from
Deployment Server. Skip this step if you are installing DOS using custom procedures for your
environment.
See also “Scripted Install for Windows” on page 138.
Import an Answer File
Reference a previously created answer file for a Windows scripted install. You can also view a
summary of the OS source configuration.
Select to import a previously created answer file to the Deployment
Database. Values for the answer file will be imported from the delimited text file and displayed in
the Answer File Setup dialog box.
Import existing unattend.txt.
You can enter a path and select an answer file with any name. The answer file will be imported to
the database, edited in the console (if required), and then distributed as an unattend.txt file to the
client computer.
See also “Scripted Install for Windows” on page 138.
Answer File Setup
Use these dialog boxes to enter values to create an answer file for a scripted install. These values are
stored in the Deployment Database. An answer file is then generated from the database
(unattend.txt) and distributed to each managed computer when the job executes.
In the Answer File Setup, select a value (a row) in the table. A pop-up list displays in the Values
column to change values for each entry. You can add new variables to each section by selecting the
bottom row named Add new Variable. To add a new section to the answer file, click the right arrow
button until the Add new Section tab displays (the last tab on the right).
Required answer file values will be selected automatically in the dialog box with a gray check (you
cannot clear these variables). Optional but selected values will have a green check. Other optional
values will be cleared. Select these optional values if you want to add them to the answer file when
it is generated.
The various tabs in the Answer File Setup dialog box correspond to general answer file sections. See
the Microsoft Windows Unattended Setup Guide for specific values for an unattended setup file.
See also “Scripted Install for Windows” on page 138.
Add a New Variable Value or Section
Use this dialog box to add new values to each variable or to add new variable sections to the answer
file.
Enter a name for the value or section. If you add a value, then this name displays in the pop-up list and
entered in the cell if selected. If you are adding a section, then this name displays in the new tab in
the Answer File setup dialog box.
Enter a value to be displayed instead of the real value.
Enter an alias that displays in the cell or on the
tab.
See the Microsoft Windows Unattended Setup Guide for your specific operating system values for
an unattended setup file.
Altiris Deployment Solution Help
141
See also “Scripted Install for Windows” on page 138.
Add a New Variable
Use this dialog box to add new variables to the answer file. This variable displays as a row in the
Answer File Setup dialog box.
Name of the variable.
Select a variable name.
Type of new variable.
Select a variable data type. The Default value and Displayed value boxes will
be activated depending on the variable type selected.
Default value of the variable.
Enter values for a list, text, password, or IP address types.
Displayed value of the variable.
Enter an alias for list item types to be displayed instead of the real
variable value.
Description. Enter comments to describe the new variable. It will be displayed in the Description
column of the Answer File Setup dialog box.
See also “Scripted Install for Windows” on page 138.
Command-line Switches for Scripted Install
Use this dialog box to enter Windows commands that are executed from the cmdlines.txt file. You
can also add scripted install command-line switches.
Switches.
Add or edit switch commands to this line for the install program for the scripted install.
Additional commands in the cmdlines.txt file. Enter additional Windows scripted install commands in
this dialog box. The commands will execute in the order they are listed. The provided command
installs the Deployment Agent for Windows during the Install Component phase of the installation.
You can view and edit Deployment Agent settings in the next dialog box.
See also “Scripted Install for Windows” on page 138.
Deployment Agent Settings for Scripted Install
View or edit Deployment Agent for Windows settings in this dialog box. You can change agent
settings using this text-edit dialog box. See “Deployment Agent Settings” on page 94 for a list of the
Deployment Agent properties.
Select this option to apply these settings globally. This is to maintain
consistency in the way agent settings are applied.
Save these settings globally.
See also “Scripted Install for Windows” on page 138.
Scripted Install Summary
View a summary of the selected options for the scripted install. Click Back to change any of these
settings or click Finish to complete the Scripted Install task.
See also “Scripted Install for Windows” on page 138.
Altiris Deployment Solution Help
142
Scripted Install for Linux
The Scripted OS install for Linux provides a wizard to help set up Linux installation files and run
Sample jobs. Follow steps in the wizard to identify the type of scripted install and locate the answer
files. You can also modify and run Sample deployment jobs to remotely run a scripted install on
Linux servers and workstations.
Directory.
Browse to or enter the path and name of the Linux answer file (Kickstart file).
Command-line.
Enter command-line switches.
Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Select the required pre-boot
environment from the Default Automation drop-down list to perform the Backup and Restore task
in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot
environment option. By default the DOSManaged Boot Option type will be selected.
See also “Scripted OS Install” on page 138 and “Scripted Install for Windows” on page 138.
Scripted Install Summary
View a summary of the selected options for the scripted install. Click Back to change any of these
settings or click Finish to complete the Scripted Install task.
Distributing Software
Send MSI Packages, CAB, EXE, and other package files to selected computers or computer groups,
including EBS, and RPM files for Linux computers. This task identifies valid Altiris packages and
assigns passwords and command-line switches.
Distribute software packages to managed computers using the New Job Wizard
or adding the Distribute Software task when Building New Jobs.
1
Enter the name and location of the package to distribute in the Name field.
Note: Information about the package will be displayed in the Description area for valid packages.
If no description is displayed, then the file is not a RIP or a Personality Package.
2
For RIPs, if you set the password option when you created the RIP, you must enter the password
for the package to run.
3
Select Run in quiet mode to install the package without requiring user interaction.
4
Specify the users to associate with the RIP or the Personality Package.
•
Click Apply to all users to run the package for all users with accounts on the computer.
•
If sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
Example: to install a RIP for a specific user accounts on a computer add values to the
Additional command-line switches field:
-cu:”JDoe;TMaya;Domain\BLee”
Note: The command-line switches are specific to any package you are distributing that
supports command-line options, such as MSI and Personality Packages. For a complete list
of command-line switches, see the Wise MSI Product Guide and the Altiris PC Transplant
Pro Product Guide.
5
If distributing an install package or other types of packages with associated support files, you can
click Copy all directory files to install all peer files in the directory. Click Copy subdirectories to
distribute peer files in the directory and all files in associated subdirectories.
Altiris Deployment Solution Help
143
Important: Some clients may have software installed on the client computer that, for protection
against harmful software, only allows software programs on a list of "well-known" executables
to run. Therefore, whenever the system administrator wanted to install a patch on client
computers, he or she would have to update the well-known-executable list on all the client
computers, which could be a lot of work.
To save the work of updating that list, or of manually renaming distribution packages, the
"RenameDistPkg" feature was added. Now, the system administrator may update the wellknown-executable list once with a filename of their choosing. The well-known filename may
then be entered into the Windows registry of the Deployment Server computer (the computer
running axengine.exe), as the "Value data" of a string value named "RenameDistPkg" under the
"HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options" key. If the
RenameDistPkg registry entry is set, then Deployment Server will rename installation files that
are copied to the client computers.
This feature only affects files that are temporarily copied to the client computer as part of a
"Distribute Software" task. The file that is to be executed only during the installation, sometimes
referred to as the "package", is the file that gets renamed, not the files that actually get installed
to various locations on the target computer.
If the Copy all directory files option is enabled task, only the main (installable) file will be
renamed.
6
Click Advanced to specify how files are distributed to the managed computer. You can copy
through Deployment Server, or copy and run directly from the Deployment Share or from
another file server. See “Distribute Software Advanced” on page 144. Click Next.
7
Provide additional command-line switches for distributing software.
8
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
9
Click Finish.
Notes:
•
When a RIP or Personality Package is executed through Deployment Server, the quiet mode
command-line switch is applied. This means the user will not be able to interact with the user
interface on the managed computer.
•
If the Personality Package is configured to run only if a particular user is logged in and only if
the user has an account on the managed computer, the package will run the next time that user
logs in. If the user does not have an account, the package aborts and sends an error back to the
console via the Deployment Agent. If the package is not run through Deployment Server, a
message is displayed on the managed computer and the user is prompted to abort or continue.
See also “Modifying Tasks in a Deployment Job” on page 154.
Distribute Software Advanced
Copy files using Deployment Server then execute. Click this option to distribute packages through
Deployment Server to the managed computer, requiring two file copy transactions if the
Deployment Share is on another file server. This option is run for Simple installs and is the default
option.
Copy directly from file source then execute. Click this option to copy packages directly from the
Deployment Share if this data store is located on another server (a Custom install). It will copy the
file and then run it, avoiding running through Deployment Server and diminishing processor output.
Execute directly from file source.
Click this option to run files remotely from the Deployment Share
or another selected file server.
File source access and credentials. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an issue if both are
on the same domain).
Note: Windows 98 computers have security limitations when copying files directly from the source
to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files using
Deployment Server option for these types of computers or plan a proper security strategy for direct
copying.
Altiris Deployment Solution Help
144
Managing the SVS Layer
The Manage SVS Layer task allows you to instantly activate, deactivate or reset SVS layers. This
task helps in avoiding conflicts between applications, without altering the base Windows
application. You can reduce the testing time for applications, as you can install different versions of
an application on the layers at the same time, and then activate or deactivate the layers as required.
For more information on SVS Help, refer to the Software Virtualization Solution (page 66) section.
Note: This task runs only on Windows computers.
Manage the SVS Layer using the New Job Wizard or adding the Manage SVS
task when Building New Jobs.
Layer
1
After creating a job, click Add > Manage SVS Layer.
2
Enter the .VSA file name in the Layer name drop-down list, or browse and select a .VSA file. You
can also enter a .VSA file path in the Layer name drop-down list. The Console checks if the path
entered is correct. If it finds that the file path is correct and it is a valid .VSA file, it will replace
the path name with the layer name in the .VSA file.
Note: The Console displays a list of the previously selected layers in the Layer name drop-down
list. This will make it easier for you to select a layer from the list, instead of browsing or typing
the .VSA file name again.
3
Select Import Package to import the selected layer and apply the actions present in the Action
drop-down list. The actions are:
Action Name
Description
(none)
Only import package.
Activate
Import package then immediately activate it.
Activate on startup Import package and activate it on startup.
Activate and
Import package, then immediately activate it and activate it whenever the
Activate on startup computer starts up.
4
Click Advanced to copy files using the Deployment Server or copy files directly from the file
source. See“Import Package Advanced” on page 146.
5
Select Manage Layer to manage the selected layer using actions present in the Action drop-down
list. The actions are:
Action Name
Description
Activate
Activate layer.
Activate on startup Activate layer on startup.
Activate and
Activate layer and activate it whenever the computer starts up.
Activate on startup
Deactivate
Deactivate layer.
Deactivate on
startup
Deactivate layer on startup.
Deactivate and
Deactivate on
startup
Deactivate layer and deactivate it on startup.
Altiris Deployment Solution Help
145
Action Name
Description
Delete
Delete layer.
Reset
Reset layer.
Reset and Activate Reset and activate layer.
Reset and
Deactivate
Reset and deactivate layer.
6
Select User defined action to enter a command-line.
7
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
Note: SVS clients have an automatic 120-day license. To purchase a permanent license, please visit
the Altiris Sales website (www.altiris.com/sales.aspx).
Import Package Advanced
Copy files using Deployment Server.
Select this option to copy files using the Deployment Server.
Copy directly from file source. Select this option to copy files directly from their source. If you select
this option, you need to enter the following File source logon details:
User name.
Password.
Enter the user name in this field.
Enter the password in this field.
Confirm Password.
Reenter the password in this field.
Click OK.
Capturing Personality Settings
The Capture Personality task lets you save personal display and user interface settings defined in the
OS for each user. You create a Personality Package that can be saved and distributed when migrating
users. This task will run Altiris PC Transplant from the console to capture and distribute settings.
Capture personality settings using the New Job Wizard or adding the Capturing
Personality task when Building New Jobs. See Distributing Personality Settings
to migrate settings to another user.
1
After creating a job, click Add > Capture Personality.
2
Enter the name of a personality template, or browse and select a template. A default personality
template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). Enter the
name of the folder where you want to store the package.
The personality template lets you define the settings, files, and options to be captured during run
time. Click Template Builder to open a wizard to build a custom template.
3
In User account and folder login, enter the login credentials for the managed computer from which
the personality settings will be captured, and the file server where the Personality Package will
be stored.
4
In Package login, enter a password for the Personality Package. This is a run time password that
is required when the Personality Package runs on the destination computer.
5
Click Advanced to specify additional features.
6
Set Advanced options and click OK. Click Next.
7
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
8
Click Finish. You have now captured a personality setting and saved it as PCT file in the selected
location (most often in the PCT folder on the Deployment Server shared directory on the
Altiris Deployment Solution Help
146
Deployment Share). The Capture Personality task now displays in the Task list. See
“Distributing Personality Settings” on page 147.
Notes:
•
To capture a personality on a Windows 98 computer, make sure that all users have Write
access to the Deployment Server share (by default at C: Program
Files\Altiris\eXpress\Deployment Server in a Simple install). Also, make sure
that the User account and folder login boxes are blank. A user must also be logged on at the
client computer to capture the client profiles. An error will be returned if you attempt to
capture personality settings on Windows 9x computers that are not authenticated. It is
recommended that you don't capture personalities for mixed groups of Windows 98 and
Windows 2000/XP/2003 computers.
•
Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers
to ensure that the appropriate Capture Personality task runs on the appropriate computers.
Capture Personality Advanced
Domain users. Select this option to capture personality settings for all domain users on the computer.
Local Users.
Select this option to capture personality settings for all local users on the computer.
Custom. Specify users or groups to capture personality settings. Select the Custom checkbox and
enter the Users or Groups you want to capture personality settings. Also, instead of specifying
names, you can also select users that have been either created or last accessed in a specified number
of days.
Additional command-line switches.
You can add command-line switches specifically for the PC
Transplant program that migrates personality settings. See the Altiris PC Transplant Guide in the
docs folder of the Deployment Share.
Distributing Personality Settings
The Distribute Personality task allow you to save personal display and user interface settings defined
in the OS for each user. You will distribute Personality Packages to migrate personality settings.
This task will run Altiris PC Transplant from the console to capture and distribute settings.
Distribute personality settings using the New Job Wizard or adding the Distribute
Personality task when Building New Jobs. See Capturing Personality Settings to
create a Personality Package.
1
In the Name box, enter the file name and location of the PCT file.
Note: Information about the Personality Package will be displayed in the Description area for
valid Personality Packages (PCT files). If no description is displayed, then the file is not a valid
package.
If you use a token, such as %COMPNAME% in this field, and you proceed with the job, when
you apply the job to a Windows XP computer, the user must enter input before the job completes.
Altiris recommends you enter a valid Personality Package name and use the Additional commandline switches fields for token values. See the Altiris PC Transplant Pro Product Guide for a
complete list of valid command-line switches.
2
In the Password box, type the password set for the PCT file when created.
3
Select Run in quiet mode to install the package without displaying the PC Transplant screens.
4
Specify the users to associate with the Personality Package.
•
Click Apply to all users to run the package for all users with accounts on the specified
computer.
•
If sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
Altiris Deployment Solution Help
147
Example: to install a Personality Packages for a specific user accounts on a computer, add
values to the Additional command-line switches field:
-user: JDoe; TMaya; BLee
Note: The command-line switches are specifically for Personality Packages. For a complete
list of command-line switches, see the Altiris PC Transplant Pro Product Guide.
5
Click Advanced to specify how Personality Packages are copied to the managed computer. You
can copy through Deployment Server, or copy and run directly from the Deployment Share or
from another file server. See “Distribute Personality Advanced” on page 148. This is optional.
6
Set Advanced options and click OK.
7
Click OK (if you are using the New Job Wizard).
or
Click Next.
8
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
9
Click Finish.
For more information about capturing a computer's personality settings, see the Altiris PC
Transplant Pro Product Guide.
See also “Distributing Software” on page 143 and “Modifying Tasks in a Deployment Job” on
page 154.
Distribute Personality Advanced
Copy files using Deployment Server. Click this option to distribute software packages through
Deployment Server to the managed computer, requiring two file copy transactions if the
Deployment Share is on another file server. Use this option for Simple installs to take advantage of
security rights defined by Deployment Server. This is the default option.
Copy directly from file source.
Click this option to copy packages directly from the Deployment
Share, sending only one copy across the network. It will copy the file and then run it and avoid
running through Deployment Server and diminishing processor output. Because the Deployment
Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data
source, you will need to identify a user name and password for the data share computer from the
target computer. This option also requires a full UNC path name in the Source Path field in the Copy
File dialog box.
Run directly from file source.
Click this option to run files remotely from the Deployment Share or
another selected file server.
File Source Credentials. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an issue if both are
on the same domain).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the
Modify Configuration dialog box. The Deployment Agent will update the property settings and then
restart the computer for changes to take effect.
1
After creating a job, double-click the job, and then click Add > Modify Configuration.
2
Select the Reboot after Configuration checkbox to restart client computer after the configuration
changes are complete. By Default, the checkbox for Reboot after Configuration is selected.
3
Enter or edit the property settings in the Configuration dialog box. Click the category icons in the
left pane to set additional values for each property setting group. See “Computer Configuration
Properties” on page 85.
4
Click Next.
5
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
Altiris Deployment Solution Help
148
6
Click Finish.
See also “Modifying Tasks in a Deployment Job” on page 154.
Backing up and Restoring Registry Files
Important: This feature has been deprecated and will be removed from the product in a later release.
Copy registry files of selected computers using the Back up Registry task and save the registry file
settings to a selected directory. You can also create a Restore Registry task to copy the registry
settings to a managed computer.
Copy registry settings by adding the Back up Registry task when Building New
Jobs. Restore registry settings by adding the Restore Registry task.
1
Enter the directory path to back up or restore registry files.
2
Select the required pre-boot environment from the Automation - PXE or Bootworks environment
(DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected preboot environment. The option reported by the PXE Manager is the default pre-boot environment
option.
3
Select the required pre-boot environment from the Automation - PXE or lets you environments
(DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected preboot environment. The option reported by the PXE Manager is the default pre-boot environment
option. By default the DOSManaged Boot Option type will be selected.
4
Click Advanced if Windows was installed on client computers in a directory other than the
default. Enter the correct path to the root of the Windows directory.
•
Select Include registry information for all users to back up registry keys for all user accounts.
Note: If you clear this checkbox, then only the Administrator and Guest user accounts will
be backed up or restored.
5
Click Next.
6
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
7
Click Finish.
See also “Modifying Tasks in a Deployment Job” on page 154.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that
the Deployment database is up-to-date with the latest computer properties information. You can
view the history of the Get Inventory task in the Computers History pane. See “Viewing a
Computer’s History” on page 110.
•
Click Add, and then select Get Inventory from the list.
Run Script
Select an existing script or write a new script file to run on selected managed client computers.
Altiris Deployment Solution Help
149
Run script files on client computers by adding the New Script task when Building
New Jobs. See Script Information to identify how the script displays, script
security, and an option for server-side execution of the script.
1
If you have a script file defined, click Run the script from file and then browse from the folder icon
to select the file. To read or edit the script file, click Modify.
Note: To run scripts that call an executable, use the start command.
Example: start c:\windows\notepad.exe opens the Notepad application on the client
computer.
2
To create a new script, click Run this script. Type the script in the provided text box, or click
Import and select a script file to import. When a script is imported you can modify it in the text
box.
3
Specify whether the script should be run from DOS, Windows, or Linux.
4
Click Next.
5
Set Script Information. See “Script Information” on page 150.
6
Click Next.
7
Set Return Codes. See “Setting Up Return Codes” on page 157. This is optional.
8
Click Finish.
Notes:
•
When a computer is in automation mode using a DOS configuration, it does not see DOS
partitions. To run a script using the DOS Automation Agent, use FIRM (File-system Independent
Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on
a drive.
•
Deployment Server assumes a return code of zero (0) as a successful script execution. Some
programs return a code of one (1) to denote a successful script execution. If a program returns a
one (1), you will see an error message at the Deployment console even though the script ran
correctly. To modify the return codes, you can edit the script file to return a code that the console
interprets correctly.
See also “Modifying Tasks in a Deployment Job” on page 154.
Script Information
Click an option to run the script on a selected managed computer or to run the script on the
Deployment Server computer.
Script Run Location
On the client computer. The option runs the script on the managed computer to which you assign the
job.
Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of
the managed computer. In most cases you will want to create a server-side script task that runs in
context with other tasks. Example: you can add a task to image a computer and then add a task to
execute a server-side script to post the imaging return codes to a log file stored on the Deployment
Server computer.
Use the -id switch for running scripts on Deployment Server when using the WLogEvent and
LogEvent utilities. See “Using LogEvent and WLogEvent in Scripts” on page 152.
Important: Scripts requiring user intervention will not execute using this feature. The script will run
on the Deployment Server of the managed computer, but will not be visible. Example: if you run a
DOS command locally on the Deployment Server, the Command Prompt window will not open on
the Deployment Server computer when the script executes.
Altiris Deployment Solution Help
150
When running the script on the Deployment Server, it will execute specifically for the assigned
managed computer. Example: if you create a job with a script to run locally on the Deployment
Server and assign the job to 500 computers, then the script will run on the Deployment Server 500
times.
Client Run Environment
Select the environment for your client. You can run in either production or automation mode.
Production - Client-installed OS (Windows/Linux)
Security Context.
This is the type of
This identifies the security options for running scripts.
Default (local system account). Use the network security account established to administrate all
managed computers.
Specific user. If you have selected to run the task on the local Deployment Server, you are
required to enter an administrator user name and password for that Deployment Server account.
(In most cases Deployment Server does not have the Deployment Agent installed, prohibiting it
from using a network security account.)
Script Window. Select how you want the script window to display: minimized, normal,
maximized, or hidden.
Script Options - (Windows/Linux)
Additional command-line switches.
Enter in commands that you want to execute when the script
runs in Windows or Linux.
Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the
automation environment. Select a pre-boot automation environment from the drop-down list.
If you select Linux as the OS type, then the Locally on the Deployment Server option will be disabled
and only the Additional command-line switches under the Production Client installed OS(Windows/
Linux) will be enabled.
If you select DOS as the OS type, then the Locally on the Deployment Server option and the Production
- Client-installed OS (Windows/Linux) option will be disabled.
Example Script
The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful
completion. Here is an example of the file that is modified to return a code of 0 (which is the success
code recognized by the Altiris Console and utilities). You can make similar changes to your script
files as needed.
CONVERT /FS:NTFS
if ERRORLEVEL 1 goto success
goto failure
:success
set ERRORLEVEL = 0
goto end
:failure
echo Failed
set ERRORLEVEL = 1
goto end
:end
Altiris Deployment Solution Help
151
Using LogEvent and WLogEvent in Scripts
The logging features, LogEvent and WLogEvent, accommodates detailed logging to help debug
complex scripts. These utilities include the following features:
•
Logging will be stored in the database instead of a log file.
•
A DOS-based tool can be called from any script file to log status and error codes.
•
The console displays and works with the new status messages.
LogEvent posts status messages back to the Deployment Console, allowing you to view the status
of the script. It is a light-weight reporting tool that can log both status strings and status codes to the
history file and the console.
LogEvent
— Use the LogEvent utility for DOS and Linux scripts.
WLogEvent
— Use the WLogEvent utility for Windows scripts.
The LogEvent and WLogEvent utilities are command-line driven only — there is no user interface.
Use both utilities with the following switches.
LOGEVENT -c:code -id:%ID% -l:level -ss:”message”
code is any number for a return code level.
id
is used for server-side scripting only. For server-side scripts you must add the -id:%ID% switch.
See the Locally on the Deployment Server option on Script Information to select a server-side script.
level is the severity level. The following levels are used:
1 = Information message
2 =Warning message
3 = Critical failure message. Only this level can be used to set up a return code. See “Setting Up
Return Codes” on page 157. The response will not execute for a return code unless a level 3 is
specified when using the LogEvent and WLogEvent command in a script.
message is the status string. If spaces exist in the message, then the string must be contained in
quotes. Specifying a severity level of 3 will cause the script job to fail.
Example Scripts
REM Bootwork unload
Set ImageName=F:\Images\XPIntel.img
rdeploy -mu -f%ImageName% -p1
logevent -l:1 -ss:”Created %ImageName.”
REM Execute WLogEvent.exe from CMD script
REM This script requires WLogevent.exe to reside on the client
REM in the temp directory
.\WLogevent.exe -c:0 -l:1 -ss:"Running Dir on %NAME%"
dir
.\WLogevent.exe -c:0 -l:1 -ss:"Finished with the DIR command on %NAME%"
Copy File to
Copy all types of files to managed computers. You can send selected files or directories to a
computer or computer group.
Altiris Deployment Solution Help
152
Send files to client computers by adding the Copy File to task when Building New
Jobs. Use the Copy File to operation (see the Remote Operations Using
Deployment Solution menu) to copy files quickly from Computers pane in the
console.
1
Click either the Copy File or Copy Directory option. Click Copy Subdirectories to copy all
subdirectories.
2
Enter the directory path and name of the file or directory. The Source path defaults to the
Deployment Share, but you can type or browse to a file or directory.
To copy files or directories through Deployment Server from the Deployment Share, you can
enter a relative path in this field. To copy files or directories directly from the Deployment Share
to the managed computer, you must enter the full UNC path name (see “Copy File to Advanced”
on page 153 features).
Note: When entering the source path for copying files through the Deployment Server, you can
only access the shared directories through an established user account. Specifically, you can only
use UNC paths when you have sufficient authentication rights established.
3
Type the destination path. The Destination path field automatically enters a sample path, but you
can enter the directory path that you require. If the destination path does not exist on the
destination computer it will be created.
4
Click Advanced to specify additional features to copy files through Deployment Server or
directly from a file server. See “Copy File to Advanced” on page 153.
5
Click Next.
6
Set Return Codes. See “Setting Up Return Codes” on page 157 (Optional).
7
Click Finish.
See also “Modifying Tasks in a Deployment Job” on page 154.
Using Location Variables
Location variables are being added to Deployment Server for the Copy Files feature, allowing you
to enter a token variable rather than requiring a complete location path when copying files to a
managed computer (a client computer running the Deployment Agent). The current variables
include:
Temp. Enter Temp in the Destination path to set the Temp directory (identified in the system path)
for the managed computer. Example: instead of entering C:\windows\temp\setup.exe in the
Destination path, just enter temp:setup.exe.
Copy File to Advanced
Select options to copy files directly from the Deployment Share. This option is for files stored on
another network server in a distributed Deployment Server installation.
Copy files using Deployment Server. This option distributes software packages through Deployment
Server to the managed computer, requiring two file copy transactions if the Deployment Share is on
another file server. Use this option for Simple installs to take advantage of security rights defined by
Deployment Server. You can use a relative path name entered in the Source Path box in the Copy
Files dialog box. This is the default option.
Copy directly from file source.
Click this option to copy packages directly from the Deployment
Share, sending only one copy across the network. It will copy the file directly to avoid running
through Deployment Server and diminishing processor output. Because the Deployment Agent
doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you
will need to identify a user name and password for the data share computer from the target computer.
This option also requires a full UNC path name in the Source Path field in the Copy File dialog box.
File Source logon.
Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
Altiris Deployment Solution Help
153
Note: Windows 98 computers have security limitations when copying files directly from the source
to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files using
Deployment Server option for these types of computers or plan a proper security strategy for direct
copying.
Power Control
Start the computer using Wake-on-LAN or run standard power control options to restart the
computer, shut down, or log off the current user.
Wake up, shut down or log off client computers by adding the Power Control task
when Building New Jobs. See the Power Control operation to send commands
quickly from the console.
1
Create a job.
2
Click Add > Power Control.
3
Select an option: Restart, Shut down (if available), Log off or Wake up (Send Wake-On-LAN).
4
Select “Force application to close without message,” if applicable.
5
Click Next.
6
Set Return Codes. See “Setting Up Return Codes” on page 157 (Optional).
7
Click Finish.
Modifying Tasks in a Deployment Job
You can build jobs by adding or modifying deployment tasks. When you modify the tasks in a job,
any computer already scheduled to run the job will run the modified job.
To add a task to a job immediately
If the task (image, batch file, executable, etc.) is saved in the product directory, it displays on your
Resources list in the Shortcuts pane. Simply drag it to an existing job and it will be added
To add a task to a job
1
Double-click the job you want to modify in the Jobs pane.
2
Click Add and select another task from the menu.
3
Follow the basic instructions on each dialog box provided for each task. Select the type of task
you want to add and follow directions.
4
After finishing task configuration, a new task displays in the Jobs list.
5
Change the order of the tasks using the Up and Down arrow buttons. The tasks will execute in
the order listed.
To copy and paste a task
Use the steps below to copy and paste tasks within the same job, or from one job to another. You can
use CTRL+C and CTRL+V to copy and paste tasks.
1
Click the job that contains the task you want to copy in the Jobs pane.
2
In the Details pane, right-click the task, and then select Copy Task. (To copy multiple tasks,
press the CTRL key and select the desired tasks. The tasks that are highlighted will be copied
when you select Copy Task.)
3
In the Jobs pane, click the destination Job where you want to paste the task.
Altiris Deployment Solution Help
154
4
Right-click in the Details pane and select Paste Task. The tasks displays at the bottom of the
task list, and will use the use the condition settings of the current job.
5
Change the order of the task using the Up and Down arrow buttons. The tasks will execute in the
order listed.
To modify a task in a job
1
Double-click the job you want to modify in the Jobs pane.
2
Select the desired task from the list.
3
Click Modify and follow directions to make your changes. Click OK.
To remove a task from a job
1
Double-click the job you want to modify in the Jobs pane.
2
Select the task you want to remove from the task list.
3
Click Delete. Click OK.
To copy and paste tasks
Use the steps below to copy and paste tasks within the same job or from one job to another. You can
also use CTRL+C and CTRL+V to copy and paste tasks.
1
Click the job that contains the task you want to copy in the Jobs pane.
2
In the Details pane, right-click the task, and then select Copy. (To copy multiple tasks, press the
CTRL key and select the desired tasks. The tasks that are highlighted will be copied when you
select Copy.)
3
In the Jobs pane, click the destination Job where you want to paste the task.
4
Right-click in the Details pane and select Paste. The tasks displays at the bottom of the task list
and will use the current condition settings of the destination job.
5
Change the order of the task using the Up and Down arrow buttons. The tasks will execute in the
order listed.
To add a new task to an existing task list
1
Select a job from the Jobs pane.
2
Click on one of the tasks within the job, and then add a new task. The new task is inserted above
the task you highlighted, and all other jobs shift down one position.
3
Use the Up and Down buttons to change the order of the tasks within the job.
Modifying Multiple Change Configuration Tasks
If you have scheduled multiple Modifying Configuration tasks to a computer group, you can doubleclick Change Configuration in the task list of the Details pane to modify each computer’s
configuration settings independently.
1
Click the job in the Jobs pane with a Change Configuration task. Double-click the Change
Configuration task.
A message box will open. Click YES to modify configuration settings individually for each
scheduled computer. Click NO to modify the Change Configuration task when the job is
scheduled again (the current job will send modified configuration files already created).
If you click YES, then a Modify Job wizard will open with a list of each managed computer
scheduled to change configuration settings. Select one or more computers and click Next.
2
In the Computer Configuration Properties property page, modify settings. Click Next.
3
Set Return Codes. See “Setting Up Return Codes” on page 157.
4
Click Finish.
Altiris Deployment Solution Help
155
Creating New Script Files
You can create script files and directly schedule the script file to run scripts on any computer or
computer groups.
To create new script files
1
Go to View > Shortcuts View.
2
Click Resources in the Shortcuts view to move the focus to the Resources view.
3
Go to File > New > Script File.
Note: The Script File option will be activated only if the focus is on the Resources view.
A script file is created by default at the root of the resources. The default file name is Batch.bat.
4
Right-click the Batch.bat file, and select Modify.
Note: You can rename the batch file, by right-clicking the file, and selecting Rename.
5
Type the script in the open file, and save it.
6
Drag the Batch.bat file to a computer or computer group where you want to schedule the job.
7
Specify the scheduling options, and click OK. See “Scheduling Jobs” on page 130.
Copy and Paste Jobs and Job Folders
Jobs or job folders (including their subfolders) can be copied to any other job folder in the treeview
of the Jobs pane of the Deployment Console. A Job folder can only be copied to a root level folder,
which has a limit of 30 subfolders, and cannot be copied to a child level folder.
If you copy a job or folder with the same name as the destination job or folder, the copied job or
folder is automatically named Copy of <job or folder name>. This feature can only be performed by
administrators or users who have been granted permissions to create jobs, or job folders.
To copy jobs and job folders
1
In the Jobs pane, right-click on a job or job folder that you want to copy, and then click Copy.
2
Right-click on the destination job folder in the Jobs pane, and then click Paste.
Importing and Exporting Jobs
Jobs can be exported to back up Deployment Server data or to share jobs between Deployment
Server installations.
To import jobs
1
Right-click in the Job pane, and select Import
or
Click File > Import/Export > Import Jobs.
2
Browse to or type the path and name of an existing import file (a BIN file).
3
Select Import to Job Folder to import the jobs to an existing folder in the Jobs pane. If you have
a folder already selected it displays in the edit field.
4
Select Overwrite existing Jobs and Folders with the same name to replace identical jobs and folders.
5
Select Delete existing jobs in folder to overwrite and replace all jobs in the selected Jobs folder.
Click OK to import the job(s).
To export jobs
1
Right-click the job or Jobs folder you want to export and select Export
or
Altiris Deployment Solution Help
156
Click File > Import/Export > Export Jobs.
2
Select the destination folder and enter a file name.
3
Click the Export subfolders button to export all folders subordinate to the selected job folder.
4
Click OK.
Setting Up Return Codes
When you create a task in a job, you can define a response to specific return codes generated from
that task after it runs. You can determine the response if the task runs successfully or if the task fails.
You can also set up custom return codes generated from scripts or batch files that are unique to your
environment or deployment system.
Note: Return code handling cannot be set up for jobs created in the New Job Wizard.
When creating a task, the Return Codes dialog box displays so you can set a response if the task was
successful or to determine a default response if the task failed. Because Deployment Server returns
a 0 (zero) if the task runs successfully, any other return code value denotes some type of failure in
running the task. As a result, in the Success box you can select an action if the return code is 0 (zero),
or select an action in the Default box if the return code is not a 0 (zero).
Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as
successful, then it will run the action in the Success box. If it is not successful, then it determines if
the return code has been assigned a custom code value. If the return code is defined as a custom code,
then the selected action for that custom code is executed. If no custom code is assigned to the return
code, then the action set in the Default is executed.
Note: If Using LogEvent and WlogEvent in Scripts, you can only generate return codes when the
level 3 message is specified. Specifying a severity level 3 will cause the script job to fail and allow
you to respond using this return code feature.
Return Code Actions
For both successful tasks (in the Success box) and failed tasks (in the Default box), you can
determine these specific actions:
Stop.
This action will stop the job after the task runs. Subsequent tasks will not run.
Continue.
This action will continue with subsequent tasks in the job after the task runs.
Select a job.
This action will allow you to select existing jobs to run after the task completes.
These actions also apply to custom return codes designed specifically for your system.
Custom Return Codes
In the Other return codes area, you can view custom return codes set specifically for your system.
You can add return codes by clicking the Add button below the Other return codes area, or by clicking
the Master Return Code button.
Type a custom code in the Code box, select a response action from the Response list, select the status
from the Status list to specify the interpretation of this return code as Success or Failure, and provide
a message in the Message box. These custom codes can respond to any return codes set up in scripts
or batch files in the Run Scripts task, or these custom codes can respond to system return codes
thrown from Deployment Server or external codes generated when distributing applications,
personality settings, or disk images. Any task can have custom codes that respond to different return
code values.
Master Return Codes. This is a list of all the return codes existing in the Deployment database. You
can add, modify, and delete the codes and their values so that setting codes for other tasks is easier.
This allows you to add a new custom return code for the task. You can also choose to add the
return code to the Master Return Codes list.
Add.
Altiris Deployment Solution Help
157
Modify. This allows you to modify the return codes listed in the Other return codes area. The changes
you make do not update the Master Return Codes list.
This allows you to delete return codes listed in the Other return codes area, but not from the
Master Return Codes list.
Delete.
To set up Master Return Codes
The Master Return Code List dialog lets you:
•
Add, modify, and remove return codes in the master list.
•
Select return codes for the current job from the multiselect list.
To add Master Return Codes
1
Select a job from the Jobs pane.
2
Click Add in the right pane to add a task. Select the task. The task dialog appears.
Note: You can add Master Return Codes for all tasks except Get Inventory.
3
Click Next until the Return codes page appears.
4
Click the Master Return Codes button. The Master Return Codes List dialog appears.
5
Click Add. The Add Return Code dialog appears.
6
Enter the return code in the Code field and click OK. The code is added to the master list.
To modify Master Return Codes
1
Click Modify. The Modify Return Code dialog appears.
2
Enter data in the Response, Result, and Status fields and click OK. The code is modified.
To delete Master Return Codes
1
Click Delete. A warning message appears to confirm the deletion. Click OK to delete the return
code from the Master list.
2
Click OK.
Note: The OK and Cancel buttons apply to the return codes selected. If no return codes are selected,
or none exist in the list, the OK button is disabled. Clicking OK on the Master Return Codes List dialog
allows you to add the selected return codes to the current job.
To set up return codes
To set up return codes, you need to determine how to respond to the Deployment Server success
return code (zero) in the Success box, how to respond to a failure return code (a non-zero) in the
Default box, and how to respond to a custom or externally generated return code defined in the Other
return codes box.
The example below describes how to set up a simple process to deal with custom and system return
codes, and how to interpret the status of user defined return codes:
1
In the Success list box, keep the default value Continue. This allows the job to continue running
additional tasks in the job after successfully completing this task.
2
Click Add to add custom return codes. The Add Return Code dialog box displays.
3
In the Code box, enter a value of 10 (ten).
4
Click the Response drop-down arrow and select Continue from the list.
5
Click the Result drop-down arrow and select Success from the list. This displays that even if the
return code was not zero, success by default, the task will be considered a success as per user’s
choice.
6
Enter a description for the return code in the Status field. This is the message that will be
displayed when the task, within a selected job, executes.
7
Select the Add to Master return code list checkbox to add the custom code to the master return code
list. The code is then listed in both, the Other return code and Master Return Codes list. This is
helpful if you want to use the return code again.
Altiris Deployment Solution Help
158
8
Click OK. The return code is added to the list of Other Return Codes.
9
If the code you added already exists, a message dialog box displays the return code and asks if
you want to replace it. Click Yes to replace the return code, and click No to return to the Add
Return Code dialog box.
10
Select Select a job from the Default box to select a job to be executed when a default condition is
reached. The Select a Job dialog box opens, allowing you to select an existing job that runs if the
task returns a failed system return code (non-zero) or a return code not defined as a custom return
code.
Note: The status of the tasks executed in a job is also displayed in the history of a computer.
Sample Jobs in Deployment Solution
Sample jobs are installed with each Deployment Server system, allowing you to quickly modify or
add parameters, or to run the sample jobs as they are. During installation, jobs are automatically
imported from the samples.bin file to the Deployment Server system where they can be viewed
in the Samples folder in the Jobs area of the Deployment console. Click each job and identify its
features in the Description field of the Details pane.
Jobs in each folder marked with an asterisk (*) require input parameters or other minor modifications
added before running on your system. These modifications allow you to add parameters to the job,
such as user name and password or other required data for the job to be functional. Jobs requiring
input parameters or customizing will not function properly if you do not edit the job with the
information specific to your environment.
All files without an asterisk (*) can be used to perform the identified functions without modification.
However, if the job conditions are not met or are not consistent with the computer type, then you
may get an error. Example: if the Repair Office XP job runs on a computer without MSOffice XP, then
you will get an error when running the job.
Note: When upgrading versions of Deployment Solution, it is suggested that you copy and rename
modified sample jobs to avoid overwriting with new sample jobs.
Initial Deployment
Initial Deployment is a default job designed to help in the process of setting up computers that do
not exist in the Deployment Database. Initial Deployment lets you define how computers are initially
set up after being identified by the Deployment Server.
You can define various computer configuration sets and deployment jobs for the user during startup,
allowing the user to select the computer settings and hard disk images, software, and personality
settings for their specific needs and environment. New computers appear in the New Computers
group in the Computers pane of the Deployment Console.
To access Initial Deployment, double-click Initial Deployment from the Jobs
pane or right-click Initial Deployment and click Properties. The Properties of
Initial Deployment dialog box opens.
Notes:
•
Initial Deployment is ideal for small-scale deployments, from 1 to 10 computers. We do not
recommend this feature for large deployments -- from 10 to 100 computers -- or mass
deployments -- from 100 to 5000 computers. We also do not recommend this feature where you
will use virtual computers, customized jobs, and the computer import feature.
•
Although Initial Deployment is commonly used on computers that support PXE, you can also
configure a boot disk to run Initial Deployment. In this case, the image that you deploy must
include automation pre-boot environment so that post imaging tasks can run successfully.
Installing an Automation Partition on the client computer’s hard disk ensures that future imaging
deployment jobs run successfully.
Altiris Deployment Solution Help
159
Important: To completely deploy and configure a computer using Initial Deployment, you must
define at least one Configuration and one Job.
Initial Deployment consists of a dialog box with three tabs with separate features to deploy new
computers:
•
Configurations
•
Jobs
•
Advanced
Configurations
Click the Configurations tab on the Initial Deployment dialog box to configure different sets of
computer properties. Each configuration set is presented to the user as a menu. The user can select
the configuration set designed for their environment. Compare the Configuration tab with the Jobs
tab.
Important: If you do not create any configuration sets, the deployment process automatically sets
TCP/IP information to use DHCP and names the computer to match the computer’s asset tag, serial
number or MAC address -- in that order, depending on what is available.
1
Double-click Initial Deployment in the Jobs pane drop-down list. The Properties of Initial
dialog box appears.
Deployment
2
Click the Configurations tab.
3
Click Add. Enter values to set computer and network properties for new computers. See
“Modifying Configuration” on page 148 for a list of property categories.
4
Click the Add button again to configure another set of property settings. You can add multiple
configuration sets for the user to select from a menu after connecting to Deployment Server.
5
After setting the properties, click Apply.
6
Click the Default Menu choice drop-down list and choose a configuration set as default.
7
Click the Timeout after ___ seconds and proceed checkbox to specify that the default job runs
automatically after a specified time.
8
Click OK, or click the Jobs tab to define a task.
Advanced Configuration
Click the Advanced button on the Configurations tab to open the Advanced Configuration dialog box.
This dialog box lets you set advanced configuration settings for client computers and provides
different options for processing jobs for client computers.
•
Select Process this job as each client becomes active. This job is processed only when clients
become active.
•
Select Process this job in batch mode. This job is processed for a batch of clients after specifying
Minimum clients and the Timeout in minutes.
•
Select Hold all clients until this time. You can specify the Start time for this job, which runs for all
clients at the specified time.
•
Click OK.
Jobs
Click the Jobs tab on the Initial Deployment dialog box to add existing jobs or create new jobs to
run on the new computer. The jobs you add or build using this dialog box are listed in a menu and
presented to the user during startup. The user can choose deployment jobs to image the computer
Altiris Deployment Solution Help
160
and install applications and personality settings. Compare the Jobs tab with the Configurations tab.
The conditions on jobs are limited to the data that can be accessed at the DOS level (Example: serial
number, manufacturing number, NIC information, manufacturing name).
1
Double-click Initial Deployment in the Jobs pane drop-down list. The Initial Deployment dialog box
appears.
2
Click the Jobs tab.
3
Click New to build a new job. See “Building New Jobs” on page 128.
4
Click Add Existing to add an existing job.
5
Click the Default menu choice drop-down list to select the job as a default.
6
Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the
computer automatically starts the default job. The default setting is 60 seconds.
7
Click OK, or click the Advanced tab to stop servers or workstations from running configuration
task sets and jobs automatically.
See also “Sample Jobs in Deployment Solution” on page 159.
Advanced
Click the Advanced tab to set options to stop Initial Deployment from running the default
configuration task sets and jobs automatically. This avoids accidental re-imaging or overwriting of
data and applications for either workstations, such as desktop, laptop, handheld computers, or
servers, such as web and network servers identified by Deployment Server.
When a computer not yet identified by the Deployment Database is first detected, it is placed in the
New Computers group and run an Initial Deployment configuration set and job. However, in many
cases you do not want web or network servers to be automatically re-imaged without confirmation
from IT personnel.
•
Select Servers. Stops servers from automatically running Initial Deployment configuration jobs.
Servers are identified as the managed computers running multiple processors or identified as a
specific server model from specific manufacturers. Example: both a HP Proliant and a Dell
computer with multiple processors will be identified as a server. Identifying a computer as a
server by OS cannot be accomplished for new computers until the server OS has been installed.
•
Select Workstations/Clients to force desktop, laptop, and handheld computers to stop before
automatically running Initial Deployment.
Altiris Deployment Solution Help
161
Part IV
Best Practices
This section provides details on many of the management tasks available in Altiris®
Deployment Solution™ software.
Altiris Deployment Solution 6.8
162
Chapter 10
Securing Deployment Solution
To effectively manage computers, Deployment Solution requires access beyond the files
and database owned by the application. For example, Deployment Solution requires
rights to install software on managed computers and rights to join computers to a
domain during configuration.
The broad range of tasks performed by Deployment solution enables simplified
management, but also introduces a greater need for strong security policies.
This guide walks you through the phases of security planning including setting access
rights, database security, and securing communications.
This guide is divided into the following sections:
Accounts
Contains instructions to set up the accounts you use to
run the Deployment Solution software and connect to the
database.
Role and Scope-based
security
These security policies control administrator access to
computers, jobs, and settings within the Deployment
Console.
Database Security
Provides the information you need to secure and control
database access.
Securing
Communication
Explains how to secure communication between your
Deployment Server and Agent.
Appendix A: Agent
Installation Rights
Explains the privileges needed to rollout the Deployment
Agent.
Appendix B: Job
Passwords Credentials
Explains how to manage the passwords associated with
specific jobs.
Deployment Server Accounts
To run the Deployment services, perform domain tasks, and provide automation access
to the Deployment share, we recommend creating separate accounts with minimal
privileges to perform each of these tasks. This minimizes security risks while still
allowing Deployment Solution to manage computers.
We recommend creating the following accounts:
Account
Description
Service
The main account used to run the Deployment services,
manage the database, and mange the deployment share.
Domain Join
Used to join computers to a domain during configuration.
Deployment Share
Read/Write
Provides access to the Deployment share in the
automation environment.
Altiris Deployment Solution 6.8
163
The following sections outline the specific privileges that should be assigned to each of
these accounts:
z
Service Account (page 164)
z
Domain Join Accounts (page 165)
z
Deployment Share Read/Write Account (page 165)
Service Account
This account executes the Deployment Server software and manages the Deployment
database.
If your Deployment database, server, and share are on the same computer, you can
create a local account or optionally use the local system account.
If your Deployment database or share is on a different computer than your Deployment
server, create a domain-level account, or create local accounts with the same credentials
on each computer hosting a Deployment Solution component.
This account should not be part of a group, and should not posses interactive login
privileges or any other rights beyond what is recommended in the following table:
Rights
Description
Services
This account should be used to execute the following
services:
z
Altiris Deployment Server Console Manager
z
Altiris Deployment Server Data Manager
z
Altiris Deployment Server DB Management
z
Altiris eXpress Server
z
Altiris PXE Manager
If this account is provided during installation, these
services are already configured with the proper
credentials. If not, this can be changed using the Services
applet.
File System
Grant full control of your Deployment share. This account
does not need administrative privileges on the computer
hosting your deployment share.
Database
Grant database ownership of your Deployment database.
Altiris Deployment Solution 6.8
1.
In SQL Server Enterprise Manager, select Security >
Logins.
2.
Right-click and select New Login.
3.
Browse for the service account you created, then
grant this account db_owner access on the Database
Access tab.
164
Domain Join Accounts
This account provides the privileges required to join computers to a domain during
configuration. You need a separate account for each domain in which you manage
computers.
This account should not be part of a group, and should not posses interactive login
privileges or any other rights beyond what is recommended in the following table:
Rights
Description
Domain
Grant privileges to add computer to domain.
To Add Domain Join Accounts:
1.
In the Deployment Console, click Tools > Options > Domain Accounts.
2.
Provide the accounts you created:
Deployment Share Read/Write Account
This account provides read/write access to the Deployment share.
This account is used to access files in the automation environment, and optionally in
some tasks if it is more efficient to access the Deployment share directly rather than
accessing it through the Deployment Server.
Altiris Deployment Solution 6.8
165
This account should not be part of a group, and should not posses interactive login
privileges or any other rights beyond what is recommended in the following table:
Rights
Description
File System
Grant read/write privileges to your Deployment share.
Deployment Administrator Accounts
Deployment administrators are the people who perform day-to-day work in Deployment
Solution. These accounts are tied to people, have interactive login, and usually have
additional rights across your network depending on their responsibilities.
You need to select a group of administrators to have full administrator rights, then
determine how to grant rights and privileges to other administrators as necessary. The
remaining topics in this section should help.
We recommend creating groups in Active Directory to manage these rights, then add
and remove accounts from these groups as necessary.
Altiris Deployment Solution 6.8
166
Additionally, each Deployment administrator needs to be granted public access to your
Deployment Database. See Rights Required for Deployment Administrators (page 173).
Role and Scope Based Security
Role and Scope-based security controls who has access to what in the Deployment
Console.
One major advantage of the Deployment Solution security model is that administrators
do not require explicit rights on any managed computers. All access is filtered through
the integrated role and scope based security in the Deployment Console.
For example, if you grant an administrator rights to install software on a managed
computer in the Deployment Console, it does not allow him to log in to that computer
and install software. All actions must go through the Deployment Console.
Implementing a strong policy to manage the access granted to your Deployment
Administrators protects managed computers from unauthorized access.
Deployment Console Security
By default, the Deployment Console can be used on your Deployment Server by any
user who possesses rights to log in and run applications. This works well in situations
where you already have policies in place to control server access, and you have a group
of administrators who will have full access to deployment functionality.
If you want to provide more granular access to configuration options, jobs, and
computers, you can enable security.
To Enable Security:
You must add at least one user or group to enable security.
1.
In the Deployment Console, click Tools > Security.
2.
Add a new user or group. We recommend clicking AD Import and importing Active
Directory groups, as this simplifies rights management. The first user or group
added is granted administrator rights. Each additional user or group after the first
are granted no rights and must be assigned rights explicitly.
3.
Security is automatically enabled after a user or group is added.
Additional users or groups can be added using this same method.
Manage By Exception
The Deployment Solution role and scope-based security model uses the concept of
managing by exception. To manage permissions, you make an assignment at a
container level that applies to most of the members of the container, then you manually
add exceptions where needed.
We recommend planning administrator, computer, and job groups so that all permission
assignments can be made at the group level.
Altiris Deployment Solution 6.8
167
Rights and Permissions
The Deployment Console separates privileges into two categories:
Rights
Provide access to console settings, database connections,
domain accounts, and other options. Typically, you restrict
most rights to one or more main administrators.
Permissions
Controls access to jobs and managed computers. These
permissions are usually distributed across all
administrators who perform work in Deployment Solution.
Grant Rights to Administrators
1.
In the Deployment Console, click Tools > Security.
2.
Select a user or Group and click Rights.
3.
Enable the rights you want granted.
Grant Permissions to Administrators
1.
Right click a Computer, Computer Group, or Job and select Permissions.
2.
Select a User or Group, then enable or disable the permissions you want granted.
Permission Rules
Permissions received through different sources may conflict with each other. The
following permission rules determine which permissions are enforced:
z
Permissions cannot be used to deny the user with Administrator console rights
access to use any console objects or features.
z
User permissions take precedence over Group permissions.
z
Deny overrides Allow. When a user is associated with multiple groups, one group
could be allowed a permission at a particular level while the other group is denied
the same permission. In this scenario, the permission to deny the privilege is
enforced.
z
Permissions do not flow down an object tree. Instead, the object in question looks in
the current location, and then up the tree for the first permission it can find and
uses the same.
z
If a console user does not have permissions to run all of the tasks the job contains,
the user is not allowed to run the job.
Database Security
Securing your Deployment database is tied directly to securing the account you use to
connect to the database.
Deployment server requires only one account to have non-public access to the database
(the Service Account (page 164)). This account should be secured by a central
Deployment or domain administrator.
Altiris Deployment Solution 6.8
168
If you follow this process outlined in this document to create accounts and separate
privileges, you can greatly reduce the risk of your database being compromised.
For example:
Your domain or central Deployment administrator creates a new domain-level account
with no interactive login, file system rights to a single folder (deployment share), and
ownership of the Deployment database. The password is provided to run the
Deployment Solution services, then stored securely.
No additional Deployment administrators need this password, and an intruder would
need to compromise a higher level administrator account in order to access these
credentials.
Required Database Rights
This section contains a list of the database rights that need to be granted to use
Deployment Solution, and covers:
z
Rights Required to Install (page 169)
z
Rights Required for the Services Account (page 171)
z
Rights Required for Deployment Administrators (page 173)
z
Configuration of the Public Database Role (page 173)
Rights Required to Install
To install the Deployment Database, you need an account with database create rights.
These rights must be granted to the account you provide during the Deployment
Solution installation.
1.
Open Enterprise Manager and connect to your SQL Server.
2.
Browse to Security > Logins:
Altiris Deployment Solution 6.8
169
3.
Altiris Deployment Solution 6.8
Add a new login, and provide the services account you created in the previous
section:
170
4.
Click the Server Roles tab, and enable Database Creators:
5.
Click OK and verify that the login was added.
Rights Required for the Services Account
The account used to run your Deployment Services needs to have database owner
rights:
1.
Altiris Deployment Solution 6.8
Open Enterprise Manager and connect to your SQL Server.
171
2.
Browse to Security > Logins:
3.
Double-click the account you are using to run the Deployment services. If the login
is not listed, add it.
4.
Click the Database Access tab, select the eXpress database, and enable the
db_owner role:
Altiris Deployment Solution 6.8
172
5.
Click OK and verify that the change was successful.
Rights Required for Deployment Administrators
Each Administrator with console access must be granted public rights to your
Deployment Database. The best way to do this is by assigning public access to the
Active Directory groups containing your Deployment administrators.
This prevents you from manually granting this access to individual administrators as
they are added or removed from Deployment management responsibilities.
1.
Open Enterprise Manager and connect to your SQL Server.
2.
Browse to Security > Logins.
3.
Add each user or group that will manage computers using Deployment Solution.
4.
For each user or group, on the Database Access tab, grant the public role for the
eXpress database:
Configuration of the Public Database Role
If your SQL Server has non-standard restrictions on the Public role, Altiris provides a
tool to correctly configure this role for the Deployment Database. We recommend
performing this procedure if you have security enabled.
1.
On your Deployment Sever computer, browse to C:\Program
Files\Altiris\eXpress\Deployment Server\TechSup\Windows.
2.
Launch the DSDBSecurity.exe utility.
Altiris Deployment Solution 6.8
173
3.
Provide the name of your database server, and optionally, provide SQL
authentication credentials.
4.
Click Connect.
5.
After connection, click Set Role Permissions. A dialog box displays confirming that
the role permissions have been set:
Securing Communication
This section contains guidelines to secure Deployment Solution communication between
the Deployment Server and Deployment Agent, and discusses the following:
z
Deployment Agent Authentication (page 174)
z
Encrypted Communication and Agent Security (page 176)
z
Keyboard Locks in Automation (page 176)
Deployment Agent Authentication
We recommend providing a deployment server hostname rather than using multicast,
and implementing key-based authentication if additional security is needed. Key-based
authentication prevents agents from connection to untrusted Deployment servers.
Key Authentication
Key authentication is enabled on the Server Connection agent configuration page. After
you enable this option, you are prompted to provide the server.key file containing the
server public key for your trusted deployment server. This key is located on your
deployment share. After enabling this option the Agent connects only to the trusted
deployment server.
To Enable Server Connection Security:
1.
In the Deployment Console, right-click a computer or group, then select Change
Agent Settings > Production Agent.
2.
Select Connect directly to this Deployment Server, then provide the hostname.
Altiris Deployment Solution 6.8
174
3.
Altiris Deployment Solution 6.8
Check to Enable key based authentication to Deployment Server, then provide the
path to your server.key file on your Deployment Share:
175
Encrypted Communication and Agent Security
The Security tab on the Agent Settings screen provides additional security options:
Configure additional security options as needed in your environment.
Keyboard Locks in Automation
Lock the keyboard whenever possible in automation. This prevents the session from
being broken manually on the managed computer. If you set up your account according
to the instructions in this document, this risk is greatly reduced as the account you are
using has only read/write access to the deployment share. However, if you are using an
account with broad network privileges this could potentially introduce a large security
risk.
Altiris Deployment Solution 6.8
176
To lock the keyboard, enable the lock option when creating boot configurations in Boot
Disk Creator:
Appendix A: Remote Agent Installer Rights
To initially install the Agent on managed computers, you need an account with Local
User rights. You only need access to this account when performing the one-time Agent
installation, so either use your domain administrator, a domain account with local user
rights, or any other account with local rights. After the agent is deployed, you no longer
need access to this account.
To determine whether you have sufficient rights, browse to:
\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the
Deployment Agent. If you can access this share you have sufficient rights.
Appendix B: Task Passwords
When a task executes, it remembers information about the administrator who executed
it as part of the history. Next time the job executes, these credentials are used.
Altiris Deployment Solution 6.8
177
If the password for the account used to execute the job changes, you need to update the
jobs for a specific account:
1.
In the Deployment Console, click Tools > Options.
2.
Select the Task Password Tab.
3.
Provide the username, old and new passwords for administrator who executed the
task.
4.
Click Update.
Appendix C: Managing Key-Based Agent
Authentication
Key authentication is configured and ready to be enabled after installation. This
appendix contains information on backing up your authentication keys and enabling
redirection to another Deployment Server.
Backing up the Server Private Key
During installation, a private key is generated on the Deployment server and stored in
the registry at the following location:
Altiris Deployment Solution 6.8
178
HKLM\Software\Altiris\Altiris
eXpress\Options\Security\ServerSecurity
This security key should be backed up to a secure location in case this Deployment
server needs to be re-installed. If you re-install without this key, each agent using key
authentication needs to be updated to use the newly generated server.key file.
The public key is located on your deployment share and should be backed up as well.
Enabling Key-based Authentication with Redirection
If your Deployment server is set up to redirect Agents to another Deployment server,
you need to import the server.key from each additional deployment server to the server
which clients initially connect.
In the Deployment Configuration tool, select Options > Authentication. Copy the public
key file from each additional Deployment server, then use the Add Key to add each
server to the list.
Altiris Deployment Solution 6.8
179
Chapter 11
Capturing and Deploying Disk Images
What is a Disk Image?
A disk image is a file containing the complete contents and structure of a hard drive, or
one or more of the partitions on the hard drive.
This file can be used to restore the structure and contents of the imaged hard drive.
Imaging in Deployment Solution
Deployment Solution provides several tools to simplify the imaging process, including
tools to perform hardware independent imaging using sysprep.
Tokens
Database tokens are used throughout the imaging process. When you schedule an
imaging job using the sample imaging job (Jobs > Samples > Imaging > Create Disk
Image), the image is stored as %COMPNAME%.img, and the image description contains
the name of the operating system.
File Systems
RapiDeploy, the imaging engine used by Deployment Solution, understands the Windows
file system and captures just the data. So, an image of an 80 GB hard drive only
requires as much space as the data on the disk.
How Imaging Works
1. Computer boots to automation.
2. The rapideploy executable creates the disk image and transfers it to a remote location
or reads the disk image and restores the target partition or hard drive.
File Systems
Hard disks are imaged differently depending on the file system that is used. The source
disk or partition is not changed.
FAT, NTFS, EXT2, and EXT3. Imaging is file-based. RapiDeploy copies real data file by
file, resulting in a clean, defragmented image that can be resized and restored to a disk
of a different size.
Other File Formats. For other file systems, the disk is read sector by sector regardless
of which sectors are in use. The image mirrors the contents of the disk. These formats
are not resizable.
Altiris Deployment Solution 6.8
180
Partitions
When you create an image, you can image a partition, a group of partitions, or an entire
hard disk. Any partition on a hard disk can be imaged.
When a computer receives an image, you can select which partitions to download. The
default setting is to restore all partitions, which would overwrite any existing partitions.
To keep an existing partition, you can specify which partitions to download and which to
ignore. You can also use command-line switches to keep existing partitions.
Partition slots on the target computer will be, by default, the same as the image source
PC. A partition occupying slot 3 in the image file will be by default in slot 3 on the target
computer.
By default, the following partition types will not be overwritten:
z
Automation partitions
z
OEM system partitions
The default behavior can be overridden.
Partition Size
When you are restoring an image to a computer, the destination hard disk may be a
different size than the disk imaged. If there are multiple partitions, the partition size
percentage of the Client PCs will, by default, be the same as the image source.
Example:
If you image a 100 GB hard disk where 40% (40 GB) of the disk is a Windows XP
partition and 60% (60 GB) is a data partition, a Client PC with a 200 Gigabyte disk will
use the same percentages. The size of the Windows XP partition will be 80 GB and the
data partition will be 120 GB.
RapiDeploy also offers a partition resize feature that allows you to manually resize the
partitions to a size that you specify.
Spanning Media
The maximum size for a single image file is 2 GB. Images which exceed this amount are
automatically split into multiple files.
Example:
If you named your image file basepc.img, and the image is split into four files, the
following files are created:
z
basepc.img
z
basepc.002
z
basepc.003
z
basepc.004
You can set the split image file size to be between 1-2040 MB.
Altiris Deployment Solution 6.8
181
Multicasting
How Multicasting Works
The Master PC manages the multicast session. The multicast transmission is
synchronized by the Master PC, so it will only go as fast as the slowest computer in the
group. If a single computer fails, it will drop out of the session and the session will
continue.
The Master PC can multicast images to Client PCs in the following three ways:
z
While the Master PC downloads an image from a file server and manages the
simultaneous imaging of the Client PCs
z
While the Master PC creates an image on a file server and manages the
simultaneous imaging of the Client PCs
z
While using its own hard disk as the source and sending the contents to Client PCs
HTTP Imaging
When capturing or deploying an image, you have the option of providing a URL as the
path to an image file. This is non-typical interaction, and requires some configuration on
your Web server.
Your Web server needs the following:
z
Unlimited keep alives enabled.
z
Upload access if you want to upload images
In Apache 2, enable unlimited MaxKeepAliveRequests in your httpd.conf file. You also
need to obtain and install mod_put module to enable image uploading.
In IIS, consult your documentation for information on enabling keep alives and uploads.
Basic authentication is supported, Windows digest authentication is not supported. You
might also need to specify a file type of application/octet-stream for your images to
prevent errors.
Capturing Images
See Creating a Disk Image on page 134.
Deploying Images
Distributing a Disk Image on page 135.
Post-Imaging Configuration
Because images contain a generic operating system, you will probably want to set up
unique configurations such as OS license, networking, TCP/IP, and user account settings
on each computer that receives an image. This section briefly describes the options that
are available in the Post-Imaging Configuration wizard page.
Altiris Deployment Solution 6.8
182
Important
To use this feature, you must make sure that the Deployment Agent is installed on the
computer that you will create the image from. After a computer has received an image,
the Deployment Agent applies the configurations you set, and reboots the computer so
the changes take effect.
Managing Images
You can view and make changes to RapiDeploy image files (*.img) using the Altiris
ImageExplorer. For more information, see Altiris ImageExplorer on page 263.
Altiris Deployment Solution 6.8
183
Chapter 12
Migrating Application Data and User Settings
To perform migration, Deployment Solution uses an integrated technology called Altiris
PC Transplant. A complete guide to PC transplant can be viewed by launching the PC
Transplant Editor (Deployment Console > Tools > PC Transplant Editor). PDF versions
are available in
Altiris Deployment Solution 6.8
184
Chapter 13
Software Packaging
Deployment Solution includes the robust Wise Packager for Altiris Deployment Solution.
This article presents an overview of the Wise Packager, including a walk-through of the
software capture and distribution process. Information for users migrating from
RapidInstall to the Wise tools is provided as well.
Why Use Software Packaging?
Installing and managing software is a major part of successful computer management.
Often, a software package you require does not provide options for remote or
automated installation, and might require additional configuration after installation.
These situations can require you to manually install and configure software, or include a
large number of programs in your standard images which can require frequent updates.
The Wise Packager repackages and customizes your existing installations to create
consistent, flexible software installation packages. These packages use the Windows
Installer format (MSI), which provides many benefits over traditional installations. This
format is explained in Appendix B: Windows Installer Format Explained (page 187).
Other reasons you might want to repackage include:
z
Supporting corporate standards by customizing the way applications are installed.
z
Creating silent installations or limit the options available to end users.
z
Creating transforms for the repackaged installations.
z
Changing the source paths in the installation to UNC paths.
z
Building complex launch conditions using Windows Installer runtime properties that
test aspects of the destination computer.
These software packages can be as simple as a single file copy or a registry change, all
the way up to a pre-configured, silent installation of a complete application.
Overview of the Software Packaging Process
The software packaging process uses the tools that compromise the Wise Packager:
Wise SetupCapture, and Wise MSI Editor.
Wise SetupCapture records changes made to a computer by an installation program,
then bundles these changes into a Windows Installer package (.MSI). Wise MSI Editor
lets you customize and create MSI installation programs.
To repackage software, you use Wise SetupCapture to create a snapshot of the files and
settings on a computer, then execute an existing installation. SetupCapture records the
changes made by the installation and compares these changes to the initial snapshot.
Any changes detected are added to an installation package.
You can then use Wise MSI Editor to customize the installation.
Altiris Deployment Solution 6.8
185
The following sections provide additional details on this process:
Step
Description
Setting up a Reference
Computer (page 186)
This computer hosts the capture process.
Capturing a Software
Package (page 186)
Using Wise Setup Capture to capture changes to the
reference computer.
Customizing a Software
Package (page 187)
Adding and removing files, registry settings, and other
installation options.
Distributing a Software
Package (page 187)
Getting your package to the right managed computers.
Setting up a Reference Computer
To host the capture process, we recommend setting up a computer with just the basic
operating system and no additional software. This helps prevent situations where the
necessary changes are not captured due to pre-existing software or other conflicts.
The capture process is not resource intensive, so any recent desktop computer should
work fine as the reference computer.
Accessing Wise SetupCapture
After the operating system is installed, you need to provide the reference computer
access to Wise Setup Capture. This tool does not need to be installed; in fact, it can be
executed directly from the Deployment share.
The easiest way is to first install AClient, then use the Create Wise Packager Shortcuts
sample job to add shortcuts to execute the software from the Deployment share.
(Shortcuts are placed at Start > All Programs > Altiris > Deployment Solution.)
You could also copy the Wise Packager folder from your Deployment share to the
reference computer, or create the shortcut manually (use the sample job as a starting
point).
After you have a way to execute Wise Setup Capture on the reference computer,
continue to the next section, Capturing a Software Package (page 186).
Capturing a Software Package
What Can I Capture?
Depending on the complexity of the installation, certain programs are better candidates
for repackaging than others. Installations that perform simple file copies and registry
changes, such as WinZip, Adobe Reader, and others, are simple to repackage.
As the complexity of the installation increases, additional customization is often
required. Client/server applications, and applications that make API calls (such as
antivirus software) can be very difficult to repackage. Fortunately, many of these
applications already provide their own tools for automated and remote installations.
Installations already using the MSI format should not be repackaged because remote
installation and other advanced features are already supported. Making modifications to
Altiris Deployment Solution 6.8
186
vendor-supplied MSIs is not recommended since it could introduce incompatibilities with
future updates.
Hardware drivers, operating systems and updates should not be captured, due to their
complexity and Windows File Protection.
The Capture Process
Before you begin, review the guidelines in Appendix C: SetupCapture Guidelines
(page 190).
Copy the installation programs you want to repackage to the reference computer or to
an accessible share, then launch Wise SetupCapture. (If you added shortcuts, Start > All
Programs > Altiris > Deployment Solution > Wise SetupCapture. Make sure you run it
on the reference computer, not the server.)
After providing a name, select options for this capture. The default options should work
fine, though if you want to capture file and registry deletions you need to select these
options. Complete details on these options are in the Wise
Packager\Help\WisePackager.chm help file on your Deployment share.
The remaining on-screen prompts guide you through performing an initial scan,
capturing changes, then completing the process.
After this process completes, review the captured changes and add stand-alone files and
registry settings in the next section, Customizing a Software Package (page 187).
Customizing a Software Package
Open the Wise MSI Editor and open the MSI you captured. (If you added shortcuts, Start
> All Programs > Altiris > Deployment Solution > Wise MSI Editor.)
Complete details on using Wise MSI Editor are in the Wise
Packager\Help\WisePackager.chm help file on your Deployment share.
At a minimum, you should review and update the properties on the Installation Expert
pages.
Distributing a Software Package
After you have created a software package, use the powerful automation tools provided
by Deployment Solution or Software Delivery Solution to distribute this package to
managed computers.
Appendix A: Migrating From RapidInstall
We recommend migrating from RapidInstall to the Wise Packager to leverage the
benefits of the MSI format, including self-healing, automatic uninstall and rollback.
To convert existing RIP packages to MSI format, use the RiptoMSI.exe migration utility.
This utility is in the RInstall folder on your Deployment share.
Appendix B: Windows Installer Format Explained
To create a streamlined process for installing and managing applications, Microsoft
developed the Windows Installer service. It consists of the following:
Altiris Deployment Solution 6.8
187
z
A set of guidelines.
z
An Application Programming Interface (API).
z
A runtime service that makes application installation and management part of
Windows services.
Windows Installer is not a installation authoring tool, but rather an installation engine
and rule set.
The Windows Installer engine resides on the destination computer as part of the
operating system. Instead of an installation executable (such as setup.exe), the
Windows Installer executable (msiexec.exe) reads the installation database (.MSI)
which contains instructions and installation files. The .MSI uses highly structured,
uniform data tables. There is 100% accountability of where each file installs and a
thorough log of which files belong to which applications, so individual files are restored
to repair damaged applications.
Each table contains different installation information such as Class, Components,
Features, Files, Execution Sequence, and Registry. Logic built into the Windows Installer
engine prompts for a reboot, checks disk space, and follows file-version-replacement
rules. When opening an .MSI, msiexec.exe reads the database and builds a transaction
list that it follows to complete the installation. If the installation fails, Windows Installer
performs a rollback, which returns the computer to its previous state.
Advantages of Windows Installer
Before Windows Installer, every software application had its own setup executable file
(usually setup.exe or install.exe). Although many software manufacturers used common
installation tools like Wise Installation System, others used highly proprietary
installation technologies. This made the user’s experience inconsistent from one
installation to the next, and the operating system had to contend with redundant code in
different applications. Applications could not be administered after installation, except to
rerun the setup program.
Windows Installer implements a single built-in execution engine and replaces the
installation executable with a database file (.MSI). The database stores the application’s
program files and setup instructions and can readily access this information if the
application requires maintenance.
Using Windows Installer results in a solid, robust installation that reduces the total cost
of ownership and enables compliance with the Microsoft rules for software installation.
Because Windows Installer is part of the operating system, it provides benefits that are
unavailable in traditional installation technology.
Altiris Deployment Solution 6.8
188
Windows Installer
Benefits
Description
Self-healing
With self-healing (also called automatic repair and selfrepair), the application repairs missing components.
When an application starts, Windows Installer checks a
list of key files and registry entries. If it detects any
problems, Windows Installer repairs the application using
a cached database that contains key paths to application
components.
Publishing
Applications appear in the Add/Remove Programs applet
and can be installed to the destination computer by the
user.
Rollback
When the installation fails, the installation reverts to the
previously installed state. This prevents having an
incomplete or broken application.
Advertisement
Also called install-on-demand, advertised features do not
install but appear installed to the user. When the user
selects an advertised feature, the installation occurs.
Componentization
Components group resources together so they move as a
unit, which gives you more control during installation.
Standardization
Applies rules to installed application files that look at a
file’s version and its shared .DLLs to prevent conflicts
between applications.
Version Rules
Decides whether to install a file to a directory by looking
at a file’s date, language, version, and the modified date
on a non-versioned file.
Reference Counting
Tracks which applications have installed every file and
registry key on the computer on the component level, so
the Windows Installer service always knows exactly what
is needed for an application to run, and what is no longer
used during uninstall.
Customization
Transforms customize an .MSI to a particular user group’s
needs.
Elevated Privileges
Runs an installation using administrative rights. This
invokes the system’s security rights, restricts data and
commands, and enforces rules when running the
installation. Msiexec.exe and the Windows Installer
service approve the elevated privileges request.
Assignment
Assigns advertised or installed applications to a user’s
profile so when the user logs in, these applications appear
on the destination computer.
Open Architecture
Lets you choose from a variety of authoring software and
allows you to customize previously created installations.
Total Cost of Ownership
Windows Installer makes installations easier to install,
maintain, and support.
Altiris Deployment Solution 6.8
189
Windows Installer
Benefits
Description
Dynamic Source List
Provides sources for the MSI to repair from and enable
advertising. Multiple possible locations for the MSI
package are listed, ensuring access even between
different networks.
Group Policy and
Security
Sets privileges to control the user and application rights,
and provides a more secure environment.
User Policy
Defines a user’s privileges.
System Policy
Lets you set policies on a per-computer basis, which lets
you run an entire installation in elevated privileges and
define only those rights users have while an installation
runs.
Appendix C: SetupCapture Guidelines
z
Run SetupCapture on a clean reference computer.
z
Do not run SetupCapture from the Deployment Solution Console; run it on a client
computer.
z
During a capture, SetupCapture attempts to convert computer- and user-specific
data in the registry to generic data that will work on any computer. It does this by
searching for standard paths (example: C:\Winnt) and replacing them with Windows
Installer properties (example: [WindowsFolder]).
z
Part of this process includes searching for the computer name and currently loggedon user name. To make the search for computer and user names as accurate as
possible, make sure the computer name and user name on the capture computer
are set to unique names 4 or more characters in length. Avoid having the user name
or computer name set to any common file or folder names. An example of a unique
user name is: repackage-1-user.
z
Before you run SetupCapture, exit all other applications, including background
services or applications. (Example: Norton AntiVirus.)
z
During SetupCapture, changes to an .INI file are recorded as changes to an .INI file
only if the .INI file follows standard .INI file format. Otherwise, the changes are
recorded as a file change.
z
Do not capture an .MSI-based installation. Instead, open the .MSI directly in Wise
MSI Editor. To customize it for specific workgroups, create a transform.
z
SetupCapture does not monitor any internal logic within the installation and it does
not replicate the user interface of the original installation.
z
SetupCapture creates a separate feature for each .EXE that's installed that has a
shortcut. Isolating .EXE components into features results in more efficient repairs,
because if there is a problem with a component, only the problem component and
the .EXE are reinstalled instead of the entire feature containing the problem
component.
z
To capture an uninstall, you must mark Include files deleted during capture and
Include registry keys deleted during capture in SetupCapture Configuration General
Settings. In Wise MSI Editor, deleted items are located in the RemoveFile and
RemoveRegistry tables in Setup Editor > Tables tab.
Altiris Deployment Solution 6.8
190
z
Altiris Deployment Solution 6.8
Registry keys that define an environment variable are converted to an environment
variable in the repackaged installation.
191
Chapter 14
Deploying Scripts
Altiris Deployment Solution provides a number of pre-defined tasks you can combine to
create complex management jobs.
When you need to perform a management task that isn’t covered effectively by the
predefined tasks, DS provides an environment to pre-process, deliver, and execute
VBScripts, batch files, and shell scrips. These scripts have access to the full processing
capability of the OS command processor, as well as several additional features provided
by Deployment Server:
z
Access to your eXpress share and any other network resources available in the
production or automation environment.
z
Intelligent access to values stored in your DS database. DS retrieves values based
on the computer currently running the script, so a single script can provide unique
values for 1000’s of computers.
z
Firm, logevent, and other Altiris tools.
The following diagram illustrates how scripts are processed by DS. Each step of this
process is discussed in greater detail in this section:
When creating a script, you target it for the automation or production environment, and
specify the OS for the script. When a scripting task runs, the server pre-processes the
script for database tokens, delivers and executes the script, then returns any error
messages generated by the script.
Altiris Deployment Solution 6.8
192
Using the flexibility of tokens and the processing power of the command processor of
your OS, you can develop and deploy scripts ranging from a simple file search to a full
system customization.
This chapter discusses how to effectively create and deploy scripts in your DS
environment.
Writing a Script
Scripts can be deployed to the DOS, WinPE, and Linux automation environment, or to
the Windows or Linux production environment. Unlike other tasks, the scripts you write
vary greatly depending on the target environment and OS.
The core of each script you write uses the functionality provided by the command
processor of your OS. There are utilities and commands for each environment to
perform a broad range of management tasks.
One of the biggest advantages to deploying scripts using DS is that a script is processed
independently for each computer. Database values specific to each computer can be
retrieved using the same token in your script, saving you from polling the computer and
executing a database query before you can perform a task. The same %COMPNAME%
token can provide a unique value for each computer that runs this script.
When a script is processed, DS first parses each script for two things: tokens, and
predefined server scripting commands. Tokens are replaced, then additional action
might be taken based on the commands found before the script is delivered to the
target.
The predefined server scripting commands are keywords defined for replacing tokens in
other files, running vbscripts, performing scripted installs, unloading BootWorks, and a
special deployment command for Blade servers. These additional keywords are
discussed in the Server Scripting Commands section.
Server Scripting Commands
DS provides several predefined commands you can use when deploying scripts. These
commands are processed before a script is deployed to a client. Each of these scripting
commands must be marked by the correct comment flag to prevent them from being
processed by the OS:
The following table contains the comment flags for each scripting environment:
Comment Flags
Flag
Location Used
REM
Batch files.
REM [servercommand]
#
Linux shell scripts.
# [servercommand]
‘
Visual Basic scripts.
‘ [servercommand]
Altiris Deployment Solution 6.8
193
The following table contains the predefined server scripting commands:
Server Scripting Commands
Command
Description
BootWorks
Unload
Unloads BootWorks to provide additional memory for complex scripts.
BootWorks is unloaded automatically when you specify ScriptedInstall.
BootWorks Unload
ReplaceTokens
Tokens are replaced automatically in your scripts. This command
replaces tokens in additional files, such as those used when
configuring a computer. Source represents the source file containing
the tokens you want replace, and destination represents the output
file after tokens are replaced.
ReplaceTokens [source] [destination]
ScriptedInstall Indicates that this script is launching a scripted install. 394k of free
memory is required for the Windows scripted install to run. BootWorks
is automatically unloaded for scripted installs.
ScriptedInstall
Deployment
Start
When using blade servers, this option places a note in the history to
mark a starting point.
If a redeployment is later executed on this computer, the computer is
restored from the deployment start mark in the history.
Deployment Start
vbscript
Indicates that this script contains vbscript. If this appears anywhere in
your script, the entire script is executed as a vbscript (you cannot
execute batch commands and vbs commands in the same script).
The ‘ comment flag is always used with the vbscript server command
when writing Visual Basic scripts to ensure that it is ignored by the VB
processor.
‘ vbscript
Retrieving Database Values Using Tokens
Any tokens contained in a script are replaced automatically. A server command is also
provided to replace tokens in other files, called ReplaceTokens.
Example: to deploy a custom sysprep.inf file to several computers, the ReplaceTokens
command could be contained in a script to replace tokens in sysprep.inf, then this file
could be copied with the correct database values to the production drive of the
computer.
A script to perform this task might look similar to the following:
REM ReplaceTokens .\temp\sysprep.inf .\temp\%COMPNAME%.txt
Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf
When replacing tokens, the server creates a temporary file in the \tmp folder, named
machinename with the same extension as the original script. This file contains a copy of
the script with all token replacements made by the server, and is a valuable tool for
troubleshooting.
Altiris Deployment Solution 6.8
194
After replacing tokens in the script itself, the server processes the next command in this
script: ReplaceTokens. Since the token replacement process already replaced the
compname token, the ReplaceTokens command works as expected and creates a unique
system.inf file for each computer, containing values unique to that computer.
The script is then delivered to the client, and the Firm utility finds the correct file on the
eXpress share to copy to the production drive. A similar process can be used to deploy
configuration files to Linux computers, as a large number of Linux configuration files are
text-based.
If you perform Linux configuration often, you might want to set up an additional
database containing common configuration values you can retrieve using tokens.
Running Scripts on the Server
Scripts can optionally execute on the server on behalf of the client. This is very
important to understand, because token replacement and other commands are based on
the client assigned the job, not the server.
Example: consider the script we reviewed in the previous section:
REM ReplaceTokens .\temp\sysprep.inf .\temp\%COMPNAME%.txt
Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf
If we marked this script to execute on the server, the initial token replacement still
contains the name of the computer targeted by the scripting task. However, the
command in the second line fails because the server looks for the paths specified by
Firm on the server, not the client.
This is valuable when you want to retrieve tokens specific to a number of computers, but
the script can execute successfully on the server. This can relieve network traffic and
prevent interruptions on managed computers.
However, when a script runs server-side, the script is executed separately for each
computer assigned to the task. A task assigned to 500 computers causes any serverside scripts in the task to execute 500 times on the server. If you have processor
intensive commands, you might want to avoid server-side execution to prevent
disruptions on your server, or perform the task during off-hours.
Also, when running scripts server-side, avoid commands that require interaction. The DS
service does not have interaction with the desktop, so there is no way to provide even
simple feedback in scripts that run server-side.
Reporting Errors
One of the biggest challenges when running scripts is implementing effective error
reporting and feedback.
In DS, every task has the ability to handle error codes returned from a job, and take
action based on this code. By default, a scripting task returns a 0 for success, and a 1 if
the script fails to execute. This might be sufficient for a simple script, but scripts can
often execute successfully yet still fail to perform the intended tasks.
Additionally, if you create a batch file with three commands, the status reported on
completion is the status of the final command in the script. The first two commands
might return errors, but if the final command is successful you receive a status of
success.
Altiris Deployment Solution 6.8
195
To provide additional feedback when running scripts, Altiris provides an error logging
utility, called logevent, for DOS, Windows, and Linux.
This utility lets you send error, warning, and informational messages back to your server
from within scripts, and job execution can be stopped based on the messages you
return.
When executing scripts, it is important to note that DS cannot stop script execution
directly; DS delivers the script and returns the execution status, but the OS handles the
actual execution. DS does not automatically stop script processing when an error is
encountered, you must provide that logic in your script.
Usage:
LOGEVENT
[-c:#] [-l:#] [-ss:Msg] [-n:Prog]
Logevent
Parameter
Description
[-c:#]
A ReturnCode between -32768 and +32767. Default = 0
[-l:#]
Additional indicator of type of message.Where # = 0-3; 0 = Unknown, 1
= Information, 2 = Warning,
[-ss:Msg]
Any string enclosed in double quotes. Default = "No Message"
[-n:Prog]
Name of the program that was executed. Default = "User Defined"
DOS/CMD Error Handling
In the DOS automation environment, the logevent utility is called LOGEVENT, and is
available on your eXpress share. Since this is the default directory in the automation
environment, LOGEVENT can be executed directly in your scripts.
In the Windows production environment, the logevent utility is called WLogevent.exe. In
order to use WLogevent.exe, you must make the executable available to the Windows
client, either by providing it with an image, a software deployment, or by simply copying
the file directly before your script executes.
On DOS, events are queued until the script completes, then they are returned to the
server. The Windows and Linux utilities return messages as soon as they are
encountered.
The following script uses GOTO commands to control how a script is processed based on
the outcome of executed commands, and uses logevent to return the script status:
@ECHO OFF
REM Call requestNewHardware.exe. This fails and returns an error.
requestNewHardware.exe
IF ERRORLEVEL 2 GOTO TWO
IF ERRORLEVEL 1 GOTO ONE
GOTO END
:TWO
Altiris Deployment Solution 6.8
196
LOGEVENT -c:2 -l:3 -ss:”Bad command or file not found.”
GOTO END
:ONE
LOGEVENT -c:1 -l:1 -ss:”Error 1.”
:END
Visual Basic Error Handling
By including the 'vbscript server command in a script deployed to a Windows or DOS
environment, DS executes the script using Visual Basic.
Visual Basic has a powerful, integrated method to handle errors. In these scripts, use
WLogevent.exe to report script status to the server after you have used the built-in
mechanisms to retrieve errors.
The following script contains an example of error handling in Visual Basic script:
On Error Resume Next
Set WSHShell = Wscript.CreateObject("Wscript.shell")
' look on the local computer
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer &
"\root\cimv2")
ErrNum = Err.Number
If ErrNum = 0 Then
Set colNetCards = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled
= True")
'cycle through all of the nics
For Each objNetCard in colNetCards
' if it is the nic we are looking for change the dns
For Each objAddress in objNetCard.IPAddress
If objAddress = "%NIC1IPADDR%" Then
' Set up the array of DNS entries for the NIC
arrDNSServers = Array("172.17.0.202", "172.17.0.201")
objNetCard.SetDNSServerSearchOrder(arrDNSServers)
WSHShell.Run ".\WLogevent.exe -c:0 -l:1 -ss:""Changing DNS
for NIC1""", 1, true
Altiris Deployment Solution 6.8
197
End If
Next
Next
Else
WSHShell.Run ".\WLogevent.exe -c:" & ErrNum & " -l:3 ss:""Error:" & _ Err.Description & """" , 1, true
Err.Clear
End If
Linux Shell Error Handling
The logevent command is provided in the Linux agent, so any Linux computer with the
agent installed has local access to logevent.
Similar to Visual Basic script, Linux provides a powerful method to track error values.
When running scripts on Linux, use logevent to report the status to the server after you
have used the built-in mechanisms to retrieve errors.
The following script contains an example of error handling on Linux:
#!/bin/sh
export PATH=$PATH:/opt/altiris/deployment/adlagent/bin
grep foo foo.txt
ERRVAL = $?
if [ $ERRVAL -ne 0 ]; then
logevent -c:$ERRVAL -l:3 -ss:“error executing grep"
fi;
Altiris Deployment Solution 6.8
198
Chapter 15
Creating an Image Distribution Framework
Why Use an Image Distribution Framework?
In distributed networks, your ability to effectively manage computers is often limited by
the speed of your network link to remote locations. In Deployment Solution, computer
imaging can often require file transfers in excess of several gigabytes, even when
multicasting. This can cause centralized management to become a major bottleneck,
limiting your ability to manage computers at these remote locations.
The following diagram outlines a typical network topology that can benefit by
implementing an image distribution framework. It consists of a distributed network with
several remote locations and subnets connected using routers over permanent, reliablebut-slow WAN links:
Typically, managed computers at remote locations would be required to access image
files often over several gigabytes over this LAN link.
Implementing an image distribution framework enables you to replicate your images to
a local image store for use during imaging tasks.
Altiris Deployment Solution 6.8
199
PXE Redirection
PXE solves this problem by enabling you to redirect a shared PXE configuration to a
configuration on a local PXE server. This lets you assign a job across multiple locations,
and have computers at each location boot using a local PXE server with configuration
specific to this location. Within this configuration, you can map local file shares
containing disk images.
Important:
If PXE is available, we recommend using up PXE redirection instead of following the
process outlined in this document.
What if I Am Not Using PXE?
If you are not using PXE, Deployment Solution provides a set of tools to let computers
automatically retrieve the correct image file locally. Using these tools is described in this
document.
Tools
The tools referenced in this document, such as getsrv.bat and server.lst, are available on
your Deployment share in the TechSup\DOS\getsrv folder.
Creating a Distribution Framework
The following provides a basic outline of an image distribution framework:
z
Each subnet has a file server to host a local image store.
z
All managed computers, regardless of location, connect to the local image store to
retrieve images. This eliminates downloading an image over the WAN link before an
imaging operation.
z
The location of each managed computer is determined automatically based on IP
address using a custom utility. Using this method, the same distribute image task
can be used to image one or more computers regardless of location.
Complete the following tasks to implement an image distribution framework:
z
Step One: Set Up Local Image Stores (page 200)
z
Step Two: Replicate Images (page 201)
z
Step Three: Configure the Server Lookup Utility (page 201)
z
Step Four: Create a Boot Disk Creator Configuration (page 202)
z
Step Five: Distribute an Image (page 203)
Step One: Set Up Local Image Stores
A local image store should be set up on a file share at each remote location. Each share
hosting an image store should have the same name and folder structure. In other
words, the path to your images must be identical with the exception of the server name.
To control access to these shares, we recommend creating a domain-level account with
read/write access to each share, or alternately, a local account with the same username
Altiris Deployment Solution 6.8
200
and password on each server. This account should not possess group membership,
interactive login privileges, or any additional rights.
This account is specified when creating the boot configuration in Boot Disk Creator, and
the username and password must be the same for each share.
Step Two: Replicate Images
Before an image can be used, it must be replicated to the image store file share at each
location. There are a number of file replication solutions available, and most companies
already have a process in place for replicating data between remote sites.
Before attempting an imaging job, make sure the necessary image files have been
replicated to the local image store.
Step Three: Configure the Server Lookup Utility
To simplify the process of accessing images at remote locations, a tool called getsrv.exe
was developed to retrieve the IP address of each managed computer then compare it to
a lookup file to find the local image store.
Create a Configuration
Open getsrv.bat in a text editor. This batch file calls getsrv.exe to populate the server
name variable.
Getsrv.bat should look similar to the following:
copy F:\server.lst c:\tools\server.lst
C:\tools\getsrv.exe /s c:\tools\server.lst /v SERVERNAME >
call C:\tools\srvenv.bat
c:\tools\srvenv.bat
This example copies the server lookup file, server.lst, from the Deployment share to the
automation drive. Getsrv.exe is then called with these parameters set correctly.
To use this example in your environment, place your server lookup file in a tools folder
on your deployment share and name it server.lst. If you are using PXE, change the drive
references from C: to A:, since PXE uses a virtual boot floppy represented by A:.
This modified file is added to your boot configuration in a later section.
Create a Server Lookup File
Each server in the lookup file consists of two entries: the IP address/subnet entry and
the corresponding server name.
The IP address and subnet are separated by a slash ( / ), and the corresponding server
name is separated by a comma (,).
For example:
172.16.0.0/255.255.0.0,SERVER1
192.168.1.0/255.255.255.0, SERVER 2
192.168.2.0/255.255.255.0, SERVER 3
Create entries in this file for each IP segment to which you might deploy images.
Altiris Deployment Solution 6.8
201
GetSRV.EXE Parameter Descriptions
The following table contains descriptions of the getsrv.exe parameters:
Parameter
Description
/s [filename]
File containing the list of servers hosting local image
stores. This file is typically placed in the deployment
share. See Create a Server Lookup File (page 201).
/v [variablename]
Environment variable containing the selected server. This
token is used when creating the boot configuration, and is
set to SERVERNAME in these examples.
Step Four: Create a Boot Disk Creator Configuration
After you have configured getsrv.bat, you need to create and modify a boot
configuration. This configuration is used to boot managed computers to the automation
environment for imaging.
1.
In Boot Disk Creator, create a new boot configuration using your selected
automation boot method and environment.
2.
Create a drive mapping for your image share, using the %SERVERNAME% variable
rather than an actual servername. (The name of this environment variable is
specified using the /v flag of getsrv.exe. We recommend using SERVERNAME). This
drive mapping should look similar to the following:
\\%SERVERNAME%\[share]
Replace [share] with the share name of your local image stores.
3.
Managed computers must be able to resolve the name of the central Deployment
Server. If using DOS automation, NetBIOS is used to resolve names, so we
recommend adding your Deployment Server to the lmhosts file. We also recommend
adding the name and IP address of each server hosting an image store.
4.
After the wizard completes, within the configuration, create a folder named Tools
and copy the following files:
Altiris Deployment Solution 6.8

getsrv.exe

getsrv.bat
202
Modify Mapdrv.bat to call Getsrv.bat
Mapdrv.bat is called to map drives in the automation environment. This file is modified
to call the getsrv.bat file you modified in a previous step. After this executes, the server
name variable is available to map the drive to your local image store.
1.
Launch Boot Disk Creator.
2.
Expand the configuration you created in the previous section.
3.
Modify mapdrv.bat to add the following line after the first line of the file:
call c:\tools\getsrv.bat
The completed file should look similar to the following:
net use F: “\\[your_ds_servername]\eXpress” /yes
call \tools\getsrv.bat
net use [drive]: “\\%SERVERNAME%\[share]” /yes
Deploy the Boot Configuration
This configuration is now ready to be deployed using PXE, installed to an automation
partition, or copied to boot media. Computers must boot this configuration when
performing imaging tasks.
Step Five: Distribute an Image
You are now ready to test your configuration by deploying an image. Use the standard
deploy image task in the Deployment Console, keeping in mind the following:
z
Images must be replicated before the task executes.
z
The path to the image file specified in the Deploy Image task should be based on
the image store drive you mapped when creating your boot configuration. For
example, if you selected G and mapped \\%SERVERNAME%\ds_images, and your
images are located in the root folder of that share, the path is G:\imagename.img.
z
The server lookup file must be accessible.
Altiris Deployment Solution 6.8
203
Chapter 16
Deploying and Managing Servers
Deployment Solution provides additional features to remotely install, deploy and
manage network and web servers. From the Deployment Server Console, you can
configure new server hardware, install operating systems and applications, and manage
servers throughout their life cycle. And because servers are mission-critical, you can set
up a system to quickly deploy new servers or automatically re-deploy servers that have
failed. Features like rules-based deployment, support for remote management cards,
and quick server restoration from a deployment history give you new tools to manage all
servers throughout your organization.
Servers are identified in the Computer pane with distinctive server icons. Like all
managed computer icons, the icons change to identify the status and state of the
computer, such as user logged on or Server Waiting.
Note
Servers are recognized by their operating system (such as Windows 2000
Advanced Server, Windows Server 2003, or any Linux OS), multiple processors,
and specific vendor server models.
Manage Servers from the Console. The Deployment Server Console includes features
specifically designed for deploying and managing servers, such as enhanced task
logging and history tracking features to let you recall administrative actions and quickly
redeploy mission-critical servers. See Server Management Features on page 204.
Set Server-specific options. Servers are essential to any organization and require
special planning and management strategies. Deployment Server provides serverspecific features to automatically deploy new servers and maintain existing servers. See
Server Deployment Options on page 205.
Server Management Features
Deployment Server provides various features for deploying and managing servers.
These features are supported for client and handheld computers as well, but are
essential in deploying servers.
Altiris Deployment Solution 6.8
204
Server icons. The Deployment consoles display icons to identify servers across the
network. Like other computer icons in the console, server icons can be selected to view
server properties or assign specific jobs and management tasks
Icon
Description
Indicates a server is active and a user is logged on.
Indicates a server is disconnected from the console.
Indicates a server is in a waiting state.
Run Scripted Installs. Execute scripted, unattended installs across the network for
both Microsoft Windows and Linux servers. Follow steps to create answer files and set up
OS install files using a wizard. See Scripted OS Install on page 189.
Support for multiple network adapter cards. Because servers may require more
than one network interface card, Deployment Server provides property pages to access
and configure multiple network adapters remotely from the console. See TCP/IP
Configuration Settings on page 130.
Synchronized server date and time. Deployment Server automatically sets the
server’s date and time after installing or imaging (as part of the configuration process).
Deployment Agents include an option to disable this feature (it is off by default).
Enhanced scripting capabilities. You can deploy multiple tasks per deployment job
and boot to DOS multiple times when configuring and deploying a clean server.
Deployment Server also lets you view and debug each step in the deployment script,
and track each job to provide a history of tasks for redeploying a server.
Server Deployment Options
Deployment Server includes features to automatically reconfigure and redeploy new
servers. If you are using Initial Deployment to automatically re-image new servers or
run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2)
run automatically for every server not identified as a managed computer in the
database. These contrasting settings are based on polices that you define for managing
servers in your organization.
Example: if you rely on PXE to boot the new server and you want to deploy new servers
automatically without halting the process, you must change the default settings in the
PXE Configuration Utility. In contrast, if you want to ensure that the server waits before
being deployed (or waits a set time before proceeding) to avoid erroneous redeployment, you need to set the options in the Advanced section of Initial Deployment.
Halt the Initial Deployment of Servers
When a server boots from the PXE server or from BootDisk (if the option is set),
Deployment Server recognizes it as a new computer and will attempt to configure the
Altiris Deployment Solution 6.8
205
computer with Sample Jobs in Deployment Solution. Initial Deployment includes a
feature to prohibit servers from being deployed automatically.
1.
Click Initial Deployment and select Properties.
2.
Click the Advanced tab.
3.
Click the Servers check box and click OK.
Initial Deployment will not run for any computer identified in the console as a server.
Change PXE Options for Initial Deployment
If installing a server using a PXE Server, the server will attempt to install but will not run
automatically using default settings. It will wait until a boot option is selected from the
client computer. You can change the default setting in the PXE Configuration Utility to
allow Initial Deployment to run automatically and not sit at the prompt.
1.
2.
3.
Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility.
Click Altiris BootWorks (Initial Deployment). Click Edit.
Select Execute Immediately.
Initial Deployment will run automatically for every identified server.
4.
Click OK.
Clear BootWorks Prompt for Remote Install
When you run a deployment job on a computer where the Deployment Agent has been
remotely installed, a message will appear stating that no BootWorks partition or PXE
stamp is found. The message will stay open until the user clicks OK on the message
dialog, which delays executing the scheduled job as part of an automated redeployment
process. To fix this delay:
1.
Select Tools > Options.The Altiris Program Options dialog will open.
2.
Select the Agent Settings tab.
3.
Select the Change Default Settings button.
4.
Select the BootWorks tab.
5.
In the lower section, select Never prompt me from the list.
6.
Click OK.
Following these steps will assure that the BootWorks message will not come up and
things will move forward when a job is scheduled.
Managing Server Blades
Deployment Solution allows you to manage high-density server blades with Rack/
Enclosure/Bay (R/E/B) hardware and properties. From the Deployment Console you can
deploy and manage these space-efficient server blades using the physical view to
assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage
each server blade directly from the logical view. See Bay on page 152 for properties
and rules to deploy Rack/Enclosure/Bay servers.
Altiris Deployment Solution 6.8
206
Using Deployment Solution, you can employ “rip and replace” technology that allows
you to insert a new server blade and automatically configure and deploy it exactly like
the previously installed server blade, allowing you to replace any downed server and get
it back on line quickly. Altiris provides fail-safe features to ensure that no server is
mistakenly overwritten and ensures that all disk images, software, data, and patches
are applied to the new server from the history of jobs assigned to the previous server
blade.
Managing New Server Blades
Deployment Solution allows you to automatically deploy, configure and provision new
server blades using a variety of features, including Sample Jobs in Deployment Solution,
Virtual Bays, and Server Deployment Rules.
New Server Blades in Newly Identified Bays
When new blades are identified in a Bay that has not been used previously (if it has
been used previously then the Bay object will be identified in the physical view), then
both the Sample Jobs in Deployment Solution and Virtual Bays features can be set up to
automatically run configuration tasks and deployment jobs.
To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid
Deployment Pack installations of Deployment Solution.
Initial Deployment set up: Clear the Servers check box in the Advanced dialog box.
If both new computer features are set up and a new server blade is installed in a Bay not
previously identified by the Deployment Server, then the Create Virtual Bay feature will
execute and Initial Deployment will not execute.
New Server Blades in Identified Bays
If a new HP server blade is installed in an identified Bay (one that has already had a
server blade installed and is visible from the Deployment Console), then both Sample
Jobs in Deployment Solution and Server Deployment Rules can be set up. However,
when both are set up then the Server Deployment Rules will execute and Initial
Deployment will not execute.
Hewlett-Packard Server Blades
Hewlett-Packard high-density blade servers can be deployed and managed from the
Deployment console. The following HP server blades are supported:
HP Proliant™ BL e-Class
HP Proliant™ BL p-class
Proliant™ BL 10e
Proliant™ BL 20p
Proliant™ BL 10e G2
Proliant™ BL 20p G2
Proliant™ BL 40p
HP blade servers allow you to employ all features provided in the Deployment Console
when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/
servers/rdp), including the Virtual Blade Server feature. The name of each Rack for an
HP Server is displayed along with the assigned name for the Enclosure and Bay. These
names are collected from the SMBIOS of the server blade and displayed in both the
physical and server views within the Computers pane of the Deployment console.
Altiris Deployment Solution 6.8
207
For HP blade servers in the physical view the Rack name can be a custom name in the
console, with all subordinate Enclosures and Bays also identified. Example:
<rackName>
<enclosureName>
<bayNumber>
See also Server Management Features on page 204 and Server Deployment Options on
page 205.
Virtual Bays
Blade servers now have a Virtual Bay feature that allows you to pre-assign deployment
jobs to the rack, the enclosure, or to a specific server blade in the bay. Any blade server
can have predefined deployment jobs and configuration tasks associated with it to
execute automatically upon installation. The Virtual Rack/Enclosure/Bay icons will
change from virtual icons to managed server icons in the Deployment console as live
blade servers are inserted and identified by Deployment Solution.
Rack name. Enter or edit the name of the Rack.
Enclosure name. Enter or edit the name of the Enclosure.
Enclosure type. Select the type of HP server blade from the list.
Initial Job. Select an existing job to run when the virtual computer is associated with a
new server blade.
Server Change rule. Select the Server Deployment Rules to run on the Bay when a
new server blade is installed.
Note
If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and then
if another model of server blade with an enclosure containing fewer bays is connected
(such as the BLp-class with 8 bays), then the excess virtual bays will be truncated
automatically. Conversely, if you create Virtual Bays with fewer bays (8) and then install
an enclosure with additional bays (20), you will need to recreate the virtual bays in the
enclosure (right-click the enclosure name in the physical view and click New Virtual
Bays).
See also Managing New Server Blades on page 207.
Dell Server Blades
Dell high-density blade servers can be deployed and managed from the Deployment
console. All Dell Rack Servers are supported by Deployment Solution, but the server
blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The
following servers are supported:
Dell Rack Servers
Dell Server Blades
All PowerEdge™ rack servers
PowerEdge™ 1655MC
For Dell blade servers in the physical view, the Rack name will always be Dell. All
subordinate Enclosures and Bays are identified with custom names under the Dell rack
name. Example:
Altiris Deployment Solution 6.8
208
Dell
<enclosureName>
<bayName>
See also Server Management Features on page 204 and Server Deployment Options on
page 205.
Fujitsu-Siemens Server Blades
Fujitsu-Siemens high-density blade servers can be deployed and managed from the
Deployment console. All Fujitsu-Siemens Rack Servers are supported by Deployment
Solution, but the server blades can also be managed from the physical view in the Rack/
Enclosure/Bay view. The following servers are supported:
Fujitsu-Siemens Rack
Servers
Fujitsu-Siemens Server Blades
All Primergy™ rack servers
Primergy™ BX300 blade servers
For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be
Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom
names under the Fujitsu-Siemens rack name. Example:
Fujitsu-Siemens
<enclosureName>
<bayName>
See also Server Management Features on page 204 and Server Deployment Options on
page 205.
IBM Server Blades
IBM high-density Blade Centers can be deployed and managed from the Deployment
console. All IBM blade servers are supported by Deployment Solution, but the server
blades can also be managed from the physical view in the Rack/Enclosure/Bay view.
For IBM blade servers in the physical view, the Rack name will always be IBM. All
subordinate Enclosures are identified with custom names under the IBM rack name and
Bays are identified by number. Example:
IBM
<enclosureName>
<baynumber>
See also Server Management Features on page 204 and Server Deployment Options on
page 205.
Altiris Deployment Solution 6.8
209
Part V
Operating System and Platform Reference
This section contains operating system and platform-specific information you need to
consider when managing computers.
Altiris Deployment Solution 6.8
210
Chapter 17
64-bit Platforms
Deployment Solution has been designed to make managing different platforms as
seemless as possible. This section walks you through the enhancements added to
support 64-bit, and includes tips to more effectively manage these computers.
64-bit Job Conditions and Filters
Functionality has been added to let you set conditions and filters based on the computer
architecture. These conditions and filters let you set up your jobs to make decisions
based on the architecture so you don’t have to re-organize your tree around
architecture.
For example, when distributing software, you can have 32- and 64-bit comptuters in the
same group then use conditions to make sure each receives a different version.
64-bit PXE Boot Images & Configurations
Deployment Server 6.8 uses the same process to create automation boot configurations
as Deployment Server 6.5. There are two differences for 64-bit:
z
When you create a PXE boot configuration (i.e. an item on the PXE boot screen), you
select the architectures you want to include when you create the configuration.
When a managed computer boots this configuration, PXE automatically detects the
architecture and sends the correct boot image. If you attempt to boot an x64
computer without an x64 boot image, it will use the x86 version. An Itanium will
attempt to boot only an Itanium boot image.
z
When you create an automation partition or boot disk from a Boot Disk Creator
configuration, you are asked which architecture you want to use. Boot Disk Creator
automatically gathers the correct files for that architecture.
Adding Files to a Boot Disk Creator Configuration for 64-bit
For the most part, Boot Disk Creator configurations are independent of architecture.
However, if you manually add executables to a configuration which supports multiple
processor types, you need to make sure you provide a version of the file for each
architecture you have included.
For example, If you have x86 and x64 versions of the Linux preboot environment
selected for a configuration, and you add an executable, Boot Disk Creator checks the
file header to see which architectures the executable supports. If not all architectures
you have installed are supported by the file you added, this screen appears prompting
you to add additional files or ignore the warning.
Altiris Deployment Solution 6.8
211
Chapter 18
Linux and Unix Systems
Altiris Deployment Solution has several tools to effectively manage Linux and Unix
computers, including:
z
A native Linux and Unix agent, called ADLAgent, in the Linux production and
automation environments.
z
Fedora Linux automation environment
z
Support for deploying KickStart scripted installs
z
Native imaging support for ext 2 and 3 filesystems
This section contains considerations you must be aware of when managing Linux and
Unix systems, and contains the following topics:
ADLAgent
ADLAgent is the client software which provides connectivity to Deployment Server from
Linux, Unix, and Solaris.
Installing and Configuring ADLAgent
For basic instructions on installing ADLAgent, see Installing Deployment Agent on Linux
on page 56. Installing ADLAgent on your Linux and Unix computers involves copying the
necessary binaries to the client then running the installation script. You can then
configure the agent using the configuration script, modifying the configuration file
directly, or by modifying the configuration directly in the Deployment Console.
If you need to install ADLAgent on multiple computers, you can copy the installation files
to an NFS or other share on your network, then use standard remote access tools to run
the installer. This might involve using ssh to log in remotely, or adding a line to a
standard script. You might also modify the ADLAgent configuration file once then copy it
to each computer.
Distributing Software
The software distribution task now supports a number of Linux and Unix file types. When
using this task with these formats, the file is copied to the system, extracted, The
configure script is executed (./configure) then the make install command is executed.
A large number of software packages can be installed using this process. If you have
software which requires configuration beyond this, or if you are using a package
management system, use a file copy task along with a shell script to install the software.
Imaging Linux and Unix Filesystems
RapiDeploy provides native imaging support for EXT2 and EXT3 file systems. Other file
systems can be imaged, but you need to use the -raw switch.
Altiris Deployment Solution 6.8
212
Linux Bootloaders
There are a few considerations you must use to preserve the functionality of Linux
bootloaders. First, if your bootloader is located on a reiserfs partition, you must use the
-raw switch when imaging this partition to preserve the structure.
Second, if you are using an automation partition, your MBR is modified to boot this
partition. If you install a new version of a bootloader, your MBR is modified and you
might not be able to access your automation partition.
If this occurs, you can reinstall the automation partition. To prevent this, do not update
any software which modifies your MBR without uninstalling the automation partition
first. The automation partition can be reinstalled after the software update.
Altiris Deployment Solution 6.8
213
Chapter 19
Managing Thin Clients
Thin clients are a low cost, low maintenance solution for organizations that want to
perform tasks or access programs such as: Web browsing, Java-based applications and
terminal emulation, or line of business (LOB) applications. Example: users can range
from receptionists and data entry workers to users accessing systems from kiosk
locations commonly found in call centers or health care environments. Thin clients
provide users a reliable server-based environment without the complexity or
maintenance of a PC.
Thin clients connect to any current or legacy network and can be managed from a
centralized location. Thin clients do not contain any moving parts and data is stored in
RAM, which increases their manageability, security, and reliability.
Thin client operating systems
The Deployment Agent is the Production Agent and can be installed to thin clients
running Windows XP Embedded from the Deployment Console. However, if you have thin
clients running either CE. NET, or the proprietary version of Linux from HP or Neoware,
you cannot remote install (“push”) the Deployment Agent from the Deployment Console.
Rather, you must install the Deployment Agent on the thin clients (“pull”) directly. See
Thin Client Operating Systems (page 215).
Production versus Automation Agent
Deployment Solution requires that a Production Agent be installed to each thin client
that you want to manage from the Deployment Console. Thin client computers come
pre-installed with the Deployment Agent so when they are added to a Deployment
Server system, communications between the server and client are established right
away. The client computer’s MAC and IP addresses are added to the Deployment
database, which lets you begin managing the device. See Installing Deployment
Solution Agents (page 49), Deployment Agents (page 135).
The Automation Agent boots thin clients to automation mode so they can run
deployment jobs, such as run script, create and distribute disk images, and more. Altiris
recommends using a PXE Server to boot thin clients to automation, instead of installing
an embedded automation partition. See Automation Pre-boot Environment (page 259),
and Automation Agent Settings (page 143).
Supported Deployment Solution Functionality
Deployment Solution supports full functionality for thin client running XPe and Linux.
However the there is limited functionality for thin clients running CE .NET. The following
is a list of the supported functions for thin clients running CE .NET.
z
Modify Computer Configuration (the computer name and TCP/IP Setting only)
z
Distribute software (“.CAB” and “.EXE” files)
z
Execute and run scripts (DOS and WIN batch files) *no VBS support
z
Copy files and directories
z
Create disk images
Altiris Deployment Solution 6.8
214
z
Distribute disk images
z
Remote Control clients (24 bit color depth only. No chat or send file features)
z
Power Control (restart/shutdown/wake up jobs)
z
Set computer properties
z
Create conditions to run jobs and filter computers
z
Modify client properties via Windows and Linux agent settings
Supported Thin Client Manufacturers
Currently, Altiris supports Fujitsu-Siemens, HP, and Neoware thin clients.
Manufacturer
Model
Fujitsu-Siemens
Futro B, S, and C series thin clients running the Windows
XP Embedded operating system. Currently, Deployment
Solution does not support Futro thin clients running Linux.
Futro S series thin clients come pre-installed with the
Deployment Agent and a license for Deployment Solution.
However, the Futro B series requires that you install the
Deployment Agent before obtaining a Deployment Solution
license from Altiris. See Managing Licenses (page 62)or the
Altiris Getting Started Guide for more information.
HP
HP t5000 thin client series, which includes the t5300,
t5500, and t5700 clients. Thin clients come pre-installed
with Windows XP Embedded, Windows CE .NET, or Linux,
depending on the model of the device. All HP thin clients
come pre-installed with the Deployment Agent.
Neoware
CapioOne G150 and Eon E100 series thin client models.
The thin clients come pre-installed with Windows XP
Embedded, CE. Net 4.2 or 5.0, or NeoLinux. All Neoware
thin clients come pre-installed with the Deployment Agent,
but if your device is missing the agent, contact Neoware for
a Snap-In.
Thin Client Operating Systems
Thin clients come pre-installed with an operating system and the Altiris Deployment
Agent. This lets you easily add new devices to the network and establish
communications with the Deployment Server. See Windows XP Embedded (XPe)
(page 215), Windows CE .NET (page 218), and Linux (page 218).
Windows XP Embedded (XPe)
Microsoft Windows XP Embedded (XPe) is a powerful, rapid, and reliable operating
system that runs on PC architecture hardware with x86 processors. Windows XP
Embedded is a componentized technology based on the Windows XP Professional
operating system, with full Win32 Application Program Interface (API) capabilities.
Altiris Deployment Solution 6.8
215
Because application developers can choose from over 10,000 individual feature
components, the image footprint is smaller and can boot basic images as small as 8MB.
The Deployment Agent used for computers running 2003\XP\2000 is the same agent
that is installed on thin clients running the Windows XP Embedded operating system.
There are no limitations when installing the Deployment Agent to thin clients from the
Deployment Console. However, you must turn off The Enhanced Write Filter on the thin
client before installing the Deployment Agent, so that the agent will be saved to the
client’s memory.
See also: Installing Deployment Solution Agents (page 49)and Deployment Agents
(page 135).
The Enhanced Write Filter
The Enhanced Write Filter (EWF) is a unique feature of the Windows XP Embedded
operating system that protects data from being written to the Hard Disk (RAM) storage
area on a thin client. With EWF enabled, any data writes will be redirected to an
alternate storage area called an overlay. The data stored in the overlay gives user’s the
appearance that files, programs, or any other data installed to the thin client, will be
permanently saved. However, all data written to the overlay storage area will be deleted
when the thin client reboots. The Enhanced Write Filter is an IT managing feature that
helps control the data stored on a thin client’s hard drive.
Some of the tasks Deployment Solution tasks that are impacted by the Enhanced Write
Filter are certain deployment jobs, and installing the Deployment Agent for Windows.
Other tasks such as, creating and distributing images, and modifying the configuration
(computer name or IP address) already have scripts to handle EWF. These jobs disable
EWF first, run other scripts or tasks, and then re-enable EWF as the last step of the
deployment job. This ensures that data written to thin clients during the deployment job
will not be lost when clients reboots.
Example: from the Deployment Console in the Jobs pane, located in Samples >
Windows XP Embedded, is a job called Create Disk Image. The script reads as
follow:
Notice that the first line item disables the Enhanced Write Filter, and the second line item
checks to verify that EWF is disabled. The Create Image task creates a copy of the thin
client’s image and stores it in the Images folder on the Deployment Share. When the
image task completes, the Enhanced Write Filter is re-enabled, and the thin client
reboots. Because this script handles EWF automatically, thin clients can be managed
from the Deployment Console without concern that data tasks will not be saved to
managed thin clients.
When creating your own Deployment jobs, use the Samples in the Job pane of the
Deployment Console to help you create your own scripts to handle EWF automatically. If
Altiris Deployment Solution 6.8
216
EWF is not disabled and enabled properly, after you run a Deployment job, the next time
a thin client reboots, data will be lost.
See also: Building and Scheduling Jobs (page 173), Deployment Agents (page 135).
Using the EWFMGR Utility
HP and Fujitsu-Siemens thin clients can enable or disable the Enhanced Write Filter,
using a Windows XP Embedded utility named ewfmgr.exe, which is stored in the
C:\Windows\System32 folder.
Although there are many switches that can be used with this utility; however, you
typically will only use the following three or four.
Note
Neoware thin clients use a different method of enabling and disabling the Enhanced
Write Filter. See the Sample Jobs folder in the Jobs pane in the Deployment Console for
examples, or contact Neoware.
Switch
Description
-all
Performs a specified command (such
as disable or enable) on all protected
volumes. The default command is to
display protected volume information.
-disable
Disables the overlay on the specified
protected volume.
-enable
Enables the write filter so that data
written to the protected media is
cached in
the overlays. The current overlay level
becomes 1 as soon as EWF is started,
and a
new overlay is created at level 1.
-commitanddisable
Commits all current level data in the
overlay to the protected volume and
disables the overlay.
The following are a few examples of how to use the ewfmgr.exe program.
Altiris Deployment Solution 6.8
217
Example
Description
ewfmgr -all
This will display the current Enhanced
Write
Filter settings.
ewfmgr c: -disable
This will disable the Enhanced Write
Filter on the C: volume.
ewfmgr c: -enable
This will enable the Enhanced Write
Filter on the C: volume.
Although the enhanced Write Filter manager can be run from a thin client, it is more
efficient to include it as part of your Deployment Job.
Windows CE .NET
Microsoft Windows CE .NET is designed for a broad range of intelligent hardware devices
that require a small-sized operating system, and usually run disconnected from other
computers. Window CE .NET can run on multiple processors, supports Win32 Application
Program Interface (API), and runs in Realtime right out of the box. Application
developers can choose from a wide range of modules and components, creating small
image footprints booting the basic image from 350KB.
Deployment Solution lets you mange thin clients running Windows CE .NET from a
centralized location, but the Deployment Agent for Windows CE .NET must be installed
on each device. Many of the thin clients supported by Deployment Solution come preinstalled with the Deployment Agent and can be managed after they are connected to
the network. However, due to limitations of the Deployment Console, you cannot push
the Deployment Agent for CE .NET to thin clients running the Windows CE .NET
operating system. Rather, you must run the Deployment Agent installation from the thin
client directly. See Deployment Agent on CE .NET (page 148).
Linux
HP and Fujitsu-Siemens distribute their own proprietary versions of Linux for thin clients
supported by Altiris. Contact the manufacturer for more information.
Licensing Thin Clients
HP and Fujitsu-Siemens thin clients do not require a license, but Neoware thin clients
must purchase a standard license. See Managing Licenses (page 62).
Altiris Deployment Solution 6.8
218
Part VI
Reference: Deployment Solution Help Files
This section contains the help files that are launched from the Deployment Console, Web
Console, and other Deployment Solution utilities.
Translated versions of these help files are available in the product.
Altiris Deployment Solution 6.8
219
Deployment Server Configuration Utility
The Deployment Server Configuration Utility provides general preferences for the Deployment
Server. You can use the Deployment Server Configuration Utility to:
•
Set up an account for Deployment Server. See Logon Account (page 221).
•
Stop, start, and restart Deployment Server.
•
View server activity and statistics.
•
Map drives to file servers in your Deployment Server system (if you have images stored in more
than one place). See Drive Mappings Option (page 222).
•
Set the communications protocol (multicast or TCP) and set the imaging multicast threshold. See
Transport Option (page 223).
•
Filter connections from the Deployment Server by IP addresses or network adapter interface.
Connections Option (page 225).
•
Set debug and log file options in the Debug Option (page 225).
Log in to the Deployment Server you want to manage. Open the Deployment Server
Configuration Utility by clicking Start > Programs > Altiris > Deployment Server >
Configuration.
From the main view of the Deployment Server Configuration Utility, you can view Deployment
Server statistics, start and stop the Deployment Server, access Deployment Server configuration
options and more.
Item
Description
Server activity
and statistics
Lists the number of Deployment Server sessions (clients) and Deployment
Server Consoles currently running on the network.
Start
Starts the Deployment Server on the local computer.
Stop
Stops the Deployment Server on the local computer.
Restart
Restarts the Deployment Server on the local computer.
Deployment Solution Product Guide
220
Account
Opens the Server Login Account dialog box, which allows you to specify the
account used by the Deployment Server service.
The LocalSystem account requires a simple install that runs Deployment
Server services on the local computer, prohibiting access to network shares or
components.
With the LocalSystem account selected, you can click the Allow service to
interact with desktop box to place an icon in your system tray. This icon allows
you to quickly shut down the Deployment Server services or to view server
statistics (just as you can do from the Manage > Services and
Applications > Services > Altiris eXpress Server service).
The default setting is to provide a user name and password during installation.
With this option you can install the service on different computers and access
components across the network.
Options
Opens the Deployment Server Options dialog, which allows you to specify
Deployment Server options.
Logon Account
This Service Logon Account dialog is used to set up the user account used by Deployment Server.
Item
Description
Use the Local System account
Specifies that the LocalSystem account should be used by the
Deployment Server service. You can use this option if your
Deployment Server directory is located on the same computer
as the Deployment Server and if you don't need to access any
other file servers.
Use the following account and
password
Specifies that a user-defined account should be used by the
Deployment Server service. If this option is selected, you must
supply the appropriate username and password. The account
must have Administrator equivalent rights on the Deployment
Server computer. You must use this option if your Deployment
Server directory is located on a different server than the
Deployment Server.
To specify or change the Deployment Server service account
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
2
Click Account.
3
Choose whether you want to use the LocalSystem account or a user-defined account. If you
choose a user-defined account, you must enter the username and password.
4
Click OK.
General Option
Update Inventory on active computers. Inventory provides software and hardware information about
a client computer. You can update inventory on active computers at specified intervals. The
Deployment Agent or any other agent sends the inventory when it connects to the server for the first
time. It also updates the inventory according to a specified schedule. Click the Schedule button to
schedule updated inventory.
Update active client connections. Due to network glitches, the console may display that the client is
active, when it is inactive. The Deployment Server then sends a CACK (Client Acknowledgement)
request to client computers. It waits for a response from the client for a specified timeout value. If it
does not receive a response from the client within that specified time, it terminates the connection.
Click the Schedule button to schedule updated active client connections.
Deployment Solution Product Guide
221
Reset inactive client connections.
Due to network glitches, the console may display that the client is
inactive, whereas the client is active. If this option is selected, inactive client connections are reset
according to a specified schedule. Click the Schedule button to schedule the resetting of the inactive
client connections.
Encrypt communication between IIS and Data Manager. Select this option to encrypt all communication
between IIS and the Data Manager.
Send Wake on LAN to inactive computers when scheduling. Select this option to send a Wake on LAN
request to the client computer. You can retry sending this request through the Retry every _______
minutes option.
Drive Mappings Option
The Drive Mappings tab is used to add, edit, and delete drive mappings used by the Deployment
Server. Any drive mappings used to reference files need to be duplicated here.
For example, if you create a job that distributes software packages from a drive on another file server
using a mapped G: drive, then you will need to create a G: drive mapping on the Deployment Server
using this dialog box.
Item
Description
Drive Letter and
UNC Path
Displays the drive mappings with the mapped drive letters and the
corresponding UNC paths.
Add
Opens the Map Drive dialog, which allows you to create a drive mapping.
Driver Letter. Drive letter to which the drive mapping is mapped.
UNC path. UNC path to which the mapped drive points.
Modify
Opens the Map Drive dialog, which allows you to edit the drive letter or UNC
path of the selected drive mapping.
Remove
Removes the selected drive mapping.
Data store path
Specifies the path to stored packages and files and other DS functions (such as
license verification). The default path is C:\Program
files\Altiris\express\Deployment Server.
Note Do not use this setting to change the path to the Client Access Point.
Modifying this setting does not automatically allow you to use another shared
directory other than the express share. To change the Client Access Point
shared directory, run a Custom install to establish another location for the
Client Access Point.
To create a drive mapping
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
2
Click Options and select the Drive Mappings tab.
3
Click Add.
4
Specify the Drive Letter and UNC Path.
5
Click OK.Click OK.
6
Click Yes to restart the service.
To edit a drive mapping
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
2
Click Options and select the Drive Mappings tab.
3
Select the drive mapping you want to edit and click Edit.
Deployment Solution Product Guide
222
4
Modify the Drive Letter and UNC Path as desired.
5
Click OK.Click OK.
6
Click Yes to restart the service.
To remove a drive mapping
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
2
Click Options and select the Drive Mappings tab.
3
Select the drive mapping you want to remove and click Remove.
4
Click Yes to confirm your decision. Click OK.
5
Click Yes to restart the service.
Transport Option
The Transport tab allows you to specify settings for the Deployment Server transport protocols.
Item
Description
Disable multicast support
(agents must connect using
TCP)
Disables multicast support, which means clients must connect to the
Deployment Server using TCP.
Multicast Address
The multicast address. This is used only if multicast is not disabled.
Multicast Port
Port used for the multicast. This is used only if multicast is not
disabled.
Multicast TTL
Specifies the number of "hops" or hubs that the client can go through
to multicast. This is used only if multicast is enabled.
TCP Port
The TCP port. This is used whether multicast is enabled or disabled.
Automatically update
clients
Automatically updates the Altiris Client for Windows on managed
computers if there is a difference (older or newer) between the client
available in the Deployment Server directory and the managed client.
Note: If any agent is upgraded to the Deployment Solution 6.8
version, this agent does not downgrade automatically if it connects to
a Deployment Server of an earlier version. To downgrade any agent,
install the older version of the agent manually.
Allow Encrypted Sessions
Allows encrypted sessions between the Deployment Agent and
Deployment Server. If the Deployment Agent data encryption is
turned on, then this Deployment Server option must also be turned on
to pass encrypted data between client and server.
To specify the Deployment Server transport
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
2
Click Options, and select the Transport tab.
3
Do one of the following, depending on the transport you want to use:
4
•
If you want to use multicast, do not select the Disable multicast support checkbox.
•
If you want to use TCP, select Disable multicast support and supply the Multicast Address,
Multicast Port, Multicast TTL, and TCP Port.
Click OK.
Deployment Solution Product Guide
223
Disk Imaging Option
The Disk Imaging tab allows you to specify when image multicasting is used and how much
bandwidth is used during multicasting.
Note When multicasting a disk image using the PXE Server, the boot disk on the PXE Server cannot
be configured with an Intel Universal NIC driver (also known as an UNDI driver). The multicasting
feature will be disabled for multicasting because of continued data corruption problems inherent
with the Intel Universal NIC driver. This unreliability results in random files being corrupted in the
image file, a problem that may appear immediately or go undetected until accessing the files later.
As a result, if the computers being imaged are booting to PXE boot files configured with an Intel
universal driver, then multicasting is disabled and all computers will be imaged using direct
connections.
Item
Description
Use disk image multicast
threshold of n clients
Specifies the number of clients that must be involved in a job before
image multicasting is used. If the number of clients is less than or
equal to the number specified, multicasting is not used. Set this value
to 0 to disable multicasting. If this option is not selected, multicasting
will be used whenever there are two or more clients.When
multicasting is not used, all clients become Masters and will read
from the image server independently. This option might be used if
your clients can read an image file from the server faster than trying
to coordinate masters and clients.
Limit each disk image
multicast to n Mbps
Limits the bandwidth used in a multicasting session to a user-defined
number of Mbps. This option prevents the multicasting operation
from using all of the available bandwidth on a network, so other
network traffic can take place at a reasonable rate.
To set when multicasting is used
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
2
Click Options and select the Disk Imaging tab.
3
Select one of the following depending on when you want to use multicasting:
•
•
If you do not want to use multicasting, select the Use disk image multicast threshold of n clients
checkbox and set n to 0.
If you want to use multicasting whenever there is more than one client, do NOT select the
checkbox.
Use disk image multicast threshold of n clients
•
If you want to use multicasting only when there are more than a specific number of clients,
select the Use disk image multicast threshold of n clients checkbox and set n to the number of
clients there must be more than before multicasting is used.
4.Click OK.
To set the maximum bandwidth used during multicasting
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
2
Click Options and select the Disk Imaging tab.
3
Select the Limit each disk image multicast to n Mbps checkbox and set n to the maximum
bandwidth you want a multicasting operation to use.
4
Click OK.
Deployment Solution Product Guide
224
Authentication Option
The Authentications tab lets you authenticate to an existing SQL Server database, to the NetWare
Server as a file access point, and to Deployment Solution.
Database Authentication
To access and authenticate to a specified Microsoft SQL Server database
1
Click the Use SQL Server account authentication checkbox.
2
Enter the username for the specified database.
3
Enter the password.
NetWare Server Authentication
To access and authenticate to a Novell NetWare Server
1
Enter the username for the selected server.
2
Enter the password.
DS Authentication
To access and authenticate to Deployment Solution
1
Click the Add Key button. You can add a security key for the server to which you want to connect.
2
Click the Delete Key button. You can delete the security key for a Deployment Server.
3
Click the Export Key button. You can export and save the security key for your Deployment
Server to a file.
Connections Option
The Connections tab allows you to allow or reject connections from the Deployment Agents based
on the IP subnet, IP address, and local interfaces.
Define Subnets
Select the Allow/reject agents based on their IP subnet box and click the Define Subnets button.
Click Add or Modify to enter or edit a network IP address and the corresponding mask.
Define IP Addresses
Select the Allow/reject agents based on their IP address box and click the Define IP Addresses button.
Click either the Allow or Reject option. Click Add or Modify to enter or edit a specific a range of IP
addresses to connect to the Deployment Server.
Define Interfaces
Select the Allow/reject agents based on their IP address box and click the Define IP Addresses button.
Select from the list of network adapter cards to allow or reject when connecting to Deployment
Server.
Debug Option
The Debug tab allows you to set debug options for Deployment Server and communication between
managed computers.
Engine Debug Logging.
Select this option to set the name and location of the logging report and the
logging level for Deployment Server. The Engine Debug Log is a single report that captures debug
information for Altiris support personnel.
Deployment Solution Product Guide
225
Log File Name: Set the path and name for the log text file. The default name is axengine.log in the
Deployment Server shared directory.
Max File Size:
Set the size of the text file by entering the maximum file size allowed.
Logging Level:
Enter the logging level. This number can be from 1 to 9, with nine the deepest
logging level and one the most cursory logging level. Altiris support will instruct you on the
required logging level for your issue.
Log Agent Communication with Engine. Select the directory path and name to log error messages
between managed computers and the Deployment Server.
Log Directory.
Set the path of the folder to collect the client error messages. Each managed
computer will have its own log file in this directory named <the computer ID of the managed
computer>.log.
Max File Size.
Set the size of each log file by entering the maximum file size allowed.
Deployment Solution Product Guide
226
Boot Disk Creator
Altiris Boot Disk Creator (BDC) is a utility tool that comes with Deployment Solution and lets you
create configurations for pre-boot environments. You can create DOS, Linux, and Windows
Preinstallation Environment (Windows PE) configurations, which gives you greater flexibility in
managing client computers. The configurations you create can be assigned to automation tasks
within deployment jobs that will boot client computers to the automation environments. The
Deployment Solution automation tasks include the following:
•
Run Script
•
Create Disk Image
•
Distribute Disk Image
•
Scripted OS Install
•
Backup Registry
•
Restore Registry
The Deployment Server sends a message to the client computer that the type of task within a
deployment job requires an automation environment. The client computer then boots to the
automation environment you created using Boot Disk Creator and connects with the Deployment
Server to run the tasks that have been assigned by the deployment job. This feature lets you create a
single deployment job with multiple tasks that will boot to the automation environment you want
when each task runs.
The Boot Disk Creator Utility gathers data as you create new configurations. The base pre-boot
operating system files, disk drivers, files you add to the Additional Files folder (in the treeview of
Boot Disk Creator), and all the settings you selected in the New Configuration Wizard are added to the
boot image. Based on the type of pre-boot environment you are creating, the appropriate Automation
Agent is also added. Boot Disk Creator then creates the type of bootable media you want to use when
booting client computers to automation. Boot Disk Creator supports the following bootable media:
•
Floppy disks
•
Bootable CDs and DVDs with an ISO image, or with network connectivity to retrieve an
image from the Deployment Server
•
USB flash drives
•
Windows installation packages
See Create Boot Disk (page 236), Automation Partitions, Network and Automation Boot Disks
(page 236).
Before creating configurations, you must first install the pre-boot operating system files for the types
of pre-boot configurations you want to create. When the Deployment Solution gets installed, you
have the option to install the pre-boot operating system files at that time. If there are no files
installed, you can use the Install Pre-boot Operating System Files feature within Boot Disk Creator
to install the necessary pre-boot operating system files.
Example: you can install DOS, Linux, or Windows PE operating system files so you can create any
type of configuration any time you want. Or, you can install only DOS and Windows PE system files
and then install Linux later. You can only create configurations for the type of pre-boot operating
system files you have installed. This feature also lets you update pre-boot operating system files
when you receive new releases of software and makes it easy to install system files any time you
want. See Install Pre-boot Operating System Files (page 239).
Altiris® Boot Disk Creator 6.8 Help
227
The New Configuration Wizard is the main process of Boot Disk Creator. This is how you select the
type of pre-boot environment configuration you want to create, along with other settings such as, the
type of network adapter, network server information, TCP/IP information, and more.
After the wizard completes, the Create Boot Disk Wizard automatically displays. This is the
production process of Boot Disk Creator that lets you select the boot disk creation method for how
you want to implement the configuration you created. You can create floppy boot disks, which are
use for DOS configurations since Linux and Windows PE system files are too large to fit on a floppy.
Network and automation boot disks can create ISO images, which you can save to bootable CDs
using your own third party CD burning software, or you can select a flash drive from the Bootable
drive drop-down list. You can also create a Windows Installation package to run in a Windows
production environment, which will install an embedded (recommended) or hidden automation
partition on the client computer’s hard drive. See Automation Partitions, Network and Automation
Boot Disks (page 236).
If you create an Automation boot disk, the Automation Agent is added to the configuration so that
when you boot client computers, they will try to connect to the Deployment Server. If you select
Network boot disk, client computers will boot to the network server you specified in the New
Configuration Wizard, displaying only a user’s prompt. See New Configuration Wizard (page 229).
Boot Disk Creator can also be accessed from the PXE Configuration Utility, so that you can create
boot menu options using the New Configuration Wizard. You can also create boot configurations
directly from Boot Disk Creator, and then import the boot images into the PXE Configuration
Utility. The PXE Configuration Import feature lets you import images that have been created by
Boot Disk Creator or any other third party imaging software, but you cannot edit the boot images
after they have been imported. See PXE Configuration Utility Help.
To help you manage the configurations you create, Boot Disk Creator uses colors to inform you
which type of pre-boot configuration you are editing. The colors on the display change when you
select a configuration in the treeview of the utility. The colors indicate the following:
•
Black:
•
Blue:
•
Green:
•
Red:
No configuration has been selected or there are no configurations to select.
DOS configuration
Linux configuration
Windows PE configuration
See Edit Configurations (page 234).
The Boot Disk Creator Utility is easy to use because each process guides you through the settings
and options you can select to create pre-boot environment configurations to help manage automation
tasks used by the Deployment Server.
To start the Boot Disk Creator tool, open the Deployment Console and click
the button on the toolbar, or click Tools > Boot Disk Creator.
Altiris® Boot Disk Creator 6.8 Help
228
Toolbar Description
The buttons on the toolbar help you navigate to the tasks you want to perform within Boot Disk
Creator in one click. The options are:
Toolbar Description
Buttons
Description
New Configuration Wizard (page 229): Creates new
configurations that is used when booting client computers to
automation or a network prompt.
Create an Automation Install Package (page 236): Creates
and installs an embedded automation partition to a client
computer’s hard disk, using an installer package.
Remove Automation Partition (page 238): Removes an
automation partition from a client computer’s hard disk.
Create Automation Boot Disk (page 237): Creates
automation boot disks to manually boot client computers to
automation.
Create Network Boot Disk (page 238): Creates network boot
disks to manually boot client computers to a specified
network server.
New Configuration Wizard
You can create as many configurations as needed to support varying types of computer
environments. Before you begin, you must install the pre-boot operating system files that Boot Disk
Creator uses to create new configurations. See Install Pre-boot Operating System Files (page 239).
To start the New Configuration Wizard, click the button on the toolbar of the
Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or
Windows PE. You must enter a name of for the configuration to make the Pre-boot Operating System
for this Configuration fields active. The description field is optional but helps you to know what the
configuration contains, such as the file server type, NIC drivers, and any additional files you want
to add.
Field Definitions
Name: The configuration name you enter displays in the Configurations treeview after the wizard is
completed.
Enter a description for the configuration. (Example: enter the type of computer,
operating system, network adapter, and any other characteristics that will help you identify this
particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if
you select the configuration from the treeview, the description you entered for this field displays at
the top of the right pane.
Description:
Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and
Windows PE operating systems to create pre-boot environments. Select the pre-boot operating
system, and then click Install Pre-boot Operating System Files (page 239) to install pre-boot
operating system files.
Altiris® Boot Disk Creator 6.8 Help
229
File Server Type (DOS)
The Deployment Share stores image files, packages, and data files. By default, the Deployment
Share is installed to the Deployment Server, but it can be on another server, depending on the
whether you selected a Simple or Custom Deployment Solution installation.
Field Definitions
Select this option to store images on a Microsoft server using TCP/IP network
communications (recommended). However, if you use IPX to communicate with a Microsoft server,
select the IPX checkbox at the bottom of the page.
Microsoft Windows:
Create multi-network adapter configuration: Select this option to add multiple network adapter drivers
to a single PXE boot file configuration. This feature lets you build configuration files to boot
multiple computers that contain different types of network adapter cards. See Multi-Network
Adapter Configurations (page 230).
Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using
IPX network communications.
Novell NetWare (Client32):
Select this option to store images on a NetWare server with 32-bit clients.
Use IPX to communicate with Netware: Select
Novel NetWare (Client32) server.
this checkbox if IPX is the network protocol for the
Multi-Network Adapter Configurations
If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported
drivers displays. You can select Multi-NIC drivers to be included in the configuration by pressing
Shift-Click or Ctrl-Click. After a client computer boots using a multi-network adapter configuration,
Boot Disk Creator applies the driver that matches the first network adapter card that it detects.
Example: if you are going to use the multi-network adapter configuration for several different client
computers, this option can save you time and effort in booting different computers. However, if a
client computer has 2 NIC cards and you use the multi-network adapter configuration to boot the
computer, the first NIC card is detected and can potentially be the wrong network adapter required
to connect to the Deployment Server.
Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers
can connect to a network or Deployment Server, depending on whether you create automation
partitions, or network or automation boot disks. The Have Disk (page 231) button lets you install
network adapter drivers from a disk, CD, or network folder. The Internet (page 231) button lets you
connects to an Altiris supported web site to download and install network adapter drivers. The
Advanced (page 231) button lets you further define network adapters and their drivers.
Multiple Network Adapters Load Order
This option is for DOS and Windows PE configurations only. This lets you specify which order the
physical network adapters will be detected when the client computer boots.
Example: If most client computers have a Broadcom Ethernet adapter, but some computers have a
3Com10/100 LAN PC Card Fast Ethernet card, you would use Up and Down to move the Broadcom
Ethernet adapter to the top of the list.
See Also: Network Adapter (page 230)
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you
are creating. You can install pre-boot operating system files for DOS, Linux, or Windows
Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 239).
Altiris® Boot Disk Creator 6.8 Help
230
Example: After installing the pre-boot operating system files for Windows PE, the Windows NIC
drivers that are available to create a Windows PE configuration display, and are automatically added
to the new configuration. If you select Auto-detect network adapter, Windows PE determines which
network adapter driver to use.
Select a driver from the network adapters driver list. You must create a new configuration for each
type of network adapter that is installed on client computers, unless you want to create a Multi-NIC
configuration. See Multi-Network Adapter Configurations (page 230). If you want to add or change
adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced.
See Advanced (page 231).
If the network adapter you want does not appear in the list, you can click Have Disk, Internet, or
Advanced (if they are available for the type of configuration you are creating) to add additional
drivers. See Have Disk (page 231), Internet (page 231), Advanced (page 231).
Field Definitions
Select this to have Windows PE auto-detect the type of adapter that is
in a client computers when the boot image runs.
Auto-detect network adapter:
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network
adapters can be downloaded from the manufacturer’s Web site and saved to a folder or a disk to be
installed later. New network adapters come with a floppy disk or CD to install the appropriate
drivers.
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download
the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and
connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want, and then
unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded will
be added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they will work correctly
when using DOS configurations. If you are creating a Linux or Windows PE configuration, this
option is not available. From the Network Adapter page, click Advanced. Refer to the following
properties and values.
Microsoft clients
•
EMM386 Memory (config.sys):
Append memory address information to this line in the
config.sys file.
•
Advanced settings (protocol.ini):
•
Memory (protocol.ini):
•
IRQ (protocol.ini): Add
Add parameters to the NIC section of the protocol.ini file.
Add parameters to the network setup section of the protocol.ini file.
parameters to the network setup section of the protocol.ini file.
Novell VLM clients
•
Emm386 memory (config.sys): Append
memory address information to this line in the
config.sys file.
•
Advanced settings (config.sys):
Add parameters to the NIC section of the net.cfg file.
Novell Client 32
•
Emm386 Memory (config.sys):
Append memory address information to this line in the
config.sys file.
•
Advanced settings (driver command line):
Add driver command-line entries to the landrv.bat
file.
Altiris® Boot Disk Creator 6.8 Help
231
TCP/IP Protocol Settings
This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default
protocol when client computers boot to automation on a Windows network. If you are using the IPX
protocol, Deployment Server uses its own IP stack to work on IPX networks.
Field Definitions
Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an
IP address from a DHCP server.
Use a static IP address: Select this option if you want a client computer, using this configuration, to
be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can
also enter a primary and secondary WINS address if you need to resolve IP addresses and naming
conventions. This option also requires that you create a configuration for each client computer, so
that the IP address is not the same for all computers.
Altiris Deployment Server Communication
This option lets you set communication properties for the Deployment Server. The Deployment
and Port fields are critical because they define how client computers establish
communications with the Deployment Server.
Server IP address,
Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk
configuration is set to 502. This would result in client computers not being able to communicate with
the Deployment Server, because the port numbers do not match. To establish communications
between client computers and the Deployment Server, change the Port field in the Boot Disk
configuration to 402.
Note: The settings on this page are only used if you create an automation boot image where the
Automation Agent needs to know how to find the Deployment Server. If you intend to create a
network boot disk, you can ignore this page by clicking Next, as none of the properties will be used
to create a network boot image.
To set the TCP port on the Deployment Server
1
From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration
applet > Options > Transport tab.
2
Enter the TCP port number.
3
Click OK.
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP
multicasting to find the Deployment Server. When client computers boot to automation using this
configuration, a multicast packet will broadcast across the network to find where the Deployment
Server is located.
•
Multicast IP address:
•
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
•
Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a
multicast packet will broadcast to the server you specify. If you leave this field blank, the
client computer will connect to any server responding to the multicast packet.
Enter a multicast IP address for client computers to send a broadcast
packet across the network to find the Deployment Server.
Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific
Deployment Server. You must select this option if your network adapter or network does not support
multicasting. See your network adapter documentation or call the manufacturer or consult with your
IT department for information.
•
Server IP address: Enter the IP address of the Deployment Server to access information stored
in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP
address is required.
Altiris® Boot Disk Creator 6.8 Help
232
•
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
Lock Keyboard
Select this option for additional security. This prevents someone on the remote computer from
ending the automation session and possibly accessing your network.
Network Configuration
This option lets you define how client computers connect to the Deployment Share or a file server
where image files are stored.
Window
Workgroup: Enter
the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter
a NetWare context for the server, and then select a Frame type if it is different than the default value
of 802.2.
User name: Enter the authorized user name that was set up when the Deployment Share directory was
created. If you did not assign a User name and Password when for the Deployment Share or file server
was created, leave this and the Password field blank.
Password:
Enter the password for the user name.
Confirm password: Enter the password for the user name as confirmation that you entered the proper
password in the Password field.
Network Drive Mappings and Mount Points
This option lets you set up drive mappings (for DOS and Windows PE) or mount points (for Linux)
so that when client computers boot to automation or a network prompt, they will connect to the
appropriate server. You can create multiple drive mappings or mount points. However, if you are
creating a DOS configuration, the first mapped drive you specify must connect to the Deployment
Share.
Field Definitions
Manually create drive mapping: Select this option if you want the drive mappings to be included in the
autoexec.bat file when client computers boot to automation.
By default, the mapped drive that displays is F: \\<Deployment Share server>\eXpress. Click
the drop-down arrow and select a different drive letter if F: is already in use.
Drive:
Enter the path for the Deployment Share. The path you enter will map to the drive letter you
selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are
unsure of the directory path or if the image files are store on a file server.
Path:
Example:
•
Windows users:
•
NetWare users:
•
Linux users:
\\server\share
server\volume:directory
//server/mount point
Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added
manually): Select this option if your network does not support NetBIOS name resolution for IP
addresses. Enter a Server name and IP address so that client computers can find the Deployment
Share where image files are stored.
Altiris® Boot Disk Creator 6.8 Help
233
Use NetWare login scripts to create drive mappings:
Select this option if you use NetWare and you
want login scripts to create the drive mappings.
WinPE Boot Option Settings
Select the boot model and optional components to include with this configuration.
Typically, you can use the default boot model unless you are experiencing driver detection problems.
If you plan on executing VB scripts, running HTML applications, or connecting to an SQL Server
database using ActiveX, select the necessary components.
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If
you find a setting mis-entered or not what you want, click Back to re-select the option. When you
click Finish, the Create Boot Disk Wizard automatically displays for the next process to begin. See
Automation Partitions, Network and Automation Boot Disks (page 236) and Edit Configurations
(page 234).
If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit
Configuration page displays next. See Edit Configurations (page 234).
Edit Configurations
This is the main Boot Disk Creator page that displays when you start the utility. If you are using Boot
Disk Creator from within the PXE Configuration Utility, this page displays at the end of the New
Configuration Wizard.
This feature lets you modify configurations that have already been created. As you select files and
folders from the treeview in the left pane, the configuration information displays in the right pane.
The display color changes to help you know the type of configuration you selected to view, edit, or
delete. The colors displayed are:
•
Black:
•
Blue:
•
Green: The configuration you selected or created is based on the Linux pre-boot environment.
•
Red: The
You have not selected or created any configurations.
The configuration you selected or created is based on the DOS pre-boot environment.
configuration you selected or created is based on the Windows PE pre-boot
environment.
To change configuration settings, right-click on a configuration folder and select Edit Configuration,
and then click Back until you find the page for the options that you want to change. You can also
make text edits to files (selected from the treeview) in the right pane.
All other files within a configuration can be edited as needed. However, after you edit a
configuration, Boot Disk Creator rewrites certain files within the configuration so that drive
mappings and mount points are always updated. The following files are rewritten after editing
configurations:
•
•
•
DOS - mapdrv.bat, unmapdrv.bat
Linux - mounts.local
WinPE - mapdrv.bat
See also: New Configuration Wizard (page 229), Install Pre-boot Operating System Files (page
239)
Altiris® Boot Disk Creator 6.8 Help
234
Additional Files
Boot Disk Creator lets you add additional files to folders that will either apply to a specific
configuration or to all configurations that are of the same type of pre-boot operating system.
However, any files you add to the global <OS> additional files folders will be written to the boot
image before the specific configuration files. If a file in the <OS> additional files folder is the same
name as a file in a specific configuration folder, it will be overwritten.
Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file
5684_Drivers exists in a specific configuration folder, then when the files are written to a boot
image, the file in the configuration folder will overwrite the file in the DOS additional files folder.
This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the
specific configuration file is the one that is written to the boot image, the result will not be as you
expected.
Add files to all configuration
When you install a pre-boot operating system, a new folder will be added to the bottom of the
treeview on the main page of Boot Disk Creator. If you install pre-boot operating system files and
the <OS> additional files folders do not display, press F5 to refresh Boot Disk Creator. The folders
that display are as follows:
•
DOS additional files
•
Linux additional files
•
WinPE additional files
Boot Disk Creator will copy the files from the <OS> additional files folders to all corresponding
operating system configurations and will be added to the boot images. These folders are considered
global, since they can affect configurations of the same type.
Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE
additional files folder. Each WinPE configuration you create will then add the files in the WinPE
additional files folder to the boot image.
Add files to a specific configuration
If you want to add files to a specific configuration only, and do not want to use the global feature of
the <OS> additional files folders, do the following:
1
Right-click a configuration in the treeview and select New > Folder. A new subfolder is created
in the treeview.
2
Enter a name for the folder so that you know they are added files.
3
To add files to the <OS> additional files folder, do one of the following methods:
•
Copy files from a network folder and Paste them into the configuration folder.
•
Right-click a configuration and select Add File. A browser dialog displays to navigate to the
file you want to add.
•
Right-click on a configuration and select File > Text file. A new empty text file is added to the
treeview. Enter a name for the file and write text as needed in the left pane.
Create PXE Boot Image Files (PXE)
This option is for Boot Disk Creator configurations created from within the PXE Configuration
Utility. Because PXE Servers download boot image files to client computers, after you select all the
properties for a New Configuration, Boot Disk Creator must know what type of image file to create.
Field Definitions
Automation PXE image: The automation agent for the type of pre-boot operating system configuration
you created will be added to the settings you selected throughout the New Configuration Wizard.
Altiris® Boot Disk Creator 6.8 Help
235
Network PXE image: The configuration you created will not contain an automation agent. When client
computers boot with this image file, they will map to a network server and be at a user’s prompt.
Force 2.88 MB PXE image:
Select this option to increase the size of PXE boot images.
PXE Boot Image Creation Complete
This page lets you know when the PXE boot image file is completed. Click Back to change the new
configuration settings for the boot menu option. When you click Finish, the boot menu option
displays in the Boot Menu tab.
Automation Partitions, Network and Automation Boot Disks
After you create a New Configuration, the Create Boot Disk (page 236) dialog automatically
displays. This process lets you select and create the method of booting a client computer to the
automation environment. If you install an automation partition on a client computer’s hard disk, then
deployment jobs can run automatically. However, you can create bootable media to manually boot
client computers to automation, and then run deployment jobs as needed. See New Configuration
Wizard (page 229).
Create Boot Disk
This dialog lets you create 3 different types of bootable media: an automation partition install
package, automation boot disks, or network boot disks. Each type of bootable media guides you
through a wizard to gather specific information required for the type of media you want to create.
The Create Boot Disk step numbers displayed at the top of the dialog page will vary depending on:
•
How the Create Boot Disk dialog was started
•
The type of media you selected to create
•
The pre-boot environment you specified in the configuration you created
However, based on your selections, Boot Disk Creator will display the appropriate dialog pages
when creating bootable media.
Example: If you right-click on a configuration in the treeview and select Install automation partition,
the number of dialog pages thereafter will be different than if you select the option, Create an
automation partition install package, from this page. Both options achieve the same result even though
the dialog steps may be different.
Select this option to close the Create Boot Disk dialog
without creating an automation boot disk, installer package, or network boot disk. You can select
any of these options from the Boot Disk Creator toolbar or from the File menu.
Choose this dialog and return to the editor:
Create an automation partition install package: Select this option to create an automation install
package that will install an embedded automation partition to any client computer on the network.
See Create an Automation Install Package (page 236).
Select this option to create automation boot disks so you can
manually boot a client computer to automation. See Create Automation Boot Disk (page 237).
Create an automation boot disk:
Create a network boot disk: Select this option to create network boot disks so you can manually boot
a client computer to a network server. See Create Network Boot Disk (page 238).
Create an Automation Install Package
This feature lets you create an automation installation setup package that will install an embedded
automation partition on a client computer when it executes. The installer package will run in a
production environment even though the New Configuration is based on the different pre-boot
operating system.
Altiris® Boot Disk Creator 6.8 Help
236
Example: You can create a DOS configuration but select to install the automation partition using an
installation setup package that runs in a Windows production environment.
Field Definitions
DOS bootable disk:
Select this option to install the automation partition using a DOS bootable disk.
Linux bootable disk: Select this option to install the automation partition using a Linux bootable disk.
Windows setup package: Select this option to install the automation partition using an installation
setup package that runs in a Windows production environment.
Select this option to install the automation partition using an
installation setup package that runs in a Windows CE .NET production environment.
Windows CE .NET setup package:
Create an embedded DOS automation partition (recommended):
Select this option to install an
embedded partition to a client computer’s hard disk.
Create a hidden DOS automation partition (for partitions greater than 50 MB): Select this option to install
a hidden automation partition.
Partition size in MB: The default partition size value will change, depending on the type of operating
system you selected. Example: If you are creating an automation partition for a Windows PE
configuration, then the partition size is 150-200 MB. However, the partition size for a DOS
configuration would range is only 5-50 MB.
By default, installation packages are stored in the Deployment Share
bwpkgs folder. The name of the configuration you selected before starting the Create Boot Disk
process is the name of the setup package unless you define it otherwise. Click Browse to navigate to
the folder where you want the setup package stored.
Installer package file path:
Run silent install:
Select this option to install the automation partition without user input.
Install the Altiris Deployment Agent for Windows (Aclient): Select this option to install the Deployment
Agent on client computers in the production environment after the automation partition is installed.
If you selected to install the Deployment Agent (above), click this button to set limited
properties for the Deployment Agent.
Advanced:
This is a progress page to display the automation installation
package process. The process does the following: Copying files to production area, Creating the FRM
files, Preparing install environment, Inserting into the installer package.
Creating automation partition installer:
After the automation partition installation package is created, the
Boot Disk Creation Complete page displays, and confirms where the installer package is located.
The setup package is located at:
Create Automation Boot Disk
This feature lets you create automation boot disks to manually boot a client computer to the
automation environment so deployment jobs can run. Automation boot disks give you greater
flexibility because you can physically go to any client computer on the network and boot to
automation, so long as the client computer can connect to the Deployment Server.
Field Definitions
Bootable ISO CD Image:
Select this option to create an ISO CD boot image.
ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party
software to burn the ISO image to a CD.
Bootable disk: Select this option to create a boot disk that can be used at client computers to manually
boot to automation or manually install an automation partition. Click the drop-down arrow to select
bootable media from the list. All the drives listed will display the physical drive number instead of
the logical drive letter.
Altiris® Boot Disk Creator 6.8 Help
237
Rescan drives: If you attach a USB flash drive to the server, but it is not displayed in the Bootable
disk drop-down list, you can click this button to rescan the physical drives that are attached to the
server. A list of available drives will be updated in the drop-down list.
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-down list, but
you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using
displays in Windows as Fixed instead of Removable. Select this option to display all drives attached
to the server.
Create Network Boot Disk
This feature lets you create a network boot disk that you can use at any client computer on the
network. The properties you defined when creating the New Configuration will map a drive to a
specified server when a client computer uses a network boot disk. You will then have access to the
network server’s system to execute and manipulate files manually.
Field Definitions
Bootable ISO CD Image:
Select this option to create an ISO CD boot image.
ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party
software to burn the ISO image to a CD.
Bootable disk: Select this option to create a boot disk that can be used at client computers to manually
boot to a network server. Click the drop-down arrow to select bootable media from the list. All the
drives listed will display the physical drive number instead of the logical drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it is not displayed in the Bootable
disk drop-down list, you can click this button to re-scan the physical drives that are attached to the
server. A list of available drives will be updated in the drop-down list.
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-down list, but
you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using
displays in Windows as Fixed instead of Removable. Select this option to display all drives attached
to the server.
Remove Automation Partition
This feature lets you remove an automation partition on a client computer’s hard disk. You can
create bootable CDs, flash drives, and floppy disks to use manually at the client computers, or you
can create a Windows uninstall package that can be distributed to a client computer through a
deployment job. You could also create a network boot disk, connect to a specific server where the
Windows uninstall package is stored, and then run the executable from the client computer.
Field Definitions
DOS bootable disk:
Select this option to remove an automation partition using a DOS bootable disk.
Linux bootable disk: Select this option to remove an automation partition using a Linux bootable disk.
Windows setup package:
Select this option to remove an automation partition using an installation
setup package that runs in a Windows production environment.
Windows CE .NET setup package:
Select this option to remove an automation partition using an
installation setup package that runs in a Windows CE .NET production environment.
Bootable ISO CD Image:
Select this option to create an ISO CD boot image that will remove an
automation partition.
ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party
software to burn the ISO image to a CD.
Altiris® Boot Disk Creator 6.8 Help
238
Bootable disk: Select this option to create a boot disk that removes an automation partition from a
client computer. Click the drop-down arrow to select bootable media from the list. All the drives
listed will display the physical drive number instead of the logical drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it is not displayed in the Bootable
disk drop-down list, you can click this button to re-scan the physical drives that are attached to the
server. A list of available drives will be updated in the drop-down list.
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-down list, but
you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using
displays in Windows as Fixed instead of Removable. Select this option to display all drives attached
to the server.
Import Configuration Files
The configuration format has changed from all previous versions of Boot Disk Creator. This is
because of increased support and functionality that Boot Disk Creator now provides. However, you
can save previously created configurations by using the Import Previous Version Configuration
Files dialog to convert the configuration’s format to this release. Configuration files that are
successfully imported can be used to support automation and imaging on client computers.
Note: There may be some instances when older configuration files cannot be converted to the new
file format. Files that do not import successfully will have to be recreated configurations using the
New Configuration Wizard in this version of Boot Disk Creator.
Field Definitions
Directory:
Browse:
Enter a path to where the configuration files that you want to convert are located.
Click to navigate to the directory path where configuration files are located.
Config File Name: This is the name of the old configuration files that you have selected to convert and
import into this release of Boot Disk Creator.
Description:
This is the description for the old configuration files.
To import configuration files
1
Open the Boot Disk Creator Utility.
2
Click File > Import.
Missing Files for Processor Types
For the most part, Boot Disk Creator configurations are independent of architecture. However, if you
manually add executables to a configuration which supports multiple processor types, you need to
make sure you provide a version of the file for each architecture you have included.
For example, If you have x86 and x64 versions of the Linux preboot environment selected for a
configuration, and you add an executable, Boot Disk Creator checks the file header to see which
architectures the executable supports. If not all architectures you have installed are supported by the
file you added, this screen appears prompting you to add additional files or ignore the warning.
Install Pre-boot Operating System Files
Boot Disk Creator requires that you install the pre-boot operating system files for at least one preboot environment before you can create new configurations. Boot Disk Creator uses these files when
creating configurations and boot images. You can install all supported pre-boot operating system
files at the same time, or you can select to install only those pre-boot environments you want to use.
You can install FreeDOS and MS-DOS, but you must select which DOS version you want to run
since you cannot run both versions at the same time.
Altiris® Boot Disk Creator 6.8 Help
239
Example: you can install the DOS and Windows PE pre-boot operating system files to start creating
configurations to support your infrastructure, which currently does not have a need for Linux boot
images. After working with Deployment Server and Boot Disk Creator, you decide you want to
create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating
System Files dialog at any time to install the Linux system files, or of the other pre-boot operating
system files.
When you install the pre-boot operating system files for DOS (page 240), Linux (page 241), or
Windows PE (page 241), a checkmark next to the operating system name indicates that the files have
been successfully installed. The operating system version number displays (except for MS-DOS),
and the Install button changes to display Update.
If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files.
However, any existing operating system files will be deleted before the newer files are installed.
Example: If you installed Windows PE, and Altiris supports a newer version that becomes available,
click Update to install the new files. All existing Windows PE files will be deleted from the hard disk
before the new files are installed. If you experience any problems with the new version of Windows
PE, you will have to install the older version to restore Boot Disk Creator functionality for Windows
PE.
To install pre-boot operating system files
•
Click the Install button next to the pre-boot operating system that you want to install.
DOS
You can install FreeDOS (page 240), MS-DOS (page 240) or both. However, you can only run one
version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to
select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be
downloaded from the Altiris Solution Center Web site and then saved to any location on the network.
When newer versions of FreeDOS become available, an updated .frm file will be available online
through Deployment Solution Hot Fixes or Service Pack releases.
Note: FreeDOS may not support newer motherboard chip-sets.
MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system
formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly.
Use Microsoft Windows 98 installation CD:
Select to install MS-DOS from an original Microsoft
Windows 98 installation CD.
Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed
below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator
only installs DOS files from the A drive. If you select B-Floppy Drive from the drop-down list, Boot
Disk Creator will still try to read data from the A-Floppy Drive.
Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator.
Boot Disk Creator requires the following MS-DOS files.
MS-DOS files
Required
Optional
HIMEM.SYS
EDIT.COM
EMM386.EXE
MEM.EXE
SMARTDRV.EXE
ATTRIB.EXE
Altiris® Boot Disk Creator 6.8 Help
240
MS-DOS files
Required
Optional
SYS.COM
MODE.COM
XCOPY32.MOD
FORMAT.COM
FDISK.EXE
Important: The SMARTDRV.EXE file is required for all computers running a scripted install in
Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm
file can be downloaded from the Altiris Solution Center Web site and then saved to any location on
the network. When newer versions of Linux become available, an updated .frm file will be available
online through Deployment Solution Hot Fixes or Service Pack releases.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you
install Windows PE, you will be asked to supply 2 CDs: Windows PE 2005 and Windows Server
2003 SP1.
In most instances, the Welcome to Microsoft(R) Windows(R) Server 2003 page displays after
inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows
Server.
There are two dialog pages to complete the Windows PE installation. You will first be asked to
provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating
system CD you need to enter for each of these pages.
Example: On the Windows PE CD page, the text displays Windows PE 2005 (Windows Server 2003while the Windows CD page displays Windows Server 2003-SP1 (Windows PE 2005). The first
operating system listed on each page is the CD you want to use.
SP1),
Altiris® Boot Disk Creator 6.8 Help
241
PXE Configuration Utility
Altiris PXE Configuration Utility integrates with Altiris Deployment Solution and lets you manage
all PXE Servers across the network. PXE Configuration has been completely rewritten to give you
more capability in working with Deployment Server, which allows administrators greater flexibility
when performing the following tasks:
•
Creating boot menu options
•
Installing BIS Certificates
•
Creating boot disks, and network PXE images
•
Assigning pre-boot environments to tasks within deployment jobs
•
Setting properties to customize specific PXE Server
•
Setting the boot menu option order for client computers
PXE Server has also been added to Role Based Security to ensure that only those users authorized
can make changes to boot menu options.
If you select Deployment Solution Simple Install and Install PXE Server, they will both install to the
same server. If you select Custom Install and Install PXE Server, you can choose to install them to
separate servers. However, regardless of the PXE install options you select, PXE Manager will
always install on the Deployment Server. See the Deployment Solution Product Guide.
PXE Manager
PXE Manager is a service that synchronizes Deployment Server and all PXE Servers installed and
configured across the network. It keeps track of all PXE Server boot menu options, and whether they
are Shared or Local. PXE Manager also gathers data from all PXE Servers and stores the information
in the PXE Manager.ini file. Whether you are in Use Shared properties or select a server to Customize
PXE Server (Shared Configuration), the changes you make to the properties settings will be saved to
the PXE Manager.ini file when you click the Save button. Then, when you close the PXE
Configuration Utility, PXE Manager creates and distributes the appropriate PXE.ini file for each
PXE Server on the network. See PXE Manager (page 259).
Shared or Local boot menu options
When you start the PXE Configuration Utility, you can select which properties you want to set. The
Use Shared properties option lets you create Shared boot menu options that will be used by all PXE
Servers on the network. When you select a specific PXE Server from the File menu, you can select
the Customize PXE Server (Shared Configuration) option that lets you change any of the shared
properties for that specific server. By default, PXE Configuration will always start in the Use Shared
properties mode. See Boot Menu Tab (page 243).
The boot menu options you create will display as a menu list on client computers when a PXE boot
operation is performed. You can set the order of the boot menu options and select which menu option
you want as the default. Previous users of Altiris PXE Server will notice that Initial Deployment and
ManagedPC are no longer boot menu options. You can still perform an Initial Deployment, but now
you can select DOS, Linux, or Microsoft Windows Preinstallation Environment (Windows PE) as
the pre-boot automation environment. By default, the pre-boot operating system selected at install
time will be set for Initial Deployment. See DS Tab (page 257).
Altiris® PXE Configuration Utility Help
242
Boot Disk Creator and PXE Configuration
Boot Disk Creator is now integrated with the PXE Configuration Utility, so that you can keep track
of the boot menu options you create, edit, and delete. When you select a boot menu option to edit or
delete using the Boot Disk Creator method, the Summary page displays the MenuOption<number>, so
you always know which boot menu option you are working with. See Boot Menu Tab (page 243)
and Edit Shared Menu Option (page 246).
PXE Server provides 3 different methods of creating boot menu options: the New Configuration
Boot Disk Creator, importing Direct from floppy, and User supplied, which is for more
advanced users. For each boot menu option created, there is a boot image stored on the PXE Server.
A boot image consists of a file or set of files. When client computers perform a PXE boot, a menu
list displays for users to select a boot menu option. PXE Server downloads the boot image that
corresponds with the boot menu option that the user selects. See New Shared Menu Option (page
245).
Wizard from
Automation Tasks
Only Shared boot menu options can be assigned to a task in a deployment job. The tasks the can run
in automation are:
•
Run script
•
Create Disk Image
•
Distribute Disk Image
•
Scripted OS Install
•
Backup Registry
•
Restore Registry.
When a client computer performs a PXE boot, the Deployment Agent verifies if there is work to
complete. If so, the client computer boots to automation and performs the deployment jobs that have
been assigned. If there are no deployment jobs for the client computer, the Local Boot menu option
is automatically selected.
Example: If a deployment job contains the task Create Disk Image, and the Automation - PXE or
Bootworks environment (DOS/Windows PE/Linux) field is assigned to DOS - Broadcom, then when
client computer executes the task, it will use DOS - Broadband as the automation environment.
the
Additional tasks within the same job may be assigned a different boot menu option, yet each task
will execute in the automation environment you want. See the Deployment Solution Product Guide.
See also: Boot Menu Tab (page 243), PXE Server Tab (page 256), DS Tab (page 257), MAC Filter
Tab (page 258), Multicast Tab (page 259), BIS Tab (page 260), Data Logs Tab (page 260), Remote
PXE Installation (page 261).
To open PXE Configuration
Option 1:
•
From the Deployment Console, click PXE Configuration on the toolbar. You can also click Tools
> PXE Configuration.
Option 2:
1
Click Start > Programs > Altiris > PXE Services > PXE Configuration Utility.
2
Click each tab to set the category in the PXE Server properties.
Boot Menu Tab
This lets you create, edit, and delete boot menu options, set the boot menu order, define the prompt
for users, append the server name to the prompt, and set the user’s time-out response when the boot
menu list displays on client computers. PXE boot menu options can be either local or shared,
depending on whether you select Use Shared properties or Customize PXE Server.
Altiris® PXE Configuration Utility Help
243
When you manage all PXE Servers (Shared) across the network, the page displays Boot Menu Option
at the top of the page and above the list of configurations.
When you select a specific server (Local) from the File menu, the page displays Boot Menu Option for
PXE Server: (name of Server). This will help you identify which mode you are working in.
for PXE Server: (Shared Configuration)
By default, PXE Configuration Utility opens to the last saved action, which could be either Shared
Configuration or Custom PXE Server mode. The boot menu options listed are for all PXE Servers, so
the Scope is always Shared. The OS field indicates the type of pre-boot operating system files used
to create the boot menu option. If you select a PXE Server from the File menu, the window displays
the boot menu option for the PXE Server selected. The Scope field displays both Shared and any new
boot menu options you create displays Local. The OS field is the same as in the Shared mode. If an
existing DS job uses a boot menu item, Yes is displayed in the In use by DS field.
The following colors are used to denote which automation operating system is used by each
configuration:
•
Blue:
•
Green:
•
Red:
DOS configuration
Linux configuration
Windows PE configuration
Note: When an item is in use by the Deployment Server, you cannot delete the item from the PXE
Configuration Utility. You can delete an item only when it is not in use by the Deployment Server.
To delete an item, you have to disable the boot menu item from the DS job. After the boot menu item
is disabled, restart the PXE Config Utility. In the In use by DS field Yes is not displayed, and you can
delete the boot menu item.
To identify the boot menu items used in the jobs
1
Double-click a task in the job.
Example: Create Disk Image. The Create Disk Image dialog opens.
2
Click the Automation pre-boot environment (DOS/Windows PE/Linux) drop-down list.
If a PXE boot menu item is used by the job, it is displayed in the drop-down list.
You can perform the steps given above to view if the other boot menu items are used by the other
jobs.
View Area
When you are in Shared Configuration mode, only configurations you create for all PXE Servers is
displayed in the view area. When you are in Customize PXE Server <server name> mode, both Shared
and Local configurations display. You cannot create a configuration named the same as any other
configuration in the view area, regardless of the mode you are in.
Example: if you are in Customize PXE Server <server name> mode, you can view both Shared and
Local configuration. You can create a Local configuration named DOS Clients since there are no
others with the same name. Then, you change to Shared Configuration mode and create a
configuration named DOS Clients because the Local configuration of the same name does not
display in the view area. When you change back to Customize PXE Server <server name> mode, both
DOS Clients configurations display in the view area. When client computers perform a PXE boot,
both configurations display and user’s will not know which boot menu option to select. See Redirect
Shared Boot Menu Option (page 246).
Boot Menu Options for PXE Server: <Shared Configuration>
Name: This is the name of the PXE item that will display on client computers after a PXE boot
operation is performed.
Scope: Shared indicates that the configuration is available on multiple PXE Servers in an
environment where they are all serviced by a single Deployment Server. Local indicates the
configuration was created for a specific PXE Server.
OS:
The operating system that the configuration will use to boot on client computers.
Up and Down: Select to order boot options. The top boot option is the default that runs automatically
if no other option is selected from the PXE Server menu.
Altiris® PXE Configuration Utility Help
244
New: Click to open a dialog box to add a new boot menu option. See New Shared Menu Option (page
245).
Edit:
Click to modify properties for boot menu options. See Edit Shared Menu Option (page 246).
Delete: Select
a boot menu option from the list and click Delete. You are not allowed to delete boot
menu options if they are assigned to a task within a deployment job. Go to the Deployment Console,
open the appropriate deployment job, and delete the task or change the Automation - PXE or
Bootworks environment (DOS/Windows PE/Linux) field before you try to delete the boot menu option.
Boot Menu Properties
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Use Shared properties:
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
PXE Server you selected.
Prompt: This
is the user prompt for the PXE boot menu list when it displays on client computers.
You can change the text message but not the <F8> command, as it is still required to perform a PXE
boot option.
Append server name: Select this option to have the PXE Server name listed following the prompt on
client computers when the boot menu list displays. This helps users know which PXE Server is
servicing their client computer.
Time-out: This is the length of time the prompt is displayed before the boot process starts. If the user
does not press the <F8> key within the time-out period, the default boot option runs.
Save: Click to save all changes you made to the PXE Manager.ini file. When you close the PXE
Configuration Utility, PXE Manager creates and sends PXE.ini files to each PXE Server on the
network. You can view the status of these updates on the Status tab.
New Shared Menu Option
The PXE Configuration Utility lets you create up to 23 boot menu options that can be selected from
client computers. When a PXE-enabled client computer makes a request to the PXE Server, the PXE
Server will download a boot menu list for users to select a boot option.
This dialog page also integrates with Boot Disk Creator as it lets you create new automation
configurations from within the PXE Configuration Utility. However, all the configurations you
create from this dialog, are meant for PXE Servers and the client computers that use PXE as their
primary boot option.
Menu Item Properties
This is the name of the PXE configuration that will display as a boot item when the PXE
menu downloads to client computers after a PXE boot operation is performed.
Name:
Allow as default PXE boot option: Select this option to move the configuration you are creating to the
top of the boot menu, so that it becomes the default boot option on client computers. It you do not
select this option, the Up button is active to move the configuration up the menu list but becomes
inactive if you try to move the configuration to the default boot position.
Select the operating system and processor type for the configuration you
are creating, then select the method you want to use to create the configuration. If an operating
system has an asterisk next to it, then the pre-boot operating system files must be installed before
Boot Disk Creator starts the New Configuration Wizard. See Install Pre-boot Operating System Files
(page 247).
Pre-boot Image Properties:
This field can help you identify which PXE item you are configuring.
PXE configurations are stored in the default directory of C:\Program
Files\Altiris\eXpress\Deployment Server\PXE\Images\MenuOption<number>. The MenuOption
number increments each time you create a new configuration.
Final Location on PXE Server:
Altiris® PXE Configuration Utility Help
245
Image creation method
Boot Disk Creator: This lets you start the New Configuration Wizard from Boot Disk Creator. Any
configurations you create or edit using this method will be for PXE boot menu items only. New
Configuration Wizard (page 249).
Direct from floppy: Select this option if you want the PXE Server to read a configuration file from a
floppy. See Import Boot Menu Options (page 247).
User supplied: This is for advanced users. If you select this option, you must select Other in the
Operating System area. The Location field will display the path where the new configuration is
stored. The folder MenuOption<Number> is created as a subfolder of MasterImages, but no
configuration files are stored there until advanced users add the configuration files manually. See
Import Boot Menu Options (page 247).
Create Boot Image: You must enter a descriptive name for the PXE configuration in the Name field
before this button becomes active. The New Configuration Wizard from Boot Disk Creator starts
unless you have not installed the pre-boot operating system files for the type of configuration you
want to create. The Install Pre-boot Operating System Files dialog will display before the New
Configuration Wizard starts if you need to install the pre-boot operating system files. See Install Preboot Operating System Files (page 247) and New Configuration Wizard (page 249).
Edit Shared Menu Option
When you are in Shared Configuration mode, only Shared configuration display in the view area of
on the Boot Menu tab. The Edit button is displayed when you select any of the Shared boot menu
options. However, if you are in Customize PXE Server: <server name> mode the Edit button
displays when you select any Local boot menu options, but the Redirect button displays when you
select a Shared boot menu option. See Redirect Shared Boot Menu Option (page 246).
To edit Shared or Local boot menu options
1
Select a boot menu option from the view area on the Boot Menu page, and click Edit.
2
If you selected Boot Disk Creator as the Image Creation Method, click Edit Boot Image. The Edit
Configuration page from the New Configuration Wizard will only display the
MenuOption<number> you selected from the Boot Menu page.
3
To make changes, right-click on the MenuOption<number> and select Edit Configuration, or click
Edit on the Edit Configuration page until you find the options you want to change.
See also: Edit Configurations (page 254) and Boot Menu Tab (page 243).
Redirect Shared Boot Menu Option
This option lets you select a Shared configuration from the Customize PXE Server <server name>
mode and redirect it to a Local configuration, which gives you greater flexibility in managing all
deployment jobs.
Example: Your main office is in Utah and there are 2 satellite offices, one in Los Angeles and the
other in New York, you can send a single deployment job to all client computers and have each
satellite office use its own Local configuration to boot to automation and access images.
Deployment Server lets you select the Automation - PXE or Bootworks environment (DOS/Windows PE/
Linux) configuration from the drop-down list when setting up imaging jobs. However, only Shared
configurations are displayed in the list. When the Deployment Server sends the job to client
computers, the Deployment Agent receives a message that it must boot to automation. Client
computers that are PXE-enabled will find the nearest PXE Server and receive the boot image files
needed to boot to automation.
When Redirect is used, the Shared configuration selected for the automation task within the
deployment job, can point to a Local configuration so that when client computers are booting to
automation, the Local configuration will be used to access local network servers and images.
Altiris® PXE Configuration Utility Help
246
To redirect a Shared boot menu option
1
From the PXE Configuration Utility, click File.
2
Select a PXE Server. (This is the Customize PXE Server <server name> mode.)
3
Click on a Shared configuration, and click Redirect.
4
Click the drop-down arrow and select a Local configuration from the list.
5
Click OK. The Shared configuration displays the redirected configuration in the list.
Import Boot Menu Options
This option lets you import boot menu options that were created using Third Party imaging software,
or previous versions of Altiris PXE Server.
Option 1:
1
From the New Shared Menu Option dialog, select Direct from floppy and click Import Boot Image.
2
Insert a floppy disk. The path and name of the new MenuOption<number> displays.
3
Click Next. A progress bar displays the PXE boot file image being read as it is imported.
4
Click Finish.
Option 2:
1
From the New Shared Menu Option dialog, select User Supplied.
2
Copy the PXE files you want in the MenuOption<number> folder.
3
Click OK.
Regenerate Boot Images
This lets you regenerate all of the PXE configurations which are using the selected operating system.
If you make updates to the core automation operating system, such as installing a new version of
Linux, this lets you apply those updates without needed to re-create affected configurations.
Install Pre-boot Operating System Files
Boot Disk Creator requires that you install the pre-boot operating system files for at least one preboot environment before you can create new configurations. Boot Disk Creator uses these files when
creating configurations and boot images. You can install all supported pre-boot operating system
files at the same time, or you can select to install only those pre-boot environments you want to use.
You can install FreeDOS and MS-DOS, but you must select which DOS version you want to run
since you cannot run both versions at the same time.
Example: you can install the DOS and Windows PE pre-boot operating system files to start creating
configurations to support your infrastructure, which currently does not have a need for Linux boot
images. After working with Deployment Server and Boot Disk Creator, you decide you want to
create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating
System Files dialog at any time to install the Linux system files, or of the other pre-boot operating
system files.
When you install the pre-boot operating system files for DOS (page 248), Linux (page 249), or
Windows PE (page 249), a checkmark next to the operating system name indicates that the files have
been successfully installed. The operating system version number displays (except for MS-DOS),
and the Install button changes to display Update.
If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files.
However, any existing operating system files will be deleted before the newer files are installed.
Altiris® PXE Configuration Utility Help
247
Example: If you installed Windows PE, and Altiris supports a newer version that becomes available,
click Update to install the new files. All existing Windows PE files will be deleted from the hard disk
before the new files are installed. If you experience any problems with the new version of Windows
PE, you will have to install the older version to restore Boot Disk Creator functionality for Windows
PE.
To install pre-boot operating system files
1
From the Boot Menu tab, click New.
2
Click Add pre-boot and follow the prompts.
DOS
You can install FreeDOS (page 248), MS-DOS (page 248) or both. However, you can only run one
version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to
select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be
downloaded from the Deployment Solution download site on altiris.com and then saved to any
location on the network. When newer versions of FreeDOS become available, an updated .frm file
will be available online through Deployment Solution Hot Fixes or Service Pack releases.
When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply
the new version to your existing configurations.
Note: FreeDOS may not support newer motherboard chip-sets.
MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system
formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly.
Use Microsoft Windows 98 installation CD:
Select to install MS-DOS from an original Microsoft
Windows 98 installation CD.
Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed
below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator
only installs DOS files from the A drive. If you select B-Floppy Drive from the drop-down list, Boot
Disk Creator will still try to read data from the A-Floppy Drive.
When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply
the new version to your existing configurations.
Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator.
Boot Disk Creator requires the following MS-DOS files.
MS-DOS files
Required
Optional
HIMEM.SYS
EDIT.COM
EMM386.EXE
MEM.EXE
SMARTDRV.EXE
ATTRIB.EXE
SYS.COM
MODE.COM
XCOPY32.MOD
FORMAT.COM
FDISK.EXE
Altiris® PXE Configuration Utility Help
248
Important: The SMARTDRV.EXE file is required for all computers running a scripted install in
Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm
file can be downloaded from the Deployment Solution download site on altiris.com and then saved
to any location on the network. When newer versions of Linux become available, an updated .frm
file will be available online through Deployment Solution Hot Fixes or Service Pack releases.
When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply
the new version to your existing configurations.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you
install Windows PE, you will be asked to supply 2 CDs: Windows PE 2005 and Windows Server
2003 SP1.
In most instances, the Welcome to Microsoft(R) Windows(R) Server 2003 page displays after
inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows
Server.
There are two dialog pages to complete the Windows PE installation. You will first be asked to
provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating
system CD you need to enter for each of these pages.
Example: On the Windows PE CD page, the text displays Windows PE 2005 (Windows Server 2003while the Windows CD page displays Windows Server 2003-SP1 (Windows PE 2005). The first
operating system listed on each page is the CD you want to use.
SP1),
When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply
the new version to your existing configurations.
New Configuration Wizard
You can create as many configurations as needed to support varying types of computer
environments. Before you begin, you must install the pre-boot operating system files that Boot Disk
Creator uses to create new configurations. See Install Pre-boot Operating System Files (page 247).
To start the New Configuration Wizard, click the button on the toolbar of the
Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or
Windows PE. You must enter a name of for the configuration to make the Pre-boot Operating System
for this Configuration fields active. The description field is optional but helps you to know what the
configuration contains, such as the file server type, NIC drivers, and any additional files you want
to add.
Field Definitions
Name: The configuration name you enter displays in the Configurations treeview after the wizard is
completed.
Altiris® PXE Configuration Utility Help
249
Enter a description for the configuration. (Example: enter the type of computer,
operating system, network adapter, and any other characteristics that will help you identify this
particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if
you select the configuration from the treeview, the description you entered for this field displays at
the top of the right pane.
Description:
Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and
Windows PE operating systems to create pre-boot environments. Select the pre-boot operating
system, and then click Install Pre-boot Operating System Files (page 247) to install pre-boot
operating system files.
File Server Type (DOS)
The Deployment Share stores image files, packages, and data files. By default, the Deployment
Share is installed to the Deployment Server, but it can be on another server, depending on the
whether you selected a Simple or Custom Deployment Solution installation.
Field Definitions
Select this option to store images on a Microsoft server using TCP/IP network
communications (recommended). However, if you use IPX to communicate with a Microsoft server,
select the IPX checkbox at the bottom of the page.
Microsoft Windows:
Create multi-network adapter configuration: Select this option to add multiple network adapter drivers
to a single PXE boot file configuration. This feature lets you build configuration files to boot
multiple computers that contain different types of network adapter cards. See Multi-Network
Adapter Configurations (page 250).
Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using
IPX network communications.
Novell NetWare (Client32):
Select this option to store images on a NetWare server with 32-bit clients.
Use IPX to communicate with Netware: Select
Novel NetWare (Client32) server.
this checkbox if IPX is the network protocol for the
Multi-Network Adapter Configurations
If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported
drivers displays. You can select Multi-NIC drivers to be included in the configuration by pressing
Shift-Click or Ctrl-Click. After a client computer boots using a multi-network adapter configuration,
Boot Disk Creator applies the driver that matches the first network adapter card that it detects.
Example: if you are going to use the multi-network adapter configuration for several different client
computers, this option can save you time and effort in booting different computers. However, if a
client computer has 2 NIC cards and you use the multi-network adapter configuration to boot the
computer, the first NIC card is detected and can potentially be the wrong network adapter required
to connect to the Deployment Server.
Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers
can connect to a network or Deployment Server, depending on whether you create automation
partitions, or network or automation boot disks. The Have Disk (page 251) button lets you install
network adapter drivers from a disk, CD, or network folder. The Internet (page 251) button lets you
connects to an Altiris supported web site to download and install network adapter drivers. The
Advanced (page 251) button lets you further define network adapters and their drivers.
Multiple Network Adapters Load Order
This option is for DOS and Windows PE configurations only. This lets you specify which order the
physical network adapters will be detected when the client computer boots.
Altiris® PXE Configuration Utility Help
250
Example: If most client computers have a Broadcom Ethernet adapter, but some computers have a
3Com10/100 LAN PC Card Fast Ethernet card, you would use Up and Down to move the Broadcom
Ethernet adapter to the top of the list.
See Also: Network Adapter (page 251)
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you
are creating. You can install pre-boot operating system files for DOS, Linux, or Windows
Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 247).
Example: After installing the pre-boot operating system files for Windows PE, the Windows NIC
drivers that are available to create a Windows PE configuration display, and are automatically added
to the new configuration. If you select Auto-detect network adapter, Windows PE determines which
network adapter driver to use.
Select a driver from the network adapters driver list. You must create a new configuration for each
type of network adapter that is installed on client computers, unless you want to create a Multi-NIC
configuration. See Multi-Network Adapter Configurations (page 250). If you want to add or change
adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced.
See Advanced (page 251).
If the network adapter you want does not appear in the list, you can click Have Disk, Internet, or
Advanced (if they are available for the type of configuration you are creating) to add additional
drivers. See Have Disk (page 251), Internet (page 251), Advanced (page 251).
Field Definitions
Select this to have Windows PE auto-detect the type of adapter that is
in a client computers when the boot image runs.
Auto-detect network adapter:
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network
adapters can be downloaded from the manufacturer’s Web site and saved to a folder or a disk to be
installed later. New network adapters come with a floppy disk or CD to install the appropriate
drivers.
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download
the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and
connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want, and then
unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded will
be added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they will work correctly
when using DOS configurations. If you are creating a Linux or Windows PE configuration, this
option is not available. From the Network Adapter page, click Advanced. Refer to the following
properties and values.
Microsoft clients
•
EMM386 Memory (config.sys):
Append memory address information to this line in the
config.sys file.
•
Advanced settings (protocol.ini):
•
Memory (protocol.ini):
•
IRQ (protocol.ini): Add
Altiris® PXE Configuration Utility Help
Add parameters to the NIC section of the protocol.ini file.
Add parameters to the network setup section of the protocol.ini file.
parameters to the network setup section of the protocol.ini file.
251
Novell VLM clients
•
Emm386 memory (config.sys): Append
memory address information to this line in the
config.sys file.
•
Advanced settings (config.sys):
Add parameters to the NIC section of the net.cfg file.
Novell Client 32
•
Emm386 Memory (config.sys):
Append memory address information to this line in the
config.sys file.
•
Advanced settings (driver command line):
Add driver command-line entries to the landrv.bat
file.
TCP/IP Protocol Settings
This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default
protocol when client computers boot to automation on a Windows network. If you are using the IPX
protocol, Deployment Server uses its own IP stack to work on IPX networks.
Field Definitions
Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an
IP address from a DHCP server.
Use a static IP address: Select this option if you want a client computer, using this configuration, to
be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can
also enter a primary and secondary WINS address if you need to resolve IP addresses and naming
conventions. This option also requires that you create a configuration for each client computer, so
that the IP address is not the same for all computers.
Altiris Deployment Server Communication
This option lets you set communication properties for the Deployment Server. The Deployment
and Port fields are critical because they define how client computers establish
communications with the Deployment Server.
Server IP address,
Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk
configuration is set to 502. This would result in client computers not being able to communicate with
the Deployment Server, because the port numbers do not match. To establish communications
between client computers and the Deployment Server, change the Port field in the Boot Disk
configuration to 402.
Note: The settings on this page are only used if you create an automation boot image where the
Automation Agent needs to know how to find the Deployment Server. If you intend to create a
network boot disk, you can ignore this page by clicking Next, as none of the properties will be used
to create a network boot image.
To set the TCP port on the Deployment Server
1
From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration
applet > Options > Transport tab.
2
Enter the TCP port number.
3
Click OK.
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP
multicasting to find the Deployment Server. When client computers boot to automation using this
configuration, a multicast packet will broadcast across the network to find where the Deployment
Server is located.
•
Enter a multicast IP address for client computers to send a broadcast
packet across the network to find the Deployment Server.
Multicast IP address:
Altiris® PXE Configuration Utility Help
252
•
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
•
Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a
multicast packet will broadcast to the server you specify. If you leave this field blank, the
client computer will connect to any server responding to the multicast packet.
Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific
Deployment Server. You must select this option if your network adapter or network does not support
multicasting. See your network adapter documentation or call the manufacturer or consult with your
IT department for information.
•
Server IP address: Enter the IP address of the Deployment Server to access information stored
in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP
address is required.
•
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
Network Configuration
This option lets you define how client computers connect to the Deployment Share or a file server
where image files are stored.
Window
Workgroup: Enter
the workgroup for the Deployment Share or file server.
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter
a NetWare context for the server, and then select a Frame type if it is different than the default value
of 802.2.
User name: Enter the authorized user name that was set up when the Deployment Share directory was
created. If you did not assign a User name and Password when for the Deployment Share or file server
was created, leave this and the Password field blank.
Password:
Enter the password for the user name.
Confirm password: Enter the password for the user name as confirmation that you entered the proper
password in the Password field.
Network Drive Mappings and Mount Points
This option lets you set up drive mappings (for DOS and Windows PE) or mount points (for Linux)
so that when client computers boot to automation or a network prompt, they will connect to the
appropriate server. You can create multiple drive mappings or mount points. However, if you are
creating a DOS configuration, the first mapped drive you specify must connect to the Deployment
Share.
Field Definitions
Manually create drive mapping: Select this option if you want the drive mappings to be included in the
autoexec.bat file when client computers boot to automation.
By default, the mapped drive that displays is F: \\<Deployment Share server>\eXpress. Click
the drop-down arrow and select a different drive letter if F: is already in use.
Drive:
Enter the path for the Deployment Share. The path you enter will map to the drive letter you
selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are
unsure of the directory path or if the image files are store on a file server.
Path:
Example:
Altiris® PXE Configuration Utility Help
253
•
Windows users:
•
NetWare users:
•
Linux users:
\\server\share
server\volume:directory
//server/mount point
Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added
manually): Select this option if your network does not support NetBIOS name resolution for IP
addresses. Enter a Server name and IP address so that client computers can find the Deployment
Share where image files are stored.
Use NetWare login scripts to create drive mappings:
Select this option if you use NetWare and you
want login scripts to create the drive mappings.
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If
you find a setting mis-entered or not what you want, click Back to re-select the option. When you
click Finish, the Create Boot Disk Wizard automatically displays for the next process to begin.
If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit
Configuration page displays next. See Edit Configurations (page 254).
Edit Configurations
This is the main Boot Disk Creator page that displays when you start the utility. If you are using Boot
Disk Creator from within the PXE Configuration Utility, this page displays at the end of the New
Configuration Wizard.
This feature lets you modify configurations that have already been created. As you select files and
folders from the treeview in the left pane, the configuration information displays in the right pane.
The display color changes to help you know the type of configuration you selected to view, edit, or
delete. The colors displayed are:
•
Blue:
•
Green: The configuration you selected or created is based on the Linux pre-boot environment.
•
Red: The
The configuration you selected or created is based on the DOS pre-boot environment.
configuration you selected or created is based on the Windows PE pre-boot
environment.
To change configuration settings, right-click on a configuration folder and select Edit Configuration,
and then click Edit until you find the page for the options that you want to change. You can also make
text edits to files (selected from the treeview) in the right pane.
All other configuration files can be edited as needed. If PXE Config is launched and exited without
any changes, no updates are made to the PXE Server. However, after you edit a configuration, Boot
Disk Creator rewrites certain files within the configuration so that drive mappings and mount points
are always updated. The following files are rewritten after editing configurations:
•
•
•
DOS - mapdrv.bat, unmapdrv.bat
Linux - mounts.local
WinPE - mapdrv.bat
The edited configuration settings are saved to the PXE Manager database. The PXE Server is
updated in the background. To view the updated status of PXE Server, go to the PXE Status Screen
tab.
See also: New Configuration Wizard (page 249), Install Pre-boot Operating System Files (page
247)
Altiris® PXE Configuration Utility Help
254
Additional Files
Boot Disk Creator lets you add additional files to folders that will either apply to a specific
configuration or to all configurations that are of the same type of pre-boot operating system.
However, any files you add to the global <OS> additional files folders will be written to the boot
image before the specific configuration files. If a file in the <OS> additional files folder is the same
name as a file in a specific configuration folder, it will be overwritten.
Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file
5684_Drivers exists in a specific configuration folder, then when the files are written to a boot
image, the file in the configuration folder will overwrite the file in the DOS additional files folder.
This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the
specific configuration file is the one that is written to the boot image, the result will not be as you
expected.
Add files to all configuration
When you install a pre-boot operating system, a new folder will be added to the bottom of the
treeview on the main page of Boot Disk Creator. If you install pre-boot operating system files and
the <OS> additional files folders do not display, press F5 to refresh Boot Disk Creator. The folders
that display are as follows:
•
DOS additional files
•
Linux additional files
•
WinPE additional files
Boot Disk Creator will copy the files from the <OS> additional files folders to all corresponding
operating system configurations and will be added to the boot images. These folders are considered
global, since they can affect configurations of the same type.
Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE
additional files folder. Each WinPE configuration you create will then add the files in the WinPE
additional files folder to the boot image.
Add files to a specific configuration
If you want to add files to a specific configuration only, and do not want to use the global feature of
the <OS> additional files folders, do the following:
1
Right-click a configuration in the treeview and select New > Folder. A new subfolder is created
in the treeview.
2
Enter a name for the folder so that you know they are added files.
3
To add files to the <OS> additional files folder, do one of the following methods:
•
Copy files from a network folder and Paste them into the configuration folder.
•
Right-click a configuration and select Add File. A browser dialog displays to navigate to the
file you want to add.
•
Right-click on a configuration and select File > Text file. A new empty text file is added to the
treeview. Enter a name for the file and write text as needed in the left pane.
Create PXE Boot Image Files (PXE)
This option is for Boot Disk Creator configurations created from within the PXE Configuration
Utility. Because PXE Servers download boot image files to client computers, after you select all the
properties for a New Configuration, Boot Disk Creator must know what type of image file to create.
Field Definitions
Automation PXE image: The automation agent for the type of pre-boot operating system configuration
you created will be added to the settings you selected throughout the New Configuration Wizard.
Altiris® PXE Configuration Utility Help
255
Network PXE image: The configuration you created will not contain an automation agent. When client
computers boot with this image file, they will map to a network server and be at a user’s prompt.
(This option is not available in Shared Configuration mode.)
Force 2.88 MB PXE image:
Select this option to increase the size of PXE boot images.
PXE Boot Image Creation Complete
This page lets you know when the PXE boot image file is completed. Click Back to change the new
configuration settings for the boot menu option. When you click Finish, the boot menu option
displays in the Boot Menu tab.
PXE Server Tab
This lets you set response times for PXE Servers and specifies how the DHCP Server will be
discovered. By default, PXE Servers inherit the shared properties from the Shared Configurations
mode. Client computers use the information defined on this page to locate the PXE Server that
provides their services.
PXE Server properties
PXE Server IP address: By default, the IP address for both Shared Configuration and Customize PXE
Server modes are already entered. If, for some reason, you need to change the IP address on a PXE
Server, enter the same IP address in this field.
Enter the IP address for the specific PXE Server you selected from the File menu. When client
computers perform a PXE boot, the IP address helps them communicate with the PXE Server.
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Use Shared properties:
Customize PXE Server (Shared Configuration): This option is available when you select a specific
Server from the File menu. You can keep the settings on the page or customize the properties for the
PXE Server you selected.
PXE Server image update: This lets you control options for how updated PXE boot images are
distributed to your PXE servers. Limit bandwidth throttles the amount of network bandwith
consumed by the transfer, but might result in your images taking longer to update. Enable checkpoint
restart enables the PXE server to resume a transfer if connectivity is lost.
Response Time: This lets you set the PXE Server response time for when client computers request a
PXE boot.
Example: If you have 3 PXE Servers, you can set the first PXE Server to Short delayed response (1/
2 second), the second to Immediate response, and the third to a Delayed response of your choice. This
helps control which PXE Servers will respond to client computers when they perform a PXE boot.
In this example, the second PXE Server would respond to client computers before the first server.
DHCP Server discovery:
•
Auto detect Microsoft DHCP Server and configure for PXE: Select this option for PXE Server to
auto detect the ports used for DHCP when Deployment Server and PXE Server are installed
to the same server.
•
Third party DHCP Server installed on PXE server (Do NOT use DHCP port):
Select this option if
you not using a version of Microsoft DHCP Server.
Note: If Microsoft DHCP Server is installed on the PXE server, but it is not active and non-
functioning, then PXE Server sets option 60 anyway. This can cause conflict with client
computers. Select the No DHCP Server installed on PXE Server (Use DHCP port) instead.
•
Select this option if DHCP is
installed to a different server than the one where PXE Server is installed. PXE Server will use
only one port for DHCP.
No DHCP Server installed on PXE Server (Use DHCP port):
Altiris® PXE Configuration Utility Help
256
DS Tab
This lets you set properties so that all PXE Servers can communicate with the Deployment Server.
PXE Servers and the Deployment Server work together to perform tasks, such as creating and
distributing an image, scripted OS installs, and more. The PXE Server must be able to access the
Deployment Server and the Deployment Database to retrieve the information required to carry out
these tasks on client computers.
The Deployment Server IP address, the Engine Port, and the Data Manager Port are critical fields
because they define how the PXE Server will establish communication with the Deployment Server.
Example: The TCP port on the Deployment Server is set to 402 and the Engine port on the PXE Server
is set to 502. This would result in the PXE Server not being able to communicate with the
Deployment Server because the port numbers do not match. To establish communication between
the 2 servers, change the Engine port field on the PXE Server to 402.
To set the TCP port on the Deployment Server
1
From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration
applet > Options > Transport tab.
2
Enter the TCP port number.
3
Click OK.
Deployment Server properties
This is the IP address of the Deployment Server that will control the
PXE Servers. This value is automatically entered when Deployment Solution is installed. However,
because the Deployment Server IP address can change, you have the option to edit this field.
Deployment Server IP address:
This option defines which port PXE Servers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands to the
Deployment Agent, and more.
Engine port:
Data Manager port:
This is the port that PXE Manager uses to communicate with the Deployment
Server.
Default boot option: This is the default boot menu item
Disable Initial Deployment:
that Deployment Server uses to execute jobs.
By default, this option is enabled. Clear the checkbox if you do not want
to use Initial Deployment.
Initial Deploy boot option: The boot menu item that was set as the default pre-boot operating system
at install time will be selected. If no boot menu items were created, then the first boot menu item
(shared) is selected. Go to the Boot Menu Tab (page 243) and create a Shared Configuration if there
are no items in the list.
When the boot menu displays on client computers, the default boot option you select for Initial
Deployment will move to the top of the boot menu, even if the boot option is not at the top of the list
on the Boot Menu Options for PXE Server: (Shared Configuration) page.
Select this option for Initial Deployment to run on new client computers
without any user interaction following a PXE boot. From the Deployment Console, in the Initial
Deployment Advanced properties, there is a default time-out value of 5 minutes. If you select this
option, PXE will respond immediately but Initial Deployment will still wait 5 minutes before
running.
Execute immediately:
Wait indefinitely:
Select this option so that a user must press <F8> to start the Initial deployment job.
Use default timeout: Select this option to use the time-out value set in the Initial Deployment
Advanced properties from the Deployment Console.
Timeout: Select this option to enter a time-out value of your choice. The boot menu will display on
new client computers for the length of time you set before booting to Initial Deployment.
Altiris® PXE Configuration Utility Help
257
MAC Filter Tab
This feature lets you control the service load of PXE Servers by creating a list of MAC addresses
that you want to be serviced by either a specific PXE Server or all by all PXE Servers associated to
a Deployment Server. You can also select to not service the list of client computers.
Example: If you had 3 PXE Servers that Deployment Server integrated with and you were setting
properties for a Shared Configuration, you could create a list of MAC addresses, then select Service
listed addresses so that all 3 PXE Servers would respond to a the client computers listed. Or, you
could create a list of MAC addresses for a specific PXE Server configuration, select Do NOT service
addresses so that the PXE Server you selected would not download a boot menu to any of the client
computers listed. This allows you flexibility to pick and choose the PXE Servers that will provide
services for specific client computers across the network.
MAC addresses filter properties mode
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Use Shared properties:
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
PXE Server you selected.
Use MAC Address Filtering: Select this option to use MAC filtering. If this checkbox is not selected,
the entries in the MAC Address Patterns area are ignored.
Service listed addresses: Select this option if you want the PXE Server to service the list of MAC
addresses in the MAC Address Patterns area.
Do NOT service addresses: Select this option if you do not want the PXE Server to service the list of
MAC addresses in the MAC Address Patterns area.
MAC address patterns
MAC addresses are listed in this view box. Add, edit, or delete the addresses. You can also import
or export MAC address text files.
New:
This lets you enter MAC addresses. When you click this button, the Define MAC Addresses
dialog displays. See Define MAC Addresses (page 258).
Edit: This lets you modify addresses previously added to the MAC address list. When you click this
button, the Define MAC Addresses dialog displays. See Define MAC Addresses (page 258).
Delete:
Select a MAC address from the list, and then click this button.
Import: This option lets you import comma-separated text file MAC address list. You can create the
import text file manually, or you can import a file that has previously been exported from any PXE
Server on your network. When the Windows navigation dialog displays, go to the folder or disk drive
where the text file is located and click OK.
Export: This option lets you export the MAC address list to a comma-separated text file. You can use
the export feature to save a large MAC address list, and then import the file to another PXE Server
or to the same PXE Server in the event you need to uninstall and install PXE Server. You can export
all or part of the list by selecting the MAC addresses. When the Windows navigation dialog displays,
go to the folder or disk drive where you want to save the text file and click OK.
Define MAC Addresses
Add or edit MAC addresses to the MAC address patterns area of the MAC Filter tab. This determines
whether PXE Servers will include or exclude the client computers listed. See MAC Filter Tab (page
258).
Single address: Select this option and then enter a single MAC address. This address will display in
the MAC Address Pattern area.
Altiris® PXE Configuration Utility Help
258
Select this option to enter a range of MAC addresses. Enter a MAC address to start
the range in the From box and an end range MAC address in the To box.
Address range:
Multicast Tab
This option lets you set properties for the way PXE Servers download the boot image to client
computers. PXE Servers communicate with client computers using the Multicast Trivial File
Transport Protocol (MTFTP) and support larger transport packets, which reduces the time it takes to
download files.
The PXE Manager multicast properties lets you set a beginning multicast address, the number of
multicast addresses available, and the number of addresses available for a single PXE Server.
A multicast address is automatically assigned to the files PXE Server uses to download the boot
menu to client computers. A PXE boot menu option consists of 2 files. The MenuOption<number>.0
file is the boot menu, and the MenuOption<number>.1 file is the additional file needed to execute
whichever menu item is selected by the user.
Example: The PXE.ini file consists of information gathered by PXE Manager and includes a section
called MTFTP\Files. This section lists the MenuOption files and their assigned multicast addresses.
[MTFTPD\FILES]
BStrap\x86pc\BStrap.0=”224.1.1.0”
MenuOption128\x86pc\MenuOption128.0=”224.1.1.1”
MenuOption128\x86pc\MenuOption128.0.cr-1005309736=”224.1.1.2”
MenuOption128\x86pc\MenuOption128.1=”224.1.1.3”
MenuOption129\x86pc\MenuOption129.0=”224.1.1.4”
MenuOption129\x86pc\MenuOption129.0.cr-1005309736=”224.1.1.5”
MenuOption129\x86pc\MenuOption129.1=”224.1.1.6”
Notice that the multicast address increments by 1 for each file that is created when a new PXE
configuration is added and the boot image is created. These are the files that PXE Server will
download when a user selects a boot menu option from the menu list on a client computer.
PXE Manager
PXE Manager creates a PXE Manager.ini file, which gathers data from all PXE Servers on the
network. The PXE Manager.ini file then creates and sends a PXE.ini file specific to each PXE
Server. PXE Manager.ini and PXE.ini are both used by the PXE Manager service to synchronize the
boot images across all PXE Servers and Deployment Servers on the network.
Important: Do not edit the PXE Manager.ini or PXE.ini files. If these files are edited, you will lose
the ability to access the boot images stored on all PXE Servers, and the PXE Manager service will
not function properly. See PXE Manager in the Automation & Imaging section of the Deployment
Solution Product Guide.
TFTP/MTFTP properties
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Use Shared properties:
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
PXE Server you selected.
Enable MTFTP: Clear this option if you do not want to use MTFTP to download the boot menu from
the PXE Server to client computers. If a PXE Server is going to service client computers on the same
subnet, then you want to select this option to communicate. If you disable MTFTP, then normal
TFTP will be used to communicate.
Altiris® PXE Configuration Utility Help
259
PXE-enabled client computers listen for broadcast messages sent by the PXE Server through
MTFTP. If a PXE Server is going to service client computers across subnets and this option is
enabled, PXE Server will try to communicate with clients using MTFTP. If the router is not
configured to pass a multicast packet, an error message displays on client computers, stating that
MTFTP is unavailable. PXE Server then tries to connect to client computers using TFTP.
Enable larger packets for TFTP/MTFTP:
Select this option to increase the packet size transport.
Packet size: Enter the transport packet size if your infrastructure does not have the capability of
handling the default packet size of 768.
Do not allow IP fragmentation: Clear this option to use IP fragmentation. This is helpful if you have a
narrow bandwidth on the network and want to Enable Larger packets for TFTP/MTFTP when
downloading files from the PXE Server to client computers. IP fragmentation allows larger packets
to be broken up into smaller packets during transport. However, you must use a Third Party
application to reassemble the smaller packets into the original packet size.
PXE Manager multicast properties
Beginning Multicast address:
225.255.255.255.
Enter a multicast address between the range of 224.1.1.0 --
Number of Multicast Addresses Available: Enter the number of addresses available for the PXE Server.
Limit: 128,000.
Maximum Addresses Available to Single PXE Server:
Enter the maximum addresses available on a
single PXE Server.
BIS Tab
PXE configurations always create a .0 and .1 file, which are an open source on the network when
PXE downloads these boot items to client computers. With Boot Integrity Services (BIS), you can
encrypt the files to ensure that the PXE Servers communicating with the client computers are secure.
You can use BIS Certificates if you meet the following requirements:
•
Client computers must be PXE and BIS compliant.
•
PXE must be installed on your Deployment Server system.
You must Enable BIS on this page first, then go to the Deployment Console and right-click on a
computer or group of computers, and select Advanced > Install BIS Certificate. The client computers
will receive their certificate from the PXE Server. The next time BIS installed client computers try
to boot to the PXE Server, the BIS Certificates must validate before any files can be downloaded.
Note: If you have BIS enabled in Deployment Server 6.1, you must remove all BIS certificates
before upgrading to Deployment Server 6.8.
Boot Integrity Services (BIS) properties
Enable BIS:
Select this option to use BIS Certificates.
Certificate owner:
The default owner is Altiris.
New certificate password:
Enter a password.
Confirm certificate password:
Re-enter the password.
Data Logs Tab
This option lets you enable data logs to help you troubleshoot incidents on the PXE Servers. You
can enable log files to help isolate issues with the network traffic, communication protocol, the PXE
Server, and more. You can specify a filename for each of the logs, and you can enter a directory path
for where you want the log files stored. Each log file lets you select a log level, such as errors,
Altiris® PXE Configuration Utility Help
260
warnings, information, debug, or all. This is a valuable tool that should only be used for
troubleshooting purposes as it could impact the network in a production environment due to the
amount of data being written to the logs.
Data Log properties
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Use Shared properties:
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
PXE Server you selected.
Log File Location: This is the folder where all log files are stored. If no directory path is entered, log
files will be stored in the default Deployment Share folder of C:\Program
Files\Altiris\express\Deployment Server\PXE.
Log Files: These log files are specific to PXE Servers and if enabled, will log information to the
filename you specify and then store it in the PXE folder on each PXE Server across the network.
•
PXE Server Log
•
PXE MTFTP Log
•
Packet Parser Log
•
DS Traffic Log
•
Config Service Log
The PXE Manager Log writes data to the filename you specify and then stores it in the PXE folder
on the Deployment Server.
Level: Select the type of data you want to write to the log files. Each level in the list will write out
more details to the log files then the previous level.
Filename:
Enter a name for the log file you enabled if you do not want to use the default name.
Status Tab
View the status of PXE servers in your environment and track whether updates have been applied to
each PXE server.
Remote PXE Installation
You can install PXE Server to any remote location on your network using this feature. However, all
remote installs must be “pushed” from the Deployment Server. Example: Suppose your business
home office is in Washington and you have 2 smaller offices in Los Angeles and Australia. You can
install PXE Server to both locations from the Deployment Server in Washington using the Remote
PXE Installation Wizard.
Note: DHCP services is required on the network to make PXE Server function correctly.
To install a remote PXE Server
1
Browse to the location where axInstall.exe is installed. The default location is C:\DSSetup.
2
Run axInstall.exe.
3
Select Component Install, and click Install.
4
Click Yes to accept the licensing agreement.
5
Enter or Browse to the Deployment Share folder.
6
Select Install an additional Altiris PXE Server.
Altiris® PXE Configuration Utility Help
261
7
Select Yes, I want to install PXE Server on a remote computer.
8
Enter the computer name or Browse the network to select a remote PXE Server.
9
Enter the PXE Server IP address.
10
Enter the PXE Server install path, and click Next.
11
Click Install.
Altiris® PXE Configuration Utility Help
262
Altiris ImageExplorer
The Altiris ImageExplorer provides features to view and edit image files. Image files are created
using the RapiDeploy utility, a tool used most commonly in Deployment Solution to create and
distribute hard disk image files, an IMG or EXE file containing a replication of the source
computer’s hard disk.
Using ImageExplorer, you can modify an image file — add or delete data files, folders and
applications — before distributing and restoring its contents to a client computer. You can view
properties and perform operations, such as extracting and saving files to another destination volume,
or exclude files from being restored when distributing the image file to a client computer. You can
also print the contents of a folder or edit a file using its associated application.
See also: Using ImageExplorer (page 266)
ImageExplorer Features
•
Add new files and folders
•
Command line mode
•
Convert images
•
Create image indexes
•
Extract files and folders
•
Exclude (or include) volumes, folders, and files from being restored
•
Find files in an image
•
Open a file with its associated program and edit
•
Make self-extracting images
•
Print image tree structure of files, folders, and volumes
•
Replace files
•
Revert back to original image file contents
•
Split images
•
View, add, or change the image description
•
View properties of files, folders, and volumes in an image
ImageExplorer User Interface
Click the ImageExplorer icon on the toolbar or click Tools > ImageExplorer. This
opens the ImgExpl.exe program located in the Deployment Share.
You can open and edit image files in the native IMG file type or image files with
packaged rdeploy.exe runtime versions in an EXE file type.
Altiris ImageExplorer provides the following features to view, manage, and modify the volume,
folder, and file elements of an image file.
Altiris® ImageExplorer Help
263
Feature
Description
Add File
Adds a new file to the image file. See Add
New Files (page 268) .
Add File is available when you right-click a
volume, folder, or a file in the treeview.
When you right-click on a file and select
Add File, the new file is added to the same
folder.
Button
Access
Option 1: Ctrl-A
Option 2: Click Edit >
Add File
Option 3: Right-click
an item and select Add
File
Add Folder
Adds a new folder to the image file. Click on
any item to add a folder to the container
object.
Add Folder is available when you right-click
a volume, folder, or a file in the treeview.
Option 1: Ctrl-D
Option 2: Click Edit >
Add Folder
Option 3: Right-click
an item and select Add
Folder
Convert Image
Copy
Create Image
Index
Exclude
Extract
Find
Altiris® ImageExplorer Help
Converts image files from file format 4 to
the format most currently used by
RapiDeploy. See Convert an Image (page
268) .
Copies a file or folder from one location and
lets you paste to a destination image file.
Note: Copying large amounts of data and
large numbers of files between image files
can take several minutes.
Creates an image index to make the process
of restoring images easier. See Create an
Image Index (page 269) .
Marks volumes, folders, and files to not be
included when deploying the image file to a
client computers.
Note: You can also exclude a file by
clicking the checkbox next to the file in the
Details pane. The
icon replaces the
checkbox.
Extracts a complete volume, a folder (with
its sub-folders), or a file from the image file.
It lets you select a destination volume or
directory to save the folders or files. See
Extract a Folder (page 269) .
Note: Extracting large amounts of data and
large numbers of files can take several
minutes.
Search for files or folders within an image
file using specific names or wildcard
characters. You can use ? as a variable for a
single character or * (asterisk) for multiple
characters. See Find Files (page 270) .
Option 1: Ctrl-T
Option 2: Click File >
Convert Image
Option 1: Ctrl-C
or
Option 2: Click Edit >
Copy
or
Option 3: Right-click
an item and select Copy
Option 1: Ctrl-I
Option 2: Click File >
Create Image Index
Option 1: Del key
or
Option 2: Click Edit >
Exclude
or
Option 3: Right-click a
file and select Exclude
File(s)
Option 1: Ctrl-E
or
Option 2: Click Edit >
Extract
or
Option 3: Right-click
an item and select
Extract File(s)
Option 1: Ctrl-F
or
Option 2: Click Edit >
Find
Option 3: Right-click a
container object and
select Find
264
Feature
Description
Include
Allows volumes, folders, and files that were
previously marked Excluded to be included
in the image file when it is deployed to a
client computer.
Note: You can also include a previously
excluded file by clicking the next to the
file in the Details pane. A checkbox will
reappear.
Make SelfExtracting
Open File
(available for
files)
Creates a self-extracting file from an
existing image file. See Make SelfExtracting Images (page 270) .
Opens a file using its associated application,
if the application exists on the computer
where ImageExplorer is being run.
Button
Access
Option 1: Insert key
or
Option 2: Click Edit >
Include
or
Option 3: Right-click
an excluded item and
select Include
Option 1: Ctrl-M
Option 2: Click File >
Make Self-Extracting
Option 1: Double-click
or
Option 2: Click Edit >
Open
or
Option 3: Right-click
the file and select Open
Open File with
Open Image File
Paste
Lets you open a file with a selected program.
If the file is already associated with a
program you can simply double-click to
open. Use Open file with to change the
program or select the default Quick Open
feature.
Note: Image files created with IBMaster 4.5
will not open. However, you can use the
Convert an Image (page 268) feature to
convert image files to the current
RapiDeploy file format.
Opens image files created with
RDeploy.exe or IBMaster.exe. Files created
with IBMaster are Read-only; however
these file can be viewed and extracted. You
need an older version of ImageExplorer
(Deployment Solution 5.5 or earlier, or
RapiDeploy 4.5 or earlier) to edit files
created with IBMaster.exe.
Places a file or folder from one location to
another.
Option 1: Double-click
(if not associated)
or
Option 2: Click Edit >
Open with
or
Option 3: Right-click
the file and select Open
with
Option 1: Ctrl-O
or
Option 2: Click File >
Open
Option 1: Ctrl-V
or
Option 2: Click Edit >
Paste
or
Option 3: Right-click
an item and select Paste
Print
Folders: Prints the folder structure. Includes
sub-folders and files with their modification
date, time, and size.
Files: Prints the actual file. You must have
the associated application program installed
to print the file (example: MS Word to print
DOC files).
See Print Folder Contents (page 271) and
Print a File (page 272) .
Altiris® ImageExplorer Help
Option 1: Ctrl-P
or
Option 2: Click File >
Print
or
Option 3: Right-click
an item and select Print
265
Feature
Description
Properties
Provides general information about the
folder or file, such as size, modification
dates, and attributes. Properties are
displayed differently for images, volumes,
folders, or files. See View Properties (page
266) .
Button
Access
Option 1: Alt-Enter
or
Option 2: Click File >
Properties
or
Option 3: Right-click
an item and select
Properties
Replace Files
(available for
files)
Provides a way to update a file in the image
with a file from another source. Both files
must have the same name.
Option 1: Ctrl-L
or
Option 2: Click Edit >
Replace
or
Option 3: Right-click a
file and select Replace
File(s)
Revert
(available for
files)
An undo feature for the Replace File option.
This will revert a previously changed file to
its original file.
Option 1: Ctrl-R
or
Option 2: Click Edit >
Revert
or
Option 3: Right-click
an item and select
Revert File(s)
Split Image
Splits an image file of one size to be the
segment size of another. See Convert an
Image (page 268) .
Option 1: Ctrl-S
Option 2: Click File >
Split Image
Using ImageExplorer
With the ImageExplorer running, open the image file you want to view or modify by selecting Files
> Open from the program menu bar.
Note: Older image files created with IBMaster.exe instead of the current RDeploy.exe cannot be
modified with the version of ImageExplorer that ships with Deployment Solution 5.6 or higher.
However, image files created with IBMaster can be viewed and files can be extracted. The
ImageExplorer will always display the files created with IBMaster as Read-only even when the file
attributes are Read-write. To modify older image files you will need to use the version of Altiris
ImageExplorer that ships with the earlier versions of Deployment Solution.
See also: View Properties (page 266) , Add New Files (page 268) , and Extract a Folder (page 269) .
View Properties
After opening an image file with ImageExplorer, basic information about the image file and its
elements can be viewed by selecting a file or volume (partition) name and clicking Properties. You
can open the properties page for an image file, volume, or file by right-clicking and selecting
Properties, clicking File > Properties, or typing Alt-Enter. Depending on the type of image element, a
property page opens with the appropriate tabs:
General Properties for an Image File
This page displays data for image files. After selecting Properties for a selected image, click the
General tab to view the image items and additional property data, such as size, location, and
attributes.
The Image property page includes the name of the image file and its associated image data. Example:
The Size field displays the amount of room that the image used on the hard drive of the source
computer. The Size on disk field displays the actual size of the compressed image file before it is
deployed.
Altiris® ImageExplorer Help
266
You can modify the password of the image file in this dialog box.
General Properties for a Volume
This page displays data for a volume. After selecting Properties for a selected folder in an image file,
click the General tab to view its property data, such as size, location, and attributes.
General Properties for a Folder
This page displays data for a folder. After selecting Properties for a selected file in an image, click
the General tab to view its included files and additional property data, such as size, location, and
attributes.
General Properties for Files
This page displays data for files. After selecting Properties for a selected folder in an image file, click
the General tab to view its included files and additional property data, such as size, location, and
attributes.
Description Properties for an Image
This page displays the constituent volumes within the image file. It provides a count of the volumes
in the image and lists the name of each volume in the Volumes pane. If the image file has Read-write
access, you can modify the image description.
Disk Partition Properties
The Miscellaneous property page provides a comprehensive list of system attributes for each volume
in the image file. It includes volume data and statistics, including data imported from the partition
table.
Open a File
To open a file in an image, double-click the file in the Details pane of the ImageExplorer or rightclick and select Open. The file opens with its associated program. If no associated program is located,
an Open with dialog box displays, allowing the user to select and associate a program for the file.
Note: You can also associate a file with a program by right-clicking the file and selecting the Open
with
command.
The Quick open feature lets you select a default program to open files without associated programs
(Microsoft Notepad is the default program). You can change the default program for the Quick Open
feature by clicking View > Settings and editing the Open with program box.
See also: Print a File (page 272) and Settings (page 273) .
Opening Split Image Files
If an image is too large or if you are trying to meet size restrictions to store an image (such as
dividing image files to 600 MB to fit on multiple CDs), then you can use the features in RapiDeploy
to split the image file into multiple files. When editing, ImageExplorer will keep track of these split
image files and will prompt you to locate any additional linked image files not stored in the same
directory.
Find Missing Split Image Files
If multiple files from a split image are kept in different folders or on separate CDs, then this dialog
box will open to help you locate the missing split image files. Enter a path in the field or browse to
the missing files. ImageExplore keeps track of all files in a split image and will prompt you for any
missing split image files if they are not located in the same folder.
Altiris® ImageExplorer Help
267
Add New Files
1
Open Altiris ImageExplorer.
2
Click File > Open. Select an image file.
3
Click OK.
4
Right-click the preferred volume or folder in the image and select Add File. The Select Files to
dialog box displays.
add
Option 1:
•
Locate a file and click OK. The new file will now display in the image.
Option 2:
•
Drag a file from Windows Explorer to the selected folder or volume in an image file
displayed in ImageExplorer, or copy and paste the file. If the option is selected (see the Paste
/ Drop operations in the Settings (page 273) dialog box), a message box will appear
confirming your decision to copy a file to the image file.
Note: You can access and edit text files by double-clicking the file in the Details pane of the
ImageExplorer dialog box.
Convert an Image
The internal file format for images changed from file format 4 in Deployment Server version 5.5 and
earlier, to file format 6 in Deployment Server 5.6 or later. File format 6 has remained the same since
its release, but minor changes have been made to improve the overall format structure.
This feature lets you select any previously created image file and convert it to the current file format
that RapiDeploy uses today. If the file format changes in future releases of Deployment Server, when
you convert an image file, it will always be to the most current file format.
When converting image files, be aware of the following:
•
If an old image has an image index (.imx) file, then a new image index file is created.
•
If an old image file is a self-extracting image, the embedded RapiDeploy code is removed and
the image is restored to a .img file. You will not receive a message warning that the embedded
self-extracting code was removed.
•
If an old image has a password, the new image file created will not have a password. However,
the user will receive a message display indicating that the password has been removed.
•
File conversions may vary in length of time because ImageExplorer reads each segment in the
image before converting it to the new image file. If you have large files with many segments, this
process will take longer.
Field Definitions
Image File to Convert:
Select the image file you want to convert.
Current segment size:
By default, the segment size for RapiDeploy images is 2 GB.
Current segment count:
The number of segments in the image file.
New Output Image File: Select a folder and filename for the image file you want to convert, based on
the new segment size.
New segment size (MB): Select a size for image segments from the drop-down list. The list of options
includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new
segment is created until the entire image is converted.
Estimated segment count:
Altiris® ImageExplorer Help
The estimated number of segments in the file you selected to convert.
268
To convert an image file
1
Click File, and select Convert Image File.
2
Click Browse to navigate to a folder, and select an image file to convert.
3
Click Browse to navigate to a folder. Enter a new filename for the converted image.
4
Click the drop-down arrow and select a segment size from the list.
5
Click OK.
Create an Image Index
This feature lets you create an index file for image files so that when you copy the images to CDs,
the index file, along with the first segment of the image, can give file information to RapiDeploy
when restoring the image file.
Example: If you have an image with multiple segments, such as .img, .002, .003, and .004,
ImageExplorer creates a table of contents at the end of segment .004, which identifies the file
information for each segment of the image.
With this feature, a new index file named .imx is created. Then, as you copy the segments to CDs,
you can select .img and .imx to be on the same CD. The other segments, .002, .003, and .004, can be
copied to additional CDs as needed. When you use the CDs to restore an image, the first CD that
contains the .img and .imx files give RapiDeploy the information needed to restore the image. This
make restoring images easier because you are not required to insert the first CD, the last CD, then
back to the first CD just for RapiDeploy to restore the image.
You can also index images as you create them by selecting the Make an image index (.imx) file option
in RapiDeploy. See the RapiDeploy Reference Guide.
Field Definitions
Image File to Index:
Select the image file that you want to index.
Output Folder for Index (optional): If you do not select a folder for the index output, the .imx file is
created in the same folder as the image you selected to index.
To create an index image
1
Click File, and select Create Image Index.
2
Click Browse to navigate to a folder, and select an image file.
3
Click Browse to navigate to a folder for the index file output.
4
Click OK.
Extract a Folder
Use this feature to take a folder or file from an image and save it to an external destination folder:
1
Open Altiris ImageExplorer.
2
Click File > Open. Select an image file.
3
Click OK.
4
Select a folder in the image, right-click, and select Extract Folder. The Browse dialog box
displays.
5
Select a folder on your local disk or on the network to place the extracted folder.
6
Click OK.
Note: Extracting large amounts of data and large numbers of files can take several minutes.
Altiris® ImageExplorer Help
269
Find Files
To search for files or folders in an image file, enter a string or characters (alpha and numeric) in the
Find what box. You can use the ? (question mark) as a variable for a single character, or use
the * (asterisk) for multiple characters.
To search for a file, select the image file, volume name, or folder name from the treeview to set a
search domain. You can change the search domain before clicking Find.
Field Definitions
Include folders:
Include files:
Select this option to include matching folders in the search results.
Select this option to include matching files in the search results.
Files and folders meeting specified search criteria are listed in the results box, organized by File Name
and Location.
Filter Results
Click Filter on the Find Files dialog box to open an advanced search for files based on associated
system attributes (Read-only, Hidden, System) and ImageExplorer attributes (Added, Excluded,
Replaced).
Field Definitions
Find What: Enter the string or characters to find a file based on system attributes or ImageExplorer
attributes of the file or folder. Click Include matching files to select files. Click Include matching
folders to select folders.
Note: To search in a specific directory, select that directory in the treeview pane and open the Find
dialog box.
The following attributes use three-way checkboxes with these features:
•
A solid checkmark means the item must contain the attribute.
•
An empty box means the item must not contain the attribute.
•
A dimmed checkmark means the value is NULL and the item can either have the value or not.
These are the system attributes of the files assigned by the operating system when the
image was created.
Attributes:
Flags: These
are the attributes assigned by ImageExplorer.
Make Self-Extracting Images
This lets you create a self-extracting file for an existing image file so you can run the executable at
a client computer. This is helpful when you need to restore an image to a computer that does not have
access to the Deployment Server and RapiDeploy for imaging through the network.
You can select image files that have been created with RapiDeploy, which was used to create images
beginning with Deployment Server 5.6 or later. If you have images that were created with Altiris
IBMaster 4.5 or earlier, you cannot use this feature. However, when you navigate to a folder to select
an image, all .img files display. You can use the Convert an Image (page 268) feature to convert the
image to the latest RapiDeploy file format.
The self-extracting file is comprised of a valid image file and RapiDeploy, which is embedded into
the executable. You can copy the self-extracting file to a folder or removable media and manually
run it on any computer, or you can create a deployment job on the Deployment Server and distribute
the self-extracting file to multiple computers.
When new versions of RapiDeploy become available through Deployment Server upgrades, you can
re-make any self-extracting file by re-running Make Self-Extracting. The image file’s embedded
RapiDeploy code is replaced with the latest version of RapiDeploy.
Altiris® ImageExplorer Help
270
This process make vary in length of time because ImageExplorer reads only the .img segment. If
your file is 2 GB, then the file will take more time than if the .img segment is 700 MB.
RapiDeploy and only the first segment of the image file (.img) are combined together to create the
executable that restores images. However, all other segments that make up the entire image,
including the index (.imx) are required when restoring an image.
See also: See Create an Image Index (page 269) .
Field Definitions
Current self-extractor type:
The image file you selected is of this operating system type.
Keep original image file: Select this checkbox for ImageExplorer to make a self-extracting image file
without affecting the original image file.
Note: If you clear this checkbox and the Make Self-extracting process fails, then the original image
file may become damaged or corrupted, and you can no longer use the original image file to create
a self-extracting file.
Image file size:
The size of the current image selected.
Remove existing self-extractor: Use this option to remove the .exe code from a self extracting image.
The image file will return to its original state with a .img file extension. This option is only available
if the image file has self-extracting code, otherwise, this option is unavailable.
This mode uses the RapiDeploy graphical user interface to display the image file’s progress
while it is running.
DOS:
This is a text version user interface. You can view the progress bar at the bottom of
the client computer’s display while the image file is running.
DOS text mode:
To create a self extracting image file
1
Click File, and select Make Self-Extracting.
2
Click Browse to navigate to the location of the image file.
3
Clear the Keep original image file if you want to make the original image file a self-extracting
image file.
4
Select the Change self-extractor type. See Field Definitions (page 271) .
5
Click OK. The self extracting file is created in the same directory as the original image file. If the
Not enough free space dialog displays, see Not Enough Free Space (page 271) .
Not Enough Free Space
The image file you selected to make into a self-extracting file cannot be created because there is not
enough free disk space. The Not enough free space dialog lets you select an alternate location to
create the self-extracting file. Enter a directory path or click the Browse button to navigate to a
location with more disk space. Click OK.
Print Folder Contents
You can print a list of the files and sub-folders within an image file, a volume (partition), or a folder.
Depending on the options selected, you can print a report that includes the constituent files and
subfolders and includes fields with the modified date, time, size, and other attributes for each file.
When printing the contents of an image file, volume, or folder, click OK to view a Print Preview
(page 272) of the report file.
Field Definitions
Title: Enter a title for the top of the report page.
What to print
Altiris® ImageExplorer Help
271
Just this folder:
Print only the files in the selected image, volume, or folder. This will not print the
subfolders.
This folder and subtree: Print the files in the image, volume, or folder and all the subfolders and files.
Print excluded items:
Print the files that were marked previously as Excluded.
Print < . > entries: Print an entry in each folder identified as < . > (a dot notation). Attributes and date/
time properties will be saved for this hidden folder in the image file.
Fields to Print
Include modified date and time:
Include size:
Print the date and time that the file or folder was modified.
Print the size of the file.
Include attributes: Print the Read-only, Archive, Hidden, System, or Compressed system attributes
(Read-only, System, Hidden) and the ImageExplorer attributes (Added, Excluded, Replaced).
Include file number:
Print the file number associated with each file.
See also: Print a File (page 272) .
Print Preview
View an online display of the print report for image files, volumes, or folders. The name of the report
will appear at the top of the page with details in a table that were selected in the Print Folder Contents
dialog box.
Field Definitions
Save:
Click to save the report to a text file.
Lines:
View the number of lines in the report.
Print:
Click to print the report.
Print a File
From the ImageExplorer dialog box, you can select and print an actual file using its associated
program. If your file is not associated with a program, you can associate it by selecting from a
provided list of installed programs on the computer. You can also attempt a Quick print to open the
file using a standard program, such as NotePad.
Field Definitions
Quick print: Click this button to run a default program to open and print the selected file. The default
program is Microsoft Notepad. You can change the default program to print files using the Print With
program box in the Settings dialog box.
See also: Print Folder Contents (page 271) and Open a File (page 267) .
Setting a Password on an Image File
Right-click an image file and select Properties. In the Attributes section, select Password. The Set /
dialog box displays.
Change Password
Field Definitions
Current password:
New password:
Altiris® ImageExplorer Help
Enter current password.
Enter new password.
272
Confirm password:
Type the password again to confirm that is was correctly typed in.
Settings
You can set preferences for the Altiris ImageExplorer by clicking View > Settings. The Settings
dialog box will open to set options to confirm specific operations using message boxes in the user
interface, to set options for displaying items or excluding items, or to select default programs when
using the Quick print (see Print a File (page 272) ) or Quick open (see Open a File (page 267) ) options.
Confirmations
Read-only Open operations: Present a confirmation message to the user when opening a file in a Read-
only state, and as a result any changes cannot be saved. Example: if an image file created in
RapiDeploy 4.5 or earlier is opened, it will be Read-only and any operation performed cannot be
saved. As a result, when opening this file a confirmation box will appear reminding the user that the
file cannot be saved.
Present a confirmation message to the user when extracting a file from an
image file and overwriting an existing file on a destination drive.
File Overwrite operations:
File Revert operations: Present a confirmation message when executing a Revert operation that
returns the image file to its original file structure and content after replacing files.
Present a confirmation message when dragging a file to a new folder in an
image file, when using the copy and paste operation to move files to another folder, or when using
the Add New Files command.
Paste & Drop operations:
Exclude operations: Present a confirmation message to the user when assigning the Exclude option
to a file (to not distribute the selected file as part of the image). This message will appear when
clicking the checkbox on the file or folder or selecting the Exclude operation.
Present a confirmation message to the user when extracting a folder
from an image file and overwriting an existing folder on a destination drive.
Folder Overwrite operations:
Display Settings
Select to keep open help file on top of the ImageExplorer user interface. This lets
you view the help side-by-side with the program rather than allowing it to be sent behind the
ImageExplorer user interface.
Keep help on top:
Show file numbers: Display the associated file numbers in the image. In NTFS the files are numbered
automatically. In FAT, EXT2, EXT3, and other file systems the files are numbered by RapiDeploy
when creating the image file.
Show excluded items: Display the files marked as Excluded in the image. Files will be shown after a
refreshing the screen.
Extract excluded items: Allow the Excluded files and folders to be extracted from the image file to a
destination folder. This setting lets you include all files previously marked as Excluded to be saved
to an external destination folder when running the Extract command.
Color added items: Select this option to mark files/folders added to the image with blue text. See Add
File (page 264) and Add Folder (page 264) .
Color replaced items: Select this option to mark files/folders replaced to the image with magenta text.
See Replace Files (available for files) (page 266) .
Color excluded items: Select this option to mark files and folders added to the image with red text.
See Exclude (page 264) .
Default Programs to Open and Print Files
These settings are default settings for the Quick Open and Quick Print options that appear with the
Open with and Open features. Use to associate files to a common program, such as Microsoft
Notepad.
Altiris® ImageExplorer Help
273
Set the default program to run with a selected file. The default program is
Microsoft Notepad. See Open a File (page 267) .
Open with program:
Print with program: Set the default program to print a selected file. The default program is Microsoft
Notepad. See Find Files (page 270) .
Split Image
This feature lets you select an image file to split (rewrite) into a new image file based on the segment
size you select. While Convert an Image (page 268) changes the file format of an image to be the
current format used by RapiDeploy, split an image keeps the format of the original image but
changes the size of its segments.
Example: If you have a 2 GB image file, and you wanted to split the image so it could fit on CDs,
then you could select 650 MB or 700 MB as the new segment size and the result would be 1 image
file with multiple segments. You could then copy the segments to CDs and use them to restore the
image file at client computers.
When splitting image files, be aware of the following:
•
If the old image is an old format image (IBMaster 4.5 or earlier), then the image cannot be split
but will be converted instead. If this occurs, a message displays to verify this is what you want
to do. If you proceed, all the principles of Convert and Image apply.
•
If an old image has an image index (.imx) file, then a new image index file is created.
•
If an old image file is a self-extracting image, the embedded RapiDeploy code remains, and the
new image will contain the same version of RapiDeploy as when it was originally created.
However, if the image is an old format image (IBMaster 4.5 or earlier), then the image cannot be
split but will be converted instead. If you proceed, the self-extracting code is removed.
•
If an old image has a password, the new image file will have the same password. However, if the
old image is an old format image (IBMaster 4.5 or earlier), then the image cannot be split but
will be converted instead. If you proceed, the password is removed.
Field Definitions
Image File to Split:
Select the image file that you want to split.
Current segment size:
By default, the segment size for RapiDeploy images is 2 GB.
Current segment count:
The number of segments in the image file.
New Output Image File: Select
a folder and filename for the image file you want to split.
New segment size (MB): Select a size for image segments from the drop-down list. The list of options
includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new
segment is created until the entire image is split.
Estimated segment count:
The estimated number of segments in the file you selected to split, based
on the new segment size.
To split an image file
1
Click File, and select Split Image File.
2
Click Browse to navigate to a folder, and select an image file to split.
3
Click Browse to navigate to a folder, and enter a new filename for the image.
4
Click the drop-down arrow, and select a segment size from the list.
5
Click OK.
Altiris® ImageExplorer Help
274
Commade Line Switches
This feature can be use to create Deployment Server Run Scripts or batch jobs to help you manage
images from the command line. At the end of some switches, select options are listed to indicate that
the additional commands are allowed.
To access the online command line options
1
From the Windows environment, click Start > Run.
2
Enter the command CMD in the Open field.
3
Enter C:\Program Files\Altiris\eXpress\Deployment Server\ (default installation path).
4
Enter imgexpl /? to display the command line switches page.
Command line Description
Parameters
Image files to open or operate (can be repeated, such as w2k.img, xp.img).
Switches
-register: register files types in the Windows Registry.
-unregister: unregister file types in the Windows Registry.
-add <src> <dst>: add file, folder, or volume to an image. Accepts the
<-overwrite> option. You may use wildcards when entering the source (src).
-extract <scr> <dst>: extract a file, folder, or volume from an image. Accepts
the <-overwrite> and <-size> options.
-convert <dst>: convert an old format image to the current image format used
by RapiDeploy. Accepts the <-overwrite> and <-size> options.
-split <dst>: split an image into new size file segments. Accepts <-overwrite>
and <-size> options.
Options
-lang <lang code>: *specify the Language code for the user interface.
-silent: *do not display confirmation or errors.
-password <pwd>: *passwords for image files being opened.
-overwrite: when in silent mode, do not confirm actions.
-size <size in MB>: size of the new image segment in MB.
* Indicates the options that can be used with any command.
Process exit codes 0 Success.
2 Command line syntax error.
4 Error registering or unregistering file types.
6 Operation cancelled by the user.
8 Attempted to write to a Read-only image.
10 Invalid password.
12 Error performing an operation.
14 The Image file was not found or an error occurred opening an image.
16 The Source was not found, or an error occurred option the source.
18 The destination was not found or an error occurred opening the destination.
Examples:
1
Open a W2k.img that requires the password ‘develop’.
•
2
Open two image files that each have different passwords, ‘password’ and ‘sales’.
•
3
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop f:\w2k.img -password sales
Add all *.txt files in e:\to the ‘temp’ folder of the volume in slot 1 of w2k.img.
Altiris® ImageExplorer Help
275
•
4
Extract kernal.dll from the ‘Windows’ folder of the volume ‘sys’ in w2k.img to e:\dump.
•
5
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop -add e:\*.txt 1:\temp
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password
develop -add e:\*.txt 1:\temp
Convert the old format image file, w2k.img, to the new image, new2k.img, in 650 MB segments.
•
C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -convert
f:\new2k.img -size 650
Altiris® ImageExplorer Help
276
Installing Deployment Server
Deployment Server is a flexible, scalable computer deployment and management system that can be
installed and configured quickly on a single computer, or installed across several computers to
distribute processing for large enterprise environments. You can run a Simple install to position all
Deployment Server Components on a single computer (most frequently used), or plan and perform
a Custom install to distribute installation of components across separate computers in the site. The
Deployment Web Console can be installed as part of the Deployment Server installation on any
computer running Microsoft IIS.
After installing Deployment Server components, you can remotely install Deployment Agents on all
types of computer resources across your organization: laptops and handhelds, LAN and web servers,
network switches, and so on. Windows computers, Linux computers, and handhelds can be managed
as a unified environment, with each client communicating through its own Deployment agent to
update inventory data and react to Deployment Server commands and deployment tasks.
Select one of the following methods for installing a Deployment Server system:
•
Simple Install for Deployment Server (page 282)
•
Custom Install for Deployment Server (page 284)
•
Component Install for Deployment Server (page 286)
To install Deployment Agents on the client computer, see “Installing Deployment Solution Agents”
on page 287
Note: You can also install the Deployment Server components remotely from the Altiris Console.
Deployment Server Components
The Deployment Server system includes the following components:
•
Deployment Console (page 278)
•
Deployment Server (page 278)
•
Deployment Database (page 278)
•
Deployment Share (page 279)
•
PXE Server (page 280)
•
DHCP Server (not an Altiris product)
•
Deployment Web Console (page 281)
•
Installing Deployment Solution Agents (page 287)
•
Sysprep (page 306)
All of these components can be installed on the same computer or distributed across multiple
computers as needed for your environment.
Altiris® Deployment Solution™ Help
277
Deployment Console
The Deployment Console is the Win32 user interface for Deployment Solution. You can install this
Windows console on computers across the network to view and manage resources from different
locations. In addition, from this console, you can access the Deployment Database on other
Deployment Server systems to manage sites across the enterprise. See “Connecting to Another
Deployment Server” on page 77.
Deployment Console communicates with the Deployment Database and Deployment Server
services. In a Simple Install for Deployment Server, the Deployment Console is installed on the
same computer as all of the other components. In a Custom Install for Deployment Server, you need
to make sure that a connection is available to these computers and security rights are set. You will
need to have administrative rights on any computer running the Deployment Console.
See also “Deployment Web Console” on page 281, “Managing from the Deployment Console” on
page 62, and “Deployment Server Components” on page 277.
Deployment Server
Altiris Deployment Server controls the flow of the work and information between the managed
computers and the other Deployment Server components (Deployment Console, Deployment
Database, and the Deployment Share). Managed computers connect and communicate with the
Deployment Server to register inventory and configuration information and to run deployment and
management tasks. Computer and deployment data for each managed computer is then stored in the
Deployment Database.
Note: To view, start, or stop Deployment Server, go to the Altiris Server services in your Windows
Manager.
Managed computers require access to the Deployment Server at all times, requiring that you have
administrative rights on the computer running the Deployment Server.
Setting Rights to install Deployment Server
Create a user account to run the Deployment Server. The service runs
as a logged in user, not as a system account. You must create this
account on all Deployment Server computers. The account must have
full rights to the Deployment Share. The account must have a nonexpiring password.
Assign a static IP address to the Deployment Server computer. Other
components will not be able to connect to the Deployment Server if you
use DHCP and dynamically change the IP address.
To install the Deployment Server on a remote computer, the default
administration shares must be present. Restore any shares that have
been removed before you install the Deployment Server.
Hint: Creating an administrative account using the same name and password on each computer will
be easier to remember than using the names and passwords of existing accounts.
Most packages (RIP, Personality Packages, and MSI files) are passed through the Deployment
Server. Therefore storing these files on the same computer as the Deployment Server can speed up
the deployment of these packages. Image files, however, are sent directly from the Deployment
Share to the client computer when executing an imaging task.
See also “Deployment Server Components” on page 277.
Deployment Database
The Deployment Database can be installed on Microsoft SQL Server™ 2000 or Microsoft Desktop
Engine (MSDE) 2000. See “Deployment Server System Requirements” on page 281.
Altiris® Deployment Solution™ Help
278
Note: In Deployment Solution 6.0 and later, if you have multiple instances of the Microsoft SQL
Server already set up, you can identify a specific instance using this format: <database
instance>\express. Example: if you have a clustered Microsoft SQL Server named
SQLClusterSvr to manage multiple Deployment Solution systems on different network segments,
you can enter the name SQLClusterSvr\salesSegment or
SQLClusterSvr\marketingSegment during the Deployment Server setup
depending on the previously established database instance. This feature is supported in the silent
install INI file and the GUI install executable.
The database maintains all of the information about the managed computers, such as:
Hardware.
RAM, Asset tag, and Serial numbers
General Information.
Configuration.
Computer name and MAC address
TCP/IP, Microsoft Networking, and User information
Applications. The applications installed and information about these applications, such as the name
of the application, Publisher, and Product ID
Services.
Devices.
Windows services installed
Windows devices installed such as network adapter, keyboard, and monitors
Location information.
Contact name, phone, E-mail, Department, Mail Stop, and Site
The Deployment Server Database also contains jobs and other data used to manage your computers.
Note: You can install a single Deployment Database per Deployment Server system--you cannot
have two databases storing data for a single computer. If the computer you are installing the database
to has an existing Microsoft SQL Server™, then the Deployment Database will simply be added to
that instance of the database engine.
Support for Multiple Database Instances
In Deployment Solution 6.0 and later, you can identify a named instance of the Microsoft SQL
Server when installing Deployment Solution. You can now identify other named instances of
Microsoft SQL Servers rather than accessing only the default instance. This feature lets you identify
and run multiple databases from one clustered Microsoft SQL Server to manage multiple sites or
network segments. This feature is supported in the silent install INI file and the GUI install
executable. See “Custom Install for Deployment Server” on page 284. The 6.8 release of
Deployment Solution also supports providing a different name for the Deployment database other
than the default “eXpress”.
See also “Deployment Server Components” on page 277.
Deployment Share
Deployment Share is a file server or shared directory where Altiris program files and packages are
stored. The Deployment Share can be a shared directory (default Simple install in Program Files\
Altiris\eXpress\Deployment Server) or another file server (in the Custom install you can
assign a Microsoft Windows or Novell NetWare file server).
Deployment Share is where you store image files, registry files, MSI packages, Personality
Packages, script files, and more. When a computer is being deployed or managed, Deployment
Server will store and retrieve these packages from the Deployment Share as needed.
Altiris® Deployment Solution™ Help
279
If you are installing Deployment Solution on a remote file server (not
the computer where you are running the install program), create a
share (or give Read/Write rights for NetWare) on the file server
where Deployment Server will be installed. The share must allow
access to all of the other components, including managed computers
and the user account that runs the Deployment Server.
This share must be created before you begin installing. If you are
not installing to a remote computer, you can select the option to
create the share during install.
Note: You can install only one Deployment Share per Deployment Server system. However, if the
Deployment Share's hard drive gets full, other computers can be used as additional, backup storage
points. In some cases, other systems emulating a Microsoft or NetWare environment can be used as
the Deployment Share.
Note for NetWare users: If you have trouble using the Novell NetWare server as a Deployment
Share, install the Novell Client rather than the Microsoft NetWare Client.
See also “Deployment Server Components” on page 277.
PXE Server
The Altiris PXE Server provides service to client computers on a subnet. When the Deployment
Server sends a deployment job, the client computer receives a request to boot to automation and
PXE-enabled computers will connect to the first PXE Server they discover, which communicates
with the Deployment Server and the client computers.
You can install PXE Server on a Microsoft Server 2003, Windows 2000 Server and Advanced
Server. The PXE Server also functions on the same protocols as a standard DHCP Server so you can
place the PXE Server anywhere you would place a DHCP server. You can also install as many PXE
Servers as required in your system, but you must also install a DHCP Server.
The PXE Server sends a boot menu option list to the client when the computer performs a PXE boot.
The deployment job, which contains at least 1 automation task, will either use the default automation
environment, or one that is specified by a user who has permissions to create a deployment job. The
boot menu options request boot menu files from the PXE Server, and are then downloaded from the
PXE Server to the client computer’s RAM storage. The client computer will always boot according
to the request and reply communications taking place between the Deployment and PXE Servers. S
Altiris supports DOS, Linux, and Windows PreInstallation Environment (Windows PE) as pre-boot
environments. These options let you create a single job, but may contain multiple automation tasks.
The default automation environment (the first pre-boot operating system files installed during the
Deployment Solution installation) will be used for Initial Deployment, unless you specify otherwise.
Using a PXE Server to boot client computers to automation, saves you from having to install an
automation partition on each client computer’s hard disk, or manually boot computers using Altiris
supported bootable media. See Boot Disk Creator Help.
See also Pre-boot Operating System (Simple) (page 304) , Install Automation Partition (page 116) ,
and PXE Configuration Utility Help.
DHCP Server
The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/IP
address to the client computers. This server is not an Altiris product, but it is required if you intend
to use PXE Server.
We suggest that you use DHCP to manage the TCP/IP address in your network regardless of whether
you use PXE or not. This will greatly reduce the amount of time it takes to set up and manage your
computers.
See also “Deployment Server Components” on page 277.
Altiris® Deployment Solution™ Help
280
Deployment Web Console
The Deployment Web Console remotely administrates a Deployment Server installation from a web
browser. It deploys and manages Windows and Linux computers (both client and server editions) in
real-time with many of the features present in the Deployment Console.
The Deployment Web Console can be installed on any computer running the Microsoft IIS Server,
including a computer running Deployment Server, Notification Server, or a remote computer
running only Microsoft IIS.
Note: If Microsoft IIS is running, the Deployment Web Console will be installed automatically
during the Windows installation.
Important: The DS Installer does not detect the version of MDAC that is installed. The Deployment
Web Console requires MDAC version 2.71 or later to install. If the version of MDAC is earlier than
2.71, the web console will display a target of invocation error.
See also “Deployment Console” on page 278 and “Deployment Server Components” on page 277.
Deployment Server System Requirements
The following lists the system requirements for Deployment Server components and the network
environment.
Network
•
TCP/IP is used for communication between all Deployment Server components. If you have a
NetWare file server for your Deployment Share, IPX can also be used to communicate with this
component.
•
For Windows 2000 systems, you must set up Active Directory with the “Permissions compatible
with pre-Windows 2000” option. If you choose the option “Permissions compatible only with
Windows 2000 servers,” the Deployment Server cannot manage domain accounts for you.
•
If you are using Windows 2000 only permissions, change them to the pre-2000 option from the
Windows Start menu. Open a DOS prompt to add the group Everyone by typing the following:
net localgroup “Pre-Windows 2000 Compatible Access” Everyone /add
•
Then restart all domain controllers for the change to take effect.
Deployment Server
•
256 MB of RAM
•
200 MB of available disk space
Deployment Server Components
Component
Hardware
Software
All components require Pentium III processors
Deployment Server RAM: 256 MB
Disk Space: 200 MB required
Windows 2000 Server and Advanced
Server
Windows Server 2003 (SP1)
Deployment
Console
RAM: 128 MB
Disk Space: 3.5 MB
Windows 2000 Professional, Server and
Advanced Server
Windows XP Professional
Windows Server 2003 (SP1)
PXE Server
Memory: 128 MB
Disk Space: 25 MB (for boot
DHCP server (must be on the network, but
does not have to be on the same computer
as PXE server)
Windows 2000 Server or Advanced Server
Windows Server 2003 (SP1)
files)
Altiris® Deployment Solution™ Help
281
Deployment Server Components
Component
Hardware
Software
Deployment
Database
Memory: 128 MB
(Microsoft SQL ServerTM 2000 (SP3) or
Disk Space: 55 MB (for program MSDE 2000 (SP3)
files), plus space for data.
Deployment Share Memory: 128 MB
(File server for
Disk Space: 100 MB for
storage)
Deployment Server program
files plus space for storing files
(image, boot, RIP, etc.)
Windows 2000 Server or Advanced Server
Windows Server 2003 (SP1)
NetWare (file server only. Cannot use for
any other components).
Deployment Web
Console
Windows 2000 Professional, Server or
Advanced Server
Windows XP Professional
Windows Server 2003 (SP1)
MS IIS 5.5
MDAC 2.71 or later.
Memory: 128 MB
Deployment Agents
Deployment Agent requirements are the same as the target operating system. The Deployment
Agent requires around 5 MB disk space.
See the following sections for additional information:
•
Installing the Deployment Agent (page 288)
•
Installing Deployment Agent on Linux (page 292)
•
Installing the Automation Agent (page 293)
•
Installing Deployment Agent for PocketPC (page 293)
Simple Install for Deployment Server
The Simple Install places all Deployment Server Components — Deployment Server, Deployment
Console, Deployment Share, and Deployment Database—on the same computer. You can install the
Deployment Server with a Microsoft Desktop Engine (MSDE) from the Simple Install. The
Deployment Web Console will install automatically during a Simple Install (and during a silent
install) if the Microsoft IIS services are currently running on the selected computer.
Downloads for the Altiris Deployment Solution are available either on the Altiris product CD or can
be downloaded from www.altiris.com.
AltirisDeploymentSolutionWin_6_5 installs all of the Windows
components of Deployment Solution. Using the Simple Install option, you
can install MSDE 2000 on a local computer if a database is not already
installed.
Note: Simple installation works only with a default MSSQL 2000 or MSDE install. Customized
installation of MSSQL, will not work with the simple installation of Deployment Solution.
To run a simple install
1
Start the server and log on using the administrator account that you created for the Deployment
Server. See “Deployment Server System Requirements” on page 281.
2
Launch the appropriate Altiris Deployment Server installation file and follow the setup steps.
The Deployment Server self-extracting install dialog box opens.
Altiris® Deployment Solution™ Help
282
3
Click the Use current temp folder option to use the current temporary folder to download
installation files or Extract to a specific folder option to set a path to an existing folder to download
installation files. Click Extract and Execute App option to extract and execute the application
immediately.
4
Click Simple Install.
5
Select Include PXE Server. This option will install the Altiris PXE Server. See “PXE Server” on
page 280. This is optional.
6
Click Install. Click Yes to the Software License Agreement.
7
Enter the following information in the Install Information screen:
a
In File Server path, enter the drive letter and the path where you want to install the
Deployment Server program files.
(The default path is C:\Program Files\Altiris\eXpress\Deployment Server.)
b
Select Create eXpress share to create a Deployment Share on the computer. The Deployment
Share lets you store files on the computer and run Deployment Server system applications.
See “Deployment Share” on page 279.
c
Click License File and browse to locate a license file (.lic file). This is the activation key you
received when you registered your Altiris software. Click Upgrade using existing license to
upgrade the installation using an existing license. If you do not have a license file, click Free
7 day license. The installation will continue and allow you to use a free evaluation license file.
See the Altiris Getting Started Guide for further licensing information.
Note: You do not need to apply a license key to activate the HP Thin Client t5000 Series.
This managed client computer will automatically receive a non-expiring license when
connected to the console.
d
Enter an administrator user name and password for the Deployment Server system. This
account must already exist. By default, the name you are currently logged on as will display.
If you use a domain account, enter the domain and the user name (Example:
Domain1\administrator).
e
Click Next. The Installation Information dialog box is displayed that lists the selected
Deployment Server components to be installed.
Note: If you are upgrading your installation, a message box will open asking: Do you want to
replace the share? Click Yes and continue. If you click No, then a secondary message box will
open, stating that the share is already in use and you need to manually set the share to point
to the correct directory. Click OK to this message. This features indicates that you may be
creating a new share (specifically when you changed the path in the previous screen) and that
you need to manually point to the new share after installation.
8
Click Install to install the components listed on the summary screen, or Back to modify settings
before starting the installation. The installation process begins and might take several minutes to
complete.
9
The Installation Information dialog box is displayed stating if you want to install clients.
Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the
Microsoft Sysprep files.
Remote Install Clients. Select this option if you want to push the Deployment Agent to computers
running the Windows 2000, XP, and Windows Server 2003 operating systems.
Download Adobe Acrobat. Select this option if you want to download the Adobe Acrobat Reader
to read documentation in PDF format.
10
After the installation is complete, click Finish.
You have successfully completed a Simple install for a Deployment Server system. Click the
Deployment Console icon on your desktop to view all computer resources running Deployment
Agents configured for your Deployment Server.
Note: Antivirus applications can delete service .exe files or can disable services.
Altiris® Deployment Solution™ Help
283
For example: When you run the Deployment Server Win32 Console, the “Unable to connect to the
Altiris Deployment Server DS Management Server. Please make sure this service is started and
running currently.” error is displayed. This occurs because the service files are deleted by the
antivirus application during scanning. To resolve this issue, disable the antivirus software and
reinstall Deployment Server.
See “Custom Install for Deployment Server” on page 284.
Custom Install for Deployment Server
The Custom Install lets you distribute all Deployment Server Components—Deployment Server,
Deployment Console, the Deployment Share, and the Deployment Database—on different
computers. You can install Deployment Server with Microsoft Data Engine (MSDE) or install it to
an existing SQL Server.
Downloads for the Altiris Deployment Solution are available either on the Altiris product CD or can
be downloaded from www.altiris.com.
AltirisDeploymentSolutionWin_6_5 installs all of the Windows
components of Deployment Solution. Select the Custom install
option to add new components or to install Deployment Solution to
an existing database.
To run a custom install
1
Start the server and log on as the administrator account that you created to run Deployment
Server. See “Deployment Server System Requirements” on page 281.
2
Launch the appropriate Altiris Deployment Server installation file and follow the setup steps.
The Deployment Server self-extracting install dialog box is displayed.
3
Click the Use current temp folder option to use the current temporary folder to download
installation files, or click the Extract to a specific folder option to set a path to an existing folder
to download installation files. Click Extract and Execute App option to extract and execute the
application immediately.
4
Click the Custom Install option if any of the following conditions exist:
•
You are using the NetWare file server as a Deployment Share.
•
You are managing many computers and require a distributed architecture to meet bandwidth
restrictions and other design requirements.
5
Click the Install button. Click Yes to the Software License Agreement.
6
Install the Deployment Share and enter the license file location:
•
In File Server path, enter the drive letter and the path where you want to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.
•
Select Create Deployment Share to create a Deployment Share in the system. The Deployment
Share lets you store files on the computer and run Deployment Server system applications.
The Deployment Share can be on a Microsoft Windows server or Novell NetWare server.
(You can only create the share if it is on a Microsoft Windows Server; the Novell share
should already be set up.) See “Deployment Share” on page 279.
•
Click License File and browse to locate a license file (.lic file). This is the activation key you
received when you registered your Altiris software. Click Upgrade using existing license to
upgrade the installation using an existing license. If you do not have a license file, click Free
7 day license. The installation will continue and allow you to use a free evaluation license file.
See the Altiris Getting Started Guide for further licensing information. Click Next.
Altiris® Deployment Solution™ Help
284
Note: You do not need to apply a license key to activate the HP Thin Client t5000 Series.
This managed client computer will automatically receive a non-expiring license when
connected to the console.
7
8
Enter Deployment Server information. Select the computer to install Deployment Server, the
services that controls the flow of the work and information between the managed computers and
Deployment Server components. Install the Deployment Server on this computer or on a remote
computer.
•
Enter a static IP address for the Deployment Server computer to ensure that the IP address
remains constant. Type the port information in the Port: text box.
•
Enter the path where the Deployment Server should be installed.
•
Provide account information that already exists on the Deployment Share and the
Deployment Server. Click Next. See “Deployment Server” on page 278.
Enter Deployment Database information. Identify where you want to install the database, or select
an existing Microsoft SQL Server from the list of computers. See “Deployment Database” on
page 278.
Note: If you have multiple instances of the Microsoft SQL Server already set up, you can identify
a specific database instance in this field using the format: <SQL Server Name>\<database
instance>.
Depending upon the selection of SQL Server instance, the default port at which the selected
instance is listening will be displayed in the SQL Port Number text box. You can edit the port
number if you have manually entered the SQL Server name or if the port number does not get
filled automatically due to some fire wall restriction.
You can choose to use a different name other than eXpress for your Deployment Database. Type
the alternate name in the Database Name: field and click Next.
Note: The name of the Deployment Share, however, will still remain eXpress.
9
Identify the type of Deployment Database authentication to be used. Enter the user name and
password if SQL Server authentication is used. Click Next.
If a previous installation of the Deployment Database is detected, a message appears stating
whether you want to preserve or overwrite the existing database.
10
Enter the Pre-boot Operating Systems information required for Boot Disk Creator. Select any
one of the four options from FreeDos, MS-DOS, Linux, and Windows PE. Click Browse to select
the FIRM file (for FreeDos and Linux OS) or enter the path for the location of operating system
files (for MS-DOS and Windows PE).
11
Enter PXE Server information. Click Next. See “PXE Server” on page 280.
•
Select the pre-boot operating system to use as the default PXE boot menu item. You can
select DOS, Linux, or Windows PE.
12
Enter information on how you want to connect your managed computer to connect to the
Deployment Server. Click Connect directly to Deployment Server and provide the DS IP address
and Port or click Discover Deployment Server using TCP/IP multicast and provide a Server name. If
the Server name box is left blank then it finds the first Deployment Server that responds.
13
Enter Deployment Console information. Select if you want to install on the computer you are
currently installing from or on a remote computer.
14
Provide information for installing the Deployment Web Console on the computer you are
currently installing from. This computer must be running Microsoft IIS. You are required to
provide information about the path where you want to install the Deployment Web Console, and
also valid user credentials. Click Next. See “Deployment Web Console Information” on
page 306.
Note: This option will be disabled if Microsoft IIS is not detected.
15
The Installation Information dialog box will open to display the selected Deployment Server
components to be installed.
Note: If you are upgrading your installation, a message box will display stating: Do you want to
replace the share? Click Yes and continue. If you click No, then a secondary message box will
display stating that the share is already in use and you will need to manually set the share to point
to the correct directory. Click OK. This features tells you that you may be creating a new share
Altiris® Deployment Solution™ Help
285
(in rare occurrences where you changed the path in the previous screen) and you may have to
manually point to the new share after installation.
16
Click Install to install the components listed on the summary screen, or choose Back to modify
settings before starting the installation. The installation process will begin, and might take
several minutes.
17
Install Deployment Agent to client computers. The Installation Information dialog box will open
asking if you want to install clients.
Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the
Microsoft Sysprep files.
Remote Install Deployment Agent. Select this option if you want to push the Deployment Agent to
computers running the Windows 2000, XP, and Windows Server 2003 operating systems.
Download Adobe Acrobat Reader.
Select this option if you want to download the Adobe Acrobat
Reader to read documentation in PDF format.
18
After the installation is complete, click Finish.
You have successfully completed a Custom install for a Deployment Server system. Click the
Deployment Console icon on your desktop to view all the computer resources running Deployment
Agents configured for your Deployment Server.
See “Simple Install for Deployment Server” on page 282.
Component Install for Deployment Server
The Component installation option lets you add selected Deployment Server Components—
Deployment Console, Deployment Web Console, Altiris PXE Server, and Deployment Agents to the
existing Deployment Share. Additionally, you can also add Microsoft Sysprep files.
To install components
1
Start the server and log on with the administrator account that you created to run Deployment
Server. See “Deployment Server System Requirements” on page 281.
2
Launch the appropriate Altiris Deployment Server installation file and follow the setup steps.
The Deployment Server self-extracting install dialog box will open.
3
Click Extract and Execute App.
4
Click Add Component.
5
Click Install. Click Yes to the Software License Agreement.
6
Enter a path for the Deployment Share. Click Next.
7
Select the Components to install.
•
Install an additional Deployment Console.
•
Install an additional Deployment Web Console. Click this option to install an additional
Deployment Web Console on the local computer. The web console will install on the local
computer if it is running Microsoft IIS. See “Deployment Web Console Information” on
page 306.
Install an additional Altiris PXE Server. Use this option to add additional PXE Servers across a
network segment to handle boot requests for large environments.
Master PXE Server. When you add another PXE Server, the PXE Server installed initially will
be designated as the Master PXE Server. The Master PXE Server works concurrently with
any additional PXE Server to handle boot requests across the network segment, but it also
allocates additional blocks of IP addresses to other PXE Servers in the system.
•
Click this option to install another Deployment
Console (a Windows executable) on another computer. You can add as many Deployment
Consoles as required to manage from multiple consoles across your system, but you can only
install one at a time.
For all of the available options for installing Altiris PXE Server, see “PXE Server Install” on
page 305.
Altiris® Deployment Solution™ Help
286
8
•
Install additional Deployment Agents. Click this option to install additional Deployment
Agents on client computers, setting up managed computers in the Deployment Server
system.
•
Add Microsoft Sysprep files. Click this option to install the Microsoft Sysprep files, if you did
not install them earlier. See “Sysprep” on page 306.
Select Download Adobe Acrobat (for documentation) if you want to install Adobe Acrobat to read
the product documentation.
Installing Deployment Solution Agents
Each client computer requires the Deployment Agent to run as the Production Agent on a local hard
disk, which communicates with the Deployment Server and registers in the Deployment Database.
For Windows and Linux client computers, Deployment Solution lets you “push” agent software to
a client computer from a Deployment console, or you can “pull” the Deployment agent from the
client computer from the Deployment Web Console (or just pull it from the Deployment Share).
You can install an embedded (recommended) or hidden automation partition, which contains an
Automation Agent that establishes communications with the Deployment Server to run the
deployment jobs that have been assigned to the client computer. See Install Automation Partition
(page 116) . The Deployment agents for handhelds are also easily installed from the console using
prebuilt jobs.
•
Deployment Agent. Install a Production Agent to a Windows desktop, notebook, or server,
computer. You can also install this agent to any supported Linux workstation or server. See
“Installing the Deployment Agent” on page 288.
•
Deployment Agent on Linux. Install on any supported Linux workstation or server. See
“Installing Deployment Agent on Linux” on page 292.
•
Automation Agent. Install on any Windows desktop, notebook, or server computer. See
“Installing the Automation Agent” on page 293.
•
Installing Deployment Agent for Pocket PC. Install on handheld computers running the Pocket
PC operating system. See “Installing Deployment Agent for PocketPC” on page 293.
Client Connectivity and Network Adapters
Altiris supports all standard network adapter cards and includes many drivers with the installation
of Deployment Solution. However, sometimes outdated drivers (including default drivers that come
with the hardware) cause problems when clients are in automation mode. To avoid these problems,
you should check the manufacturer’s web site for your network adapter to make sure you use their
latest driver in your pre-boot operating system configuration file.
Some common client problems that can be solved by updating drivers are:
•
Locking when loading drivers or failing to connect to the server
•
Locking when imaging (downloading, uploading, or multicasting)
Microsoft Client Drivers
The Boot Disk Creator is set up to work with drivers that follow a certain standard. Since not all NIC
drivers follow that standard, files may need to be moved to a different location. These three files
must be in the same directory:
•
•
•
The DOS driver for your card (drivername.dos)
The sample protocol.ini that comes with your driver (protocol.ini)
The OEM setup file that specifies the DOS driver (oemsetup.inf)
Example: the OEM setup file will contain lines similar to the following:
[netcard]
NGRPCI=”NETGEAR FA310TX Fast Ethernet PCI
Adapter”,0,ndis,ethernet,real,NGRPCI,NGRPCI_NIF
Altiris® Deployment Solution™ Help
287
[NGRPCI] (This header must be the sixth item listed in the line above)
Device=NGRPCI.DOS (If this line is missing, add it. The syntax is
device=drivername.)
If there is no protocol.ini file, create a text file that contains the following command:
DriverName=drivername
Novell Client Drivers
The Boot Disk Creator does the following:
•
Searches all subdirectories for a directory that contains *.ins, *.com, and net.cfg files. (They
must be in the same directory.) The .ins file is then opened to get information about the network
card.
•
The program searches the file for a line starting with a carat (^). This line must have at least two
values listed, separated by a comma. The two values needed are the description of the card
(value1), and the .com driver file name (value2).
The following are requirements to install Deployment Agents to set up managed computers for each
Deployment Server system.
Installing the Deployment Agent
For client computers running a Windows operating system, Deployment Solution lets you install
agent software using Remote Agent Installer to “push” the agent to a client computer from a
Deployment console. Or, you can “pull” the Deployment agent from the client computer by
accessing the Windows share or downloading the install package from the Deployment Web
Console. You must have administrative rights to the client computers and File and Print Sharing
must be enabled to install the agent software.
Click the Remote Agent Installer button on the Deployment Console toolbar, or click
to open the utility program. You can also download
aclient.exe from the network share or Deployment Web Console to install a
Deployment agent.
Tool > Remote Agent Installer
Windows 9x. For Windows 98 clients, you must install the agent software locally. There are several
ways to do this: You can add commands to the client login script to map to the Deployment Agent
on your file server and run the executable, or you can e-mail the executable or a shortcut to users and
run the install program from the client computer.
Windows XP. When remotely installing the Deployment Agent on a Windows XP computer, each
user must have an account password. Remote Agent Installer will return an error message if it is
unable to get to the Administrative share on the remote XP computer for each user. Windows XP
will not allow access to any Administrative shares if the user on that computer does not have an
assigned password (including the guest account). When all users have passwords and the network
setup wizard has been run, you can successfully install the Deployment Agent using the Remote
Agent Installer.
Remote Agent Installer
You can use the Remote Agent Installer utility program to install the Deployment Agent on
Windows 2003/XP/2000 operating systems. For Windows 98 computers, you will have to install
manually by running aclient.exe downloaded from the network share or from the Deployment Web
Console. After downloading the install executable, run it on the local computer to install.
Altiris® Deployment Solution™ Help
288
Enter administrator account information
Enter common administrator credentials for all client computers, or keep default to be prompted for
login credentials for each client computer.
Let me specify a user name and password for each computer as its installed. Prompts for an
administrative user name password for each computer in the remote install list. This is the default
option.
Use this username and password for all clients. Enter credentials for an administrator account that has
rights to all client computers added to the remote install list.
Click Next.
Specify install directory
Enter a location to install the Deployment Agent.
Install directory. Enter the path where the Deployment Agent will be installed on the client computer.
Enable this agent to use Microsoft Sysprep. Select
if you are going to set security on the client
computer. If you enable this option, you will be required to locate and download program install
files.
View agent settings in the summary box.
Click Change Settings to set “Deployment Agent Settings” on page 94 for the Deployment Agent.
Automatically Add to a Group
You can add new computers to the All Computers group automatically, or specify another computer
group.
Add clients to default group.
Adds new computers to the All Computers group.
Add clients to a specific group.
Specify another group to add new computers. Use back slashes to
separate subgroups.
Select Computers on the Network
Identify client computers on the network and add them to a list of computers to remotely install the
Deployment Agent.
Add.
Select the computers by name in the list, or enter a computer name or IP address.
Computer Name.
Enter the name of a computer on the network or its IP address.
Properties.
Select a computer and view agent install settings. You can also change SID and Agent
settings from this Agent Properties dialog box.
Import. Find an RCI file and import new computers from a file previously created file in a DOS text
file.
This file has the following parameters: -c:[computer] –u:[username] –p:[password] –
i:[input file]. The parameters must be entered in this order. The password parameter is not
required if the administrator account does not have one assigned. If you are using the default settings,
you do not need to specify an input filename. Each computer entry must be on a separate line.
Export. You can export the computers listed into an export file for future use. The default extension
is *.RCI. Remote Agent Installer first looks for an RCI file extension, but any DOS text file can be
used.
When the computers appear in the installer list and the properties have been set, click Finish. The
status of the agent install is shown on screen.
Altiris® Deployment Solution™ Help
289
After the Deployment Agent is installed, it will connect to Deployment Server automatically and
appear in the Computers pane of the Deployment console.
Download Microsoft Sysprep
If you selected Enable this agent to use Microsoft Sysprep on the previous dialog box, the Remote
Agent Installer dialog box will assist in finding required install files for specific versions of sysprep.
Select to download and install the Microsoft Sysprep files.
Update file system permissions when changing SIDs. Click to automatically update file system
permissions to maintain the individual file permissions that may have been set. This also includes
the individual network shares that may exist on this client. Checking this option also includes those
individual permissions. This will take a long time to convert the SIDs. To make the SID utility run
faster, do not mark this option.
Important: SIDgen is no longer supported and should not be used. Altiris recommends using
Microsoft Sysprep in situations where SID replacement is required.
To install Microsoft Sysprep, you need to download the install files required for
the Windows operating systems running on the client computer.
Windows 2000/XP/2003 (deploy.cab)
We recommend installing these files from a Windows 2003 server CD.
Click Next.
Change Settings
Click the Change Settings button to modify access, security and other settings on the Deployment
Agent to be installed. See “Deployment Agent Settings” on page 94.
Get Server Security Key
This page appears only if you enabled the Enable key-based authentication to Deployment Server
option in the Change Agent Settings.
Enter the security key file path for the Deployment Server or browse and select a file containing the
security key file path.
Installing Deployment Agent for Windows
Run AClient.exe from the Deployment Share (shared folder) or download the install file from the
Deployment Web Console.
1
At the Altiris Client Service dialog box, enter a location to install the Deployment agent. Select
one of these options, if required:
•
Secure modification of server properties.
This prohibits users from changing any agent
settings.
•
Enable changing of Security ID. Select when managing security IDs to run a SID utility as part
of an imaging job.
•
2
Advanced. Click to open the Computer Configuration Properties dialog box and enter settings
for the Deployment agent you are installing.
Click Next.
If you chose to enable security IDs, you will see a screen listing options you can use for managing
SIDs. Select the utilities that you want to use and enter the path where the utilities are stored.
Altiris® Deployment Solution™ Help
290
3
Click Next to install the Deployment Agent. Select a group in Deployment Console to add the
client to. This is optional.You can also leave it at the default group.
After the Deployment agent is installed, it will connect to Deployment Server automatically and
appear in the Computers pane of the Deployment console.
See also “Installing Deployment Solution Agents” on page 287.
Automating the Installation of Deployment Agent
If you choose not to use Remote Agent Installer to install Deployment Agent, perform the
installation using log-on scripts or batch flies. However, this requires that you manually complete
the installation at each client computer. Instead, you can use a template file to set applicable options
and properties.
The template file is a text file that can be used to automate configuration of the properties when
installing Deployment Agent from a batch file, login script, or manually from a client computer. The
template file can be created using two methods: editing the sample.inp file or using Remote Agent
Installer.
Editing the Sample.inp file
Deployment Solution ships with a sample template file named sample.inp, which contains the
commands to configure installation options and properties. This file is located in Program
Files\Altiris\eXpress\Deployment Server.
Most of the parameters have been disabled in this file. To enable an option, remove the semicolon.
Example: to specify a specific IP address and port number for the client to use to locate the
Deployment Server, remove the semicolon from the TcpAddr and TcpPort lines and then change the
address and port number to the correct values.
Creating a Template File using Remote Agent Installer
A template file can be created when running Remote Agent Installer. After modifying agent
properties and adding computers to the Selecting Clients window, use the Export button to create the
template file. Clicking the Export button creates a file to import computers (*.rci) as well as the
template file (*.inp).
Example: if you had computers named PC-1 and PC-2 listed in the Selecting Clients window and then
exported these computers using the file name Export.rci, these two template files would be created:
Export_PC-1.inp
Export_PC-2.inp
Using the Template File
To use the template file you created, run the AClient.exe installation program specifying the
template file and using the -install switch. Example:
\\FX1\eXpress\AClient.exe aclient.inp -install
The following command-line switches are available:
Switch
Definition
-install
AClient.exe runs and installs the Deployment Agent on the computer as
opposed to just running it in memory.
-remove
Permanently removes Deployment Agent from the computer where it was
installed.
-silent
Lets you use the switches without being prompted for further input.
Altiris® Deployment Solution™ Help
291
Switch
Definition
-stop
Stops the Deployment Agent from running, but does not remove it. The next
time the computer is booted, the Deployment Agent will run in production
mode.
-start
Starts the Deployment Agent. This switch will only work when Deployment
Agent is installed on the computer.
Installing Deployment Agent on Linux
You can install the Deployment Agent to any supported Linux workstation or server by downloading
and running the Deployment Agent for Linux installation file (a bin file) on the client computer. The
Deployment Agent is updated automatically on Linux computers when upgrading to a new version
of Deployment Solution. The creation date of the Deployment Agent is checked and updated when
a new agent is available.
System Requirements
Processors
Pentium
Disk space
5 MB contiguous
Operating systems: RedHat 7.2, 7.3, 8.0, 8.1
RedHat Advanced Server 2.1
United Linux 1.0
RAM
32 MB
Installing the Deployment Agent for Linux
1
After downloading the BIN file to a local directory, you can install from the command-line.
•
To install from the command line, drive to the directory where you saved the BIN file, switch
to the root user (su) and change the directory to the location of the bin file by typing
(cd < directory>)
after changing the directory, you need to have the permission to execute the bin file, to obtain
the permission, type
chmod 544 <filename>
•
and then type: ./<file name>
The Deployment Agent for Linux will be installed in the /opt/altiris/deployment/
adlagent directory.
2
You can change the adlagent configuration file settings by updating the adlagent.conf
file. This file is located in the /opt/altiris/deployment/adlagent/conf directory. You
can also change the adlagent configuration file settings by executing the configure script
from the /opt/altiris/deployment/adlagent/bin directory.
•
To run the script to change settings for the adlagent configuration file, browse to the /opt/
altiris/deployment/adlagent/bin directory from the shell and type the following:
./configure
You are then prompted to select Multicast options to identify a Deployment Server to manage
the current client computer, or you can select a specific Deployment Server by setting the
Multicast option to false and adding the IP address of the desired Deployment Server.
•
To edit the configure file directly, open the adlagent.conf file located in the
/opt/altiris/deployment/adlagent/conf
directory and make setting changes to the configuration document.
In many cases, you may want to edit the configuration file to change functionality or
properties. Example: you can open the adlagent.conf file in an editor and scroll to the
[Transport] section and the UseMcast line. Change UseMcast=true to
UseMcast=false. Then type the IP address of the specific Deployment Server you want to
Altiris® Deployment Solution™ Help
292
manage the client computer into the TCPAddr=<IP address> line. Additional
configuration settings can also be identified and edited in the configuration file.
3
After making edits to the configuration file, restart the Deployment Agent for Linux.
To start and stop the Deployment Agent for Linux, you must enter the full path name or drive to
the /etc/rc.d/init.d directory (with administrator/root rights) and use the
adlagent stop and adlagent start commands, or the adlagent restart command.
You can also use the Package Manager installed with Linux to restart the Deployment Agent for
Linux.
By stopping and starting the Deployment Agent for Linux, the service will update the changes
made in the adlagent configuration file.
You can now view the Linux managed computer from a Deployment console.
See “Installing Deployment Solution Agents” on page 287.
Installing the Automation Agent
After Deployment Server has detected a managed computer through the Deployment Agent in a
production environment, you can install an Automation Partition from the Computers pane. You can
use this feature on Windows 2003/XP/2000.
System Requirements
Processors
Pentium
Disk space
5 MB contiguous
Operating systems: MS DOS and Linux
RAM
32 MB
Here are some other ways to create and install an Automation Agent, which resides in an embedded
(recommended) or hidden partition on the client computer’s hard disk.
•
For Windows 98 computers, create boot disks to install locally.
•
For Deployment Solution systems running PXE Server, create boot menu options from the PXE
Configuration Utility, using on of the following methods: Boot Disk Creator, Direct from floppy, or
User Specified. See PXE Configuration Utility Help.
•
To install an Automation Partition on Windows 2003/XP/2000 computers, you can create a
Microsoft Install Package (MSI) and deploy it using a job from the console. See Distributing
Software (page 143) . You can also create floppy disks, a bootable CDs with an ISO image, or
bootable USB devices. See Boot Disk Creator Help
To install an Automation Partition
See Install Automation Partition (page 116) .
Installing Deployment Agent for PocketPC
The Deployment Agent for Pocket PC lets you manage and deploy handheld computers running the
Pocket PC operating system, including:
•
HP iPAQ Pocket PC
•
HP Jornada Pocket PC
•
Casio Cassiopeia Pocket PC
You can manage handhelds through a cradle attached to a host computer, or through direct
connection to the network using a LAN or wireless network adapter. When connected through the
cradle, the Pocket PC Agent software will reside on the host computer and the Pocket PC Client
software will reside on the handheld computer. This configuration allows Deployment Server to
recognize and update the handheld each time it returns to the cradle and synchronize with the host
Altiris® Deployment Solution™ Help
293
computer using Microsoft ActiveSync. Handheld computers connected directly to the network
install only the PPC Client software and are managed like any other computer in your Deployment
Server system.
System Requirements
Processors
ARM
MIP
SH3
Disk space
5 Mb contiguous
Operating systems: Pocket PC
RAM
16 Mb
Install from a cradle or cable. See “Install a Pocket PC Agent from the Deployment Console” on
page 294 to install to a handheld computer in the cradle attached to a host computer.
Download CAB files with ActiveSync. See “Install Pocket PC Agent from the Host Computer” on
page 295 to install the handheld by running or copying the Deployment agent install file or the
Deployment Client CAB files over the network.
Install directly to the handheld. See “Install Pocket PC Client on the Handheld” on page 296 to
install only the Deployment Client from CAB files on the handheld computer.
The Deployment Agent for Pocket PC (PA) runs on the host computer, which itself is a managed
computer running the Deployment Agent (DS). The Deployment Agent for Pocket PC automatically
installs the Deployment Client for Pocket PC (PC). You can also install the Deployment Client for
Pocket PC directly to the handheld by installing the required CAB files.
Install a Pocket PC Agent from the Deployment Console
When installing a handheld running the Pocket PC operating system, you can attach to a host
computer and run Microsoft ActiveSync software to synchronize data between the host computer
and the handheld. Deployment Solution lets you install Deployment Agents on both the host
computer and the handheld to communicate with Deployment Server as a managed computer.
The Altiris Pocket PC Agent is software that runs on the host computer. This agent communicates
through the handheld’s cradle to the Pocket PC Client running on the handheld. The Pocket PC Agent
also automatically installs Pocket PC Client on the handheld. The Pocket PC Agent provides
communication between the Pocket PC Client on the handheld and the Deployment Server.
ActiveSync is required for the Pocket PC Agent because it provides the IP stack the Pocket PC Agent
uses to communicate with the handheld.
The Pocket PC Agent monitors the connect and disconnect jobs sent to the handheld. If the Pocket
PC Client on the handheld is present but not started, then the agent will start it. The Pocket PC Agent
also acts as a relay agent to transfer data from the Pocket PC Client on the handheld to the
Deployment Server.
Altiris® Deployment Solution™ Help
294
From a Deployment console, you can schedule and run a Sample job to install the Pocket PC Agent
on a host computer. Make sure that the handheld is connected to the host computer and seated in the
cradle. You must also download Microsoft ActiveSync™ and install it (this is free software
available on the Microsoft web site) on the host computer. Then synchronize the host computer with
the handheld.
To install from a Deployment console
Use Deployment Solution to find computers with ActiveSync and run deployment jobs to
automatically copy the necessary files and install the Deployment PPC Agent and PPC Client.
1
From a Deployment console, in the Jobs pane open the Samples > Pocket PC folder.
2
Click the Install Altiris Pocket PC job and then select the Active Sync computer condition in the
Condition box in the Details pane.
3
Drag the Install Altiris Pocket PC job to the host computer. If you are using a Web console, then
assign using web features.
4
Schedule the job.
After the Pocket PC Agent has installed, the Altiris Pocket PC Agent icon will appear in the
system tray of the host computer.
When the Deployment Agent is initialized, it will connect to the handheld. The agent will check
if the Altiris Pocket PC Client is installed on the handheld. If not, the agent will automatically
install it.
When the Pocket PC Client is installed on the handheld, the Deployment Client icon will appear
in the system tray of the handheld and the client details screen will display.
Note: For ease of use, the Pocket PC Client will first try to connect to a Pocket PC Agent. If it
fails, the Pocket PC Client will try to connect directly to the Deployment Server.
5
Click OK.
The handheld will appear in the Deployment Console as a unique computer displaying the
handheld’s name.
See “Installing Deployment Agent for PocketPC” on page 293.
Install Pocket PC Agent from the Host Computer
From the host computer, you can install the Pocket PC Agent by running the ppcagent.exe
installation file on the host computer. After installing the Pocket PC Agent, it will automatically
install the Pocket PC Client when the computer’s synchronize. This is the fastest and easiest way to
install both agents on the host and handheld computers.
Note: After you have installed the Altiris Pocket PC Agent on a host computer, the PPCAgent.exe
file can be executed from the C:\Altiris\PPCAgent directory (or the directory where you installed
Pocket PC Agent if you chose a directory different from the default). This lets you access the features
of this program even though the icon has been hidden.
In addition, if you are using ActiveSync 3.5 or a later version, you can also log on to the Deployment
Share in the Deployment Server > Pocket PC Client folder and copy the correct CAB file
for the handheld (based on type of processor) to the host computer. You can then copy the CAB files
directly to the handheld using the Explore feature in ActiveSync.
To install Pocket PC Client directly with ActiveSync
1
Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the
file from).
2
Connect your device to your desktop computer using a cradle or cable.
3
In ActiveSync, click Explore. Windows Explorer will open the Mobile Device window for your
device.
4
In Windows Explorer, browse to the CAB file that you want to copy.
5
Right-click the file and click Copy.
6
Place the cursor in the desired folder for your device, right-click, and click Paste.
Altiris® Deployment Solution™ Help
295
7
From the device, tap Start > Programs > File Explorer.
Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the
handheld, the Deployment Agent icon appears in the handheld’s system tray.
Note: If using ActiveSync 3.5, the Pocket PC Agent is not required after the Pocket PC Client is
installed. However, the Pocket PC Agent can still be useful for installing the Pocket PC Client onto
the handheld, loading the client, and managing client settings.
See “Installing Deployment Agent for PocketPC” on page 293.
Install Pocket PC Client on the Handheld
You can install the Pocket PC Client directly to the handheld computer if your handheld has a
network adapter (LAN or wireless), allowing you to download the correct CAB file and install the
Pocket PC Client to communicate with the Deployment Server.
The following CAB files are provided based on processor type. Copy the CAB files from the
Deployment Share in the Deployment Server\PocketPCClient folder: ppccInt.Arm.CAB,
ppccInt.MIP.CAB, ppccInt.SH3.CAB.
To install Pocket PC Client using CAB files
1
Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the
file from).
2
Connect your device to your desktop computer.
3
In ActiveSync, click Explore. Windows Explorer will open the Mobile Device window for your
device.
4
In Windows Explorer, browse to the CAB file that you want to copy.
5
Right-click the file and click Copy.
6
Place the cursor in the desired folder for your device, right-click, and click Paste.
7
From the device, tap Start > Programs > File Explorer.
Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the
handheld, the Deployment Agent icon appears in the handheld’s system tray.
See “Installing Deployment Agent for PocketPC” on page 293.
Uninstall the Pocket PC Agent
1
Open the Pocket PC Agent status sheet by double-clicking Altiris Pocket PC Agent icon.
2
Click Options > Uninstall.
You can also uninstall the agent by running the ppcagent -remove switch from the command line.
Note: There is no uninstall program for the PPC Client. To remove the Pocket PC Client, you must
remove the client file from the My Device\Windows\ppccInt.exe file on the handheld.
Command Line Switches for the Pocket PC Agent
You can also manage the Pocket PC Agent through command-line switches. The Pocket PC Agent
is started using the C:\Program Files\Altiris\PPCAgent\PPCAgent.exe program file. If you need to
perform some function with a command-line switch, run the program file followed by the applicable
switch.
To restart the agent, you would run:
C:\Program Files\Altiris\PPCAgent\PPCAgent.exe -restart
The following is a list of the supported switches:
•
-stop
Altiris® Deployment Solution™ Help
296
Stops the agent.
•
-start
Starts the agent after it has been stopped.
•
-restart
Stops and restarts the agent.
•
-silent
Installs the agent without the installation dialog screens.
•
-remove
Stops and uninstalls the agent.
Managing Licenses
From the Deployment Console you can find the number of licenses used, detect an expired license,
or apply a license to a client computer. You can install multiple Deployment Servers, but licensing
is based on the number of managed client computers.
The Deployment Server system also provides the license utility to install or update regular licenses,
or add licenses to computers installed with Deployment Solution. This utility lets you display license
status, install a newer license, and add additional licenses.
Licensing Terms
Term
Description
AUP - Annual Upgrade
Protection
Altiris Annual Upgrade Protection or AUP allows registered
Altiris software users to upgrade to any version of the
registered product that is released during the coverage period
without paying an upgrade charge. Regular production licenses
will never have a license expiration date, but will always have
an AUP date. As long as this date is not expired you can use that
license to register any version of Deployment Server.
Licensed Nodes
The total number of client and server computers that a
Deployment Server is licensed for. Each client computer that
has an agent and that communicates actively with the
Deployment Server uses a single license node.
You can view this information on the About Deployment
Console box. This detail is also displayed in the License Details
when you apply a license with the Product Licensing Utility,
and select a license file.
DS and PCT
These are common abbreviations for Deployment Server and
PC Transplant. Both of these products are licensed with the
same licensing model, and very often a single license applies to
both products at once, although some licenses will only apply
to PC Transplant.
Expired License
All regular licenses (that are purchased) never expire.
Evaluation licenses however do have an expiration date. After
the expiry date those trial or evaluation licenses will no longer
function, and will need to be replaced with a regular license.
See also: Using the License Utility (page 298) , Adding a License from the Deployment Console
(page 299) , RDP Licensing (page 300) , Finding the Number of Licenses Used (page 300) ,
Computers Not Using a Regular License (page 300) , Detecting an Expired License (page 301) , and
Expired Licenses (page 301) .
Altiris® Deployment Solution™ Help
297
Using the License Utility
The Deployment Server system provides a license utility to update or add licenses to installed sites,
which lets you apply the license activation key file (.lic file) after Altiris products are installed. This
utility is installed to the Deployment Share during the Deployment Server installation.
When you open the License Utility, the Altiris Activation Key Wizard displays. On the Select Altiris
Program Files to Activate page, you can select the Replace all existing license Activation Keys with this
new Activation Key checkbox, which will overwrite the current Activation Key with the one you are
installing.
The License Utility lets you display license status, install a specific product, install new or updated
licenses for installed software, and additional licenses for installed software.
To open the Altiris License Utility
Option 1:
• Click Start > Programs > Altiris > Deployment Solution > Product
Licensing Utility.
Option 2:
• Browse to the location where you installed the Deployment Share.
•
Run license.exe.
To display license status
1
Open the License Utility.
2
Enter the directory path to the new lic file.
3
Click Next.
A summary screen displays the activation key information.
4
Click Cancel.
Install a Regular License for Altiris Products
When a product is installed from the Altiris CD or the Altiris web site, a 7-day trial license is
automatically applied. However, you can apply a 30-day evaluation license or a purchased regular
license to installed products that use a license activation key file (LIC).
Important: Save the license activation key file as you will need it when future product updates are
released. After you receive the key, store it in a safe place (such as a floppy disk) for future reference.
Multiple license activation key files can be stored in individual folders on a single disk. You can also
store multiple license activation key files in the same folder, as long as the file names are different.
To apply a regular license file
1
Open the License Utility.
2
Enter the directory path to the new lic file and click Next.
The Altiris Activation Key Wizard displays activation key information.
3
Click Next.
A list displays the Altiris products that are installed on the Deployment Server. Each program
file uses license activation key files.
4
Select one of the following:
Option 1:
a
Select the product you want to license. Use the Shift key to select multiple products.
b
Click Finish to apply the license to the selected products.
Option 2:
Altiris® Deployment Solution™ Help
298
a
Click Add to browse to the location of an Altiris product folder.
b
Select the program filename and click Open. The product will be added to the license list.
c
Select the products to license and click Finish.
Option 3:
a
Select the products you do not want to apply a license to.
b
Click Remove.
c
Select the products to license and click Finish.
See “Installing Deployment Solution Agents” on page 287.
HP client computers and licensing
HP client computers automatically connect to the Deployment Server with a 30 trial license. In the
Deployment Console, HP client computers display a clock icon to indicate that the trial license is
limited, and has an expiration date. You can upgrade the trial license by doing the following:
1
From the Deployment Console, right-click on the HP client computer and select Properties.
2
Click the Apply regular license checkbox.
3
Click OK. The license is automatically upgraded to a purchased license.
Note: You do not need to apply a license key to activate the HP Thin Client t5000 Series. This
managed client computer automatically receives a non-expiring license when connected to the
console.
Install Multiple Licenses
Some Altiris utilities can combine multiple licenses together for the total number of nodes. Example:
two 50-node licenses can be combined to a single 100-node license. This option lets you apply an
“add-on” license to the Altiris products you have installed on the Deployment Server.
1
Open the License Utility.
2
Enter the directory path to the new lic file and click Next.
The Altiris Activation Key Wizard displays activation key information.
3
Click Next.
A list displays the Altiris products that you have licensed.
4
Click Finish.
See also: Managing Licenses (page 297) , Adding a License from the Deployment Console (page
299) , RDP Licensing (page 300) , Finding the Number of Licenses Used (page 300) , Computers
Not Using a Regular License (page 300) , Detecting an Expired License (page 301) , and Expired
Licenses (page 301) .
Adding a License from the Deployment Console
Use this option to install a license to a computer from the Deployment Console after the free trial
has expired. You must apply a regular (permanent) license to continue managing client computers.
You cannot install a license directly to a client ccomputer. However, you must install a regular
license on the Deployment Server before you can install and manage licenses for client computers
from the Deployment Console.
To install a regular license to a single computer
1
From the Deployment Console, right-click on the computer that you want to apply the license.
2
Select Properties.
3
Select Apply regular license.
4
Click OK.
Altiris® Deployment Solution™ Help
299
To install a regular license to multiple computers
1
From the Deployment Console, right-click on the computer group that you want to apply the
license.
2
Select Advanced.
3
Select Apply Regular License.
See also: Managing Licenses (page 297) , Using the License Utility (page 298) , RDP Licensing
(page 300) , Finding the Number of Licenses Used (page 300) , Computers Not Using a Regular
License (page 300) , Detecting an Expired License (page 301) , and Expired Licenses (page 301) .
RDP Licensing
RDP (Rapid Deployment Pack) is a version of Deployment Server released to HP customers. It
functions and behaves almost in a similar manner in regards to licensing. The only major difference
is that due to HP policy, AUP for their customers is much longer than normal. Deployment Server
will not apply licenses correctly if they have AUP longer than 3 years. Because of this, if you have
licenses for RDP, and you download Deployment Server from the Altiris.com website, you will not
be able to apply the licenses.
The easiest way to resolve this issue is to use the install files from the HP site. Those installation
files will use a slightly different version of the Product Licensing Utility, and they will allow licenses
with long AUP dates.
See also: Managing Licenses (page 297) , Using the License Utility (page 298) , Adding a License
from the Deployment Console (page 299) , Finding the Number of Licenses Used (page 300) ,
Computers Not Using a Regular License (page 300) , Detecting an Expired License (page 301) , and
Expired Licenses (page 301) .
Finding the Number of Licenses Used
Open the Deployment console and select Help > About from the main menu bar. You will now be
able to see the total number of licenses that you have purchased, the total licenses that you have used,
and the total licenses available.
You can also tell which computers have not had a regular license applied to them by looking at the
computer in the Computers pane. If the icon has a clock in the lower left-hand corner, this computer
is still using the free license.
See also: Managing Licenses (page 297) , Using the License Utility (page 298) , Adding a License
from the Deployment Console (page 299) , RDP Licensing (page 300) , Computers Not Using a
Regular License (page 300) , Detecting an Expired License (page 301) , and Expired Licenses (page
301) .
Computers Not Using a Regular License
From the Deployment Console, you can tell which computers do not have a regular license. If the
icon has a clock in the lower left-hand corner of the Computers pane, then this is an HP computer
that is still using the free 30 license.
See also: Managing Licenses (page 297) , Using the License Utility (page 298) , Adding a License
from the Deployment Console (page 299) , RDP Licensing (page 300) , Finding the Number of
Licenses Used (page 300) , Detecting an Expired License (page 301) , and Expired Licenses (page
301) .
Altiris® Deployment Solution™ Help
300
Detecting an Expired License
A computer listed in the Computers pane of the Deployment console will be gray instead of blue if
the license has expired. However, this may not always mean the license has expired so check the
other options listed below.
1
A computer with an expired license will state Client license expired - see computer properties when
selected.
2
If you try to display the properties of a computer with an expired license, the following error
message displays:
Error: You have chosen a computer that has expired. Clients that are expired cannot be managed
until a license is purchased for them and they have been flagged in the Computer Properties
dialog box to accept a regular license.
Note: If you place a job on a computer with an expired license, the same error message is
displayed.
Directing client computers to the correct Deployment Server
If you review the client computer list from the Deployment Console, and notice some computers are
not available when you click on them, it could be that the computer was moved from one
Deployment Server to the other, and the former server had an expired licence. To verify that a client
computer is associated with the Deployment Server you want, do the following:
1
Double-click on the Deployment Agent icon at the client computer.
2
Select Properties.
3
Enter the IP address of the correct Deployment Server in the Address/Hostname field.
4
Click OK.
See also: Managing Licenses (page 297) , Using the License Utility (page 298) , Adding a License
from the Deployment Console (page 299) , RDP Licensing (page 300) , Finding the Number of
Licenses Used (page 300) , Computers Not Using a Regular License (page 300) , and Expired
Licenses (page 301) .
Expired Licenses
Regular Deployment Server licenses do not expire, however the 7 day trial license, or the 30 day
evaluation licenses do expire, and can cause some problems if not replaced properly after adding
regular licenses. Computers with expired licenses become dead nodes and can no longer be managed
by the DS console.
When a license is first installed on the Deployment Server, each computer in the database takes a
license node. If this node is a temporary license, then that computer has a tag in the database that
says it is a trial node. If that license is not replaced before the time limit then that computer will stop
accepting jobs or any type of remote management.
When the Deployment Server receives new regular licenses, it does not by default release the trial
license nodes that it was using before. This can cause problems if the trial licenses are still being
used and they expire even after you apply a regular license. There are 2 ways to deal with this
lingering expired license issue.
First you can set up a global option that will automatically replace any trial license with a regular
license as soon as they become available. This is a long term and preventative solution to expired
license issues.
1
In the Deployment Console, go to Tools > Options
2
Click Global tab.
3
Select the Automatically replace expired trial licenses with available regular licenses box. This
solves the computer node licenses expiry issue.
Altiris® Deployment Solution™ Help
301
The second way you can deal with expired licenses is reapply all of the regular licenses to the
computer nodes. This is good if you want to see an immediate resolution to a license issue.
1
In the Deployment Console, right-clicking on the All Computers computer group (or any other
computer group you need to do this to).
2
Select Advanced > Apply Regular License. This will make all computer nodes in that group release
whatever license node they were using, and then take a regular license node.
See also: Managing Licenses (page 297) , Using the License Utility (page 298) , Adding a License
from the Deployment Console (page 299) , RDP Licensing (page 300) , Finding the Number of
Licenses Used (page 300) , Computers Not Using a Regular License (page 300) , and Detecting an
Expired License (page 301) .
DS Installation Help
The following are help file topics for the Deployment Server installation program accessed by
clicking the Help button or pressing the <F1> key. These topics identify and explain the screen
elements on the dialog boxes used in the installation process.
Install Configuration
The Deployment Server system supports both a Simple Install and a Custom Install option. A Simple
installation lets you install all components on a single computer. The Custom installation lets you
distribute individual components of a Deployment Server system on multiple computers. Use the
Component Install option to install additional components on your system.
Pre-Installation
Simple Install Helper. Click this option to check for an installation of Microsoft SQL Server for a
Simple install. If Microsoft SQL Server or MSDE is located, then the installation program will
continue. If not, then the installation program will prompt you to automatically install MSDE 2000
from an Altiris download web site.
Installation Type
Simple Install. Click this option to install all Deployment Server components on a single computer.
This configuration is recommended for managing computers on a single LAN or across a site with
few subnets. See “Simple Install for Deployment Server” on page 282.
Include PXE Server. Select this feature to install the Altiris PXE Server when running the Simple
install option. The PXE Server requires a DHCP server also installed on your network.
Custom Install.
Click this option to install Deployment Server components on multiple computers
across your system. A Custom install lets you balance network activity for large enterprises with
multiple subnets. Example: use this option to distribute the Deployment Database on a separate
computer or assign another file server as the Deployment Share to store image and package files. See
“Custom Install for Deployment Server” on page 284.
Component Install.
Click this option to install additional Deployment Server components to your
system. Example: use this option if you want to add a PXE Server to your Simple or Custom
installation, or if you need multiple Deployment consoles. See “Component Install for Deployment
Server” on page 286.
If you have multiple network adapter cards, then a secondary dialog box appears stating to select the
IP address for the Deployment Server interface.
See also “Deployment Server System Requirements” on page 281.
Important: If you are running Deployment Server on a MS Windows Server 2003 Domain
Controller with SMB Signing enabled then you cannot execute any imaging and DOS jobs. When
running jobs on MS Windows Server 2003, you must change the SMB Signing Registry Key to
execute DOS-based deployment jobs.
Altiris® Deployment Solution™ Help
302
To disable SMB signing on the Windows 2003 Server
1
Open the Default Domain Controller Security settings dialog box by clicking Start > Settings >
Control Panel > Administrative Tools > Domain Controller Security Policy >Local Policies >Security
Options.
2
Locate the Microsoft network server: Digitally sign communications (always) policy setting, rightclick it and select Properties, and then select Disabled.
3
Disable the Microsoft network server: Digitally sign communications (if client agrees) policy setting
as well. This is Enabled by default.
Installing Deployment Server
Specify the Deployment Share (shared directory) where the image files, RIPs, and other package
files will be stored. Make sure that you have a shared Windows or NetWare directory with free disk
space and appropriate security rights before installing.
File server path. Select the drive letter and directory path where Deployment Server will be installed.
The default path is the Program Files directory on the local computer.
Create Deployment Share. If
Share check box to create a
installing to a local Windows computer, select the Create Deployment
shared directory as your Deployment Share. If you are installing to a
remote file server or if you choose an invalid path, then this option is unavailable.
Note: If installing to a remote file server, create a share or grant access rights to the Deployment
Server directory on the file server before you start the installation. For Windows XP, you must
run the Network Setup Wizard accessed from My Network Places to enable sharing.
Free 7 day license.
Click to use an evaluation license for a new Deployment Server installation.
Upgrade using existing license. Upgrade the Deployment Solution install by using an existing license
file.
License file. Type the path or browse to the license (.lic) file received when you registered on the
Altiris web site.
Service user name and password. If running a Simple Install, type the user name and password of the
Deployment Server service and the Deployment Share. For domain accounts include the domain
name, for example: orgDomain\admin. Make sure you create the administrator domain account
before starting the installation.
See also Deployment Server Components (page 277) , and Managing Licenses (page 297) .
Installing Deployment Server using Component
Install
Specify the Deployment Share (shared directory) where image files, RIPs, and other package files
are stored. Make sure that you have a shared Windows or NetWare directory with available disk
space and security rights before installing.
Deployment Server Install
Install the Deployment Server on a computer. The service is identified in the Services section of the
Windows Computer Management as Altiris eXpress Server.
To install service on a local computer
1
Click On this computer.
2
Type the Deployment Server IP address and port information.
3
Enter the path to install the Deployment Server.
Altiris® Deployment Solution™ Help
303
4
Type the user name and password of the Deployment Server. For a domain account, type the
domain and user name. Create this account before starting the installation.
To install service on a remote computer
1
Click On a remote computer.
2
Type the name of the computer or browse to where you want to install. The destination path and
IP address of the computer will appear automatically.
3
Type the user name and password of an administrator account for the Deployment Server
computer. For domain accounts include the domain name, for example: orgDomain\admin.
The user account must have rights to the Deployment Share. Create the administrator domain
account before starting the installation.
See also “Deployment Server Components” on page 277.
Pre-boot Operating System (Simple)
Select a default pre-boot operating system, which Deployment Server will use as the default when
creating a deployment job with an automation task. However, you can install additional pre-boot
operating system files through Boot Disk Creator later.
If you are running a PXE Server in your system environment, the first pre-boot operating system you
install becomes the default boot menu option for Initial Deployment. The menu options will display
DOS Managed, Linux Managed, or Windows Managed.
You can assign an automation pre-boot operating system to an automation task when it is added to
a deployment job. This flexibility lets you run several automation tasks within a single job, and each
task can boot to the automation environment you want.
•
None. Select this option if you do not want to provide a default automation operating system. You
can also select this later through the Boot Disk Creator utility.
•
FreeDOS. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
•
MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or browse to the
system formatted files.
•
Linux. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
•
Windows PE. Browse to the Windows PE files and the Microsoft Windows operating system path.
Altiris supports Microsoft Windows PE 2005, and Microsoft Windows 2003 SP1.
See Boot Disk Creator Help, and PXE Configuration Help.
Pre-boot Operating System (Custom)
Select a default pre-boot operating system, which Deployment Server will use as the default when
creating a deployment job with an automation task. However, you can install additional pre-boot
operating system files through Boot Disk Creator later.
If you are running a PXE Server in your system environment, the first pre-boot operating system you
install becomes the default boot menu option for Initial Deployment. The menu options will display
DOS Managed, Linux Managed, or Windows Managed.
You can assign an automation pre-boot operating system to an automation task when it is added to
a deployment job. This flexibility lets you run several automation tasks within a single job, and each
task can boot to the automation environment you want.
Altiris® Deployment Solution™ Help
304
•
FreeDOS. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
•
MS-DOS. DOS requires an original Microsoft Windows 98 installation disk, or browse to the
system formatted files.
•
Linux. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
•
Windows PE. Browse to the Windows PE files and the Microsoft Windows operating system path.
Altiris supports Microsoft Windows PE 2005, and Microsoft Windows 2003 SP1.
See Boot Disk Creator Help, and PXE Configuration Help.
Deployment Database Install
Install the Deployment Database on a local or remote server with or without an existing Microsoft
Data Engine (MSDE) or Microsoft SQL Server. To install the database you must have
administration rights to the selected server.
Note: In Deployment Solution 6.0 and later, if you have multiple instances of the Microsoft SQL
Server already set up, you can identify a specific instance using this format: <SQL Server
Name>\<database instance>. The instance of the database can vary. Example: if you have a
clustered Microsoft SQL Server to manage multiple Deployment Solution systems on different
network segments, you can enter the name salesSegment\express or
marketingSegment\express depending on the previously established database instance.
Install the Deployment Database using these options:
•
Select the Microsoft SQL Server instance where you want to install your Deployment database.
•
You can also choose to change the default SQL Port number.
•
To name the Deployment Database differently from the default name eXpress, you can type a
different name in the Database Name: box. However, this does not alter the Deployment Share
name.
See also “Deployment Server Components” on page 277.
PXE Server Install
Select options to boot locally using the Altiris Automation Partition or across the network using the
Altiris PXE Server using the Intel Pre-boot eXecution Environment (for PXE-compliant computers
only).
Note: If you have a Novell NetWare file server, you must set up the Altiris PXE Server after
installing Deployment Server. The Universal Network Device Interface (UNDI) default driver is not
supported by Novell NetWare.
•
Click No I will be using an Altiris automation partition on each client computer, if you do not use
PXE and prefer using embedded (preferred) or hidden partitions, or bootable media to run tasks.
Note: This option is unavailable for installing PXE Servers using Add Components.
•
Click Yes, I want to install PXE Server on this computer to install on the local computer.
Note: This option is selected by default for the Add Components install.
•
Click Yes, I want to install PXE Server on a remote computer to install the Altiris PXE Server on a
remote computer. Type the name of the computer and the path.
•
Type the IP address for the PXE Server and the Deployment Server.
•
Type the path on the computer to install the PXE Server.
Altiris® Deployment Solution™ Help
305
•
Select the pre-boot operating system that will be used as the default PXE boot menu item. The
pre-boot operating system options that are enabled depends on the options selected for pre-boot
operating system in the Pre-boot Operating Systems page. For example, if you select Linux in the
Pre-boot Operating Systems page, then the Linux option will be enabled as the default PXE boot
menu item.
See also Installing the Automation Agent (page 293) , Pre-boot Operating System (Simple) (page
304) , and PXE Configuration Utility Help.
Client Connection to Server
Select the protocol that your managed computers will use to connect to the Deployment Server.
Installs the Altiris PXE Server using the Intel Pre-boot
eXecution Environment (for PXE-compliant computers only). You can use this without PXE for
faster access, as it goes directly to the IP address without searching.
Connect directly to Deployment Server.
If managed computers are on a different segment or if you are using the Altiris PXE Server with an
UNDI driver, click Connect directly to Deployment Server and enter the IP address of the Deployment
Server that the managed computers will connect to. Do not change the port number unless the default
is already being used.
Note: If you change the port number, you will have to change the client configurations.
Allows managed computers to connect to any
Deployment Server. To use multicasting and connect to a specific Deployment Server, enter the
name of the Deployment Server computer.
Discover Deployment Server using TCP/IP multicast.
Multicasting cannot be used with the UNDI driver. If you want to use different drivers on the PXE
Server, you can create multiple PXE boot files after installing.
See also “Deployment Agents” on page 92.
Deployment Web Console Information
This feature lets you remotely manage Deployment installations, deploy and manage Windows and
Linux computers (both client and server editions) in real-time, and benefit from many of the same
features available in the Deployment Console.
To Install Deployment Web Console
1
By default, DS Web Console installs to the same computer running the installer. Click On a
remote computer, and then click the Browse button to navigate to a computer where you want the
installation to occur. You can also choose to not install Deployment Web Console by clicking
the Do not install option.
2
If you want to change the default values, enter a Console port and Deployment Web Console path
for the installation.
3
The Service user name and Service password must be an existing account on the Deployment
Share and the destination computer where the Web Console will be installed.
Note: If you are installing an additional Deployment Web Console using Add Component, the Do
not Install option will be disabled.
See also “Deployment Console” on page 278 and “Deployment Server Components” on page 277.
Sysprep
Enter the location of the Microsoft Sysprep files according to the operating system. Type the location
or click Browse and select the required files.
If you install the Itanium Windows operating system to a computer that is not an Itanium box, an
error message is displayed that the file is valid, but is of the wrong type for the computer.
Altiris® Deployment Solution™ Help
306
To resolve this issue, access the Deploy.cab file from an Itanium box and save it on the server before
you install Deployment Solution.
Installing Components
Click Install, or choose Back to change settings.
See also “Deployment Server Components” on page 277.
Simple and Custom Installation Summary
The components are installed.
You may choose to remotely install Deployment Agents, enable Sysprep support, and download
Adobe Acrobat for documentation.
Enable Sysprep Support.
Select this option to enable Sysprep support. Provide the location of the
Microsoft Sysprep files.
Remote Install Clients.
Select this option to push the Deployment Agent to computers running the
Windows 2000, XP, and Windows Server 2003 operating systems.
Download Adobe Acrobat Reader.
Select this option to download software to read documentation in
PDF format.
Click Finish. See also “Deployment Server Components” on page 277.
Add Components Summary
The components displayed in the list are installed.
Download Adobe Acrobat. Select this option if you want to download the Adobe Acrobat Reader to
read documentation in PDF format.
Click Finish. See also “Deployment Server Components” on page 277.
Deployment Database Authentication
Specify the type of authentication the Deployment Database will use. You can select Windows
authentication or SQL Server authentication. If you choose to use SQL authentication, enter the user
credentials with administrative rights for the SQL database.
Use Windows authentication.
Click to use the Windows network or Active Directory authentication.
Use SL Server authentication. Enter the user name and password set for the Microsoft SQL Server. If
using MSDE, then the default “sa” user name is used with no password required.
See also “Deployment Server Components” on page 277.
Add Components
If you have already installed Deployment Server, you can add components to the existing system.
Select the type of component you want to add.
See also “Deployment Server Components” on page 277.
Altiris® Deployment Solution™ Help
307
Console Install
You can install the Deployment Console on either the local computer or multiple remote computers.
Installing to remote computers lets you manage computers from multiple Deployment Consoles
across the Deployment Server installation.
•
Click On this computer to install the Deployment Console to the local computer.
•
Click On a remote computer to install the Deployment Console to a remote computer. Type the
computer name or browse and select a computer.
See also “Deployment Server Components” on page 277.
Installer Return Codes
For a list of return codes for the installation program, see the Error Messages in Deployment
Solution chapter in the Reference Guide.
Altiris® Deployment Solution™ Help
308
Altiris® Deployment Solution™ Help
309
Part VII
Deployment Web Console
The Deployment Web Console allows you to manage and deploy computer resources in
real-time from a web browser to manage multiple Deployment Server sites.
In addition, the Deployment Web Console loads into the Altiris Console to provide
comprehensive reports and integrate additional management solutions. Deployment
from the Altiris Console allows you to use the built-in features of Notification Server —
such as Package Servers, security, and collections — with standard Deployment Solution
management features.
Altiris Deployment Solution 6.8
310
Managing from the Deployment Web Console
Deployment Solution provides both Windows and web user interface consoles to deploy and manage
computer devices across local or wide area networks. As an IT administrator, you can manage all
types of computer devices and servers from the Deployment Web Console using all features
available in the Windows console. The Web console reads and writes directly to the Deployment
Database and can be accessed as a standalone web application or integrated within the Altiris
console:
The Deployment Web Console provides basic deployment and management functionality from a
web browser, including the ability to remotely access and manage computer devices, build and
schedule jobs, and view multiple Deployment sites. To launch the Deployment Web Console,
double-click the icon on the desktop, or click Programs > Altiris > Deployment Solution > Deployment
Web Console.
The web console for Deployment Solution provides standard Computers, Jobs, and Details panes to
view computer icons and properties, perform remote operations, schedule deployment jobs, and
identify the state and status of computers in your system. See “Deployment Web Console Basics”
on page 312.
Deployment from the Altiris Console lets you manage and generate reports across multiple
Deployment Server systems and integrate additional web applications available in the client and
server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, and
Application Metering solutions. Deployment from the Altiris Console lets you generate enterprisewide reports that track deployment resources and integrate features such as Package Servers for
location-sensitive software distribution. Notification Server also provides collection features to
group computers by defined criteria. See “Deployment from the Altiris Console” on page 326.
The Deployment Console is a Windows-based console with complete deployment and management
features, including remote control, security, PXE server configuration, image editing, and other
deployment utilities and features. To launch the Deployment Server Console, double-click the icon
on the desktop or click Programs > Altiris > Deployment Solution > Console. See the Deployment
Server Help and Deployment Product Guide for additional information.
The Deployment Web Console also provides features and functionality to integrate with Microsoft’s
Automated Deployment Services (ADS). See “Automated Deployment Services (ADS)” on
page 326.
Deployment Web Console Help
311
See “Basic Tasks from the Deployment Web Console” on page 314 for steps to manage and deploy
computer devices from the Deployment Web Console.
Deployment Web Console Basics
The Deployment Web Console is a feature-rich web application that uses Microsoft .NET and other
built-in services to provide real-time access to computer resources, deployment jobs, and package
files. The Deployment Web Console includes a graphical user interface with distinct icons to
identify type and status of the computer, groups, deployment job or other system components.
From the Deployment Web Console you can build simple or complex deployment jobs to migrate
users, set up new users, install software and image hard disks — all from a web browser. The
Deployment Web Console also loads from the Deployment tab in the Altiris Console for integration
with the Client Management Suite and Server Management Suite.
Common icons used in the Deployment Web Console
Refresh. Click to update console information after adding or deleting items, creating
groups, or making other screen changes.
Expand.
Click to expand or contract feature sections within the web page.
Apply. Click to apply settings, properties or names. You will remain on the current page
after clicking the Apply button.
Cancel.
Click to cancel out of an action or delete a property or name. You will remain
on the current page after clicking the Cancel button.
New. Click to add new items or objects within a group, such as new computer accounts
or conditions sets.
New Computer.
New Job.
Click when Adding New Computers.
Click to create a new job.
Up/Down arrows. Click to change the order of items in a list. Example: the order of tasks
in a deployment job.
Task User Passwords. Click to change the user’s task password on multiple Deployment
servers. Users then have access to the job tasks: Copy file to, Distribute Software, Run
Script, Distribute Personality, and Capture personality.
Find.
Click to find or filter selected computers in a group or jobs in a folder. You can
also filter computers by operating system or jobs by task types.
Go.
Click to run a process or actuate a feature.
Delete.
Click to delete an item.
Deployment Web Console options. Click to set these features set properties for the
Deployment Web Console and the ADS features.
About Deployment Web Console. Click to view supported Deployment Servers, licensing
information for each system, and general information.
Help.
Deployment Web Console Help
Click to open help documentation for the Deployment Web Console.
312
Like all Deployment consoles, the Deployment Web Console is divided into several panes to
organize computers, deployment jobs, software packages and scripts. It gives you a graphical view
of your network and provides features to build jobs, store and access jobs and packages, and report
the status and state of all of your computer resources.
Computers pane
From the Computers pane, you can traverse multiple Deployment Server systems and navigate the
treeview of each system to select computers or computer groups. You can then view Computer
Details, run Remote Operations, or Assigning and Scheduling Jobs for each selected computer or
group. Elements of each group are displayed in the Details pane with features to view properties and
run management tasks.
By drilling down into a selected Deployment Server system, you can view and select New
Computers and other computer groups defined for your organization. When running Deployment
from the Altiris Console, you can also identify managed computers within the Altiris Console
Collections created by Notification Server. These collections identify only managed computers with
the Deployment Agent installed, displaying computers by operating system, computer model, type,
or other properties. You can now manage computers by defined groups or filtered by client type.
When a computer or group is selected, the Details pane shows a list of computers in the group and
gives basic information about each computer. The Find detail bar appears in the Details pane to filter
computers by a set criteria. When a computer is selected, you can view the computer status in the
Details pane, including a list of jobs that have run or are scheduled to run on the computer and the
status of each job. See “Managing Computers from the Deployment Web Console” on page 335 for
complete information about organizing computers, running remote operations, and viewing
properties from the Computers pane.
Jobs pane
Use the Jobs pane to create and build jobs with specified deployment tasks. You can then organize
the job objects using the New job folder command from the Select Action list. Jobs in one
Deployment Server group can be scheduled to computers in another Deployment group, where they
will be replicated to the source Deployment Server. Jobs can also be replicated directly to another
system using the Move job command in the Details pane.
From the Jobs pane you can schedule and execute deployment jobs such as creating images,
deploying computers, changing configurations, or installing software. Once a job is created, you can
change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a
particular time, or saved for a later time. See “Scheduling Jobs from the Deployment Web Console”
on page 351 for complete information about setting up, importing, and managing computers from
the Jobs pane.
Deployment Web Console Help
313
Jobs are organized by Deployment Servers, listing all of the job folders and individual jobs for a
specific site under the name of the managing Deployment Server. When a job is selected, the Details
pane displays a list of jobs in the folder and provides basic information about each job object, such
as its state, status, and task list. It also shows the computers or computer groups to which the job is
assigned.
Details pane
The Details pane is the right-hand pane in the Deployment Web Console. It extends the user interface
features when working in the Computers or Jobs panes.
•
When you select Deployment Servers in the Computers pane, the Details pane lists all associated
Deployment Server in your organization and displays links to access the computers and jobs for
that site. When you select a specific Deployment Server, all computers and computer groups for
that system will be displayed.
•
When you select a Deployment Server in the list, the computer groups and managed computers
for that system is displayed.
•
When you select a job icon in the Jobs pane, the Details pane displays information about the job
to set up conditions, order tasks, and add, modify, or remove tasks.
Deployment Web Console Options
Click the Console Options icon
in the toolbar of the Deployment Web Console.
The Deployment Web Console will open with the following console options.
Clear the computer and job selections after scheduling. Select this option to clear selected computers
or computer groups and the associated jobs assigned to them.
Prompt before performing operations. Verify actions to the user before scheduling jobs or performing
other operations.
Show physical devices. Display blade servers as Rack/Enclosure/Bay objects in the Computer pane.
Microsoft Automated Deployment Services (ADS)
Enable ADS. Deploy and manage using the Microsoft ADS features. See “Automated Deployment
Services (ADS)” on page 326.
Basic Tasks from the Deployment Web Console
The following are basic tasks that you can perform using the Deployment Web Console as a standalone console or from the Altiris Console.
Remote Computer Operations
Assigning and Scheduling Jobs
Finding and Filtering Computers and Jobs
Deployment Web Console Help
314
Remote Computer Operations
From the Deployment Web Console, you can quickly deploy and manage computers on-the-fly
using remote operation features.
1
Click a Deployment Server or other computer group in the Computers pane. In the Details pane,
the computers and computer groups will be listed. Select the managed computers to then select
the checkbox for specific computers.
The computer(s) will appear as a Selected Computer.
2
From the Selected Computers list, select an action to perform on the managed computer. See
“Remote Operations” on page 348 for a list of provided management actions.
3
Depending on the selected action, a secondary page may open to run the operation. Set the
appropriate values and click OK.
The selected operation will run on the managed computers.
Reject Client Computer Connections
To manage unwanted client computers from attaching to the Deployment Server, use the Reject
Connection Computer Action to remove the client’s MAC address and other information from the
Deployment database. If the client tries to connect to the server, the MAC address will not be found
and the client-server connection will be rejected.
Note: Virtual client computers cannot be rejected.
To reject client computers
1
From the Deployment Web Console, in the Computers pane, click a Deployment Server name. A list
of client computers and groups are displayed in the Details pane.
2
Select the checkbox next to the computer whose connection you want to reject.
3
Click the Computer actions drop-down list, and select Reject Connection.
Assigning and Scheduling Jobs
From the Deployment Web Console, you can assign jobs to computers and schedule them to run
immediately or at a later time.
1
Click a Deployment Server or another computer group in the Computers pane. Then select the
checkbox for specific computers or computer groups in the Details pane. The computer will
appear as a Selected Computer.
2
Click a job folder in the Jobs pane. Then select the checkbox for one or more jobs in the Details
pane. The job(s) will appear as a Selected Job.
.
To clear the computers or jobs and reselect, click the clear button.
3
Click the Run Now or Schedule buttons to run the selected jobs on the selected computers.
Secondary pages will open to set scheduling values.
Finding and Filtering Computers and Jobs
You can search for or filter computers or jobs within a selected group or job folder. If you select a
computer group in the Computer pane, you can enter a search string for a computer name in the Find
field and filter by operating system. If you select a job folder in the Jobs pane, you can enter a search
string for a job name in the Find field and filter by task types.
Deployment Web Console Help
315
See “Find a Computer in the Database” on page 349 and “Creating a Computer Group Filter” on
page 350.
Scheduling Jobs
After selecting computers or computer groups and assigning jobs, you can now select to run the job
immediately or schedule it for another time. See “Scheduling Jobs” on page 316.
Deployment Server Configuration
You can configure all the options for a single Deployment Server from the Deployment Server
Options page from the Deployment Web Console. Click the Deployment Servers link in the
Computers pane to view a list of all available Deployment servers appears in the Details pane. Then,
double-click a particular Deployment Server in the Details pane to view the Deployment Server
Options page.
You can change the following options:
•
Global (page 316)
•
Maintenance (page 317)
•
Agent Settings (page 317)
•
Security (page 321)
•
Logon (page 325)
Global
Set global options for the selected Deployment Server.
Synchronize display names with windows computer names. Automatically updates the display name of
the managed computer names in the web console when the managed computer name changes. If this
option is not selected, changes to computer names will not be reflected in the web console.
Synchronization option is off by default. The computer names do not have to be synchronized for
the Deployment Server to manage the computer.
Display imaging status on console (percent complete). Displays
the status, in percentage, for the
schedules imaging job.
Deployment Agent/Deployment Server file transfer port
Specify a static TCP port for file transfers to the clients or choose to assign it dynamically. The
default value for static port is 0 and causes the server to use a dynamic port. This setting is useful if
you have a firewall and need to use a specific port rather than a dynamically assigned port. The
transfer port range is 1 to 2147483647.
Remote control ports. You can specify the two ports; Port 1 and Port 2 by selecting the Remote control
ports checkbox. By default the checkbox for Remote control ports will be clear and dynamic port will
be used while remote controlling. If the Port 1 is already in use then Port 2 will be used for remote
control. The remote control port ranges from 0 to 65535.
Key. Specifies the primary lookup key type used to associate a new computer with a managed
computer. The options are Serial Number (SMBIOS), Asset Tag (SMBIOS), UUID (SMBIOS), or MAC
Address (SMBIOS).
Speed. This is the file transfer speed between the Deployment Server and client computers. Select a
transfer rate from the Speed list.
Change Sysprep Settings. Enter the global Sysprep values that you want to use when creating or
distributing disk images. Click Change Sysprep Settings to view the Sysprep Settings dialog box.
Deployment Web Console Help
316
SysPrep Settings
OS Product Key tab
Click the drop-down arrow and select an Operating System from the list. Then, click the Add
product key button to enter product key (up to 29 characters) information. Add as many product
keys as needed, and then select a product key from one of the keys listed. To modify a product
key, select the product key and click the Modify product key button. To delete a product key from
the list, select the product key and click the Delete product key button.
Note: If a product key is being used by another task, a message prompt displays that the product
key is currently in use and you cannot delete the product key until the task completes.
Maintenance
Retry failed imaging jobs immediately. Immediately retry a failed image deployment job. The program
will continue to retry until the job succeeds or until the job is cancelled.
Allows Deployment Server to automatically assign a
permanent license to the managed computers after the trial license expires.
Automatically replace expired trial licenses.
Delete History older than _____ days. Specify the number of days an entry is kept in the history until
it is deleted. If the number of days is set to 0, then no entries are kept in the history. If this option is
not selected, log entries will remain in the history.
Specify the number of days you want to keep inactive
computers in the Deployment database before they are deleted. The default value is 30 days, but any
number between 1 and 10,000 is valid.
Remove inactive computers after _____ days.
Agent Settings
Use the Agent Settings tab to control the default agent settings for new computers. These default
settings are applied only for new client computers that have never connected to the Deployment
Server and have no information stored in the Deployment Database.
Production Agent Settings
Force new Production agents to take these default settings.
Select this option to force these settings
when adding a new computer.
Modify default settings. Click this link to change Deployment Agent Settings for Windows and Linux
systems.
See “Production Agent Settings” on page 317.
Automation Agent Settings.
Force new Automation agents to take these settings. Select this option to force these settings to effect
new client computers until you can change the settings using the Deployment Console.
Modify default settings. Click
this link to change Automation Agents Settings.
See “Automation Agent Settings” on page 321.
Production Agent Settings
The description below is for client computers running the Windows or Linux operating systems.
This option is only available if you select Force new agents to take these default settings.
Click the Modify default settings link to set or modify Deployment Agent for Windows and
Deployment Agent for Linux properties from the same dialog box. The Production Agent Settings
dialog box appears.
Deployment Web Console Help
317
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the
Deployment Agent will connect to the Deployment Server you selected to configure.
Address/Hostname.
Port.
Enter the IP address or NetBIOS name of the Deployment Server computer.
Enter the port number communicating with the Deployment Server.
Enable key-based authentication to Deployment Server. Select this option to valid the client computers
that are trying to connect to the Deployment Server. This helps keep rogue computers from
connecting to unauthorized Deployment Servers.
Key file.
Enter or browse to an authorized key. The client computer checks the Deployment Server
authentication key and if a match is made, the client connection is allowed.
Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast
address if they are on the same segment as the Deployment Server or if multicast is enabled on the
network routers. Ensure that the multicast address and port match those set up on the Deployment
Server. Try using defaults on both the client and Deployment Server if you are having problems
connecting.
Managed computers should use the Deployment Server IP address if multicasting is disabled on the
network routers or if they are not on the same network segment as the Deployment Server. The port
number must match the number set on the Deployment Server. Otherwise, your clients will not be
able to connect.
Server Name.
Port.
Enter the NetBIOS name of the computer running the Deployment Server.
Enter the port number distributing the multicast address.
Multicast Address. Enter
the group multicast address.
TTL. Specifies the number of routers the multicast request is allowed to pass through.Change this
setting if you need to find a Deployment Server that is more than 32 routers away (default setting)
or if to restrict the search to a smaller number of routers, making it easier to find the closest
Deployment Server.
Refresh connection after idle. Select the Refresh connection after idle checkbox and then set the
refresh time by seconds, minutes, hours, or days. The Deployment Server will close the connection
after the specified time and immediately try to re-open the connection. This will force clients to
realize the network is down.
The default checking is of 28800 seconds or 8 hours. It is recommend keeping this setting above
28800. Do not set this option too low--reconnecting to the Deployment Server increases bandwidth
when connecting. If this option is set too low you can run into problems where it takes longer for
your clients to connect than to refresh their connections.
Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by
selecting this option, which will save bandwidth when running deployment tasks on slower
connections.
Access
Set these commands to control how the client handles requests from the server.
Allow this computer to be remotely controlled. Select to allow the administrator to remote control the
selected computer. The default setting is to NOT allow the computer to be remote controlled.
Prompt the user before performing actions
Shut down and Restart. Select for the user to be prompted before shutting down or restarting the
computer. This feature overrides the Power Control option from the Deployment Server to Force
applications to shut down without a message.
Deployment Web Console Help
318
Copy file and Run command. Select for the user to be prompted before running a program or executing
file copy commands
Remote Control.
Select for the user to be prompted before running the Remote Control commands.
You can set a default time before running or aborting the commands. Select the time for the user to
respond and then either continue with the operation or abort the operation.
Time to wait for response. If
one of the Prompt the user before performing actions is selected and the
user is not at the computer to respond, you need to decide whether to continue or abort. Select the
amount of time you want to wait for a response, and then select one of the following:
•
Continue the operation.
•
Abort the operation.
Click to continue without receiving a response from the user.
Click to not continue without receiving a response from the user.
Select when the Deployment Server is denied access to the Deployment Agent. Select the days and then
set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set
a password so that the user on the client computer can only view and modify the User Properties of
the Altiris Client Settings on the managed computer.
Select to allow encryption from this
managed client computer to the Deployment Server. This allows encrypted data transmissions
between the Deployment Server and the Deployment Agent on the client computer. If selected, then
the client computer can connect (but is not required to connect) using encryption.
Encrypt session communication with Deployment Server.
To enable encryption protocols, you must open the Deployment Configuration tool (Start > Programs
> Altiris > Deployment Server > Deployment Configuration tool), and select the Transport tab. Select the
Allow encrypted sessions with the servers checkbox to allow Deployment Server to transmit using
encryption protocols.
Require encrypted sessions with the servers. Select to require encryption between the managed client
computer and the Deployment Server. If this option is selected and the option to allow encryption in
the Deployment Configuration tool is not selected, then the Deployment Server will not
communicate with the Altiris Client on the managed client computer.
Note: Selecting encryption options will slow down the communication path between Deployment
Agent for Windows and the Deployment Server, so do not use encryption unless it is necessary for
high security environments.
Select to allow users on the managed computer to access the
Admin properties only if they enter the set password. If the box is selected and the user does not
know the password, then they will only have rights to open the User Properties, which includes only
the User Prompts and Remote Control tabs on the Altiris Client Settings dialog box.
Password protect Admin properties.
•
Select the Edit Password button to change the password settings for users trying to access the
Admin properties.
Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer.
If you hide the icon then you will be required to run AClient.exe -admin to view and modify the
complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system,
allowing you to save different types and levels of information to the log files. You can save a text
file with log errors, informational errors, and debugging data using this dialog box.
If the log exceeds the specified size then older data will be dropped from the files. You can maximize
the size of the log file to save all selected data.
Save log information to a text file.
Deployment Web Console Help
Click to save information to a log file.
319
File name. Enter the name and path of the log file. The default is to save the log file to the \Program
Files\Altiris\AClient\AClient.log file.
Maximum size.
Enter the maximum number of bytes for each log file.
Log errors.
Select this option to save only the errors returned when running a job or operation
between the Deployment Server and the Deployment Agent.
Log informational messages.
Select this option to save a list of procedural steps run on the client
computer.
Log debugging information. Select this option to list comprehensive debugging information in the text
file.
Use this tab to save the Deployment Agent for Windows log file. By default, the option Save log
information to a text file is cleared. Select it to enter a file name for the log and the maximum size for
the log file.
Note: If the log exceeds the specified size then older data will be dropped from the files, so it is
recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake
On LAN packets from the Deployment Server. Setting the managed computer as a proxy client
computer will forward or re-create the multicast packets. A managed client computer set up as a
multicast proxy will simply act as a Deployment Server and advertise the server’s name and IP
address through multicasting. Or you can set the managed computer as a proxy to send Wake On
LAN packets.
Set these options to control how the managed computer will act as a proxy agent, identifying the type
of traffic this managed computer will forward from the server.
Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN
packages.
Forward Deployment Server multicast packets. Select if you want to advertise the Deployment Server
to client computers on another LAN segment or if the client computer is on the other side of the
router.
•
Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed
computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed
computers to delay jobs until after system startup.
Specify the Windows boot drive. Specify the drive that the client computer will boot from. The default
is C:
Force all programs to close when shutting down. Select this option to shut down applications when
using Power Control features. The user will still be prompted to Abort or Continue the shutdown.
Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of
managed computers with the time of the Deployment Server.
Prompt for a boot disk when performing automation jobs.
Select this option to prompt for a boot disk
while doing any automation jobs.
Advanced
Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication.
Select this
option to disable the direct disk access for automation communications.
Deployment Web Console Help
320
Automation Agent Settings
You can configure property settings for the Automation Agents (DOS, Linux, and Windows PE) for
specified computers or computer groups. You can remotely maintain important agent settings and
update settings as required from the console.
When a new client computer connects, it will receive the default agent settings from Deployment
Server for drive mappings, authentication, and LMHost entries. Each client computer will still have
the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot
Disk Creator.
Select the Force new Automation agents to take these settings checkbox, and click the Modify default
link to view the default settings for the DOS, Linux, and Windows PE Automation Agents.
settings
Drive Mappings
Set drive mappings used by the Automation Agents to access hard disk image files and other
packages from a specified network drive. It is required that the F Drive be mapped to the Deployment
Share. You can also map other file server directories when storing large numbers of image files or
deployment packages.
Drive.
Select the drive letter of a shared folder. Example: F: \\WebDeploy\Image files.
Note: You must select a shared folder in this field. From the browse window you are allowed to
select any type of folder, but the Automation Agents can only map and access files from a shared
folder.
Path.
Enter a UNC path.
Authentication
Enter the login credentials that Automation requires to map network drives. The associated
credentials for each network drive must have the appropriate rights for the Automation Agents to
access files.
Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Automation
Agents will log on to map the network drives.
User name. Enter the user name that the Automation Agents will use to log on so they can map to the
specified network drives.
Password.
Enter the password.
Network
These settings allow you to match the IP address with the computer name, as maintained in the
LMHosts file in automation partition.
1
Click the Add LM Hosts icon.
2
Enter the Computer Name to associate with an IP address.
3
Enter the IP Address. You can click Lookup IP and the IP address field will automatically fill in
the IP address of the computer you entered in the Computer Name field.
4
Click Apply.
Security
This features lets you enable or disable security for the Deployment Server. You can also add local
users and local groups, import both Active Directory users and groups, and then assign rights for
users to perform Deployment Solution operations.
Deployment Web Console Help
321
Use the Security tab to provide enable/disable security and to add local users and local groups. You
can also import both Active Directory users and groups and assign rights to all of them. You can
create users and groups and set scope-based rights.
•
Enabling Security (page 322)
•
Rights (page 323)
•
Setting Permissions (page 324)
Enabling Security
You can enable security by first creating a user with Administrative rights or selecting a user who
belongs to a group having Administrative rights, and then selecting Enable Security.
To enable security
1
Click the Deployment Servers link in the Computers pane. This displays a list of all available
Deployment servers appears in the Details pane.
2
Select or click the specific Deployment server in the Details pane to view the Deployment Server
Options page.
3
Click the Security tab.
4
Click New User to add new user information. Type the user details.
Note: The first user automatically gets the administrative rights. Any subsequent users will have
no rights and will not be added to any group by default.
You can also import new users from the Active Directory. See “Importing user groups from
Active Directory” on page 323.
5
Click Membership to view the membership groups and all available groups.
6
Click Rights to view the available rights.
7
Click Apply to add the user.
8
Now that you are an administrator, select the Enable Security checkbox. Security is now enabled.
You can now create users and groups and assign permissions to computer groups and job folders.
Importing users from Active Directory
You can import users from Active Directory.
1
Click Import User on the toolbar to view the Import Active Directory User page.
2
Add users from Active Directory (not groups) by providing the user names and domain to which
they belong. The users will be added to the Deployment Database.
Notes:
•
If you add Active Directory Syntax name, such as [email protected], then the field Domain name
will become disabled. No default group membership is applied nor any default rights are applied
unless this is the first user that you have imported. However, you still need to assign the users to
security groups with appropriate rights and permissions.
•
When logging on with the imported AD account, Deployment Web Console will access the
Windows Active Directory server to validate the user password.
Membership Groups
Assign the user to previously created groups. If enabling security, you can assign the user to a group
with Administrative rights.
1
Click the New Group button from the toolbar.
2
Enter a name for the group and a description, and click Apply.
Deployment Web Console Help
322
Importing user groups from Active Directory
You can also import user groups from Active Directory.
1
Click Import Group on the toolbar to view the Import AD Group page.
2
Add groups from Active Directory by providing the group names and domain to which they
belong. The groups will be added to the Deployment Database.
3
Click Apply to save the changes.
DS Authentication
If the user is already in the DS database, and it tries to access the Deployment Server Console, then
DS checks the authentication with the logged on user, and upon matching doesn't prompt for user
credentials. Similarly, if a group has already been added in the DS database, and any user who is a
part of the group tries to access the Deployment Server Console, then DS doesn't prompt for
credentials. This method of authentication is the same for AD user and AD group also.
Rights
Rights allow you to set general rights for a user or group. To verify, add or change the rights assigned
to each console user, use the following steps:
1
From the Security tab, click a user and click Rights.
2
Select the checkbox for every right you want to grant.
3
After selecting all applicable rights, click Apply to save your changes.
A brief explanation of each deployment server right that can be assigned is detailed below:
Description of Rights
Administrator
Lets you access all available features from
Deployment Web Console. You must have
Administrator rights to enable security.
Options Console
Lets you view and set console options.
Options Global
Lets you view and set global options
Options Domain Accounts
Lets you view and set domain accounts options.
Options RapiDeploy
Lets you view and set RapiDeploy options.
Options Agent Settings
Lets you view and set agent settings options.
Options Database Tokens
Lets you create custom data sources options. You can
view, create, and set database tokens.
Manage Rejected Computers
Lets you view rejected computers in Deployment
Solution and change their status.
Refresh Clients
Lets you Refresh Deployment Solution clients.
Allow scheduling on All Computers
Groups
Lets you schedule jobs on all computers. If you have
Administrator rights, then by default you will have
the rights to schedule job on all computers,
irrespective of the Allow scheduling on All
Computers checkbox state. You can grant this right to
a specific user or a group.
Import/Export
Lets you import and export any jobs/computers.
Deployment Web Console Help
323
Description of Rights
Administrator
Lets you access all available features from
Deployment Web Console. You must have
Administrator rights to enable security.
Option Task Password
Lets you centrally update passwords for users and
groups so they can access the tasks: Copy File to,
Distribute Software, Run Script, Distribute Personality,
and Capture Personality when creating or modifying
jobs. You must have administrative rights to access
this option.
Use PXE Configuration Utility
Lets you set up and modify PXE Configurations.
Setting Permissions
Set permissions for jobs, job folders, computers, computer groups, and physical devices.
1
Click the Deployment Servers link in the Computers pane.
2
Select or click a specific Deployment server in the Details pane to view the Deployment Server
Options page.
3
Click the Security tab.
4
Log on as a user with administrative privileges. A list of all computers belonging to the selected
Deployment Server is displayed.
5
Click a specific computer to view its property, inventory, and scheduled jobs status.
6
Select Permissions from the Computer actions drop-down list.
Notes:
•
If you do not have administrator privileges, you cannot view Permissions option.
•
You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers
pane without selecting a job or computer object.
7
A list of users or user groups is displayed. You can select a user or a group and grant permissions
accordingly.
8
Select the checkbox for the permission group to allow the permissions that you want to grant for
the selected user or user group.
Notes:
•
Administrators have access to all objects with unrestricted rights and permissions.
•
The description of each permission group is displayed under Description column.
You cannot explicitly deny permissions to computer or job objects for users with administrator
rights.
9
Click Advanced to view the advanced options associated with the selected permission group. This
page contains Allow as well as Deny checkboxes. For information on evaluating permissions, see
Evaluate Permissions (page 325).
10
To assign permissions to multiple groups, click Apply permissions recursively to all child objects
to assign the permissions.
11
Give permissions as per your requirements, and click Apply.
Notes:
•
If a user does not have the “Schedule this job” permission for a particular job, then the user
cannot schedule it. This is irrespective of any other privileges.
•
If a user has “Schedule this task” permission for a certain task and the user schedules the job, and
then the user modifies the job by adding another task, for which the schedule task permission is
not allowed, then the second task also gets executed. This is because the web console checks the
permissions only before scheduling the job, and not after the execution of the job.
Deployment Web Console Help
324
Permission Rules
Permissions received through different sources may conflict with each other. The following
permission rules determine which permissions will be enforced:
•
Permissions cannot be used to deny the user with Administrator console rights access to use any
console objects or features.
•
User permissions take precedence over Group permissions.
•
Deny overrides Allow. When a user is associated with multiple groups, one group could be
allowed permission at a particular level while the other group is denied the same permission. In
this scenario, the permission to deny the privilege will be the one enforced.
•
Permissions do not flow down an object tree. Instead, the object in question looks in the current
location, and then up the tree for the first permission it can find, which is the one it will use.
If a Web Console user does not have permissions to run all of the tasks the job contains, the user will
not be allowed to run the job.
Evaluate Permissions
Identify the combined permissions of groups and containers with contrasting permissions. You can
identify effective permissions for each object by resolving any possible conflicts.
Permissions are represented in three different stages according to the state of the checkbox, which
is called tri-state checkbox. This tri-state displays a full check mark when all of the permissions in
the selected group are allowed. It displays a partial check mark (check mark with a grey background)
when at least one, but not all permissions in the selected group are allowed. And finally, it displays
no check mark if none of the permissions in the selected group are allowed.
You can evaluate permissions in three ways:
•
If none of the Allow or Deny options are selected for a permission associated with a subfolder,
then it inherits the options specified for the permission associated with its parent group. This type
of inheritance can be confirmed with the message that is displayed for the sub folder.
•
If a user group is associated with some permission, then the users belonging to that group inherits
the same permissions as that of the group. This is true only if none of the 'Allow' or 'Deny' options
are specified for a permission for that user.
•
The Deployment Web Console displays the simple as well as advanced options of granting
permissions. The simple option displays only the Allow column, whereas the Advanced option
displays both the Allow and Deny column. Security permissions are grouped together and
displayed as a single Permission group under Simple option. You can use the Advanced option
to view all the individual permissions that together form the Permission Group. This grouping of
permissions varies from object to object.
Example: a Modify permission for a job folder will contain different security permissions than a
Modify permission for a computer group. To view all the permissions related to a specific
permission group, select the checkbox for a specific permission, and then click Advanced to view the
individual permissions related to the selected permission group.
If you want to exclude a specific security permission, then click Advanced to view the individual
permissions related to the selected permission group. A list of all permission with Allow and Deny
checkboxes are displayed. Select the Deny checkbox or clear the Allow checkbox for the specific
security permission, and click Apply.
Logon
This option lets you set user credentials for the Deployment Server, but only if Role Base Security
is enabled for the server you selected. The user can then access the server through the Deployment
Web Console. If you want to change the Task Password for multiple Deployment Servers, select the
servers from the Details pane and click the Task Password icon on the toolbar.
Username.
Enter the name of the user.
Password.
Enter a password for the specified user.
Deployment Web Console Help
325
Confirm Password.
Domain.
Enter the password to confirm the entry.
Enter the domain name for the specified user.
Automated Deployment Services (ADS)
From the Deployment Web Console, you can utilize and extend features of Microsoft’s Automated
Deployment Services (ADS).
1
Click the Console Options icon
2
Select the Enable ADS option.
in the toolbar of the Deployment Web Console.
An ADS Controllers collection will appear in the Computer and Jobs pane.
3
In the Computers pane, click ADS Controllers.
4
From the Details page, click the Add icon
to enter the computer name where the ADS
controller is installed. Enter the login credentials and access paths on this page. All specified
ADS controllers will be listed.
5
In the Jobs pane, click ADS Controllers. Enter credentials and ADS paths as in step 4.
All of the ADS controllers, devices and job templates will be displayed. You can then manage
computer devices using standard ADS features.
Deployment from the Altiris Console
Deployment from the Altiris Console provides additional features and functionality for managing
and deploying computer resources using Deployment Solution. In use, the Altiris Console opens and
displays the Deployment Web Console, while providing additional collections, reports and other
basic Notification Server features from the Altiris Console. See “Installing Deployment Solution
from the Altiris Console” on page 18.
Using Deployment Solution from the Altiris Console
•
Integrate with other IT solutions. Deploy and manage computers from the Deployment tab while
managing other aspects of your organization such as inventory reports, software delivery,
application management, remote control, patch management and other administration tasks.
•
Generate Reports.
•
Organize using Deployment Collections. Computer devices can now be grouped on criteria such as
operating system, computer type, workstation or server, mobile computers, and other groupings.
•
Employ the Schedule Wizard.
From the Reports tab, create reports for all Deployment Servers computers
devices and deployment tasks across all sites. By setting polling intervals on the Altiris Agent
and the Deployment Server Agent, you can transmit data from the Deployment Database to the
Notification Database from which you can generate reports.
From the Tasks tab, open the Schedule Wizard to select computer
groups, assign jobs, and schedule jobs to run immediately or at a specified time.
Deployment Web Console Help
326
•
Set Security. From the Configuration tab, set NS security to limit users from using the
Deployment tab. All other Deployment security is set from the Deployment Server Console (the
Windows console).
Adding Deployment Servers
You can manage multiple Deployment Servers from the Deployment Web Console. To consolidate
multiple Deployment Server sites, you can identify and add existing Deployment Servers to appear
in the Computers and Jobs pane from the Deployment Web Console.
Note: You can also remotely install Deployment Servers from the Deployment Web Console (see
“Installing Deployment Solution from the Altiris Console” on page 26).
1
Click Add Deployment Server in the Computers or Jobs action list, or click the New Server icon.
2
From the Deployment Servers page, type the name of an existing Deployment Server. This is
the computer name of the Deployment Server, in most cases.
3
Enter the Deployment server’s port number if it is different than the default value.
4
Click Credentials. If Deployment Solution security is enabled for the Deployment Server, enter
a username, password, and Domain name.
5
Click Speed. Select the speed of the network connection for the Deployment Server from the
drop-down list.
Task Password options
This feature lets you centrally set or change user passwords for multiple Deployment Servers to they
can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture
Personality when creating Jobs. However, this tab is only visible to administrators and users who
have been granted the appropriate rights to modify task passwords.
To change task passwords
1
Click Deployment Servers in the Computers pane. This displays the Deployment Servers available
in the Details pane.
2
Click one or more Deployment Servers that you want to change the task user passwords.
3
Click Change Task User Password icon on the toolbar.
4
Enter the user information for all 4 fields on the page. Click Apply.
Deployment Web Console Help
327
Configuring the Deployment Server Agent
To update Notification Server collections and generate reports from the Altiris Console, set the
polling intervals from the Configuration tab.
Enable.
Select to enable communication between the Deployment Database and the Notification
Database.
Resynchronize all Deployment Server computers/tasks for this configuration. Click to completely
transmit all Deployment Server data to the Notification Database. For large Deployment Server
systems, this process can take several minutes and require large amounts of bandwidth. Use this
feature carefully.
Set polling intervals for Deployment Servers
1
Click the Add button. A list of Deployment Servers will be listed.
2
Select the Deployment Server to configure. You can select all Deployment Servers or identify
an individual Deployment Server. The new agent configuration will appear in the list.
3
Select a Deployment Server. Select a polling interval for that Deployment Server from the list in
the Computer/Job Polling Interval box.
Database Login ID.
Enter credentials for the Deployment Database selected in the list.
Role-based user name. Enter credentials if Deployment Solution security has been enabled using the
Deployment Server Console.
Generating Deployment Reports from the Altiris
Console
Deployment from the Altiris Console furnishes features to generate comprehensive reports detailing
computer information and deployment jobs for all Deployment Server sites. To run deployment
reports, you must configure the Deployment Server Agent (see “Configuring the Deployment Server
Agent” on page 328) to transmit data between the Deployment Database to the Notification
Database. The Deployment Solution reports are generated from the Altiris Console from data stored
in the Notification Database.
1
Click the Reports tab on the Altiris Console.
2
Click Reports > Deploy and Migrate > Deployment.
3
Select reports specific to Client Information, Job Information, Job Status, Server Information, or
Software Deliver Execution Status. A description of each report will appear in the Details pane
after it is selected.
4
Click a report option to run, view, or schedule a report to run.
Altiris Console Collections
From the Deployment Web Console you can view and order computers based on Altiris Console
Collections created automatically in Notification Server and viewed from the Altiris Console. These
collections identify computers running the Deployment Agent and meeting the criteria for each
collection, such as Mobile Computers, Windows Servers, Windows Workstations, etc. You can
assign jobs and perform operations to these collections from the Deployment Web Console.
Collections are updated between the Notification Database and Deployment Database. At each
polling interval the new data is transmitted between the databases and updated in the Deployment
Web Console (see “Configuring the Deployment Server Agent” on page 328).
Deployment Web Console Help
328
Using Package Servers to Replicate Deployment Jobs
Deployment Solution takes advantage of Package Servers (a basic component of Notification
Server) to automatically copy images, software packages, scripts, and other package files for
building deployment tasks for use across multiple Deployment Server installations. From a central
Deployment Server installation, packages can be built and saved to a local Library structure, where
they are replicated to other Deployment Servers and used in deployment jobs for each Deployment
Server system.
Note Package Servers can only replicate packages on Deployment Server installations set up as a
simple install, where all Deployment Server components are on a single computer.
Overview of Package Servers
Package Servers are a basic feature of Notification Server and are used to reduce network traffic and
HTTP download times when deploying packages across your system. Package Servers replicate and
transmit packages from a central computer to local computers during off-peak hours. When
deployment tasks are executed, package files are accessed quickly from local package libraries.
Notification Server lets you identify managed computers running the Altiris Agent as a Package
Server.
Replication of packages from a central Deployment Server to other Deployment Servers is a oneway process: You can build and copy packages from the Library of a central Deployment Server to
replicate to other Deployment Servers; however, any changes made to a destination Deployment
Server will not be replicated back to the central Deployment Server. After the package files have
been copied once (per each package server), they will never be copied again unless the files are
updated, new files are added to the package, or files are set manually to be copied down to other
destinations again.
When the Deployment is installed and enabled on the Altiris Console (on Notification Server),
default packages, collections, and policies are created to take advantage of Package Server
technology. To complete the setup process, however, additional configuration steps are required.
Setting up Package Servers requires three basic steps:
1
Setting Up a Central Deployment Server Library (page 330)
2
Setting Up Package Servers (page 330)
3
Exporting and Importing Deployment Jobs (page 331)
Note: Before delivering packages, check the Package Server settings and the package settings to
make sure that the package can be delivered. The DS install package by default is not set to use any
Package Servers. There is a global configuration variable that says not to allow any package
downloads from the server, leaving the DS Install in a state where there is no way to access the
package.
Deployment Web Console Help
329
Setting Up a Central Deployment Server Library
Before setting up Package Server in a Altiris Console, you need to select a central Deployment
Server to copy and store all packages to be replicated to other Deployment Server installations. After
selecting a Deployment Server in your system, you can set up the Deployment Server Library
directory structure. The Library will be a directory structure that contains your images, RIPs, and
any other package files needed for a Deployment Server Task.
Because the package used to replicate files only points to one location, all of the items to be
replicated must reside under this substructure. You will need to manually create the Library
directory and any other subdirectories on the central Deployment Server.
1
Go to your Central Deployment Server directory (default is c:\Program
Files\Altiris\eXpress\Deployment Server).
2
Create a Library directory.
3
Under the Library directory, create subdirectories to use for images, RIPs, or other package files.
4
Create a Temp directory for deployment tasks that require a temp directory.
5
Copy into this structure any required files accessed during execution of the jobs.
Note Any job that is automatically created will need to be modified before running or the default
directories will not be correct. Example: if you choose to change the configuration of a computer by
choosing the Configure option in the Deployment on Notification Server, the task will create a CFG
file in the temp directory located in the Deployment Server directory. For this task to replicate
correctly, you will have to copy the file into a temp directory under the Library structure and edit the
task to point to the file in the Library\temp directory. Remember that only the files under this
structure will be replicated to the other Deployment Server installations.
After installing Deployment from the Altiris Console, you will have two packages and one policy
created to help facilitate replication. You can manually modify the packages and enable the policy.
Setting Up Package Servers
After setting up a Library directory structure on the central Deployment Server computer, you can
set up Package Servers on other Deployment Server installations.
To set up a Package Server
1
From the Altiris Console, select the Configuration tab.
2
From the left pane, select Server Settings > Notification Server Infrastructure > Package Servers.
3
Select the Add Package Server button from the bottom of the page.
4
Locate and select the Deployment Server computer (or the Deployment Share for each
installation) and click Add. Use the search feature if required.
Modify the DS Library Package
To replicate files stored in the central Deployment Server Library directory, the DS Library package
installed with the Deployment Solution (on Notification Server) must be edited with configuration
information, including:
•
The source of the files and programs to be replicated.
•
The Package Servers that can receive the files to be replicated.
•
The destination directory for the files being replicated.
•
The programs that will run after the files are copied to the Package Servers.
Deployment Web Console Help
330
Follow these steps to modify the DS Library package:
1
Select the Tasks tab and then select Deploy and Migrate > Deployment > Deployment Server
Replication > DS Library.
2
From the right pane, select the Package Source option to configure the path to the files that will
be included in this package.
3
Select the applicable Package Source method and enter the correct path to the Central
Deployment Server Library.
Choose from one of the following options:
•
Access Package from a local directory on the Notification Server computer
Use this option when the central Deployment Server is installed on the same computer as the
Notification Server. Fill in the Package Location box with the correct path for the Library.
•
Access Package from Existing UNC
Use this option when the Deployment Server that has been configured as the Central
Deployment Server Library is not installed on the same computer as the Notification Server.
When using this option, read and follow the instruction on this page.
Note:
Depending on the amount of data in the Central Deployment Server Library, a message
warning you about the size of the files in the Package may be displayed. This message is to remind
you that all of the files in this directory will be sent when this package is used.
4
Select Package Servers.
This option lets you specify to which Package Servers you would like this package to be
replicated to.
5
Enable all applicable Package Servers by clicking the Enabled checkbox.
6
To identify the destination directory (where the package files will be sent) on the destination
Deployment Server, select the Advanced tab.
7
At the package destination location, enter the destination path:
\\%COMPUTERNAME%\eXpress\Library
8
Select Apply to save the changes.
As soon as the Notification Server Client’s Configuration request interval time (on the destination
Deployment Servers) has elapsed, the files in the central Deployment Server will be sent to the
Package Servers on other Deployment Servers.
Exporting and Importing Deployment Jobs
After creating a Library directory on the central Deployment Server and setting up Package Servers,
you will need to create the jobs to copy and run the packages on the managed computers. These tasks
then need to be exported from the central Deployment Server to the destination Deployment Servers
by configuring the DS Task Import Utility package and modifying the DS Task Import Utility policy on
the central Deployment Server.
Note Replicated deployment tasks will need to reference files created in the Library directory
structure. Example: a deployment task that deploys an image named NT4.img would use the file
path of .\Library\Images\NT4.img instead of the standard .\images\Nt4.img path.
To create a job export file
After creating deployment jobs to use with the replicated packages, you can create a job export file.
1
Right-click the jobs that you want to export. Select Export (or click File > Import/Export > Export
Jobs).
The Export Jobs dialog will open.
2
Browse to the \Notification Server\nscap\bin\win32\x86\DSUtil directory and
enter a name for the export file. (The default file name used in the task replication package is
task.bin.)
Deployment Web Console Help
331
The DSUtil directory is added when you install the Deployment view on Notification Server. If
you want to export the task subfolders, choose the Export subfolders checkbox.
Note If you use an export file name other than task.bin, you will have to edit the program
command-line in the task replication package.
3
Click OK to start the export.
Configure the DS Task Import Utility Package
After creating deployment tasks and exporting them to the DSUtil directory, you need to configure
(or verify) settings in the DS Task Import Utility package. Modifications to this package are required
when any of these alterations are made:
•
The Deployment Server jobs exported are not saved in a file called Task.bin.
•
The method of handling duplicate job names on the destination Deployment Server needs to
be changed.
•
Security for the Deployment view on Notification Server is enabled on the destination
Deployment Server.
The DS Task Import Utility package runs the aximport.exe program to import deployment jobs.
When the Deployment view on Notification Server is installed, the aximport.exe program file is
copied to the \Notification Server\nscap\bin\win32\x86\DSUtil directory. This is the
same directory where you saved your exported tasks.bin file from the central Deployment Server.
When all steps are completed, no changes are required for this package.
To configure or modify how the DS Task Import Utility package is configured, complete the following
steps:
1
Open a Notification Server Administration console and select the Tasks tab. Select Deploy and
Migrate > Deployment > Deployment Server Replication > DS Task Import Utility.
2
In the right pane, select the Programs link.
By default, the Identification section expands to view settings.
3
If needed, change the name of the file on the command line to match the name of the export file
created when the Deployment Server tasks from the central Deployment Server were exported.
As can be seen in the figure above, the default command-line parameters for the aximport.exe
program are configured to use the Task.bin file. This file contains the exported Deployment
Server deployment tasks (jobs).
Note The /o switch causes the import to replace any tasks with the same name as those being
imported. If this is not the desired result, change the command-line options.
If you have Console Security enabled, the username (/u) and password (/p) command line options
will need to be included for this process to work correctly.
/u Database user name
/p Database user password
Example: aximport.exe task.bin /o /u administrator /p yourpw
See the command-line chapter in the Altiris eXpress Deployment Solution User Guide for additional
command-line options for aximport.exe.
4
Select Apply.
You can choose to force an update of the package to ensure that the task export file is in the package.
Deployment Web Console Help
332
Modify and Enable the DS Task Import Utility Policy
You must enable the DS Task Import Utility policy to allow the Deployment Server tasks to be
replicated to the destination Deployment Servers.
1
Open a Notification Server Administration console and select the Tasks tab. Select Deployment
and Migration > Deployment > Deployment Server Replication > DS Task Import Utility.
The Identification section of the Advertisement page will be displayed by default.
2
Verify that the Applies to Collection option has been configured to use the DS Package Servers
collection. This collection is selected by default.
Before enabling the DS Task Import Utility policy, ensure that the task.bin file has been created
and saved in the \Notification Server\nscap\bin\win32\x86\DSUtil directory.
3
Click the Enabled checkbox.
4
Select Apply.
The policy is now enabled. The next time the Notification Server Client’s configuration timer
elapses on the Deployment Servers with Package Server installed, the policy will be executed. On
the destination Deployment Servers, a DOS box will open on this computer and aximport.exe will
run.
Synchronize Deployment Server Tasks
You can update deployment tasks by creating a new task.bin file and placing it in the DSUtil
directory. After all timers elapse, Notification Server will compare and detect the new export file by
its time stamp. When the Altiris Agent checks for new policies, this policy will run on the destination
Deployment Servers.
To avoid waiting for Notification Server to detect that the file has been modified, the package can
be refreshed manually by selecting the DS Task Import Utility package (from the Solutions tab of
the Notification Server Administration Console) and selecting the Update Distribution Point option.
From a destination Deployment Server, the policy to import the Deployment Server jobs can be
forced to run again by manually scheduling the policy.
Setting Polling Intervals in Deployment Solution
You can set polling intervals to transmit data from the Deployment Database to the Notification
Database when generating reports from multiple Deployment Server systems. Deployment Solution
uses two separate interval settings to synchronize data between the Deployment Database and the
Notification Database. (1) To update the Notification Database, new computers and deployment
tasks created in a Deployment console and saved to the Deployment Database are transmitted using
the DS Agent to update the Notification Database. (2) Conversely, updated collection data created
in Notification Server is transmitted using the Altiris Agent to update the Deployment Database.
Setting polling intervals and configuration request intervals requires that you plan how often you
want to refresh console and deployment information based on network traffic requirements. If you
set frequent updates (such as setting a polling interval to 1 minute), then your console information
will be relatively up-to-date, but network traffic will be heavy because data is extracted and
transmitted every minute from every Deployment Database to update the Notification Database.
Deployment Web Console Help
333
In contrast, if you set polling intervals and configuration requests for a larger polling interval (such
as one day), then your network traffic will be light--and you can plan the polling updates for offhours--but report data will be more static and out-of-date.
The balance between timely deployment information displayed in the Deployment view on
Notification Server and the level of network traffic should meet your IT policies, organizational
requirements, and network design.
•
See Setting the DS Agent Polling Interval (page 334).
•
See Setting the Altiris Agent Configuration Request (page 334).
Setting the DS Agent Polling Interval
To refresh data to the Notification Database, set the polling interval in the Altiris Console.
1
Select the Configuration tab.
2
Select Solution Settings > Deploy and Migrate > Deployment > Deployment Server Agent
Configuration > Deployment Server Agent Configuration.
Multiple policies to configure or install Deployment Server Agents are provided.
3
Select the Deployment Server Agent for all Deployment Servers.
You can also select settings for each Deployment Server installation.
4
Set the Computer/Job Polling Interval.
5
Click Apply.
Setting the Altiris Agent Configuration Request
To download collection data from Notification Server for each Deployment Server installation, the
Notification Database must update the Deployment Database. This updated data is transmitted
automatically through the Altiris Agent at defined configuration request intervals.
To update scheduling and configuration information for each Deployment Server installation, you
must set the interval request information in the Altiris Console.
1
Click the Configuration tab.
2
Select Altiris Agent > Altiris Agent Configuration > All Windows Servers.
3
In Agent Basic Settings, select new values in the Request new configuration field. You can also set
inventory updates, if required.
This feature sends a request to Notification
Server to flag all new scheduling records in the Notification Database. This transmits data to the
Deployment Database to update data.
Request new configuration information every: _______.
Send basic inventory every: ______. This feature transmits all inventory data from the computer
running Deployment Server. This field is only used by Deployment Server when first installing
the Deployment from the Altiris Console. By sending basic inventory (including information that
Deployment Server is installed on the computer), Notification Server identifies that the DS
Agent needs to be installed.
4
Click Apply.
Deployment Web Console Help
334
Managing Computers from the Deployment Web Console
From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage
all computer resources across your organization, including desktop computers, notebooks,
handhelds, network and web servers, and network switches. All computer resources can be accessed
and managed as single computers or organized into computer groups with similar hardware
configurations or deployment requirements, allowing you to run deployment jobs or execute
operations on multiple computers simultaneously. You can use search features to locate a specific
computer in the Deployment Database, or set filters to sort computers by type, configuration, OS, or
other criteria.
To select a computer to run remote operation or schedule a job, select a Deployment
Server group icon from the Computers pane and then select the computer or
computer group in the Details pane. Then select a job and click the Run Now or
Schedule button.
Manage multiple Deployment Server sites. From the Deployment Web Console, you can now
access different Deployment Server systems and manage all of the sites or network segments across
your organization. Each Deployment Server site is identified in the Computers pane under
Deployment Server. You first select a Deployment Server icon and expand the treeview to see the
computers and computer groups managed by the selected Deployment Server. See “Managing
Multiple Deployment Server Systems” on page 336.
Manage with Computer icons. Major computer types are identified by a computer icon in the
console, with a listing of scheduled jobs and operations associated with each computer. In the
Deployment Web Console, you assign and schedule deployment jobs to computers or groups with
easy-to-use web features. See “Viewing Computer Details” on page 338.
Add new computers. Deployment Solution lets you add new computer accounts and set
configuration properties for new computers before they are recognized by the Deployment Server
system. Preset computer accounts will automatically associate with new computers when they start
up, or can be associated with virtual computers. See “Adding New Computers” on page 339.
Deploy to groups of computers. Organize computers by department, network container, hardware
configuration, software requirements, or any other structure to meet your needs. You can then
deploy and provision computers on a mass scale. To filter computers in a computer group to
schedule jobs only to the appropriate computer types, see “Creating a Computer Group Filter” on
page 350.
Configure Computer Agents. See the property pages for modifying Deployment Agent settings.
See “Deployment Agents” on page 345.
View and configure computer properties. You can modify computer settings for each computer
from the console. See “Computer Configuration Properties” on page 341. Or you can view the
Computer Properties page for detailed access to a computer’s hardware, software, and network
property settings. See “Computer Details” on page 346.
Deployment Web Console Help
335
Run remote operations from the console. Perform operations quickly in real-time from a
Deployment console. Configure property settings, send a file, run deployment jobs or select from
additional management commands. See “Remote Operations” on page 71.
Build and schedule jobs. Build deployment jobs with one or more management tasks to run on
selected computers. Create jobs and add tasks, then assign the job to computer groups. Jobs can be
organized and assigned for daily tasks or to handle major IT upgrades. See “Building and Scheduling
Jobs” on page 102.
Managing Multiple Deployment Server Systems
From the Computers pane of the Deployment Web Console, you can access multiple Deployment
Servers and drill down to view all of the client computers attached to each Deployment Server
system.
Deployment Servers collection.
All Deployment Servers will be listed under this
collection. Expand the Deployment Server group icon to view all computers for a
specific site or network segment.
Individual Deployment Servers.
This icon identifies an individual Deployment Server
system with its managed computer devices. Expand the Deployment Server system to
view all managed client computers and groups for the selected Deployment Server.
Adding Deployment Servers
You can identify and add existing Deployment Servers to the Deployment Web Console. This lets
you manage computers and use jobs created at various sites managed by different Deployment
Server systems.
1
In the Computers pane, select Add Deployment Servers from the drop-down list, or click the
on the Details page.
Note: To push down a new installation of Deployment Server using Deployment from the Altiris
Console, see “Installing Deployment Solution from the Altiris Console” on page 18.
2
Enter the computer name for the computer running Deployment Server. Enter the port number if
it is different from the provided default.
3
Use Logon tab to set security options, if required. This lets you authenticate to a role if security
has been set up in the Deployment Server Console.
The Deployment Server will appear in the Computers pane with its job folders listed in the Jobs
pane.
Changing Task User Password options
Change Task User Password option lets you update the user credentials to be used for the execution
of Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality
tasks. Task password option facilitates to update user credentials for multiple Deployment Servers
at one time.
Note: This feature is valid only for the Copy File To, Distribute Software, Run Script, Distribute
Personality, and Capture Personality tasks.
1
Click Deployment Servers link in the Computers pane. This displays the available Deployment
Servers in the Details pane.
2
Select Deployment Servers for which you want to perform Change Task User Password
operation.
3
Click Change Task User Password from the toolbar. This displays the Task Password page.
4
Type the user credentials, and click Apply.
5
Click Yes to the summary message to update the password of specified user.
Deployment Web Console Help
336
Note: This tab will be visible only to the administrators and those users who have the rights to
modify password.
Scheduling Jobs from Other Deployment Server
Systems
From the Deployment Web Console, you can schedule jobs from one Deployment Server to
computers in another Deployment Server. This lets you easily replicate jobs from one site to another
site quickly and efficiently. Files (image files, software packages, scripts) associated with a specific
job are linked from the Deployment Server Deployment Share of the originating job.
1
Select a job in the Jobs pane of the Deployment Web Console.
2
Click Schedule job in the Jobs Action list.
3
From the Computers pane, select another Deployment Server system. Computers and computer
groups of the selected Deployment Server site will appear in the Details pane.
4
Select the checkbox for each computer or computer group that you want to run the job.
5
Click the Schedule button in the toolbar of the Details page.
6
Select scheduling options and click OK.
The job from the original Deployment Server will appear in the Deployment Share of the targeted
Deployment Server. If the job includes associated files, a linked icon will appear with the job
identifying that the associated files are referenced from the original Deployment Server system.
Replicating Jobs to Other Deployment Server Systems
1
Select a job in the Jobs pane of the Deployment Web Console.
2
Select Copy job/folder in the Select Action list. The Job/Folder Selection page will open with all
of the Deployment Server systems and their job folders.
3
Select a folder in another Deployment Server system from this page and click OK. The job will
be replicated from the original Deployment Server system to the targeted Deployment Server
system. If the job includes associated files, a linked icon will appear with the job identifying that
the associated files are referenced from the original Deployment Server system.
Important: To successfully replicate a job from one Deployment Server to another Deployment
Server, both Create and Modify Permissions are required for the Job objects if security is enabled.
Otherwise, the job will not appear in the target Deployment Server Console, and an error will be
displayed in the Altiris Console Manager log in the Event Viewer.
Replicating Jobs without Copying the Collateral
When copying jobs from one Deployment Server to another, the associated collateral, such as files
are also copied. However, you can also copy dependent files to the destination server using a
different mechanism, such as Package Servers. To enable a Do not copy value for all replication, set
the key value in the ExcludeAllTargets registry key as dsword:00000001. The path of this registry
key is HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > eXpress > Deployment Web
Console > Deployment Console Manager > Job Replication.
Note: If the key value name does not exist or if the key value is not equal to 1, the files are replicated.
When this value is set to 1, the Console Manager waits until the file exists on the destination
Deployment Server before copying the job data and scheduling data. The Console Manager logs a
warning in the event log stating that Console Manager is waiting for the file to exist. Once the file
exists, the Console Manager proceeds.
To enable the Do not copy value for an individual target (destination) Deployment Server, set the key
value in the Exclude Targets registry key as Timpanogos = dword:00000001. The path of this
registry key is HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > eXpress > Deployment Web
Console > Deployment Console Manger > Job Replication > Exclude Targets.
Deployment Web Console Help
337
In the above example, Timpanogos is the name of the target Deployment Server. When the key value
is set, replication targeting Timpanogos does not copy collateral files. To enable the Do not copy
value of an individual Deployment Server, it must be equal to 1. The Console Manager follows the
same procedure for an individual Deployment Server that it follows when the ExcludeAllTargets
value is set.
Important: When the ExcludeAllTargets value is changed or set, the Console Manager must be
restarted for the changes to be implemented. However, changing the value for an individual
Deployment Server does not require a restart of the Console Manager service. The
ExcludeAllTargets global value when set to 1, overrides all Deployment Server-specific flags
regardless of their respective settings. When the ExcludeAllTargets value does not exist or is not set
to a value of 1, any Deployment Server-specific flags take precedence.
Viewing Computer Details
In Deployment Solution, a computer resource is identified in the console with a distinctive icon to
display the computer type — Windows desktop or notebook, handheld, server, or Linux OS — and
its current status. These computer icons change to convey the state of the computer, such as the log
on status, server waiting status, or user with a timed license status. You can also view the status of
the jobs assigned to the selected computer in the Details pane of a Deployment console.
The following is a sample list of computer icons displayed in each Deployment console identifying
computer type and state.
Managed Computers
Computer connected to the Deployment Server with a user logged in.
Computer connected to Deployment Server but the user is not logged on.
Computer with a time-limited user license and a user logged on.
Computer not currently connected to the Deployment Server but known to the
Deployment Database.
The computer is designated as a master computer and will be used to broadcast images
to other client computers.
A virtual computer with values defined in advance using the New Computer feature. As
soon as the computer connects and the Deployment Server recognizes the new
computer and changes the icon. See “Adding New Computers” on page 63.
A client computer waiting for user interaction before running deployment tasks. This
icon appears if the Workstations checkbox is selected on the Advanced tab of Initial
Deployment. See “Advanced” on page 131.
A connected handheld computer.
A managed server connected to the Deployment Server with a user logged on.
Additional icons identify different states of server deployment.
A managed Linux computer connected to the Deployment Server with a user logged on.
Additional icons identify different states of Linux computer deployment.
Deployment Web Console Help
338
Blade Servers - physical view
View the Physical Devices by clicking the drop list in the Computers pane and
selecting Show Physical Devices. Physical view of Rack/Enclosure/Bay
components for high-density server systems. These icons will appear as
physical representations to allow management of different levels of the server
structure. In addition, server icons identify logical server partitions.
See “Bay” on page 70 for properties and rules to deploy Rack/Enclosure/Bay
servers.
Computer Groups
Select the New Computers or All Computers group to run jobs or operations for these
default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar
computer types or to list computers of similar departments or locations. Click the New
Group button or select New > Computer Group to create a new group.
See also “Deployment Agents” on page 67.
Adding New Computers
Computers can be added to the Deployment Database using three methods:
•
Install the Deployment Agent on a Windows or Linux system. If you install the Production
Agent (Deployment Agent) to a computer with the operating system already installed, then the
computer will be added automatically to the Deployment Database at startup. New computers
with the Deployment Agent installed will be added to the All Computers groups (unless otherwise
specified in the Deployment Agent configuration). You can move the computer to another group
listed in the Computers pane.
•
Use Initial Deployment to configure and deploy new computers booting to automation.
Starting up a new computer in automation lets you image the hard drive, assign IP and network
settings, distribute personal settings and software, and install the Deployment Agent for new
computers. Using Initial Deployment you can associate new computers with pre-configured
virtual computer accounts. These newly configured computers will appear in the New Computers
group. See Initial Deployment (page 369).
•
Create or import computer accounts from the Deployment console. You can add new
computers using the New Computer feature or import computers using a delimited text file. You
can pre configure computer accounts by adding names and network settings from the console.
See “Creating a New Computer Account” on page 340.
About New Computers
When a new computer starts up, if Deployment Server recognizes the MAC address provided in a
New Computer account or import file, it will automatically associate the user account at startup with
the New Computer icon. If this value is not provided, then the computer will be displayed as a virtual
computer, allowing you to associate it to a new computer.
Deployment Web Console Help
339
The New Computer icon displays for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.
A virtual computer icon displays if specific hardware data (MAC Address) is not
known. As soon as the computer starts up and is associated with a virtual
computer account, then Deployment Server recognizes the new computer and
the icon changes.
A virtual computer account can be associated with a new computer using the Initial Deployment
feature. You can create multiple virtual computer accounts and then associate the account with a new
computer when it boots to automation. At startup, the configuration settings and jobs assigned to the
virtual computer can be associated with the new computer.
Virtual Computers
Deployment Solution provides features to create a virtual computer to pre-define a computer’s
configuration settings and assign customized jobs to that computer even if you do not know that
computer's MAC address. This type of computer is known as a virtual computer.
Virtual computers offer a great deal of power and flexibility, especially when you need to deploy
several computers to individual users with specific needs. The virtual computer saves time because
you can configure the computer before it arrives on site. You can set up as much configuration
information (computer name, workgroup name, and IP address, for example) that you know about
the computer and apply it to the new computer as it comes online. You can also prepare jobs prior
to the arrival of the new computer to deploy the computer using customized images, MSIs and RIPs
based on a user's specific needs.
When the new computer finally arrives, you will be ready to deploy it because have done all the work
ahead of time. Just set the managed computer option in PXE or automation and the new computer
will connect to the server as a managed computer. The virtual computer that you created now turns
into a managed computer in the console.
Creating a New Computer Account
You can create computer accounts for individual computers or for computer groups. When creating
new accounts for computer groups, you can automatically assign new names and associate them with
existing computer groups or the New Computer group.
To create a new computer account
Create new computer accounts in the Deployment Database for one or more computers.
1
To add one or more new managed computers, first select the desired Deployment Server system
in the Computers pane and select New computer(s) from the Computer actions drop-down list or
click the new computer button in the Details pane.
The Computer Configuration Properties will open.
2
Type the name of the new computer (up to 15 characters) and configure settings. A virtual
computer icon will appear in the selected group.
When a new computer starts up, you can assign it to this preset account.
To create multiple computer accounts
Define a name range and create accounts in the Deployment Database for multiple new computers.
1
On the Networking tab, click
2
Enter the number of computers to be placed in the name range. Enter the core name in Fixed text
and a numeral for the range start.
Deployment Web Console Help
to open the Define name range section.
340
3
Select Append to incrementally add the numeral to the end of the Fixed text. If you clear this box,
the numeral will be added to beginning of the name.
Importing New Computers from a Text File
You can import computer configuration data using delimited text files (.txt, .csv, or .imp files) to
establish multiple computer accounts in the Deployment Server database. This file contains all
configuration data for a new computer, including all settings displayed in the Computer
Configuration Properties of a selected computer.
To import new computers from a text file
1
Click the Action drop-down list in the Computers pane and select Import Computers.
A dialog box will open, allowing you to select files from the Deployment Share. You can import:
.txt; .csv; or .imp type of files.
2
Select the import file. Click Open.
3
If a correctly formatted computer import file is selected, then a message box appears, informing
you that the computer import is complete and identifies the number of computers added. Click
OK on this message box.
Note: Jobs can be added to the import file. They can be created and associated with the new
computers.
If the computer import file is incorrectly formatted, a warning will appear stating that the
computer import file is incorrect.
4
The imported computers appear in the Computers pane of the Deployment Web Console.
Computer Configuration Properties
Computer property settings can be viewed, set, and modified when Adding New Computers,
Modifying Configuration, or setting up Initial Deployment.
Computer Configuration Properties
Networking Settings
Set the Windows name of the computer and the
Workgroup or Domain settings.
TCP/IP Settings
Set the TCP/IP addresses for one or more network
adapters.
NetWare Client Settings
Set Novell Directory Services client logon options.
OS Licensing Settings
Set the registered name and view the hashed installation
license key for the installed operating system.
User Account Settings
Set the local Windows user account values.
Deployment Web Console Help
341
Networking Settings
Use the Sysprep utility to generate unique SIDs. This can be done by manually using these utilities
or when installing the Deployment Agent.
Computer name
This is the NetBIOS name for the computer. The name must be unique in the
network and is limited to 15 characters.
Computer Name box will be disabled for multiple computer configurations.
Define name range Create a sequential range of computer names. You can identify a root name
and automatically increment its associated number. This option is available
when selecting groups of computers.
For new computers, set a range of names for multiple new computers:
• Number of computers. Enter the number of computers to be automatically
named.
•
Fixed text. Enter the text portion of the name that you want associated with
each computer, for example: Marketing.
Use Token
Select the checkbox to specify the computer name using tokens. Selecting this
option enables Fixed text combo box and disables the Range start, Label, and
Append options.
Note: This option is applicable for multiple computers and not for single
computer.Fixed Text: You can select one of the six tokens from the dropdown list.
• %NAME%- Complete computer name.
•
%NICyMACADDR%- MAC address of the computer with NIC specific
number. Selecting this option enables the NIC Number option where you
need to specify the NIC number which can range from 1-8.
Note: The default value for NIC number is 1.
•
%SERIALNUM%- Serial number from SMBIOS.
•
%NODENAME%- First 8 characters of actual computer name.
•
Range start.
Enter a numeral to add to the fixed text, for example:
Marketing1.
Append
Select to add the range after the fixed text in the computer name. If you clear
this box then the number will be added as a prefix to the fixed text.
Microsoft
networking
Click Workgroup or Domain and enter the name.
Enter either the fully qualified domain name, the DNS domain name, or the
WINS domain name. You can enter the fully qualified domain name
(example: mjones.yourcompany.com), and specify the organizational unit
(OU) using this format: OU/newOU/users. The complete entry to place the
computer in the users OU is the following:
mjones.yourcompany.com/OU/newOU/users
internal.myServer.org/New Corporate Computer OU/Mail Room/
Express Mail Servers.
Deployment Web Console Help
342
TCP/IP Settings
Host name
The Windows name of the managed computer that is hosting Deployment
Server.
Network adapter
A list of all network adapters installed in the selected computer.
The network adapter with the lowest bus, device, and function number will be
the first listed (NIC0 - zero based). If the bus, device, and function
information cannot be determined for a network adapter, it will be enumerated
in the order it is detected.
When configuring multiple network adapters, make sure that one network
adapter is not using an Intel Universal NIC driver (commonly called UNDI
driver) to connect to Deployment Server. If one network adapter uses the
native driver and one uses an UNDI driver, then your computer will display
twice in the console.
•
Add.
Click the Add button
on the client computer.
for additional network adapters installed
If a computer in the group has only one network adapter, then it will be
configured only with the IP settings listed first. If IP settings are provided
for additional network adapters not present in the computer, then they will
be disregarded.
•
MAC.
•
Domain suffix.
•
The MAC address is a unique number assigned to the network
adapter by the manufacturer. This is read-only.
Enter this to add domain suffixes to the root address.
Use DHCP to obtain IP address.
Click to obtain an address from a DHCP
server.
•
Assign a static IP address.
Click to set static IP address values.
Show advanced
Select Advanced to set multiple IP Interfaces.
Name. Enter a name for the IP interface. Make sure you use the “eth” syntax
Click to set named when naming new interfaces, for example: eth0:1 or eth0:new
interfaces for this interface.
network adapter.
IP Address. Enter or modify the IP address common to all interfaces.
Netmask. Enter the appropriate subnet mask.
State. The default value of the interface state is Up, which denotes that the
named interface is operating. Shut down the named interface by selecting
Click the edit
Down.
button to modify
Broadcast Address. Enter the Broadcast address for the specified IP interface.
settings.
Gateway. Click this tab to enter the gateway address for this IP interface.
DNS. Click this tab to add additional Domain Naming Servers (DNS) for this
network adapter.
Append these DNS suffixes (in order): Add the name of the Domain Suffix, and
then use the Up and Down arrows to set the DNS suffix search order.
DNS Suffix. You can enter DNS Suffix and specify DNS Suffix order search
also.
WINS. Click this tab to add additional WINS settings for this network adapter.
You can select one of the three available options; Enable NetBIOS over TCP/IP,
Disable NetBIOS over TCP/IP, and Use NetBIOS setting from the DHCP Server.
Static Routes. Click this tab to enter the router settings information for this IP
interface. All the fields, that is, Designation, Netmask, Gateway, Interface,
Metric, Flag, Ref, and Use are mandatory.
Deployment Web Console Help
343
NetWare Client Settings
Set Novell NetWare client values for a new or existing computer. Select whether you want to log on
directly to a NetWare server or to a NetWare tree in Novell Directory Services (NDS). You can then
specify the preferred tree, server name, and NDS context.
Ignore NetWare
settings
Select to disregard all Novell NetWare client settings for this computer.
Preferred tree
Click and enter the name of the NDS tree.
Preferred server
Click and enter the name of the NetWare server, for example: \\OneServer.
This is the primary login server for the NetWare client.
NDS User name
Click and enter the name of the user object for the NetWare client.
NDS Context
Click and enter the organizational unit context for the user.
Run login scripts
Select this option to run the NetWare client login scripts.
OS Licensing Settings
Enter or view the license information for your Windows operating system software (Windows 98,
2000, XP, and 2003 Servers).
Registered user
Enter the name of the registered user.
Organization
Enter the name of the Organization.
License key
Enter the alpha-numeric license key. This is the hash value rendered from the
OEM key or 25-digit license key required when installing the operating
system.
User Account Settings
Set up local user accounts for the newly imaged computer or when running a configuration task.
Enter a user name, full name, and password, then set standard Windows login options.
User name
The user name for this local Windows user account.
Full name
The full name for this local Windows user account.
Password
The password for this local Windows user account.
Confirm Password Retype the password for confirmation.
Groups
Specify the Windows groups that this user will belong to as a commadelimited list, for example: Administrators, Marketing, Management
User must change Select to force the user to change the password after setting the configuration
password at next properties.
logon
User cannot
Prohibit the user from changing their password at any time.
change password.
Password never
expires.
Deployment Web Console Help
Select to maintain the user password.
344
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each
computer in the Deployment Server system. Deployment Agents are provided for various computer
types, including Windows, Linux, DOS, and PPC Handhelds.
The following Deployment Agents reside on the client computer and communicates with the
Deployment Server.
Deployment Solution Agents
Deployment Agent on Windows The Deployment Agent runs on Windows computers,
including desktops, notebooks, and servers.
Deployment Agent on Linux
This Deployment Agent runs on Linux workstations and
server.
Automation Agents
The Automation Agents boot client computers when the
Deployment Server sends a deployment job. Altiris supports
DOS, Linux, and Windows PE pre-boot operating systems.
Deployment Agent for Pocket PC This Deployment Agent runs on the host computer for a
handheld running the Pocket PC operating system.
Deployment Client for Pocket PC This agent runs on the handheld computer.
Deployment Agent for CE .NET This agent runs on the HP T5000 computer devices running the
CE .NET 4.2 operating system.
Notification Server Client
The NS client is an Altiris agent that runs on computers
supported by Notification Server. This agent runs on the
Deployment Server computer when running Deployment
Solution on Notification Server.
Deployment Server Agent
This agent runs on the Deployment Server computer when
running Deployment on Notification Server.
Install Deployment Agent to add a managed computer
When Deployment Agent is installed on a computer, it will search across the network for a
Deployment Server to attach to. When a Deployment Server is located by the Deployment Agent,
then the client computer will be added as a record to the Deployment Database.
When the Deployment Agent is running on a computer, the user will see a small icon
in the system tray. When the icon is blue, then the client computer running the
Deployment Agent is connected to the Deployment Solution system.
When the Deployment Agent icon is clear, it shows that the client computer is not
connected to the Deployment Solution system. The agent may be configured
incorrectly, the Deployment Server is down, or other network problems exist.
Automatically update to newer version of Deployment Agent
At times, Altiris may update versions of the Deployment Agent to enhance features. For best
performance, it is suggested that all managed computers run the latest version of the Deployment
Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server,
the managed computers will automatically update the Deployment Agent.
Managing Agent Connections
The following utilities are provided for managing transmissions between the Deployment Server and
Deployment Agents running on the managed client computers.
Reset a Client Connection
Resetting the connection that a managed computer has with the Server simply disconnects and
reconnects the computer. This is useful for troubleshooting or if you suspect there is a bad
connection.
Deployment Web Console Help
345
To reset a client connection, right-click a computer and click Advanced > Reset connection. When the
computer disconnects, its icon will turn gray. The computer should then reconnect and its icon color
will return to its original active status color.
Reject or Retrieve a Rejected Computer
If a computer that you do not want to manage connects to your Deployment Server, you can reject
it. This removes the unwanted computer from the Computers pane in the Web Console. Further
attempts by the computer to connect will be denied. Although the computer is not deleted, any
history or schedule information associated with the computer is deleted.
1
Click the computer you want to reject from connecting to the Deployment Server.
2
Select Reject Connection from the Select action drop-down list.
3
Click OK.
View Rejected Computers
You can view the rejected computers by clicking on a Deployment Server, and selecting View
from the Select action drop-down list.
Rejected Computers
The rejected computers are prohibited from being active in the Deployment Database. They are
identified and rejected by their MAC address.
You can remove computers from the Rejected Computers list by selecting it, and clicking Accept
Computer(s) icon from the toolbar. This allows the computer to attach again and be managed by the
Deployment Solution system.
Computer Details
View and edit the computer properties and inventory for each managed computer.
See “Properties” on page 346 and “Inventory” on page 347.
Properties
The following are the general properties of the selected managed computer.
•
General (page 346)
•
Network (page 346)
•
TCP/IP (page 347)
•
Location (page 347)
•
Bay (page 347)
•
Lights-Out (page 347)
General
View or change the name of the computer as it appears in the console. View logged in user name,
operating system installed, name of the Deployment Server, whether or not an automation partition
is installed, version of the Deployment Agent, and other client information.
Network
View Microsoft Networking, Novell Netware settings, and user information for the selected
managed client computer.
Deployment Web Console Help
346
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the
selected computer. Click Change to open the configuration window allowing you to modify settings.
Location
View and edit user-specific properties such as contact name, phone number, e-mail address,
department, mail stop, and site name. As the administrator, you can enter this information manually
or you can let the user populate this screen using Prompt User for Properties.
Bay
View location information and other properties for Rack / Enclosure / Bay components for highdensity and blade servers. Set rules for automatic re-deployment of blade servers based on physical
location changes.
Server Deployment Rules
From the Bay property page, you can select rules to govern actions taken when a new blade server
is detected in a selected bay. These rules are described below:
Rule
Action
Re-Deploy Computer
Restore a blade server using deployment tasks and configuration settings
saved from the previous server blade in the bay. This lets you replace new
blades in the bay and automatically run deployment tasks from its deployment
history. (See “Restoring a Computer from its Deployment History” on
page 88.)
All deployment tasks in the bay's history will be executed starting from the last
Distributing Disk Image task or Scripted OS Install task, or from any script (in
a Run Script task) with this command: rem deployment start.
Run Predefined Job
The server will process any specified job. Select a job to run automatically
when a new server is detected in the bay.
Ignore the Change
This option lets you move blades to different bays without automatically
running jobs. The server blade placed in the bay is not identified as a new
server and no jobs are initiated. If the server existed in a previous bay, the
history and parameters for the server are moved or associated with the new
bay. If the server blade is a new server (never before identified), then the
established process for managing new computers will be executed.
Wait for User
Interaction
(default) No job or tasks are performed (the Deployment Agent on the server
blade is instructed to wait). The icon on the console changes to reflect that the
server is waiting.
Lights-Out
View information about the remote management hardware installed on the selected computer (most
often a server) used to power up, power down and restart the computer remotely, or to check server
status. You can also enter the password for the remote management hardware by clicking Password.
Note: This feature is currently only available for selected HP Integrated Lights Out (ILO) and
Remote Insight Lights-Out Edition (RILOE) features.
Inventory
The following are the inventory details of the selected managed computer.
•
Hardware (page 348)
•
Drives (page 348)
Deployment Web Console Help
347
•
Applications (page 348)
•
Services (page 348)
•
Devices (page 348)
Hardware
View processor make and type, processor count, RAM installed on the computer, display
configuration, manufacturer, model, product name, MAC address of each network adapter installed,
serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and
configured.
Drives
View information about each drive on the computer. If you have multiple drives, you can select a
drive from the list box to view its settings, such as capacity, serial number, file system, volume label,
and number of drives installed.
Applications
View the applications that are installed on the computer, including description, publisher, version
number, product ID, and systems components.
Services
View the services installed on the computer as well a description, start type, and path for each
service.
Devices
View the devices installed on the computer, including display adapters, disk drives, ports, storage
volumes, keyboards, and other system devices.
Remote Operations
After selecting a specific computer device, click the Computer actions drop-down list and select a
remote operation to perform on the selected computer. This menu provides a variety of commands
to remotely manage all computers in your site or network segment.
Computer actions
Configure
Set network and local configuration properties for each computer,
including computer name, IP address, domains, Active Directory
context. See “Computer Configuration Properties” on page 341.
Quick Disk Image
Select a computer and image its hard disk. This will create and store the
image to distribute now or later. To run a disk image job you must have
have an Automation Partition installed on the client computer. You can
also manually boot a client computer using bootable media created in
Boot Disk Creator, or create a boot menu option in PXE Server.
When you finish this computer operation, a new job will appear in the
Jobs pane of the Deployment console under the System Jobs > Image
Jobs folder. The job name will have a generic format of Create
Image: <computer name>.
Copy File to
Copy selected files, directories, or entire directory structures and send
them to the selected computer(s). See “Copy File” on page 365.
Run command
Type and run commands remotely. Send a command from the
Deployment console as if you were entering a command from the
command-line prompt.
History
View a history of deployment tasks. Click Save to save the deployment
history to a file or click Delete to delete the history.
Deployment Web Console Help
348
Computer actions
Reject Connection
To manage unwanted client computers from attaching to the
Deployment Server, use the Reject Connection computer action to
remove the client's MAC address and other information from the
Deployment database. If the client tries to connect to the server, the
MAC address will not be found and the client-server connection will be
rejected. See “Reject Client Computer Connections” on page 315.
Wake Up
The Wake Up feature is hardware-dependent and is only available for
inactive computers. Select this command to start a computer that has
been turned off.
Your operating system and network adapter must be capable of
recognizing and processing the wake-on-lan packets. Non-embedded
network adapters must be properly configured.
Restart
Click to reboot the selected managed computer. Select Force
to restart immediately
without prompting the user.
Applications to close without a message box
Shut down
Click to shut down the selected managed computer. Select Force
Applications to close without a message box to shut down immediately
without prompting the user.
Log off
Click to log off of the selected managed computer. Select Force
Applications to close without a message box to log off immediately.
Clear Status
Clear computer status as shown in the Status field on the Details page.
Prompt User for
Properties
Query for computer location and user information. This feature sends a
form to the user to fill out and then writes it directly to the database,
appearing in the Location properties for the selected computer.
If the user changes the computer name, then the name in the Computers
pane of the Deployment console will also change. These settings are
stored directly to the Deployment Database.
Install Automation
Partition
Click Install Automation Partition from the drop-down list, and select a
pre-boot OS for the automation partition. You can select DOS, Linux,
or Windows as the pre-boot OS.
Get Inventory
Update property settings for a selected computer. These inventory
settings can be viewed in “Computer Details” on page 346. Select it to
ensure that you have the latest inventory of the computer.
Apply Regular License
Apply a permanent license if a client computer is using a time-limited
license or requires an updated license.
Rename
Assign the computer or group a new name in the console.
Delete
Delete a computer, a computer group, or any combination of computers
and groups from the database.
Change Production
Agent Settings
Select Change Production Agent Settings to modify the production agent
settings. See “Production Agent Settings” on page 317.
Change Automation
Agent Settings
Select Change Automation Agent Settings to modify the automation agent
settings. See “Automation Agent Settings” on page 321.
Move to Group
Click to move the selected computer to a new group.
Find a Computer in the Database
Enter a search string in the Find
field to query database fields for specific computer properties.
You can search for user or computer names, licensing or location information, or primary lookup
keys: MAC address, serial number, asset number, or UUID. In the Find field type all or part of the
computer’s property values that you would like to search for:
Name
BIOS name of the computer.
Computer Name
Deployment Solution name of the computer.
Deployment Web Console Help
349
MAC Address
0080C6E983E8, for example.
IP Address
192.168.1.1, for example.
ID
The computer ID. 5000001, for example.
Serial Number
Serial number installed in BIOS. A primary lookup key.
Asset Tag
Asset number in BIOS. A primary lookup key.
UUID
A primary lookup key.
Registered User
Name entered when OS was installed.
Product Key
Product Key for the operating system.
Logged On User
Name of user currently at the computer.
Physical Bay Name
The actual bay number: 7x, for example.
A list of computers meeting the search filter requirements will be listed in the Details pane. This
search is not case-sensitive and allows wildcard searches using the *.
Creating a Computer Group Filter
For Computer Filters, this dialog box lets you display and list all computers in a group according to
a specified criteria. Example: you can create a filter to view all computers in a particular group that
have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter, you can
then view all computers with that criteria in the Details pane of the Deployment Server Console.
Click a computer group in the Computers pane. The Filter feature will open in
the Details pane for the selected computer group. Click the Setup button to add
new filters, or modify and delete existing computer filters.
To create or modify a computer filter
1
Click any computer group. In the Details pane, you can view Filter by on the toolbar.
2
Click Add Filter icon from the toolbar to create a new filter.
3
Type a name for the filter in the Filter Name box, and click Edit Filter Name.
By default, the filter name is Filter N, where N is a sequentially generated numerical.
4
Click New Filter Item in the Filter Definition area.
5
Define the conditions you want to filter.
Click the Field box to see a list of computer values stored in the Deployment Database. Select a
computer value and then set the appropriate operation from the Filter list. In the Value box enter
an appropriate value for the selected database field.
Example: you might choose Computer Name as the Field, Contains as the Filter, and Sales as the
Value.
6
Repeat steps 4 and 5 to add more conditions. Click OK.
See also “Find a Computer in the Database” on page 349.
Deployment Web Console Help
350
Scheduling Jobs from the Deployment Web Console
A job represents a collection of predefined or custom deployment tasks that are scheduled and
executed remotely on selected managed client computers. You can build jobs with tasks to
automatically create and deploy hard disk images, back up and distribute software or personality
settings, add printers, configure computer settings, and perform all aspects of IT administration. Jobs
can be run immediately for a specific computer, or stored and scheduled for daily or long-term
administrative duties on multiple computer groups.
Job icons appear in the Jobs pane of the Deployment Web Console. To run a job,
select a job and select a computer or computer group from the Computers pane.
Then select the Schedule Job(s) option from the Select action drop-down list.
The “Job Scheduling Wizard” on page 353 guides you through common deployment and
management jobs. It provides three easy steps to select computers, select a job, and then schedule
the job to run.
Jobs include one or more “Deployment Tasks” on page 354. You build jobs by adding tasks to a job
and then customizing the task for your specific needs. You can add tasks to capture and distribute
images, software packages, and personality settings. Or you can write and run a script task, or run
scripted installs, configure settings, copy files and back up registry settings. You can also modify
existing jobs by adding, modifying, or deleting tasks to fit your needs. See “Building New Jobs” on
page 352.
Set conditions on jobs to run only on computers with properties that match the criteria that you
specify. You can build one job to run on different computer types for different needs, and avoid
mistakes by ensuring that the right job runs on the right managed computer.
Initial Deployment lets you run predefined jobs and configuration tasks on new computers when
they start up. You can automatically deploy new computers by imaging and configuring TCP/IP,
SIDs, and other network settings and then installing basic software packages. See “Initial
Deployment” on page 369.
Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs
pane. You can run many sample jobs as they are, or you can set environmental variables and run.
Viewing Job Details
As jobs are assigned, scheduled and executed, it is helpful to know specific details about their status
and assignments. The Deployment Console provides job icons to show state and status of the job in
the Details pane, including:
•
Job status icons that update to display the state of the job in running deployment tasks. These
icons are graphical symbols in the Deployment console used to identify the status of an assigned
job.
Deployment Web Console Help
351
.
Indicates that a job is scheduled to run on a computer or computer group.
Indicates that a job is in progress.
In the Details pane, indicates that a job has executed successfully.
Indicates that a job is associated with a computer or group of computers but is not
scheduled.
Indicates error conditions when individual tasks run.
•
A description of the job, if available.
•
If a job defines error conditions when individual tasks run, the Status field displays any errors
incurred and the tasks that completed successfully.
•
View all jobs, failed jobs, pending jobs, jobs not scheduled, scheduled jobs, and successful jobs
from the Details pane.
•
Job Schedule details. This is the job's run time, beginning when the job started and ending when
it completed successfully.
•
Currently applied conditions. You can add conditions to different task sets for different computer
properties within a job. Conditions specify characteristics that a computer must have before the
job will run.
•
A list of tasks assigned to the job and task descriptions are also be displayed. Change the order
of the task execution with the arrow buttons. Tasks are executed in the order they are listed. See
“Deployment Tasks” on page 354.
•
Features to add, modify, and delete tasks for each job.
•
A list of assigned computers and its deployment history.
Building New Jobs
A job can be a single task to distribute software or change computer property settings, or a job can
be a series of tasks sequenced to migrate hard disk images, set post-installation TCP/IP and SID
values, and install software packages and personality settings.
Create a new job by selecting the New Job command from the drop-down list in
the Jobs pane. You can then add tasks and create condition sets in the Details pane.
Create and build jobs by adding tasks and setting conditions to run the job.
1
Click a Deployment Server in the Jobs pane. The job will be created in the selected Deployment
Server system and saved to the shared folder in its Deployment Share.
2
Select the New job action from the list in the Jobs pane. The Job Details page will open.
3
Enter information for the new job:
Job name:
Enter a unique name for the job and click the apply button
Description.
Deployment Web Console Help
Enter a description for the job and click the apply button
.
.
352
4
At Condition sets, select a previously created condition set from the list to run the job only on
managed computers meeting specified criteria.
Click the expand button in the Conditions area to create a new condition set.
Note: The Tasks area is not selectable when the Conditions area is expanded.
5
In the Tasks area, click the New button
information and the condition set.
6
In the Task type field, select from the list of tasks to add to the job. The configuration page for
the selected job will open. Enter the configuration information for each job and click OK. See
“Deployment Tasks” on page 354.
7
Repeat steps 5 and 6 to add more tasks to the job.
8
From the Job Details page, set the order of Tasks to run in the job.
9
After creating and building a job, click the Job Actions list and select Schedule job or another
option.
Delete Job.
. A secondary page will open displaying job
Select to eliminate the job.
Schedule Job. Select to schedule the job to run immediately or at another time. If no computers
are selected, then the Computers page will open to select a computer or computer group. The Job
Scheduling page will open.
Move Job.
10
Select to move the job to another folder.
Schedule the job to run immediately or at another time. If no computers are selected, then the
Computers page will open to select a computer or computer group. Then the Job Scheduling page
will open.
After scheduling a job, the selected computers assigned to the job will appear in the Scheduled
list box.
computers
Job Scheduling Wizard
The Job Scheduling Wizard provides features to assign jobs to selected computers and computer
groups, and then schedule to run.
Select Computers
1
Click a Deployment Server group and then select individual computers or computer groups. If
you are running Deployment from the Altiris Console, you can select by defined computer
collections in the Altiris Console Collections. See “Managing Computers from the Deployment
Web Console” on page 335.
2
Click Next.
Select a Job
1
Select a job in the left pane to assign to the selected computers. Select a pre-defined condition to
run the job in the Conditions list.
2
Click Next.
Schedule Job
1
Set scheduling options. See “Scheduling Jobs” on page 354.
2
Click Close.
Deployment Web Console Help
353
Scheduling Jobs
After a job has been created, assign it to computers or computer groups. Then click Run Now or
Schedule to schedule the job to run immediately, at a scheduled interval, or assigned but not
scheduled. Job and job folders selected from the Jobs pane of the Deployment Web Console are
scheduled in the order they were selected, even across multiple Deployment Servers.
Note: When a software package or deployment job is scheduled to run on client computers, users
will see the Altiris Client Service Message dialog display, warning them that a job is about to
execute. If a user clicks the Abort button when the message displays, an event is logged to the client's
history so that Deployment Solution administrators know when users abort a scheduled event.
To schedule a job
From the Schedule Job page, select the appropriate options:
Assign but do not schedule or run. This option lets you apply jobs to computers but does not run the
job until you return to the Schedule Job dialog box and set a run time.
Run immediately. This
option lets you run the job now.
Schedule to run at a later time. This option lets you type the date and time to run the job at a specified
time and date. When you select this option, Date and Time fields will open to specify a time and date
to repeat.
Repeat this job every x.
A job can be scheduled to execute by minute(s), day(s), hour(s), week(s).
Defer this job up to x.
A job can be deferred when the server is busy executing other jobs, setting a
lower priority for particular jobs. By default all jobs are deferred up to five minutes.
Schedule in batches of x computers at y minute intervals.
This option lets you schedule computers in
batches to maximize efficiency.
Click OK.
Deployment Tasks
A task is a subordinate action of a job. After creating a job, you will add tasks to perform basic
operations, including:
Create a disk image from a reference computer and save the image file (IMG or
EXE files) for later distribution. See “Creating a Disk Image” on page 355.
Create Disk Image.
Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or create a disk
image from a reference computer on the network and simultaneously distribute it (IMG or EXE) to
other managed computers on the network. See “Distributing Disk Image” on page 357.
Distribute RIPs, MSI files, scripts, personality settings and other package files
to computers or groups. See “Distributing Software” on page 359.
Distribute Software.
Capture Personality. Capture the personality settings of a selected computer on the network using the
PC Transplant software. PC Transplant ships as a part of Deployment Server. See “Capturing
Personality Settings” on page 360.
Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid
Altiris packages and assign passwords and command-line switches to Personality Packages. See
“Distributing Personality Settings” on page 361.
Modify the IP address, computer and user name, domains and Active
Directory organizational units, and other network information and computer properties. See
“Modifying Configuration” on page 362.
Change Configuration.
Get Inventory. This lets you gather inventory information from client computers to ensure that the
Deployment database is up-to-date with the latest computer properties information. See “Get
Inventory” on page 363.
Deployment Web Console Help
354
Back up an individual registry file for a selected computer and save it to a
selected directory. See “Backing up and Restoring Registry Files” on page 362.
Back up Registry Files.
Restore Registry Files. Restore registry settings previously saved for a selected computer. This lets
you recover from a hard disk crash or other disaster. See “Backing up and Restoring Registry Files”
on page 362.
Create custom commands using scripts to perform jobs outside the bounds of the pre
configured tasks. Use the Run Script dialog box to select or define a script file to run on specified
computers or groups. See “Run Script” on page 363.
Run Script.
Copy File to. Copy a file from the Deployment Share or another source computer to a destination
computer. See “Copy File” on page 365.
Shutdown/Restart. Perform power control options to restart, shutdown, power off, and log off. See
“Power Control” on page 366.
Tasks are listed for each job in the task list box. Each task will execute according to its order in the
list. You can change the order using the up and down arrow keys.
Creating a Disk Image
When you create an image of a client computer’s hard disk, it is saved to the Deployment Share (by
default) as an .img or .exe file. Imaging deployment jobs require that the client computer boot to
automation. PXE-enabled client computers can boot to automation from the PXE Server. Other
methods of booting to automation include installing an embedded or hidden automation partition, or
manually booting a computer using bootable media, created with Boot Disk Creator. See Boot Disk
Creator Help, and PXE Configuration Utility Help.
1
Enter the path and file name to store the image file. You can store image files to access later when
a managed computer is assigned a job that includes the image file.
The default file name extension is IMG. Saving image files with an EXE extension makes them
self-extracting executable files (it adds the run-time version of RapiDeploy in the file).
2
Click Local image store if you want to store the image file locally on the client computer's hard
drive. Enter the path relative to the managed computer (example, c:\myimage.img). This is
optional.
When you store an image locally on a computer instead of a file server, you save server disk
space and reduce network traffic. If you are imaging multiple computers or image computers
frequently, there it is advisable to store images locally.
Prerequisite: Make sure you have an embedded (recommended) or hidden automation partition
installed on the computer’s hard disk with enough disk space to save the images you want to
store.
Note: When imaging computers where labs are cached, do not use the option to remove the
automation partition unless you want to clear the lab from the computer.
3
Enter an image description (optional) in the Description field to help identify the image.
4
Select Prepare using Sysprep to use sysprep to prepare system for imaging. Then, click the
Advanced Sysprep Settings button. See “Advanced Sysprep Settings for Creating a Disk Image”
on page 356
5
Select the operating system from the Operating System drop-down list.
Note: Click Add new to go to the Sysprep Settings dialog and select the OS Information.
6
Select the product key from the Product Key drop-down list.
7
Select the required pre-boot environment from the Automation - PXE or BootWorks environment
(DOS/Windows PE/Linux) drop-down list to perform the Create Disk Image task in selected preboot environment. By default, the DOSManaged Boot Option type is selected.
8
Click Advanced to select Media Spanning and additional options. See “Create Disk Image
Advanced” on page 356. This is optional.
9
Set Return Codes. See “Setting Up Return Codes” on page 367. This is optional.
Deployment Web Console Help
355
10
Click OK. The task appears in the Task list for the job.
Troubleshooting Tip: If an imaging Job fails on a managed computer, the Deployment agent
configuration screen appears on the client. This screen displays a prompt to confirm if the user wants
to configure the client or restore the original settings. Select Cancel > Restore Original Settings on the
client screen.
See also “Deployment Tasks” on page 354.
Advanced Sysprep Settings for Creating a Disk Image
Click the Advanced Settings button to open the Advanced Sysprep Settings dialog. You can use the
Advanced Sysprep Settings dialog to specify Sysprep mass storage device support. By default, the
Enable mass storage device support using built-in drivers option is selected.
Disable mass storage device support. When this option is selected, the Sysprep.inf file contains the
section [Sysprep] with the key value pair as BuildMassStorageSection = No.
Enable mass storage device support using built-in drivers. When this option is selected, the Sysprep.inf
file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = Yes.
Enable mass storage device support using the following: When this option is selected, the Sysprep.inf
file contains the section [SysprepMassStorage] and is appended by contents of the file mentioned in
the Mass storage section file field. You can also copy the drivers directory mentioned in the Mass
storage drivers field.
Create Disk Image Advanced
RDeploy Options
Graphical Mode (RDeploy). Click
this option if you want to choose the imaging executable as
RDeploy.
Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT.
Text Mode or RDeployT is the default choice.
Media Spanning
Maximum file size.
The Maximum file size supported is 2 GB. To save an image larger than 2 GB,
Deployment Server will automatically break it into separate files regardless of your storage capacity.
From the Maximum file size list, select a media type.
Specify ___ MB.
If the preferred type is not on the list, enter the file size you want in the field.
Additional Options
Do not boot to Windows. Select this option to create an image of the hard disk while booted to DOS
without first booting to Windows to save network settings (TCP/IP settings, SID, computer name,
etc.). If you select this option, these network settings will not be reapplied to the computer after the
imaging task, resulting in network conflicts when the computer starts up.
Note: This checkbox should be selected when imaging Linux computers.
Compression.
Compressing an image is a trade-off between size and speed. Uncompressed images
are faster to create, but use more disk space.
Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to
create a larger compressed image file with a faster imaging time. The default setting is Balanced for
Size and Speed.
Command-line switches.
You can add command-line switches specifically for the RapiDeploy
program to execute imaging tasks. See the Altiris RapiDeploy Product Guide located in the Docs
folder in the Deployment Share.
Deployment Web Console Help
356
Distributing Disk Image
Distribute an image (.img) or executable (.exe) file to managed computers to set down a previously
created hard disk image.
1
Click Select a disk image file to select a stored image file. This lets you set down a new image file
from a previously imaged computer. This is a common method to distribute an image file.
2
If you want to image a source computer on the network, click Select a computer on the network.
Enter the name and location of the source computer to create an image and distribute the newly
created image file. This is optional.
This option saves an image of a selected computer’s hard disk in its current state each time the
job executes. You can schedule the job to image a specified computer every time it runs, allowing
the image to be updated each time.
Note: Network mapping must exist on the source computer before imaging. UNC paths are not
supported in DOS.
3
Select Local image store if you saved the image file on the client computer’s hard drive. With
local image store, the image file is stored on a partition on the computer being imaged. The server
cannot validate the image when a local image store is used. This is optional.
4
Select Prepare using Sysprep to use sysprep to prepare system for imaging. Then, click the
Advanced Sysprep Settings button. See “Advanced Sysprep Settings for Distributing a Disk
Image” on page 357
5
Select the operating system from the Operating System drop-down list.
Note: Click Add new to go to the Sysprep Settings dialog and select the OS Information.
6
Select the product key from the Product Key drop-down list.
7
Click Automatically perform configuration task after completing this imaging task to reboot the
computer and push down the configuration settings to the newly imaged computer. This is
optional. By default, the DOSManaged Boot Option type is selected.
8
Select the required pre-boot environment from the Automation - PXE or BootWorks environment
(DOS/Windows PE/Linux) drop-down list to perform the Distribute Disk Image task in selected
pre-boot environment. The option reported by the PXE Manager is the default pre-boot
environment option.
9
Click Advanced to resize partitions and set additional options. See “Distribute Disk ImageResizing” on page 357 and “Distribute Disk Image-Additional Options” on page 358
10
Set Return Codes. See “Setting Up Return Codes” on page 367. This is optional.
11
Click OK.
See also “Deployment Tasks” on page 354.
Advanced Sysprep Settings for Distributing a Disk Image
Click the Advanced Settings button to open the Advanced Sysprep Settings dialog. You can generate
the Sysprep.inf file for the Distribute Disk Image task, depending on the option selected in the
Advanced Sysprep Settings dialog.
Use default answer file. When this option is selected, the Deployment Server generates the
Sysprep.inf file depending on the data present in the database.
Use the following answer file. When this option is selected, the Deployment Server picks up the
contents of the file mentioned in the Sysprep answer file textbox and prepares the Sysprep.inf file.
Distribute Disk Image- Resizing
By default, whenever you deploy an image, you have the option to resize the partition to take
advantage of the available disk space. Drive Size gives you information about the size of the image,
so you can determine if you need to change partition sizes. Minimum indicates the amount of space
the image will use on the target computers. Original indicates the image source disk size.
Fixed Size.
Select this option and enter the desired partition size.
Deployment Web Console Help
357
Percentage.
Select this option and enter the percentage of free space that you want the partition to
occupy.
Min.
View the minimum size of the partition.
Max.
View the maximum size of the partition.
Note: FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can
be sized smaller than the minimum value). HP partitions remain a fixed size.
Distribute Disk Image-Additional Options
This option lets you specify operations for existing automation and OEM disk partitions. The options
are as follows:
•
•
•
Leave the partition as it is
Remove the automation partition
Replace the existing partitions
RDeploy Options:
Graphical Mode (RDeploy). Click
this option if you want to choose the imaging executable as
RDeploy.
Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT.
Text Mode or RDeployT is the default choice.
Automation Partition:
Leave the client's existing Automation partition as it is. If
the image file contains no automation
partition information, by default, this option is selected. The Automation partion will remain
unchanged when distributing disk images.
Delete the client's Automation partition [-nobw]. Select
this option if you want to delete the existing
Automation partition from client computers.
Replace the client's existing Automation partition from the image file [-forcebw]. Select this option if you
want to replace the existing Automation partition on the client computer with the Automation
partition from the image file.
OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition
information, by default, this option is selected. The OEM partion will remain unchanged when
distributing disk images.
Delete the client's OEM partition [-nooem]. Select
this option if you want to delete the existing OEM
partition from client computers.
Replace the client's existing OEM partition from the image file [-forceoem]. Select this option if you want
to replace the existing OEM partitions on the client computer with the OEM partition from the image
file.
Additional Command-line switches.
You can add command-line switches specifically for the
RapiDeploy program that runs imaging tasks. See the Altiris RapiDeploy Product Guide located in
the Docs folder of the Deployment Share.
Note: The checkdisk command-line switch should not be used from a Deployment console. The
post-configuration task will fail after an image restore.
See also “Deployment Tasks” on page 354.
Deployment Web Console Help
358
Distributing Software
Send MSI, CAB, EXE, and other package files to selected computers or computer groups, including
EBS, and RPM files for Linux computers. This task identifies valid Altiris packages and assigns
passwords and command-line switches.
1
Enter the name and location of the package to distribute in the Name field.
Note: Information about the package will be displayed in the Title area for valid packages. If no
description is displayed, then the file is not a RIP or a Personality Package.
2
To distribute Software Delivery Packages, click
.
Note: The Import Software Delivery Packages option is enabled only if the Notification Server is
installed on the Deployment server computer.
A dialog box appears containing a list of all available Software Delivery packages and programs.
3
Select the Software Delivery package from the Software Delivery Packages drop-down list. After
you select the package, all available programs for that package are listed in the Software Delivery
Programs drop-down list. Select the required program from the Software Delivery Programs dropdown list.
4
Select Package distribution options.
•
Select Run in quiet mode to install the package without user interaction.
•
Select Apply to all users to run the package for all users with accounts on the computer. If
sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
•
If distributing an install package or other types of packages with associated support files, you
can select Copy all folder files to install all peer files in the directory.
•
Select Copy sub folders to distribute peer files in the directory and all files in associated
subdirectories.
Important: Some clients may have software installed on the client computer that, for
protection against harmful software, only allows software programs on a list of “wellknown” executable to run. Therefore, whenever the system administrator wanted to install a
patch on client computers, he or she would have to update the well-known-executable list on
all the client computers, which could be a lot of work.
To save the work of updating that list, or of manually renaming distribution packages, the
“RenameDistPkg” feature was added. Now, the system administrator may update the wellknown-executable list once with a filename of their choosing. The well-known filename may
then be entered into the Windows registry of the Deployment Server computer (the computer
running axengine.exe), as the “Value data” of a string value named “RenameDistPkg” under
the “HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options” key. If the
RenameDistPkg registry entry is set, then Deployment Server will rename installation files
that are copied to the client computers.
This feature only affects files that are temporarily copied to the client computer as part of a
“Distribute Software” task. The file that is to be executed only during the installation,
sometimes referred to as the “package”, is the file that gets renamed, not the files that actually
get installed to various locations on the target computer.
If the Copy all folder files option is enabled, only the main (installable) file will be renamed.
5
For RIPs, if you set the Package password option when you created the RIP, you must enter the
password for the package to run.
6
Add values to the Command-line switches field, for example:
-cu:”JDoe;TMaya;Domain\BLee”
Note: The command-line switches are specific to any package you are distributing that supports
command-line options, such as RIPs and Personality Packages. For a complete list of commandline switches, see the Wise MSI Editor and the Altiris PC Transplant Pro Product Guide.
7
Click Advanced to specify how files are distributed to the managed computer. You can copy
through Deployment Server, or copy and run directly from the Deployment Share or from
another file server. See “Distribute Software-Advanced” on page 360. Click Next.
Deployment Web Console Help
359
8
Set Return Codes. See “Setting Up Return Codes” on page 367. This is optional.
9
Click OK.
Notes:
•
When a RIP or Personality Package is executed through Deployment Server, the quiet mode
command-line switch is applied. This means the user will not be able to interact with the user
interface on the managed computer.
•
If the Personality Package is configured to run only if a particular user is logged in and only if
the user has an account on the managed computer, the package will run the next time that user
logs in. If the user does not have an account, the package aborts and sends an error back to the
console via the Deployment Agent. If the package is not run through Deployment Server, a
message is displayed on the managed computer and the user is prompted to abort or continue.
Distribute Software-Advanced
Copy files using Deployment Server. Click this option to distribute packages through Deployment
Server to the managed computer, requiring two file copy transactions if the Deployment Share is on
another file server. This option is run for Simple installs and is the default option.
Copy directly from file source. Click this option to copy packages directly from the Deployment Share
if this data store is located on another server (a custom install). It will copy the file and then run it,
avoiding running through Deployment Server and diminishing processor output.
Run directly from file source.
Click this option to run files remotely from the Deployment Share or
another selected file server.
File source logon. Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
Note: Windows 98 computers have security limitations when copying files directly from the source
to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files using
Deployment Server option for these types of computers or plan a proper security strategy for direct
copying.
Capturing Personality Settings
The Capture Personality task lets you save personal display and user interface settings defined in the
OS for each user. You create a Personality Package that can be saved and distributed when migrating
users. This task will run Altiris PC Transplant from the console to capture and distribute settings.
1
In Personality template file, enter the name of a personality template. A default personality
template is included in the PCT folder of the Deployment Share (DEFAULT.PBT).
2
In Store package in folder, enter the name of the folder where you want to save the personality
package.
3
In User account and folder login, enter the login credentials for the managed computer from which
the personality settings will be captured, and the file server where the Personality Package will
be stored.
4
In Package login, enter a password for the Personality Package. This is a run time password that
is required when the Personality Package runs on the destination computer.
5
Click Advanced to specify additional features. See “Capture Personality-Advanced” on
page 361.
6
Set Return Codes. See “Setting Up Return Codes” on page 367.
7
Click OK.
Notes:
•
To capture a personality on a Windows 98 computer, make sure that all users have Write
access to the Deployment Server share (by default at C: Program
Files\Altiris\eXpress\Deployment Server in a Simple install). Also, make sure
Deployment Web Console Help
360
that the User account and folder login boxes are blank. A user must also be logged on at the
client computer to capture the client profiles. An error will be returned if you attempt to
capture personality settings on Windows 98 computers that are not authenticated. It is
recommended that you don't capture personalities for mixed groups of Windows 98 and
Windows 2000/XP/2003 computers.
•
Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers
to ensure that the appropriate Capture Personality task runs on the appropriate computers.
Capture Personality-Advanced
Domain users. Select this option to capture personality settings for all domain users on the computer.
Local users.
Select this option to capture personality settings for all local users on the computer.
Custom. Specify users or groups to capture personality settings. Select the Custom checkbox and
enter the Users or Groups you want to capture personality settings. Also, instead of specifying
names, you can also select users that have been either created or last accessed in a specified number
of days.
Use condition. Set conditions for personality files that were accessed (a user logged on) or created (a
personality package created) in the past defined days or months.
Command-line switches. You can add command-line switches specifically for the PC Transplant
program that migrates personality settings. See the Altiris PC Transplant Guide in the docs folder
of the Deployment Share.
Distributing Personality Settings
The Distribute Personality task allow you to save personal display and user interface settings defined
in the OS for each user. You will distribute Personality Packages to migrate personality settings.
This task will run Altiris PC Transplant from the console to capture and distribute settings.
1
In the Name box, enter the file name and location of the PCT file.
Note: Information about the Personality Package will be displayed in the Title area for valid
Personality Packages (PCT files). If no description is displayed, then the file is not a valid
package.
2
Select Run in quiet mode to install the package without displaying the PC Transplant screens.
3
Specify the users to associate with the Personality Package.
•
Click Apply to all users to run the package for all users with accounts on the specified
computer.
•
If sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
Example: to install a Personality Packages for a specific user accounts on a computer, add
values to the Command-line switches field:
-user: JDoe; TMaya; BLee
Note: The command-line switches are specifically for Personality Packages. For a complete
list of command-line switches, see the Altiris PC Transplant Pro Product Guide.
4
In the Package Password box, type the password set for the PCT file when created.
5
Enter command-line parameters in the Command-line switches field.
6
Click Advanced to specify how Personality Packages are copied to the managed computer. You
can copy through Deployment Server, or copy and run directly from the Deployment Share, or
from another file server. See “Distribute Personality Advanced” on page 362.
7
Set Return Codes. See “Setting Up Return Codes” on page 367.
8
Click OK.
For more information about capturing a computer's personality settings, see the Altiris PC
Transplant Pro Product Guide.
Deployment Web Console Help
361
Distribute Personality Advanced
Copy files using Deployment Server. Click this option to distribute software packages through
Deployment Server to the managed computer, requiring two file copy transactions if the
Deployment Share is on another file server. Use this option for Simple installs to take advantage of
security rights defined by Deployment Server. This is the default option.
Copy directly from file source.
Click this option to copy packages directly from the Deployment
Share, sending only one copy across the network. It will copy the file and then run it and avoid
running through Deployment Server and diminishing processor output. Because the Deployment
Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data
source, you will need to identify a user name and password for the data share computer from the
target computer. This option also requires a full UNC path name in the Source Path field in the Copy
File dialog box.
Run directly from file source.
Click this option to run files remotely from the Deployment Share or
another selected file server.
File source logon. Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the
Modify Configuration task. The Deployment Agent will update the property settings and then restart
the computer for changes to take effect.
1
Enter or edit the property settings in the Modify Configuration page. Click a tab to set additional
values for each property setting group. See “Computer Configuration Properties” on page 341.
2
Select the Reboot after Configuration checkbox to restart client computer after the configuration
changes are complete. By Default, the Reboot after configuration checkbox is selected.
3
Set Return Codes. See “Setting Up Return Codes” on page 367. This is optional.
4
Click OK.
Backing up and Restoring Registry Files
Copy registry files of selected computers using the Back up Registry task and save the registry file
settings to a selected directory. You can also create a Restore Registry task to copy the registry
settings to a managed computer.
1
In the Folder field, enter the directory path to back up or restore registry files. The default is to
create a RegFiles folder in the Deployment Share. All computers with registry files in this folder
will be displayed in a list.
2
Select the required pre-boot environment from the Automation - PXE or BootWorks environment
(DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected preboot environment. The option reported by the PXE Manager is the default pre-boot environment
option. By default the DOS Managed boot menu option type will be selected.
3
Click Advanced if Windows was installed on client computers in a directory other than the
default path. Enter the correct path to the root of the Windows directory.
4
Select Include registry information for all users to back up registry keys for all user accounts.
Note: If you clear this checkbox, then only the Administrator and Guest user accounts will be
backed up or restored.
5
Set Return Codes. See “Setting Up Return Codes” on page 367.
6
Click OK.
Deployment Web Console Help
362
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that
the Deployment database is up-to-date with the latest computer properties information. The status of
the task will display Received Inventory and Received Inventory in the Scheduled Details pane below
the task list on the Jobs page.
1
Click one of the jobs in the Jobs pane
2
Click the New Task icon, and then select Get Inventory from the Task type drop-down list.
3
Click OK.
Run Script
Select an existing script or write a new script file to run on selected managed client computers.
1
If you have a script file defined, click Run script from file and then browse from the folder icon to
select the file. You can now modify the script in the edit box.
2
To create a new script, click Run this script. Type the script in the provided text box.
3
Click Import to import the scripts from a text file.
4
In the Choose the script operating system area, select Windows, DOS, or Linux as the operating
system for running the specified script.
5
Click Advanced to provide the advanced details. See “Advanced Run Script Options” on
page 363.
6
Set Return Codes. See “Setting Up Return Codes” on page 367.
7
Click OK.
Notes:
•
When a computer is in Automation mode using the DOS Automation Agent, it does not see DOS
partitions. To run a script from Automation, use FIRM (File-system Independent Resource
Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive.
•
Deployment Server assumes a return code of zero (0) as a successful script execution. Some
programs return a code of one (1) to denote a successful script execution. If a program returns a
one (1), you will see an error message at the Deployment console even though the script ran
correctly. To modify the return codes, you can edit the script file to return a code that the console
interprets correctly.
Advanced Run Script Options
Select advanced options for running the script such as location of the script and running
environment.
Script Run Location
On the client computer. The option runs the script on the managed computer to which you assign the
job.
Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of
the managed computer. In most cases you will want to create a server-side script task that runs in
context with other tasks. Example: you can add a task to image a computer and then add a task to
execute a server-side script to post the imaging return codes to a log file stored on the Deployment
Server computer.
Use the -id switch for running scripts on Deployment Server when using the WLogEvent and
LogEvent utilities.
Important: Scripts requiring user intervention will not execute using this feature. The script will run
on the Deployment Server of the managed computer, but will not be visible. Example: if you run a
DOS command locally on the Deployment Server, the Command Prompt window will not open on
the Deployment Server computer when the script executes.
Deployment Web Console Help
363
When running the script on the Deployment Server, it will execute specifically for the assigned
managed computer. Example: if you create a job with a script to run locally on the Deployment
Server and assign the job to 500 computers, then the script will run on the Deployment Server 500
times.
Client Run Environment
Select the environment for your client. You can run in either production or automation mode.
Production - Client-installed OS (Windows/Linux). Click
this option to run the script in a Windows or
Linux production environment.
Security Context - (Windows only)
Default (local system account). Use Windows authentication to authorize a user’s account name
and domain information to manage client computer.s
Enter user name and password.
Enter a name and valid password for the user to manage client
computers.
Script options (Windows/Linux)
Script Window. This determines how you want the Script Window displays when the script runs.
Select Minimized, Normal, Maximized, or Hidden from the drop-down list.
Additional command-line switches. Enter any commands that you want to execute when the script
runs in Windows or Linux.
Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the
automation environment. Select a pre-boot automation environment from the drop-down list.
If you select Linux as the OS type, then the Locally on the Deployment Server option will be disabled
and only the Additional command-line switches under the Production Client installed OS(Windows/
Linux) will be enabled.
If you select DOS as the OS type, then the Locally on the Deployment Server option and the Production
- Client-installed OS (Windows/Linux) option will be disabled.
Example Script
The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful
completion. Here is an example of the file that is modified to return a code of 0 (which is the success
code recognized by the Altiris Console and utilities). You can make similar changes to your script
files as needed.
CONVERT /FS:NTFS
if ERRORLEVEL 1 goto success
goto failure
:success
set ERRORLEVEL = 0
goto end
:failure
echo Failed
set ERRORLEVEL = 1
goto end
:end
Deployment Web Console Help
364
Copy File
Copy all types of files to managed computers. You can send selected files or directories to a
computer or computer group.
1
Click either the Copy file or Copy folder option. Click Copy sub folders to copy all subdirectories.
2
Enter the directory path and name of the file or directory. The Source path defaults to the
Deployment Share, but you can type or browse to another file or directory.
To copy files or directories through Deployment Server from the Deployment Share, you can
enter a relative path in this field. To copy files or directories directly from the Deployment Share
to the managed computer, you must enter the full UNC path name (see “Copy File Advanced”
on page 365 features).
Note: When entering the source path for copying files through the Deployment Server, you can
only access the shared directories through an established user account. Specifically, you can only
use UNC paths when you have sufficient authentication rights established.
3
Type the destination path. The Destination field automatically enters a sample path, but you can
enter the directory path that you require. If the destination path does not exist on the destination
computer it will be created.
4
Click Advanced to specify additional features to copy files through Deployment Server or
directly from a file server. See “Copy File Advanced” on page 365.
5
Set Return Codes. See “Setting Up Return Codes” on page 367.
6
Click OK.
Using Location Variables
Location variables are being added to Deployment Server for the Copy Files feature, allowing you
to enter a token variable rather than requiring a complete location path when copying files to a
managed computer (a client computer running the Deployment Agent). The current variables
include:
Temp. Enter Temp in the Destination path to set the Temp directory (identified in the system path)
for the managed computer. Example: instead of entering C:\windows\temp\setup.exe in the
Destination path, just enter temp:setup.exe.
Copy File Advanced
Select options to copy files directly from the Deployment Share. This option is for files stored on
another network server in a distributed Deployment Server installation.
Copy files using Deployment Server. This option distributes software packages through Deployment
Server to the managed computer, requiring two file copy transactions if the Deployment Share is on
another file server. Use this option for Simple installs to take advantage of security rights defined by
Deployment Server. You can use a relative path name entered in the Source Path box in the Copy
Files dialog box. This is the default option.
Copy directly from file source.
Click this option to copy packages directly from the Deployment
Share, sending only one copy across the network. It will copy the file directly to avoid running
through Deployment Server and diminishing processor output. Because the Deployment Agent
doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you
will need to identify a user name and password for the data share computer from the target computer.
This option also requires a full UNC path name in the Source Path field in the Copy File dialog box.
Deployment Web Console Help
365
File source logon. Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
Note: Windows 98 computers have security limitations when copying files directly from the source
to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files using
Deployment Server option for these types of computers or plan a proper security strategy for direct
copying.
Power Control
Start the computer using Wake-on-LAN or run standard power control options to restart the
computer, shut down, or log off the current user.
1
Select a power control option:
Restart, Shut down (if
2
available), Log off, or Wake up (send Wake-On-LAN).
Select the Force applications to close without prompting checkbox to force applications to close
without saving unsaved data,.
If you use this option, any unsaved data in open applications will be lost. If you do not use this
option, open applications with unsaved data will not close until the user chooses to save or not
save the data. As a result, the managed computer will not complete the selected power option
until the user makes a selection.
3
Click OK.
4
Set Return Codes. See “Setting Up Return Codes” on page 367. This is optional.
Copy Jobs and Job Folders
Jobs or job folders (including their subfolders) can be copied to any other job folder in the treeview
of the Jobs pane of the Web Console. A Job folder can only be copied to a root level folder, which
has a limit of 30 subfolders, and cannot be copied to a child level folder.
If you copy a job or folder with the same name as the destination job or folder, the copied job or
folder is automatically named Copy of <job or folder name>. This feature can only be performed by
administrators or users who have been granted permissions to create jobs, or job folders.
To copy jobs and job folders
1
In the Jobs pane, click a job or job folder.
2
Click the Job Actions drop-down list, and select Copy job/folder.
3
In the Select a folderdialog box, select a destination job folder, and then click OK.
Importing and Exporting Jobs
If you have several Deployment Servers in your environment, this feature lets you Import (restore)
and Export (back up) job folders, so you can move data from one Deployment Server to another.
Administrators and users, who have been granted privileges, do not have to go to the Deployment
Console to perform these functions.
To import jobs
1
From the Deployment Web Console, click a job or job folder in the Jobs pane.
2
Click the Job Actions drop-down list, and select Backup/Restore job. The Backup Job Restore Job
dialog box is displayed.
3
By default the Backup Job(s) option is selected. Click the Restore Job(s) option.
4
On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field,
or browse to the file you want to import. The file must be a valid .bin file or have been created
with a current version of the database schema.
Deployment Web Console Help
366
5
By default the job or job folder name you selected in the Jobs pane is displayed in the Restoring
to selected folder field. If you did not specify a job or job folder, the Deployment Server will
import the file at the root level in the Jobs pane.
6
Select the Overwrite existing Jobs and Folders with the same name checkbox to replace jobs and
folders with the imported data.
7
Select the Delete existing Jobs in folder checkbox to delete all the jobs in the folder you selected.
The folder will be populated with the jobs from the imported file. If you did not specify a specific
job folder to import (restore), this option will be disabled.
8
Click OK. The import file will restore the jobs on the Deployment Server.
To export jobs
1
2
From the Deployment Web Console, click on a job or job folder in the Jobs pane.
Click the Job Actions drop-down arrow and select Backup/Restore job. The Backup Job Restore
dialog box is displayed. By default the Backup job(s) option is selected.
Job
3
On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field,
or browse to a directory where you want to save the exported file. If you do not enter a file
extension, the file will save with a .bin file extension. Click Save.
4
Click Browse associated with the Select job(s)/folder(s) to backup option.
5
Select a job or folder in the dialog box, and then click OK.
6
Click OK. The jobs or folders on the Deployment Server will back up to the file name you
specified.
Setting Up Return Codes
When you create a task in a job, you can define a response to specific return codes generated from
that task after it runs. You can determine the response if the task runs successfully or if the task fails.
You can also set up custom return codes generated from scripts or batch files that are unique to your
environment or deployment system.
Note: Return code handling cannot be set up for jobs created in the Job Scheduling Wizard.
When creating a task, the Return Codes dialog box will open to allow you to set a response if the
task was successful or to determine a default response if the task failed. Because Deployment Server
returns a 0 (zero) if the task runs successfully, any other return code value denotes some type of
failure in running the task. As a result, in the Success box you can select an action if the return code
is 0 (zero), or select an action in the Default box if the return code is not a 0 (zero).
Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as
successful, then it will run the action in the Success box. If it is not successful, then it determines if
the return code has been assigned a custom code value. If the return code is defined as a custom code,
then the selected action for that custom code is executed. If no custom code is assigned to the return
code, then the action set in the Default list is executed.
Note: If using LogEvent and WLogEvent in Scripts, you can only generate return codes when the
level 3 message is specified. Specifying a severity level 3 will cause the script job to fail and allow
you to respond using this return code feature.
Return Code Actions
For both successful tasks (in the Success list) and failing tasks (in the Default list), you can determine
these specific actions:
Stop.
This action will stop the job after the task runs. Subsequent tasks will not run.
Continue.
This action will continue with subsequent tasks in the job after the task runs.
Select a job.
This action will allow you to select existing jobs to run after the task.
These actions also apply to custom return codes designed specifically for your system.
Deployment Web Console Help
367
Custom Return Codes
In the Specific return codes area, you can view custom return codes set specifically for your system.
Type a custom code in the Code box, and then select a response action in the Response list. Specify
the interpretation of this return code as Success or Failure from the Result list, and give appropriate
message in the Status field, if required. These custom codes can respond to any return codes set up
in scripts or batch files in the Run Scripts task, or these custom codes can respond to system return
codes thrown from Deployment Server or external codes generated when distributing applications,
personality settings, or disk images. Any task can have custom codes that respond to different return
code values.
New. This lets you add a new custom return code for the task. You can also choose to add the
return code to the Master Return Codes list.
Add Existing Return Codes. This is a list of all the return codes existing in the Deployment
database. You can add, modify, and delete the codes and their values so that setting codes for other
tasks is easier.
Delete. This lets you delete return codes listed in the Other return codes area, but not from the
Master Return Codes list.
Modify. This lets you modify the return codes listed in the Other return codes area. The changes
you make do not update the Master Return Codes list.
To set up return codes
To set up return codes, you need to determine how to respond to the Deployment Server success
return code (zero) in the Success box, how to respond to a failure return code (a non-zero) in the
Default box, and how to respond to a custom or externally generated return code defined in the
Specific return codes section.
The example below describes how to set up a simple process to deal with custom and system return
codes:
1
In the Success list, keep the default value Continue. This allows the job to continue running
additional tasks in the job after successfully completing this task.
2
Select Select a job from the Default list to select a job to be executed when a default condition is
reached. The Select a Job dialog box opens, allowing you to select an existing job that runs if the
task returns a failed system return code (non-zero) or a return code not defined as a custom return
code.
3
Click New to add custom return codes.
4
In the Code box, enter a value of 10 (ten).
5
Click the Response drop-down arrow, and select Continue from the list.
6
Click the Result drop-down arrow, and select Success from the list. This displays that even if the
return code was not zero, success by default, the task will be considered a success as per user’s
choice.
7
Enter a description for the return code in the Status field. This is the message that will be
displayed when the task, within a selected job, executes.
8
Select the Add to master return code list checkbox to add the custom code to the master return code
list. The code is then listed in both, the Other return code and Master Return Codes list. This is
helpful if you want to use the return code again.
9
Click Apply.
Note: The status of the tasks executed in a job is also displayed in the history of a computer.
Deployment Web Console Help
368
Initial Deployment
Initial Deployment is a default job designed to aid in the process of setting up computers that do not
yet exist in the Deployment Database. Initial Deployment lets you define how computers are initially
set up after being identified by the Deployment Server.
You can define various computer configuration sets and deployment jobs to present to the user
during startup, allowing the user to select the computer settings and hard disk images, software, and
personality settings for their specific needs and environment. New computers will appear in the New
Computers group in the Computers pane of the Deployment Web Console.
To access Initial Deployment, select a Deployment Server group in the Jobs
pane and select Initial Deployment from the Details pane. The Initial
Deployment page will open with three tabs: Configurations, Jobs, Options.
Notes:
•
Initial Deployment is ideal for small-scale deployments (1 to 10 computers). This feature is not
recommended for large deployments (10 to 100 computers) or mass deployments (100 to 5,000)
where you would use virtual computers, customized jobs, and the computer import feature.
•
Although Initial Deployment is most commonly used on computers that support PXE, you can
also configure a boot disk to run Initial Deployment. In this case, the image deployed must
include automation pre-boot environment so that post imaging tasks can run successfully.
Installing an Automation Partition on the client computer’s hard disk will ensure that future
imaging deployment jobs run.
Important: To completely deploy and configure a computer using Initial Deployment, you must
define at least one Configuration and one Job.
Initial Deployment consists of three dialog boxes with separate features to deploy new computers:
•
Configurations
•
Jobs
•
Options
Configurations
Click the Configurations tab in Initial Deployment to configure different sets of computer properties.
Each configuration set will be presented to the user in a menu. The user will be able to select the
configuration set designed for their environment. Compare the Configuration tab with the Jobs tab.
Important: If you do not create any configuration sets, the deployment process will automatically
set TCP/IP information to use DHCP and will name the computer to match the computer’s asset tag,
serial number or MAC address (in that order, depending on what is available).
1
Click a Deployment Server in the Jobs pane. Double-click Initial Deployment.
2
Click the Configurations tab.
3
Click the Add button
. Enter values to set computer and network properties for new
computers. See “Modifying Configuration” on page 362 for a list of property categories.
4
Name the configuration in the Configuration set name field. You will want to provide a
descriptive name that identifies the configuration set for the user.
5
Click the Add button
again to configure another set of property settings. You can add
multiple configuration sets for the user to select from a menu after connecting to Deployment
Server. Add as many different configuration sets as required.
6
After setting properties, click Apply.
Deployment Web Console Help
369
7
Click the default Menu item button to select the configuration set that you want to be the default.
8
Click Timeout after ___ seconds and proceed so that the default job runs automatically after a
specified amount of time.
9
Click OK, or click the Jobs tab to define a task.
Jobs
Click the Jobs tab in Initial Deployment to add existing jobs or create new jobs to run on the new
computer. The jobs you add or build using this dialog box will be listed in a menu and presented to
the user during startup. The user will be able to choose deployment jobs to image the computer and
install applications and personality settings. Compare the Jobs tab with the Configurations tab.
Conditions on jobs are limited to the data that can be accessed at the DOS level (i.e., serial number,
manufacturing number, NIC information, manufacturing name, etc.).
1
Double-click Initial Deployment in the Jobs pane drop list. The Initial Deployment page will open.
2
Click the Jobs tab.
3
Click the Add button
4
Click New to build a new job. See “Building New Jobs” on page 352.
5
Click the Default menu choice button to select the job as a default.
6
Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the
computer will automatically start the default job. The default setting is 300 seconds.
7
Click OK, or click the Options tab to stop either servers or workstations from running
configuration task sets and jobs automatically.
.
See also “Initial Deployment” on page 369.
Options
Click the Options tab to set options to stop Initial Deployment from running the default configuration
task sets and jobs automatically. This will avoid accidental re-imaging or overwriting of data and
applications for either workstations (desktop, laptop, handheld computers) or servers (web and
network servers identified by Deployment Server).
When a computer not yet known to the Deployment Database is first detected, it will be placed in
the New Computers group and run an Initial Deployment configuration set and job. However, in
many cases you do not want web or network servers to be automatically re-imaged without
confirmation from IT personnel.
Servers. Stop servers from automatically running Initial Deployment configuration jobs. Servers are
identified as those managed computers running multiple processors or identified as a specific server
model from specific manufacturers. Example: both a HP Proliant and a Dell computer with multiple
processors will be identified as a server. (Identifying a computer as a server by OS cannot be
accomplished for new computers until the server OS has been installed.)
Select Workstations to force desktop, laptop, and handheld computers to stop before automatically
running Initial Deployment.
Select Process as each agent becomes active if you want to run the job as soon as the computer
connects to the Deployment Server. Use this option for imaging 1 to 5 new computers.
Select Process in batch mode if you want to run the job once a certain number of computers are
connected to the Deployment Server. Enter the minimum number of agents in Minimum agents field.
You can set a timeout deadline so that the job will not run if the number of computers you specify
fail to connect during a certain amount time. Multicast technology sends the image over the network
once, and all of the computers “listen” for and accept the image, reducing network traffic and
increasing speed. Enter the timeout in Timeout field.
Deployment Web Console Help
370
Select Hold all agents until this time if you want to process the job on all computers at a particular time
of day. All clients are held before the task sets. The message states: “Deployment server has
instructed Automation to wait.”
Deployment Web Console Help
371
Part VIII
Technical Reference
This section technical information for command-line switches, return code values and
other detailed information for Deployment Solution components.
Altiris Deployment Solution 6.8
372
Chapter 20
Command-Line Switches
This section provides detailed information about command-line switches for specific
executables within Deployment Solution.
Job Utilities
The Job Utility applications allow you to import, export, create and schedule jobs
from the command line. Each action is performed from separate binaries installed in the
Deployment Share file directory.
axExport.exe — Exports jobs from Deployment Server. See Job Export Utility
(page 373).
axImport.exe — Imports jobs in to Deployment Server. See Job Import Utility
(page 374).
axEvent.exe — Creates jobs in Deployment Server. See Create Job Utility (page 375).
axSched.exe — Schedules jobs in Deployment Server. See Schedule Job Utility
(page 377).
axComp.exe — Imports computers to the Deployment Server from a DOS mode.
Axcomp allows you to import .csv and .txt files that are in a comma separated format.
ImportComputers55.txt in the Samples folder off of the eXpress share is an example of
the format needed. There are various command-line options available depending on
whether the user is in a Trusted or Non-Trusted account environment. See Import
Computer Utility (page 378).
Each utility connects to the Deployment Server Database to perform specific operations.
As a result, the appropriate ODBC and security rights are required. Each job utility
supports the /o /d /u /p switches.
The /o option (ODBC datasource) allows connectivity to the Deployment Server SQL
database using a different DSN. By default the standard Deployment Database DSN is
used. This is helpful when connecting to a second system from a common machine.
The /d /u /p options can be used if no DSN is set up for a particular server. However, the
SQL driver must be installed for any of these utilities to work. Each utility has the /?
switch to display the version of the utility and all command line options.
Job Export Utility
This utility can be used to export jobs from the Deployment Database. It can be helpful
in copying jobs from one Deployment system to another, backing up jobs, creating
standard jobs during multiple installations, and other actions.
Syntax: axExport <filename> (options)
Altiris Deployment Solution 6.8
373
Options
/f <folder-name>
Job folder to be exported
/e <job-name>
Job to be exported
/s
Process all subfolders also
/i
Include the Initial Deployment Job
/y
Suppress confirmation prompts
/dsn <odbc-dsn-name>
ODBC data source name
/d <db-server>
Database server name
/u <db-user>
Database user name
/db <db-databaseName>
Database name
/p <db-password>
Database user password
/lu <login-user>
Deployment Server login user name
/lp <login-password>
Deployment Server login password
Example 1:
Export all jobs to a binary backup file.
axExport /s /i backup.dat
Example 2:
Make a backup copy of a single job.
axExport /e "Deploy Office 2000" backup2.dat
Example 3:
Export all jobs in the Projects folder.
axExport /f Projects projects.dat
Example 4:
and instance.
Export a job to a binary backup file without supplying the SQL server
axExport Backup.dat /e "Image Job"
Example 5:
Export a job to a binary backup file with the database server name.
axExport Backup.dat /e "Image Job" /d DatabaseServerName /db DatabaseName /u
DatabaseUserName /p DatabaseUserPassword
Job Import Utility
Syntax: axImport <filename> (options)
Options
/f <folder-name>
Job folder to be imported
/r
Delete current contents of this folder
/n
Don't notify consoles of the changes
/o
Overwrite jobs that have the same
name and parent folder
/y
Suppress confirmation prompts
/dsn <odbc-dsn-name>
ODBC data source name
Altiris Deployment Solution 6.8
374
/d <db-server>
Database server name
/u <db-user>
Database user name
/db <db-databaseName>
Database name
/p <db-password>
Database user password
/lu <login-user>
Deployment Server login user name
/lp <login-password>
Deployment Server login password
Note
When new jobs are created in a console, by default, Deployment Server will notify all
other consoles that changes have been made so they can refresh and show the newly
imported jobs. If several batches of jobs are imported, the '/n' option should be used
until the last batch to reduce the amount of refreshes performed.
Example 1:
Restore all jobs from a binary backup file.
axImport /r backup.dat
Example 2:
Jobs).
Restore jobs from a backup file into pre-created folder (named Test
axImport /f "Test Jobs" backup.dat
Create Job Utility
Syntax: axEvent <job-name> (options) <task-type> (parameters)
Altiris Deployment Solution 6.8
375
Tasks
/tci <filename>
Create disk image
/tdi <filename>
Distribute disk image
/tds <filename>
Distribute software
/tbr <path>
Backup registry files
/trr <path>
Restore registry files
/trs <path>
Run Script
/tcf <source> <dest>
Copy file
/tgi
Get Inventory
/tre
Restart
/tsd
Shutdown
/tlo
Logoff
Options
/a
Add task to existing job
/r
Replace all tasks within this job
/x <parameters>
Command-line parameters for task
/f <folder-name>
Job folder to be created in
/i
Import script into task definition
/w
Run the script from Windows
/lnx
Run the script in Linux
/n
Don't notify consoles of the changes
/nc
Don’t do post image config
/de
Add Description to task
/y
Suppress confirmation prompts
/dsn <odbc-dsn-name>
ODBC data source name
/d <db-server>
Database server name
/u <db-user>
Database user name
/db <db-databaseName>
Database name
/p <db-password>
Database user password
/lu <login-user>
Deployment Server login user name
/lp <login-password>
Deployment Server login password
Note
To use the Run Script option (/trs), a script must be created in a file first. Then if you
want the script to be embedded, include the /i option. Otherwise, the task will link to the
script filename.
Example 1: Create a Job that makes an image of a computer named "Oscar" and run it
immediately.
Altiris Deployment Solution 6.8
376
axEvent CreateOscar /tci .\Images\oscar.img
axSched oscar CreateOscar /t "2000-12-31 08:00"
Example 2: Shutdown Oscar's computer right now.
axEvent Shutdown /tsd
axSched oscar Shutdown /t "2000-12-31 08:00"
Example 3: Run a Windows program on all computers right now. (Calc.exe is the only
line in script.txt.)
axEvent /w /i RunCalc /trs script.txt
axSched oscar RunCalc /t "2000-12-31 08:00"
Example 4: Create a Job (named Win2000 and Off2000) that reimages a computer with
Windows 2000 and deploys an Office 2000 Rapid Install Package.
axEvent "Win2000 and Office 2000" /tdi .\Images\w2000.img
axEvent "Win2000 and Office 2000" /a /tds .\RIPs\off2000.exe
To then migrate Oscar to Windows 2000:
axSched Oscar "Win2000 and Off2000" /t "2000-12-31 08:00"
Schedule Job Utility
Syntax: axSched <computer/group> <job-name> (options)
OR
axSched /q <filename> (options)
Options
/t <yyyy-mm-dd hh:mm>
Time to schedule
/n
Don't notify servers of the changes
/f <folder-name>
Schedule the job-name found in this
folder
/q <filename>
File used for exporting jobs
/y
Suppress confirmation prompts
/dsn <odbc-dsn-name>
ODBC data source name
/d <db-server>
Database server name
/u <db-user>
Database user name
/db <db-databaseName>
Database name
/p <db-password>
Database user password
/lu <login-user>
Deployment Server login user name
/lp <login-password>
Deployment Server login password
Note
The format for <time> is “yyyy-mm-dd hh:mm.” If the date is omitted, the current date
is assumed.
Altiris Deployment Solution 6.8
377
If the /t switch is not used, the job is assigned to the computer but not scheduled. As a
result, it will not execute.
If you would like the job to run immediately, choose a date in the past.
If you have a group or computer name which include spaces, put the name in quotes.
All Computers can now be used as a group option.
Example 1: Schedule a job called Office2000 to run on Oscar’s computer at midnight on
12-31-2002.
axSched Oscar’s Office2000 /t "2000-12-31 00:00"
Example 2: Schedule a job called Office2000 to run on the Accounting Group
computers tonight at 10PM.
axSched Accounting Office2000 /t "2001-2-15 22:00"
Example 3: Schedule a job called ShutDown to run on all computers at tonight at 10
PM.
axSched "All Computers" ShutDown /t "2001-2-15 22:00"
Import Computer Utility
Syntax: axcomp <import-file> <options>
Options
/n
Don't notify consoles of the changes
/y
Suppress confirmation prompts
/dsn <odbc-dsn-name>
ODBC data source name
/d <db-server>
Database server name
/u <db-user>
Database user name
/db <db-databaseName>
Database name
/p <db-password>
Database user password
/lu <login-user>
Deployment Server login user name
/lp <login-password>
Deployment Server login password
Example 1: Import a computer using trusted account
axcomp <filename> /u <db-user> /p <db-password> /lu <login-user> /lp <loginpassword>
Example 2: Import a computer using non-trusted account.
axcomp <filename> /u <db-user> /p <db-password>
axengine.exe
The Altiris eXpress Server (axengine.exe)is the Deployment Server
component of the Deployment Solution infrastructure. Command-line start parameters
Altiris Deployment Solution 6.8
378
for this service are set in the registry setting rather than in the Start Parameters
property of the service.
If you want to add start parameters after the install, you can modify the registry
settings. The registry key is LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Altiris
Express Server.
Deployment Agent for Windows
The following sections identify command-line and input parameters for Aclient.exe,
the executable file for the Deployment Agent for Windows.
Aclient.exe Command-line Switches
The Aclient.exe executable installs and runs on client computers, enabling them to
be managed by a Deployment Server. It enables clients to receive work from the
Deployment Server, and it reports client status to the Server.
The program is normally installed and configured remotely using the Client Install
wizard, or the program is run at the client computer. However, you can use the
command-line options to run it from a script file if you want to. (If you use a script file,
see the following section on aclient.inp for information on using an import file to
specify install switches for the Deployment Agent.)
You can use either a forward slash (/) or a dash (-) with the command-line options.
Commands are not case sensitive.
Switch
Details
-ver
Function: Shows the version of aclient.exe running on the computer.
-install
Function: Installs the client.
Option: -silent allows install to complete without sending output to the
client.
Example: To install aclient.exe from the Deployment Server directory
without sending messages to the client, type
Deployment Server /aclient /install /silent
-remove
Function: Removes (uninstalls) aclient.exe from a computer.
Option: -silent removes the Deployment Agent for Windows without
sending output to the client.
Example: To remove Deployment Agent for Windows, type
aclient -remove
-start
Function: Manually starts aclient.exe on a computer.
Option: -silent starts the aclient.exe without sending output to the client.
-stop
Function: Manually turns off Deployment Agent for Windows on a
computer.
Option: -silent turns off Deployment Agent for Windows without sending
output to the client.
Altiris Deployment Solution 6.8
379
Aclient.inp Parameters
You can use this input file to set installation parameters for aclient.exe, so you can
install the client program from a script file. The file is copied to the Deployment Server
program directory when you install the product. Command-line parameters are included
in the file, but are marked with a REM statement.
To use the input file, open it and remove the REM commands from the parameters you
want to use. When you have the file set up the way you want it, you can run it by
entering the file name as the first parameter after the aclient command.You can also
put the same line in a script file if you want to run it from a file. Type
aclient aclient.inp
The input file name (aclient.inp) and InstallDir parameters are required; all
others are optional. Parameters are case sensitive.
Note
Many parameters will work after setting other parameters first. Example: you can only
use ServerName after the multicast parameters, MCastAddr and MCastPort, are set.
Parameters
Details
ForceReboot
Function: Specifies how the system should be shut down and
rebooted. Applications are forced closed and the system shuts down
even if programs hang. (User data could be lost.)
Example: To force clients to reboot when a reboot task is assigned,
type
ForceReboot=Yes
The default is “No.”
HardTimeout
Function: Specifies the length of time (in seconds) that aclient.exe
will maintain an idle connection with the Deployment Server. After
the time limit is exceeded, the client will disconnect and then
establish a new connection with the Server.
Example: To establish a new connection with the Deployment
Server whenever the connection is idle for 900 seconds, type
HardTimeout=900
InstallDir
(required)
Function: Specifies the full path name to the directory where
aclient.exe will be installed. The default location is
c:\altiris\aclient.
Example: To change the default location, replace it with a new
path. Type
InstallDir=c:\programs\aclient
LogFile
Function: Specifies the full path name to the log file.
Example: To write log entries to a log file in your aclient directory,
type
LogFile=c:\altiris\aclient\aclient.log
Altiris Deployment Solution 6.8
380
Parameters
Details
LogSize
Function: Sets the maximum log file size (in bytes).
Example: To set the log file size limit to 4096 bytes, type
LogSize=4096
MCastAddr
Function: Specifies the multicast group address to be used to find
the Deployment Server.
Example: To set the IP address for multicasting, type
MCastAddr=225.1.2.3
MCastPort
Function: Specifies the port number to use for multicasting.
Example: To use port 402 for multicasting, type
MCastPort=402
Password
Function: Sets a password on the client to prevent users from
accessing aclient.exe settings.
Example: To lock the settings, type
Password=clientmanager
PromptExecute
Function: Sends output (messages) to the client when tasks are
being executed.
Options: Yes, No
Examples: To allow prompts and messages to be sent to the client,
type
PromptExecute=Yes
To suppress output, type
PromptExecute=No
PromptOverride
Function: Specifies the default action to take when there is no user
response to a restart prompt.
Options: Abort, Continue
Examples: To abort the client reboot, type
PromptOverride=Abort
To reboot the client, type
PromptOverride=Continue
PromptReboot
Function: Prompts the user before restarting the client.
Options: Yes, No
Examples: To prompt for user input before restarting a client, type
PromptReboot=Yes
To restart a client without requiring user input, type
PromptReboot=No
Altiris Deployment Solution 6.8
381
Parameters
Details
PromptSeconds
Function: Specifies the length of time (in seconds) that the client
will wait for a response from the user.
Example: To wait 30 seconds for user input, type
PromptSeconds=30
ShowTrayIcon
Function: Specifies whether or not to show the Altiris client icon in
the system tray. If the icon is not in the tray, users cannot access
Aclient.
Example: To not show the icon, type
ShowTrayIcon=No
The default is “Yes,” which loads the icon into the system tray.
SpeedLimit
Function: Sets the minimum transfer rate accepted from the
Deployment Server (in bytes per second). If aclient.exe cannot
receive data from the Server at this rate, it will disconnect and retry
at specified intervals. See HardTimeout below.
Example: To set a minimum ransfer rate of 7500 bytes per second,
type
SpeedLimit=7500
TcpAddr
Function: Specifies the IP address of the Deployment Server that
the client will connect to. Using this parameter causes the client to
use TCP instead of multicasting to connect to the Server.
Example: To have the client connect to a Deployment Server using
its IP address, type
TcpAddr=192.1.2.3
TcpPort
Function: Specifies the port number of the Deployment Server
listening for requests. Using this parameter causes the client to use
TCP to connect to the Server.
Example: To specify the port number of the Deployment Server to
connect to, type
TcpPort=402
TTL
Function: Sets the maximum number of hops to multicast through.
Example: To limit the number of hops to 32, type
TTL=32
UpdateFileSystemSids Function: Specifies if you want SIDgen to update permissions on
any local NTFS volumes. This parameter only applies if you have
domains and use SIDgen to manage the computer IDs.
Example: To update permissions on the local NTFS volume, type
UpdateFileSystemSids=Yes
The default is “No.”
Altiris Deployment Solution 6.8
382
Parameters
Details
UseRCDrivers
Function: Specifies whether or not to install keyboard and mouse
filter drivers that enable remote control on Windows NT and 2000
client computers. (The default is “No,” so the drivers are not
installed. This parameter is not necessary for Win 95/98 computers,
because they do not require Ctrl-Alt-Del input to log in.
Example: To install the drivers for remote control, type
UseRCDrivers=Yes
UserName
Function: Associates a computer with the primary user or users.
This is used to target RIP deployments to a specific user or group of
users. To assign more than one user, separate the names with
semicolons.
Examples: To associate user Fred with the client being installed,
type
UserName=Fred
To associate users Fred and Sam with the client, type
UserName=Fred;Sam
ServerName
Function: Specifies the computer name of the Deployment Server
that you want the client to connect to. This is useful if you have
multiple Deployment Servers on your network and you do not want
the client to connect to the first Server it finds.
The ServerName parameter is only valid if you are using
multicasting (by setting MCastAddr and MCast Port parameters).
Note
ServerName can only be set after the multicast parameters,
MCastAddr and MCastPort, are set.
Example: To restrict client connection to a Server named
“Server3,” type
ServerName=Server3
Note
A CR/LF (blank line) is needed at the end of the aclient.inp file in order for it to be
utilized when installing Deployment Agent for Windows.
ADLAgent.config Parameters
You can use the ADLAgent.config file to configure the ADLAgent service settings. When
the ADLAgent service is suspended, certain information is needed to restore the
previous settings. This information is saved in the ADLAgent configuration file. This
ensures that the next time the computer reboots, the ADLAgent service starts up
without any problems.
Altiris Deployment Solution 6.8
383
Parameters
Details
DebugTrace
Specifies whether or not to log any messages.
Changes to the DebugTrace field may not be
recognized until the ADLAgent is stopped and
restarted.
Example: DebugTrace=True.
LogErrors
Specifies the types of messages to be written in the
log file.
Example: LogErrors=True.
LogInformation
Specifies the types of messages to be written in the
log file.
Example: LogInformation=True.
LogDebug
Specifies the types of messages to be written in the
log file.
Example: LogDebug=True.
UseLogFile
Specifies whether or not to write messages in the log
file.
Example: LogFile=True.
LogFile
Specifies log file path and name.
Example: /opt/altiris/deployment/
adlagent/log/adlagent.txt
LogSize
This is the maximum file size for all of the trace files in
bytes (optional).
Example: LogSize=409600.
IPTrace
Specifies whether or not to log messages between the
ADLAgent and the Deployment Server. Changes to the
IPTrace field may not be recognized until the ADLAgent
is stopped and restarted.
Example: IPTrace=True.
IPUseLogFile
Specifies whether or not to use the IP log file.
Example: IPUseLogFile=True.
IPTraceFile
Specifies the IPTrace log file path and name.
Example: /opt/altiris/deployment/
adlagent/log/adlagentlpTrace.txt
IPLogSize
This is the maximum file size for all of the trace files in
bytes (Optional).
Example: LogSize=409600.
SyncTimeWithServer
Synchronize the agent’s time with the Deployment
Server. This may be set to “True” or “False”.
Example: SyncTimeWithServer=True.
Altiris Deployment Solution 6.8
384
Parameters
Details
GetApps
Specifies whether or not to get the Applications at a
“Get Inventory” request.
Example: GetApps=True.
GetServices
Specifies whether or not to get the Services at a “Get
Inventory” request.
Example: GetServices=True.
GetDevices
Specifies whether or not to get the Devices at a “Get
Inventory” request.
Example: GetDevices=True.
GetSmbios
Specifies whether or not to read the Smbios table.
Example: Smbios=True.
EncryptSessions
Specifies whether or not the ADLAgent will attempt to
make an encrypted session with the server.
Example: EncryptSession=True.
RequireEncrypt
Specifies whether or not the ADLAgent will fail to
connect if an encrypted session cannot be established.
Example: RequireEncrypt=True.
UseMCast
Specifies whether or not to use multicast to find a
Deployment server or make a connect directly to the
Deployment server using the specified IP port and
address.
Example: UseMCast=True.
MCastAddr
Specifies the multicast group address to be used to
find the Deployment Server (Optional).
Example: MCastAddr=225.1.2.3.
MCastPort
Specifies the port number to use while multicasting
(Optional).
Example: MCastPort=402.
TTL
Specifies the maximum number of hops to multicast
through (Optional).
Example: TTL=32.
ServerName
Specifies the computer name of the server (Optional).
Example: Server=RADAR.
TcpAddr
Specifies the IP address of the Deployment Server to
connect to (Optional). Specifying this parameter will
switch the ADL Agent to use TCP to connect to the
Deployment Server.
Example: TcpAddr=127.0.0.1.
Altiris Deployment Solution 6.8
385
Parameters
Details
TcpPort
This is the IP port number of the Deployment Server
listening for requests (Optional). Specifying this
parameter will switch the ADL Agent to use TCP to
connect to the Deployment Server.
Example: TcpPort=402.
WakeOnLANProxy
Specifies whether to proxy Wake on LAN packets.
Example: WakeOnLANProxy=True.
MCastProxy
Specifies whether this agent will advertise the
presence of the Deployment server. Specifies whether
to proxy Multicast packets.
Example: MCastProxy=True.
UseFQDN
Specifies whether the ADLAgent should attempt to
reverse the IP address to return a proper ‘fully
qualified domain name’ to the Altiris Deployment
Server. If the network is set up to properly resolve PTR
record requests this option will return the fully
qualified name of the agent, such as
myhost.mydomain.com. However, if the network does
not resolve PTR records, this option may delay
adlagent connection by as much as a minute or two.
Example: UseFQDN=True.
UseHardTimeout
Specifies whether to use the hard time out or not.
Example: UseHardTimeout=True.
HardTimeout
Specifies the number of seconds of inactivity the agent
will wait before reconnecting to the Deployment
Server. The default is 12 hours.
Example: HardTimeout=43200.
APPEND_HOSTNAME_TO_L
OCAL_HOST
This is used should the ADLAgent attempt to append
the new hostname to the hosts file as an ‘alias’ to
localhost.
Example:
APPEND_HOSTNAME_TO_LOCAL_HOST=True.
USER_CHECK_INTERVAL
Interval at which adl_users should report changes to
the logged in users. This value is in seconds, with the
default being 6 seconds.
Example: USER_CHECK_INTERVAL=6.
Note: A value of 0 will not send user updates.
KILL_TIME
The amount of time in seconds to wait for the agent to
the Deployment Server before killing the adlagent.
This will reboot the system in automation mode.
Currently, this is only supported in automation mode.
The default is 3 minutes.
Example: KILL_TIME=180.
Altiris Deployment Solution 6.8
386
Parameters
Details
MAKE_LOWER_CASE
Changes the file path and file name to lower case
when copying a file from the Deployment Server.
Example: MAKE_LOWER_CASE=True.
FORCE_NEW
This is for the agent in automation mode only. It forces
the agent to run the Initial Deployment event, even if
it is already in the database.
Example: FORCE_NEW=True.
AUTO_UPDATE
This allows the agent control as to whether it will
automatically update to the newest or only adlagent
on the Deployment Server.
Example: AUTO_UPDATE=True.
AClient.config Parameters
You can use the AClient.config file to configure the system. This file is used to modify
the AClient settings.
Parameters
Details
Global
MACAddrList
Specifies the list of MAC Addresses for every NIC
installed on the PC separated by a comma.
Example: MACAddrList=000C29C63002,
000C29C6300C.
Serial-Number
Specifies the serial number of the PC.
Example: Serial-Number=VMware-56 4d db 10 9f cd
9d 7e-d4 7e 52 4e 88 c6 30 02.
Reboot
Specifies whether to reboot the computer. By default,
AClient will reboot the computer only when it is
necessary for the changes that have been made.
Example: Reboot=True.
RebootAfterConfig
Specifies whether to reboot the computer after the
configuration task.
Example: RebootAfterConfig=True.
Status-Code
Specifies the status code of the last executed job.
Example: Status_Code=0.
Status_Module
Specifies the module that reported the status code.
Example: Status_Module=AClient.
Altiris Deployment Solution 6.8
387
Parameters
Details
SIDgenCount
Specifies the number of times SIDGen has run.
Example: SIDGenCount=0.
Note: This value is set by the AClient and the user
need not set it.
TaskSequence
Specifies the task sequence of the task executed by
the AClient.
Example: TaskSequence=0.
ScheduleID
Specifies the schedule ID of the last job executed by
the AClient.
Example: ScheduleID=100000008.
Remove
Specifies whether to remove AClient from the PC.
Example: Remove=True.
Config
Specifies whether to configure the PC.
Example: Config=None, Config=New or
Config=Reply.
Note: Config=Configure.
License
Sysprep2KLicense
Specifies the Sysprep License number.
Example:
LicenseNumber
Specifies the OS License Key.
Example: LicenseNumber=5274-649-647895323135.
RegOrganization
Specifies the OS Registered Organization.
Example: RegOrganization=Altiris.
RegUser
Specifies the OS Registered User.
Example: RegUser=Altiris.
Prompt
Specifies whether to prompt the user for the computer
name and to join a Workgroup/Domain during
configuration.
Example: Prompt=True.
Networking
DomainPassword
Specifies the domain password.
Example: DomainPassword=FVZSiJELzmpvn[^][@
DomainUsername
Specifies the domain user name.
Example: [email protected]\iYI ^Vjpsp
DSDomainController
Specifies the Domain Controller.
Example: DSDomainController=mycompany.
Altiris Deployment Solution 6.8
388
Parameters
Details
DSOrganizationalUnit
Specifies the organizational unit for Deployment
Solution.
Example: DSOrganizationalUnit=myou.
ChangeSID
Specifies whether to change the SID value.
Example: ChangeSID=True.
Computer Name
Specifies the name of the computer.
Example: ComputerName=Altiris.
DNSDomain
Specifies the DNS domain, which is the name of the
Workgroup or Domain that this computer is a member
of.
Example: DNSDomain=cybage.com.
Workgroup
Specifies whether the computer is a member of a
Workgroup.
Example: Workgroup=True or Workgroup=False.
Prompt
Specifies whether to prompt the user for the computer
name and whether to join a Workgroup/Domain.
Example: Prompt=True.
Netware
RunScrits
Specifies whether to run NetWare login scripts.
Example: RunScrits=True.
Context
Specifies the NDS Context.
Example: Context=NDS Context.
PreferredTree
Specifies the preferred Netware tree.
Example: PreferredTree=Tree.
LoginTree
Specifies whether to login using the Preferred Tree or
Preferred Server.
Example: LoginTree=True or LoginTree=False.
Username
Specifies the NDS User Name.
Example: Username=User.
Prompt
Specifies whether to prompt the user for Netware
Client Settings.
Example: Prompt=True.
TCP/IP
MACAddress
Specifies the MAC Address.
Example: MAC Address=0007E97FD73C.
Description
Specifies the description of the NIC (Network Interface
Card).
Example: Description of NIC=AMD PCNET Family PCI
Ethernet Adapter.
Altiris Deployment Solution 6.8
389
Parameters
Details
VendorID
Specifies the Vendor ID for the NIC.
Example: Vendor ID=32902.
DeviceID
Specifies the device ID for the NIC.
Example: Device ID=4153.
PCIFunction
Specifies the PCI Function for the NIC.
Example: PCI Function=0.
PCIDevice
Specifies the PCI Device for the NIC.
Example: PCI device=8.
PCIBus
Specifies the PCI Bus for the NIC.
Example: PCI Bus=1
WINS-Server1
Specifies the WINS Server 1 for TCP/IP.
Example: WINS-Server1=0.0.0.0.
WINS-Server0
Specifies the WINS Server 0 for TCP/IP.
Example: WINS-Server0=0.0.0.0.
WINS-Server-Count
Specifies the number of WINS servers for TCP/IP.
Example: WINS-Server-Count=2.
WINS-Enabled
Specifies whether the WINS servers are enabled.
Example: WINS-Enabled=True.
SetWINSInfo
Specifies whether to set the WINS information.
Example: SetWINSInfo=True.
DNS-Server2
Specifies the DNS server 2 for TCP/IP.
Example: DNS-Server2=0.0.0.0.
DNS-Server1
Specifies the DNS server 1 for TCP/IP.
Example: DNS-Server1=0.0.0.0.
DNS-Server0
Specifies DNS server 0 for TCP/IP.
Example: DNS-Server0=0.0.0.0.
DNS-Server-Count
Specifies the number of DNS Servers for TCP/IP.
Example: DNS-Server-Count=3.
DNS-Domain
Specifies the DNS domain for TCP/IP.
Example: DNS-Domain=mydomain.com
DNS-Host
Specifies the name of the DNS host.
Example: DNS-Host=TSTWXP2.
DNS-Enabled
Specifies whether the DNS is enabled.
Example: DNS-Enabled=True.
SetDNSInfo
Specifies the DNS information for TCP/IP.
Example: SetDNSInfo=True.
Altiris Deployment Solution 6.8
390
Parameters
Details
Gateway
Specifies the Gateway information for TCP/IP.
Example: Gateway=172.17.31.2.
Netmask
Specifies the Netmask value for TCP/IP.
Example: Netmask=255.255.255.0.
Address
Specifies the address for TCP/IP.
Example: Address=172.17.31.98.
DHCP
Specifies the DHCP value for TCP/IP.
Example: DHCP=True.
SetIPInfo
Specifies whether to set the IP information for TCP/IP.
Example: SetIPInfo=True.
NIC-Section-Count
Specifies the NIC section count for TCP/IP.
Example: NIC-Section-Count=2.
Interface0
State
Specifies the state of Interface0.
Example: State=Up.
Gateway
Specifies the gateway of Interface0.
Example: Gateway=172.17.31.2.
Netmask
Specifies the netmask of Interface0.
Example: Netmask=255.255.255.0.
IP-Address
Specifies the IP address for Interface0.
Example: IP-Address=172.17.31.98.
DHCP
Specifies the DHCP value for Interface0.
Example: DHCP=Yes.
Name
This is the name of Interface0.
Example: Name=eth0.
Interface1
State
Specifies the state of Interface1.
Example: State=Up.
Gateway
Specifies the gateway of Interface1.
Example: Gateway=10.10.10.1.
Netmask
Specifies the netmask of Interface1.
Example: Netmask=255.0.0.0.
IP-Address
Specifies the IP-Address for Interface1.
Example: IP-Address=10.10.10.10.
NICEntry
Altiris Deployment Solution 6.8
391
Parameters
Details
MACAddress
Specifies the MACAddress for NICEntry.
Example: MACAddress=00-FF-3C-03-85-C0.
Description
Specifies the description of the computer for NICEntry.
Example: Description=AMD PCNET Family PCI
Ethernet Adapter.
VendorID
Specifies the Vendor ID for NICEntry.
Example: Vendor ID=4332.
DeviceID
Specifies the Device ID for NICEntry.
Example: Device ID=33081.
PCIFunction
Specifies the PCI function for NICEntry.
Example: PCIFunction=0
PCIBus
Specifies the PCI bus for NICEntry.
Example: PCIBus=1
Gateway
Specifies the gateway for NICEntry.
Example: Gateway=10.10.10.1.
Netmask
Specifies the netmask for NICEntry.
Example: Netmask=255.0.0.0.
Address
Specifies the address of NICEntry.
Example: Address=10.10.10.10.
DHCP
Specifies the DHCP value for NICEntry.
Example: DHCP=True.
SetIPInfo
Specifies the IP information for NICEntry.
Example: SetIPInfo=True.
WINS-Server-Count
Specifies the number of WINS servers for NICEntry.
Example: WINS-Server-Count=0.
WINS_Enabled
Specifies whether the WINS servers are enabled.
Example: WINS-Enabled=False.
SetWINSInfo
Specifies the WINS information for NICEntry.
Example: SetWINSInfo=True.
DNS-Server1
Specifies DNS Server 1 for NICEntry.
Example: DNS-Server1=10.10.10.3.
DNS-Server0
Specifies DNS Server 0 for NIC Entry.
Example: DNS-Server0=10.10.10.2.
DNS-Server-Count
Specifies the number of DNS servers for NIC Entry.
Example: DNS-Server-Count=2.
Altiris Deployment Solution 6.8
392
Parameters
Details
DNS-Host
Specifies the DNS host for NICEntry.
Example: DNS-Host=TESTWXP2.
DNS-Domain
Specifies the DNS domain for NICEntry.
Example: DNS-Domain=mydomain.com.
DNS-Enabled
Specifies whether the DNS is enabled for NICEntry.
Example: DNS-Enabled=True.
SetDNSInfo
Specifies the DNS information for NICEntry.
Example: SetDNSInfo=True.
ConfigSettings
LogFile
UseLogFile
Specifies whether to save log information to a text file.
Example: UseLogFile=Yes.
LogFile
Specifies the location and name of the log file to save
logging information to. UseLogFile must be enabled for
this setting to work.
Example: Log File=File Location.
LogSize
Specifies the maximum size of the log file in bytes.
UseLogFile must be enabled for this setting to work.
Example: LogSize=4096.
LogErrors
Specifies the log errors. UseLogFile must be enabled
for this setting to work.
Example: LogErrors=Yes.
LogInformation
Specifies the log informational messages. UseLogFile
must be enabled for this setting to work.
Example: LogInformation=Yes.
LogDebug
Specifies the log debugging information. UseLogFile
must be enabled for this setting to work.
Example: LogDebug=Yes.
Security
ShowTrayIcon
Specifies whether to show AClient tray icon.
Example: ShowTrayIcon=Yes.
EncryptSessions
Specifies whether to encrypt sessions with the server.
Example: EncryptSession=Yes.
RequireEncrypt
Specifies whether to require encrypted sessions with
the server. EncryptSessions must be enabled for this
setting to work.
Example: RequireEncrypt=Yes.
Altiris Deployment Solution 6.8
393
Parameters
Details
EncryptedClientID
Specifies the encrypted client ID.
Example: EncryptedClientID=0
Password
Specifies the password.
Example: Password=Altiris
AllowMod
Specifies whether or not to enable or disable security
for admin properties. If the value is 0, the security is
disabled. if the value is 1, the security is enabled.
Example: AllowMod=1
Transport
TransportUse
Specifies how AClient will find and connect to a
Deployment Server. To use TCP/IP multicast,
TransportUse=0. To use TCP/IP, TransPortUse=1.
Example: TransportUse=0 or TransPortUse=1.
MCastAddr
Specifies the multicast group address to use to locate
a Deployment Server. TransportUse must be 0 for this
setting to work.
Example: MCastAddr=225.1.2.3.
MCastPort
Specifies the multicast port to use to locate a
Deployment Server. TransportUse must be 0 for this
setting to work.
Example: MCastPort=402.
TTL
Specifies the Multicast Time to Live to use to locate a
Deployment Server. TransportUse must be 0 for this
setting to work.
Example: TTL=32.
ConsoleName
Specifies the server name to use to locate a
Deployment Server via Multicast. If nothing is
specified, AClient will connect to the first Deployment
Server it locates. TransportUse must be 0 for this
setting to work. This is optional.
Example: ConsoleName=ALTIRIS.
TcpAddr
Specifies the IP Address or Host Name to use to locate
a Deployment Server.TransportUse must be 1 for this
setting to work.
Example: TcpAddr=172.19.16.20
TcpPort
Specifies the IP port to use to locate a Deployment
Server. TransportUse must be 1 for this setting to
work.
Example: TcpPort=402.
User Prompts
Altiris Deployment Solution 6.8
394
Parameters
Details
PromptReboot
Prompt before executing shutdown and restart
commands.
Example: PromptReboot=Yes.
PromptExecute
Prompt before executing program execution and file
copy commands.
Example: PromptExecute=Yes.
PromptRemoteControl
Prompt before executing remote control commands.
Example: PromptRemoteControl=Yes.
PromptSeconds
Specifies how long the user prompt will be displayed in
seconds.
Example: PromptSeconds=10.
PromptOverride
Specifies whether the AClient should continue the
operation or abort it, when the user prompt times out.
Example: PromptOverride=Continue.
Connection
ConnectionParadigm
Specfies whether to select to either stay connected to
the Deployment Server, or check periodically for work.
To remain connected, ConnectionParadigm=0. To
remain mostly disconnected, ConnectionParadigm=1.
Example: ConnectionParadigm=0 or
ConnectionParadigm=1.
UseHardTimeout
Specifies whether to refresh connection after idle time
specified in HardTimeout. ConnectionParadigm must
be 0 for this setting to work.
Example: UseHardTimeout=Yes.
HardTimeout
Specifies how frequently to refresh the connection to
the server in seconds. ConnectionParadigm must be 0
and UseHardTimeout must be Yes for this setting to
work.
Example: HardTimeout=28800.
ReconnectInterval
Specifies how often in seconds to reconnect to check
for work. ConnectionParadigm must be 1 for this
setting to work.
Example: ReconnectInterval=28800.
CloseTimeOut
Specifies how long, in seconds, to wait for work before
disconnecting. ConnectionParadigm must be 1 for this
setting to work.
Example: CloseTimeOut=60.
Altiris Deployment Solution 6.8
395
Parameters
Details
SetSpeedLimit
Specifies whether to set speed limit for transfer files. If
it is Yes then check transfer rate is slower than the
rate specified in SpeedLimit. If it is No, do not transfer
files.
Example: SetSpeedLimit=Yes.
SpeedLimit
Specifies the minimum speed limit in Kbps to transfer
files. If the rate is slower than the rate specified here,
do not transfer files. SetSpeedLimit must be enabled
for this setting to work.
Example: SpeedLimit=10000.
Blockout
ScheduledBlockStart
Specifies the beginning of the period when the client
cannot connect to the server.
Example: ScheduledBlockStart=08:00.
ScheduledBlockEnd
Specifies the end of period when the client cannot
connect to the server.
Example: ScheduledBlockEnd=17:00.
BlockedDaysSun
Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Sundays.
Example: BlockedDaysSun=True.
BlockedDaysMon
Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Mondays.
Example: BlockedDaysMon=True.
BlockedDaysTue
Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Tuesdays.
Example: BlockedDaysTue=True.
BlockedDaysWed
Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Wednesdays.
Example: BlockedDaysWed=True.
BlockedDaysThu
Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Thursdays.
Example: BlockedDaysThu=True.
Altiris Deployment Solution 6.8
396
Parameters
Details
BlockedDaysFri
Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Fridays.
Example: BlockedDaysFri=True.
BlockedDaySat
Specifies whether to block the client from connecting
to the Deployment Server between the times specified
in ScheduledBlockStart and ScheduledBlockEnd on
Saturdays.
Example: BlockedDaysSat=True.
Proxy
WakeOnLANProxy
Forward Wake On LAN packets sent from the
Deployment Server.
Example: WakeOnLANProxy=Yes.
MCastProxy
Specifies whether to advertise for the Deployment
Server the client is connected to. This allows local
clients to discover the server on a remote network
through TCP/IP multicast.
Example: MCastProxy=Yes.
MCastProxyRate
Specifies how often to send multicast advertisements
in seconds. MCastPRoxy should be set to ‘Yes’ for this
setting to work.
Example: MCastProxyRate=900.
BootWorks
EnableDirectDiskAccess
Specifies whether to enable direct disk access to
BootWorks.
Example: EnableDirectDiskAccess=Yes.
UpdateBootworkTransport
Specifies whether to synchronize transport (IP/
multicast) settings with Bootworks.
EnableDirectDiskAccess must be enabled for this
setting to work.
Example: UpdateBootworkTransport=Yes.
UpdateBootworkIP
Specifies whether to synchronize TCP/IP (static IP,
netmask/DHCP) settings with Bootworks.
EnableDirectDiskAccess must be enabled for this
setting to work.
Example: UpdateBootworkIP=Yes.
Altiris Deployment Solution 6.8
397
Parameters
Details
BootDiskMessageUsage
Specifies when the user should be prompted for a
Bootworks boot disk when performing tasks from DOS.
Example: BootDiskMessageUsage= 0 for Never;
BootDiskMessageUsage=1 for Always;
BootDiskMessageUsage=2 if Bootworks is not
detected; BootDiskMessageUsage=3 if PXE is not
detected; and BootDiskMessageUsage=4 if neither
BootWorks nor PXE is detected.
Other
ForceReboot
Specifies whether to force applications to close when
shutting down.
Example: ForceReboot=Yes.
BootDrive
Specifies the Windows boot drive.
Example: BootDrive=D:\.
SyncTimeWithServer
Specifies whether to synchronize the client system’s
date and time with the Deployment Server.
Example: SyncTimeWithServer=Yes.
SettingsChanged
Specifies whether to change the settings.
Example: SettingsChanged=Yes.
RequirePasswordForUserPro
p
Admin password required to edit admin properties. If
the value is 0, the password is not required. If the
value is 1, the password is required.
Example: RequirePasswordForUserProp=0
DownloadWait
Specifies in seconds whether and how long to wait for
download.
Example: DownloadWait=10.
ReconnectWait
Specifies in seconds whether and how long to wait for
reconnect.
Example: ReconnectWait=10.
EnableReconnectDownload
Waits
Specifies in seconds whether to enable the reconnect
and download waits.
Example: EnableReconnectDownloadWaits=10.
UpdateFileSystemSids
Specifies whether to update the SIDs file system.
Example: UpdateFileSystemSids=Yes.
UpdateSettings
Specifies whether to update settings.
Example: UpdateSettings=True.
UpdateAllSettings
Specifies whether to update all settings.
Example: UpdateAllSettings=True.
Altiris Deployment Solution 6.8
398
Deployment Agent for DOS Command-line Switches
BootWorks (bootwork.exe) manages client-server connections in DOS for imaging and
registry management tasks. Parameters and switches for Altiris program files can be
used in batch files and from the command line, usually for troubleshooting. Under
normal circumstances, the program interfaces and wizards provide the tools you need to
manage your network; you will not need to manually edit files.
Bootwork.exe
You can use either a forward slash (/) or a dash (-) with the command-line options.
Commands are not case sensitive.
Switch
Details
-dsbios
Function: Disables reading of the BIOS for system information. This is
typically used for troubleshooting, if a client computer crashes when it
first starts running BootWorks.
Example: To load and run BootWorks without reading the BIOS, type
bootwork -dsbios
-f
Function: Causes a computer to pause during the BootWorks boot
process and wait for a job from the Deployment Server, instead of
booting to production if work is not assigned. This allows new
computers that need to run Initial Deployment to wait for a connection
to the Server.
Example: To have a new computer wait for the Deployment Server to
assign a job, type
bootwork -f
-hr
Function: Specifies a hard reboot when a client computer boots to
production. This is the default. It ensures the BootWorks boot data is
cleared from memory, so the computer reads the MBR when booting to
production. If this is not used, the client computer might lock up when
it reboots.
Example: Because this is the default, you do not need to enter
anything.
-ip<address>
Function: Specifies the IP address of the Deployment Server you want
the client to connect to. Use this if the network is not configured for
multicasting, or if there is more than one Deployment Server on the
network. Specifying the Server’s IP address prevents the client from
connecting to the wrong Deployment Server. The port number must
also be specified if you change this parameter. (See -p<port>.)
Example: To connect a client directly to a Deployment Server, type
bootwork -ip207.197.28.38
-mcdelay[xx]
Function: Sets the number of seconds the client waits between
multicast requests for a Deployment Server. The default is 5 seconds.
Example: To set the interval for multicast requests to10 seconds, type
-mcdelay10
Altiris Deployment Solution 6.8
399
Switch
Details
-mcwait[xx]
Function: Sets the length of time (in seconds) that the client searches
for a Deployment Server before rebooting to production. The default is
30 seconds. This parameter applies to multicast sessions only. It does
not apply if the clients connect using the Console IP address.
Example: To have the client search for a Deployment Server for 45
seconds, type
-mcwait45
-mip<IPaddress>
Function: Specifies the multicast IP address of the Deployment
Server. The default value is 225.1.2.3. If the address is changed on the
Server, use this parameter to change the address in BootWorks so the
client looks for the correct address. The port number must also be
specified if you change this parameter. (See -mp<port>.)
Example: If you changed the Deployment Server’s multicast address
to 225.12.12.13, you would change the address for BootWorks by
typing
bootwork -mip225.12.12.13
-mp<port>
Function: Specifies the multicast port address of the Deployment
Server. The default value is 402. If you have changed the port number
of the Server, use this parameter to change the number in BootWorks.
(Any unassigned number that is less than 65536 is valid.) The IP
address must also be specified if you change this parameter. (See mip<address>.)
Example: If the Deployment Server’s IP address was changed and you
set a new port number of 1026, type
bootwork -mp1026
-name
Function: Prompts the user to enter the name of the client computer.
This name will be registered in the Console Computers list. If no
name is specified, the client computer’s MAC address will be used.
Example: To prompt for a computer name, type
bootwork -name
The client computer will prompt you to enter a name. The name
appears in the Computers list on the Console.
-new
Function: Runs Initial Deployment.
Example: To run Initial Deployment on a client computer, type
bootwork -new
-nologin
Function: Loads the LAN drivers on the client so BootWorks can check
the Deployment Server for work without completing a user login.
Example: To load the network drivers and check the Deployment
Server, type
bootwork -nologin
Altiris Deployment Solution 6.8
400
Switch
Details
-p<port>
Function: Specifies the port number of the Deployment Server you
want the client to connect to. The default port number is 402. If you
have changed the port number of the Deployment Server, use this
parameter to change the number in BootWorks. (Any unassigned
number that is less than 65536 is valid.) The IP address must also be
specified if you change this parameter. (See -ip<address>.)
Example: If the Deployment Server’s port number has been changed
to 1026 and clients are not multicasting to find the Server, type
bootwork -p1026
-pause
Function: Causes the computer to pause for 5 seconds before
beginning production boot processes. This allows time to access the
bootworks program before the computer boots to production.
Example: To add a 5-second pause before a production boot, type
bootwork -pause
-s<name>
Function: Specifies the computer name of the Deployment Server you
want the client to connect to. Otherwise, if you have more than one
Console on the network, clients will connect to the first one they find.
Example: If you want a client to connect only to a Deployment Server
named ServerOne, type
bootwork -serverone
-sr
Function: Specifies a soft reboot when a client computer boots to
production.
Example: To reboot a client using a soft reboot instead of the default
hard reboot, type
bootwork -sr
-wb
Function: Specifies a warm reboot when a client computer boots to
production.
Example: To reboot a client using a soft reboot instead of the default
hard reboot, type
bootwork -wb
Deployment Agent for DOS Install (Bwinst.exe) Switches
The Deployment Agent for DOS is installed by bwinst.exe, so if you have problems
installing you might need to edit these settings in the Deployment Agent for DOS
autoexec.bat file.
Altiris Deployment Solution 6.8
401
Parameters are case sensitive. Use a space between the command and the switch, and
between switches if you use more than one.
Switch
Details
-mbr
Function: Rewrites the BootWorks MBR code and exits.
Example: If the BootWorks code is overwritten by another program and
you want to rewrite it to the boot record, type
bwinst -mbr
-u
Function: Uninstalls BootWorks.
Example: To uninstall BootWorks from a client, type
bwinst -u
-c
Function: Checks for Altiris MBR code.
Example: To find out if BootWorks is installed on a client, type
bwinst -c
-s[x]
Function: Works with the -old switch to set the partition size (in MB) for
hidden BootWorks partitions. The minimum size is 5 MB, which is the
default.
Note
If you install embedded BootWorks (new style for 4.x versions), this switch
does not apply. A 5MB embedded partition is always installed.
Example: To set the BootWorks partition size at 10 MB for a hidden
partition, type
bwinst -s10 -old
-old
Function: Installs a hidden (old style) BootWorks partition instead of an
embedded (new style) partition. The default size is 5 MB. To install a larger
partition, use the -s switch.
Note
When this partition is installed, it will overwrite any data on the drive it is
installed to. Make sure the drive is empty, or upload an image of the drive,
and then download it to a different drive after BootWorks is installed.
Example: To install a hidden BootWorks partition of 30 MB, type
bwinst -s30 -old
Altiris Deployment Solution 6.8
402
Switch
Details
-q
Function: Runs BootWorks install in “quiet mode,” so no user input is
required to complete the install. This switch is intended for use with
unattended installs, so you should use it in conjunction with the -f switch to
install from a file instead of disks.
Since there are no prompts, bwinst makes the following decisions/
assumptions.
If a partition is found, you will not be asked if you want to move or
overwrite the partition. BootWorks will automatically overwrite the partition
and existing data will be erased.
You will not be prompted for the second BootWorks disk. You will see a
message that a file could not be found.
If you are installing an embedded partition, it is assumed that NT Service
Pack 4 is installed.
Example: To install BootWorks unattended from a boot directory on a
network drive, type
bwinst -q -f=f:\bootfile
-f=
Function: Specifies the source path to the BootWorks files. The default is
drive a:.
Example: To install BootWorks from a directory named “bootfile” on a
network drive, type
bwinst -f=f:\bootfile
-b
Function: Reads the BIOS settings for the hard drive if IDE settings fail or
return incorrect values. If you get the message, “Error creating drive map”
when installing BootWorks, run bwinst with this switch to correct the
problem.
Example: To solve the “Error creating drive map” error and install bwinst,
type
bwinst -b
Keyboard and Screen Lock Utility (Kbdsclk) Switches
This utility can be used to limit user intervention while client computers are in
BootWorks mode.
BootWorks connects client computers to the Deployment Server to run assigned Jobs
(receive images, back up and restore registries, etc.). The Server then releases control
of the computers to run their regular boot processes and come up in production mode.
KBDSCLK is part of the BootWorks autoexec.bat file. The utility runs from the file as a
TSR.
How the Keyboard and Screen Lock Utility (kbdsclk) Works
During the time the computer is in BootWorks mode, the Altiris client graphic displays so
the user knows the Altiris boot processes are running. However, the keyboard is not
locked, so the boot process can be interrupted if a user “breaks in” using CTRL-C,
CTRL-ALT-DELETE, CTRL-Break, or another interrupt command.
Altiris Deployment Solution 6.8
403
The screen and keyboard can be locked by setting the security option when you use the
Boot Disk Creator to make BootWorks boot files. Or, you can change the settings in the
BootWorks autoexec.bat file. Just remove the REM statements for the commands you
want to use. You can also add commands to set and clear keyboard and screen locks in
multiple places in the batch file. This is useful for enabling input when applications are
loaded (such as the Microsoft client, which prompts for a password), and then relocking
the screen and keyboard to complete the boot processes. You can also use KBDSCLK on
the command line if you want to temporarily override the batch file settings.
Keyboard and Screen Lock Utility Usage
Commands are not case-sensitive. The syntax is as follows:
kbdsclk [p=password] [+|-k] [+|-s] [x [h#]] [c|t] [w=file] [b]
For help when running the utility, type KBDSCLK ?
The batch file includes keyboard and screen lock commands, which are marked out
(REM). When you remove the REM commands and run the commands in a batch file, the
utility behaves as a TSR. The defaults are:
z
The Altiris client graphic is displayed.
z
The keyboard and screen are not locked.
z
If options are added to the batch file, they are executed in the order they appear in
the file.
Option
Description
p=pwd [b]
Function: Sets a password to enable/disable the keyboard and screen
lock. Maximum character length is 128.
Option:
b Scans keyboard input for a password to set locks when they are not set.
(Be careful using this option. It can interfere with keyboard input for
applications that are running!)
+|- k
Function: Enables/disables keyboard input. To allow keyboard input, use
+k. To lock the keyboard, use -k.
+|- s
Function: Enables/disables screen output. To allow screen output, use +s.
To disable it, use -s.
Default: Locked.
Default: Disabled.
Altiris Deployment Solution 6.8
404
Option
Description
x [h#]
Function: Displays wallpaper or graphic and then exits the KBSCLK utility.
Once the utility has exited (no longer running as a TSR), the keyboard and
screen are not locked.
Default: 3 second graphic/wallpaper display, then unload TSR.
Options:
h Allows use of the Home key to bypass BootWorks and begin production
boot processes.
# Specifies the time (in seconds) for the graphic to display (a maximum of
34 seconds is possible). During that time, you can use the Home key to
bypass the BootWorks processes. If zero is used, the graphic is displayed
for 3 seconds and no bypass is allowed.
c
Function: Clears the screen and exits the program. Used mostly for
troubleshooting.
t
Function: Sets video text mode (MODE CO80) and exits. Used mostly for
troubleshooting.
w=file
Function: Specifies the name of a graphic/wallpaper file to display. This is
valid only if the x option is used. Valid files are pcx files with 640x480x16
color.
Order Of Operations
The order of operations and utility behavior when KBDSCLK is run from the command
line is as follows:
z
When c or t is used, it performs its functions and exits without performing any other
functions, regardless of order. KBDSCLK does not remain loaded as a TSR, so the
keyboard is not locked and no screen output is displayed.
z
Use w to specify the name of a wallpaper/graphic file to replace the default. See the
table above for details on using graphics files.
z
When x is used, the wallpaper/graphic is displayed and the KBDSCLK program exits,
ignoring all other commands except w and h, regardless of order. KBDSCLK does
not remain loaded as a TSR, so the keyboard is not locked.
z
If the utility is loaded as a TSR (in the autoexec.bat file), and you execute
KBDSCLK on the command line and specify the k and s options, it changes the
keyboard and screen lock settings of the TSR instance. Options w, p, and b are
ignored, regardless of order. If the TSR is not loaded, w, p, and b can be used with
k and s in any order.
z
The p option can be used on the command line to set a password for unlocking the
screen and keyboard.
Altiris Deployment Solution 6.8
405
Deployment Server Install Switches
You can run the Deployment Server installation executable (axinstall.exe) from the
command-line using these switches:
Switch
Details
-s
Function: Runs a Simple install where all components are installed on a
single computer.
Example: axinstall -s
-a
Function: Adds a component when installing a custom install where
components—the Deployment Server database, PXE server, Deployment
Share, services— can be installed on separate computers.
-t
Function: Allows you to run a silent install (where the install application
executes without asking for user input.
Example: axinstall -a
Example: axinstall -t
-i -
Function: Allows you to create a setup.ini file used for automation or a
silent install
Example: axinstall -i
-t <INI file
location>
Function: Allows you to run a silent install (where the install application
executes without asking for user input) and read setting from an INI file.
See Silent Install Options (page 406).
Example: axinstall -t c:\silent.ini
Sample Silent.INI file:
[SilentInstall]
ProgramFiles=C:\Program Files\Altiris\eXpress\Deployment
Server\
LicenseFile=axinstall.lic
Username=Administrator
Password=
DOSBootFilesPath=
Silent Install Options
You can add parameters for a silent install using an INI file that is accessed and used by
the axinstall executable. The INI file can be named anything, but for the following
section it will be identified as SILENT.INI. This file can be modified to directly input
values when running an install without user interaction.
axinstall.exe -t <INI filename>
Example: axinstall -t c:\silent.ini
Altiris Deployment Solution 6.8
406
To add the ability to provide all of the inputs from a Simple Install, Custom Install, or an
Add Component install, the Silent.ini file is required and must contain input
parameters for each type of install.
By adding Version and InstallType entries to the [SilentInstall] group, Deployment
Solution can identify if its working with an old SILENT.INI file or a new file. The old file
type will be supported for backward compatibility and will continue to function.
Note
The silent.ini file cannot have comments or blank lines between the header line and the
key/value pairs.
[SilentInstall]
Version=3
SEDataManagerPort
WCLocation
WCPath
WCRemoteComputerName
WCUsername
WCPassword
WCEncryptedPassword
WCConsoleManagerport
The Version and InstallType entries are both required in the new SILENT.INI file. If the
Version entry is missing, it is assumed that it is an old SILENT.INI file (implicitly
assumed to be version 1). If the InstallType entry is missing for a new version of
SILENT.INI, an error will be logged to the log file and the installation will be aborted.
Depending on the value of InstallType, different entries will be expected in the
SILENT.INI file. The expected entries are listed in the following sections.
Note
A validator checks all input values during a silent install. It ensures that all of the user
input (such as the user name, password, data path, and so on) is valid before starting
the silent install. The validator inherit its behavior from the validation in the wizard
pages of a non-silent install. If the validation fails, an appropriate error message writes
to a log file and the installation process is aborted.
Simple Install Entries
If the InstallType is set to "simple", the following entries will be expected in the
SILENT.INI file. If any of the entries are missing, default values will be used. Using
default values is not recommended because it may cause the validator function to abort
the install because the default values won't work with the specified values. Any entries
other than the ones listed below will be ignored for a simple install.
DAPath=C:\Program Files\Altiris\eXpress\Deployment Server
LicenseFile=ax85.lic
DAUsername=Administrator
Altiris Deployment Solution 6.8
407
DAPassword=password
OR
DAEncryptedPassword=z%l$qry^w
InstallPXE=0
CreateExpressShare=FALSE | TRUE
DOSFilesPath=c:\dos
Custom Install Entries
If the InstallType is set to custom, the following entries will be expected in the
SILENT.INI file. If any of the entries are missing then default values will be used. Using
default values is not recommended because it may cause the validator function to abort
the install because the default values won't work with the specified values. Any entries
other than the ones listed below will be ignored for a custom install.
Note
If you attempt to push out a silent Deployment Solution install to a computer where
Microsoft SQL Server is installed and SQL Server has a password for the "sa" account,
then it will not work.
DAPath=C:\Program Files\Altiris\eXpress\Deployment Server
LicenseFile=ax85.lic
DAUsername=Administrator
DAPassword=password
OR
DAEncryptedPassword=z%l$qry^w
CreateExpressShare=FALSE | TRUE
DOSFilesPath=c:\dos
SEPath= C:\Program Files\Altiris\eXpress\Deployment Server
SELocation=local | remote
SERemoteComputerName=DESKPRO1
SEUsername=administrator
SEPassword=password
OR
SEEncryptedPassword= z%l$qry^w
SEIPAddress=172.16.2.123
SEDataManagerPort= 8080
SEDBLocation=local | same | remote | sqlserver
SEDBRemoteComputerName=DESKPRO2
SEDBSQLPortNumber=<Enter SQL Port Number here>
Altiris Deployment Solution 6.8
408
SEDBEnginePath=c:\mssql7
SEDBDataPath=c:\mssql7\data
SQLAuthentication=FALSE | TRUE
SQLMachineUsername=administrator
SQLMachinePassword=password
OR
SQLEncryptedMachinePassword= z%l$qry^w
InstallPXE=FALSE | TRUE
PXLocation=dos | local | remote
PXRemoteComputerName=DESKPRO3
PXMakeMasterServer=FALSE | TRUE
PXIPAddress=172.16.2.123
PXDSIPAddress=172.16.2.123
PXPath=c:\Program Files\Altiris\express\Deployment Server
PXUsername=Administrator
PXPassword=password
OR
PXEncryptedPassword= z%l$qry^w
PXCreateDefaultPXEBootFiles=FALSE | TRUE
SQLAuthentication=FALSE | TRUE
SQLUsername=Administrator
SQLPassword=password
OR
SQLEncryptedPassword=zlq%r*x+y
DSConnectionMethod=multicast | tcpip
DSConnectionServerName=* | <server name>
DSConnectionDSIPAddress=172.16.2.123
DSConnectionDSPort=402
COLocation=local | remote
CORemoteComputerName=DESKPRO4
COUsername=Administrator
COPassword=password
OR
COEncryptedPassword=zlq%r*x+y
Altiris Deployment Solution 6.8
409
WCLocation=local | remote | none
WCPath= c:\Program Files\Altiris\express\Deployment Server
WCRemoteComputerName=DESKPRO5
WCUsername=Administrator
WCPassword=password
WCEncryptedPassword= zlq%r*x+y
WCConsoleManagerPort=8081
Add Component Entries
If the InstallType is set to addcomponent, the following entries will be expected in the
SILENT.INI file. If any of the entries are missing then the default values will be used.
Using default values is not recommended because it may cause the validator function to
abort the install because the default values will not work with the specified values. Any
entries other than the ones listed below will be ignored for adding new components.
AddDSConsole=FALSE | TRUE
AddPXEServer=FALSE | TRUE
AddDSWebConsole=FALSE | TRUE
DOSFilesPath=c:\dos
DAPath=C:\Program Files\Altiris\eXpress\Deployment Server
SEIPAddress=172.16.2.123
SEDataManagerPort=8080
COLocation=local | remote
CORemoteComputerName=DESKPRO4
COUserName=Administrator
COPassword=password
OR
COEncryptedPassword=zlq%r*x+y
PXLocation=dos | local | remote
PXRemoteComputerName=DESKPRO3
PXMakeMasterServer=FALSE | TRUE
PXIPAddress=172.16.2.123
PXDSIPAddress=172.16.2.123
PXPath=c:\Program Files\Altiris\express\Deployment Server
PXCreateDefaultPXEBootFiles=FALSE | TRUE
PXUsername=Administrator
PXPassword=password
Altiris Deployment Solution 6.8
410
OR
PXEncryptedPassword= zlq%r*x+y
WCLocation=local | remote | none
WCPath= c:\Program Files\Altiris\express\Deployment Server
WCRemoteComputerName=DESKPRO5
WCUsername=Administrator
WCPassword=password
WCEncryptedPassword= zlq%r*x+y
WCConsoleManagerPort=8081
Client BIOS Settings for Wake-On LAN and PXE
Some network cards have their own setup utilities. If there is a Wake On LAN option on
your NIC, enable it.
If you want to use Wake On LAN, the motherboard and network card must support
Intel’s Wired for Management (WfM) specification. You will also have to enable the
features in the BIOS. (Settings are hardware specific.Your BIOS might not list all of
these.).
Power Management
ON/ENABLED
Suspend/Wake-up Features
ON/ENABLED
Wake On LAN
ON/ENABLED
Remote Power Up
ON/ENABLED
Power Switch/Wake-up
ON/ENABLED
Command-line Switches for the Pocket PC Agent
You can manage the Pocket PC Agent through command-line switches. The default path
of the agent executable file is: C:\Altiris\PPCAgent\PPCAgent.exe.
The following table shows the optional switches and the functions they perform.
Note
If PPCAgent.exe is run and if the agent has not pr